发布时间:2024-02-29 15:01
八、Minikube创建本地k8s环境
1、开启CPU虚拟化功能、2核CPU、2G内存
2、安装Docker
3、安装virtualbox(可省略)
(1)配置YUM源
[virtualbox]
name=Oracle Linux / RHEL / CentOS-$releasever / $basearch - VirtualBox
baseurl=http://download.virtualbox.org/virtualbox/rpm/el/$releasever/$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://www.virtualbox.org/download/oracle_vbox.asc
(2)安装:yum install VirtualBox-5.2
4、安装Minikube
curl -Lo minikube http://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/releases/v1.2.0/minikube-linux-amd64 && chmod +x minikube && mv minikube /usr/local/bin/
5、安装kubectl
curl -LO http://kubernetes.oss-cn-hangzhou.aliyuncs.com/kubernetes-release/release/`curl -s http://kubernetes.oss-cn-hangzhou.aliyuncs.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl && chmod +x kubectl && mv kubectl /usr/local/bin/kubectl
6、启动minikube程序创建k8s
(1)在virtualbox中创建
minikube start --vm-driver=virtualbox --registry-mirror=https://registry.docker-cn.com
(2)本地创建
minikube start --vm-driver=none --registry-mirror=https://registry.docker-cn.com
7、启动
kubectl proxy --address=\'0.0.0.0\' --accept-hosts=\'^*$
8、启动UI管理页面
kubectl dashbord
直接浏览器输入url
九、kubeamd部署k8s集群
1、环境设置(Master及Node节点)
(1)hostname及/etc/hosts配置
cat <
192.168.1.157 docker3
192.168.1.151 docker1
192.168.1.152 docker2
199.232.68.133 raw.githubusercontent.com
EOF
备注:199.232.68.133 raw.githubusercontent.com用于解决后面raw.githubusercontent.com无法连接的问题
(2)关闭防火墙、selinux及swap
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i \"s/^SELINUX=enforcing/SELINUX=disabled/g\" /etc/selinux/config
swapoff -a
sed -i \'s/.*swap.*/#&/\' /etc/fstab
(3)配置内核参数,将桥接的ipv4流量传递到iptables
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
cat > /etc/sysconfig/modules/ipvs.modules <
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
iptables -P FORWARD ACCEPT
(4)配置yum源
yum -y install wget
cd /etc/yum.repos.d/
wget http://mirrors.aliyun.com/repo/Centos-7.repo
wget http://mirrors.aliyun.com/repo/epel-7.repo
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
cat <
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
(5)软件安装
yum -y install ipset ipvsadm
yum -y install ipset ipvsadm
yum install -y kubelet kubeadm kubectl
(6)软件设置
touch /etc/docker/daemon.json
cat > /etc/docker/daemon.json <
\"exec-opts\": [\"native.cgroupdriver=systemd\"],
\"registry-mirrors\": [\"https://nn3beua9.mirror.aliyuncs.com\"]
}
EOF
systemctl daemon-reload
systemctl restart docker
2、Master配置
(1)集群初始化
kubeadm init --kubernetes-version=1.18.2 --apiserver-advertise-address=192.168.11.157 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
(2)配置kubectl
mkdir -p /root/.kube
cp /etc/kubernetes/admin.conf /root/.kube/config
kubectl get nodes
kubectl get cs
(3)部署flannel网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
raw.githubusercontent.com无法访问时需配置hosts文件(第一步已配置)
3、部署node节点
(1)使用之前init生成的加入命令进行加入
kubeadm join 10.10.10.10:6443 --token kekvgu.nw1n76h84f4camj6 --discovery-token-ca-cert-hash sha256:4ee74205227c78ca62f2d641635afa4d50e6634acfaa8291f28582c7e3b0e30e
(2)部署完成如出现节点notready状态,可检查pod状态,查看镜像等是否下载正常。
参考https://blog.csdn.net/wangmiaoyan/article/details/101216496
(3)也可直接修改镜像地址为quay-mirror.qiniu.com/
4、部署Dashbord
(1)下载yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
(2)修改yaml
service中添加type: NodePort及nodePort: 30001
(3)安装
kubectl create -f recommended.yaml
(4)创建用户并授权
①user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: aks-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: aks-dashboard-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: aks-dashboard-admin
namespace: kube-system
②sq.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-head
labels:
k8s-app: kubernetes-dashboard-head
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-head
namespace: kube-system
③使用kubectl create -f命令生成
(5)生成认证令牌
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk \'/dashboard-admin/{print $1}\')
(6)使用令牌登录https://192.168.11.157:30001