运维部署
搭建一个单机版的k8s
Gitlab部署及使用
docker-compose安装Harbor
LDAP部署
Chrony时钟源部署
PXE批量安装
wiki.js部署指南
常用源
常用脚本
阿里云ossfs部署
华为光交划zone
Ubuntu虚拟部署FusionCompute
Rancher部署
AIX7.0安装JAVA
eggo部署K8S
Harbor本地镜像仓库离线安装及使用
使用kubeadm部署K8S(docker+CRI+Flannel)集群
使用kubeadm部署K8S(containerd+Calico)集群
AIX7.0安装JAVA
Elasticsearch单机部署
本文档使用 MrDoc 发布
-
+
首页
搭建一个单机版的k8s
# 1、准备工作 关闭防火墙firewalld、selinux 设置主机名 设置/etc/hosts 关闭swap ``` swapoff -a ``` 永久关闭,vi /etc/fstab 注释掉swap那行 将桥接的ipv4流量传递到iptables链 ``` modprobe br_netfilter ##生成bridge相关内核参数 cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF sysctl --system # 生效 ``` 时间同步 ``` yum install -y chrony; systemctl start chronyd; systemctl enable chronyd ``` # 2、安装containerd 先安装yum-utils工具 ``` yum install -y yum-utils ``` 配置Docker官方的yum仓库,如果做过,可以跳过 ``` yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo ``` 安装containerd ``` yum install containerd.io -y ``` 启动服务 ``` systemctl enable containerd systemctl start containerd ``` 生成默认配置 ``` containerd config default > /etc/containerd/config.toml ``` 修改配置 ``` vi /etc/containerd/config.toml sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.8" # 修改为阿里云镜像地址 SystemdCgroup = true # 使用systemd cgroup ``` 设置镜像加速器(可选) 编辑Containerd的配置文件`/etc/containerd/config.toml`, 在`[plugins."io.containerd.grpc.v1.cri".registry]`下方添加`config_path` ``` [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d" ``` 创建目录`/etc/containerd/certs.d/docker.io`,在其中添加包含下面内容的`hosts.toml`文件 ``` server = "https://docker.io" # 源镜像地址 [host."https://xxxxxx.mirror.aliyuncs.com"] # 镜像加速地址 ``` 重启 Containerd ``` systemctl restart containerd ``` - 案例 ``` $ tree /etc/containerd/certs.d /etc/containerd/certs.d/ ├── docker.io │ └── hosts.toml └── quay.io └── hosts.toml $ cat /etc/containerd/certs.d/docker.io/hosts.toml server = "https://docker.io" [host."https://prh13f1a.mirror.aliyuncs.com"] $ cat /etc/containerd/certs.d/quay.io/hosts.toml server = "https://quay.io" [host."https://quay.mirrors.ustc.edu.cn"] ``` 重启containerd服务 ``` systemctl restart containerd ``` # 3、配置kubernetes仓库 ``` cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF ``` - 说明:kubernetes用的是RHEL7的源,和8是通用的 # 4、安装kubeadm和kubelet ``` yum install -y kubelet-1.25.4 kubeadm-1.25.4 kubectl-1.25.4 ``` - kubelet:Node代理 - kubeadm:自动部署k8s集群 - kubectl:k8s命令行工具 启动kubelet服务 ``` systemctl start kubelet.service systemctl enable kubelet.service ``` # 5、设置crictl连接 containerd ``` crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock ``` # 6、初始化 ``` kubeadm init --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.0.14 --kubernetes-version=v1.25.4 --service-cidr=10.15.0.0/16 --pod-network-cidr=10.18.0.0/16 To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.0.14:6443 --token u529o4.invnj3s6anxekg79 --discovery-token-ca-cert-hash sha256:27b967c444cf3f4a45fedae24ed886663a1dc2cd6ceae03930fcbda491ec5ece 说明: 上面这条命令就是如果需要将node节点加入到集群需要执行的命令,这个token有效期为24小时,如果过期,可以使用下面命令获取 kubeadm token create --print-join-command ``` # 7、创建目录 ``` mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config ``` 获取节点信息: ``` kubectl get node kubectl get pod --all-namespaces ``` # 8、安装calico网络 ``` curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml -O ``` 下载完后还需要修改⾥⾯定义 Pod ⽹络(CALICO_IPV4POOL_CIDR),与前⾯ kubeadm init 的 --podnetwork-cidr 指定的⼀样 ``` vi calico.yaml vim calico.yaml # - name: CALICO_IPV4POOL_CIDR # value: "192.168.0.0/16" # 修改为: - name: CALICO_IPV4POOL_CIDR value: "10.18.0.0/16" ``` 部署 ``` kubectl apply -f calico.yaml ``` 查看 ``` kubectl get pods -n kube-system ``` # 9、安装dashboard 下载yaml文件 ``` wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml 如果无法下载,请到这里访问 https://gitee.com/aminglinux/linux_study/blob/master/k8s/recommended.yaml ``` 修改 ``` vi recommended.yaml kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard ##这是第38行 spec: type: NodePort ###添加这行 ports: - port: 443 targetPort: 8443 nodePort: 30002 ###添加这行 selector: k8s-app: kubernetes-dashboard ``` 创建pod ``` kubectl apply -f recommended.yaml ``` 查看 ``` kubectl get pod -n kubernetes-dashboard kubectl get svc -n kubernetes-dashboard ``` pendding状态 查看原因: ``` kubectl describe pod kubernetes-dashboard -n kubernetes-dashboard Warning FailedScheduling 4m31s (x18 over 89m) default-scheduler 0/1 nodes are available: 1 node(s) had untolerated taint {node-role.kubernetes.io/control-plane: }. preemption: 0/1 nodes are available: 1 Preemption is not helpful for scheduling. ``` 这是因为master节点上不允许该pod部署,需要解除限制: ``` kubectl taint nodes --all node-role.kubernetes.io/control-plane- ``` 访问: https://192.168.0.14:30002 chrome浏览器 该网站发回了异常的错误凭据。这可能是因为有攻击者在试图冒充 空白地方输入: thisisunsafe 创建 service account 并绑定默认 cluster-admin 管理员集群⻆⾊: ``` # 创建用户 kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard # 用户授权 kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin # 获取用户Token kubectl create token dashboard-admin -n kubernetes-dashboard ``` 使⽤输出的 token 登录 Dashboard。
阿星
2024年1月6日 15:16
转发文档
收藏文档
上一篇
下一篇
手机扫码
复制链接
手机扫一扫转发分享
复制链接
Markdown文件
PDF文档(打印)
分享
链接
类型
密码
更新密码