环境准备
服务器之间时间同步
1. 关闭防火墙
systemctl stop firewalld setenforce 0
2. 设置yum源 三台机器都要设置一个master两个node节点
下载docker镜像yum源
cd /etc/yum.repos.d
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
vi
[kubernetes] name=Kubernetes Repo baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
执行yum repolist 查看镜像是否成功
3. 安装docker 生产用版本 1.7.03 所有节点安装
yum install -y docker
设置开机启动docker
systemctl enable docker
草,网上很多文章说不需要kubeadm,导致8080一直报错,官网又让安装
You will install these packages on all of your machines: kubeadm: the command to bootstrap the cluster. kubelet: the component that runs on all of the machines in your cluster and does things like starting pods and containers. kubectl: the command line util to talk to your cluster.
4. 安装kubeadm
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetessystemctl enable --now kubelet启动docker
systemctl start docker
启动 systemctl enable kubelet && systemctl start kubelet
查看docker信息
docker version 或者docker info
查看kubeadm版本
kubeadm version
查看kubelet信息
rpm -ql kubelet
查看kubelet的状态
systemctl status kubelet
查看日志
tail /var/log/messages
a. 关于忽略swap 可省略
Kubernetes 1.8开始要求关闭系统的Swap,如果不关闭,默认配置下kubelet将无法启动。
可以通过kubelet的启动参数–fail-swap-on=false更改这个限制。
设置 swapoff -a
查看cat /etc/sysconfig/kubelet
修改kubelet中内容为 KUBELET_EXTRA_ARGS="--fail-swap-on=false"
配置转发参数
cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 vm.swappiness=0
b. 编写脚本下载必需的镜像 vi images.sh
#!/bin/bash
images="kube-apiserver:v1.14.0 kube-scheduler:v1.14.0 kube-controller-manager:v1.14.0 kube-proxy:v1.14.0
etcd:3.3.10 pause:3.1"
for imageName in $images
do
echo $imageName
docker pull docker.io/mirrorgooglecontainers/$imageName
docker tag docker.io/mirrorgooglecontainers/$imageName k8s.gcr.io/$imageName
docker rmi docker.io/mirrorgooglecontainers/$imageName
done
others="coredns:1.3.1"
for other in $others
do
docker pull docker.io/coredns/$other
docker tag docker.io/coredns/$other k8s.gcr.io/$other
docker rmi docker.io/coredns/$other
done
chmod 777 images.sh
c. kubeadm初始化
kubeadm init --kubernetes-version=v1.14.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
记录以下信息用于node节点连接到master
kubeadm join 172.19.68.9:6443 --token mhg1pv.wpsv2mmou2pat7ug
--discovery-token-ca-cert-hash sha256:4f315d48cf4fb954e76e25d3683577ef87f248377aa2bafbae514073eb43fffc
d. 执行命令
mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
状态命令检查kubectl get cs
检查节点 kubectl get nodes
e. 部署网络插件 flannel
https://github.com/coreos/flannel
执行命令 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看flannel镜像 docker image ls
查看pods是否启动 kubectl get pods -n kube-system
kubectl get pods -n kube-system -o wide 打印更多信息
查看命令空间 kubectl get ns
最后一步 配置node结点
下载必需镜像 如果不下载pause,master结点中node结点一直在noready状态
docker pull mirrorgooglecontainers/pause:3.1
docker tag docker.io/mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker rmi docker.io/mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/kube-proxy:v1.14.0
docker tag docker.io/mirrorgooglecontainers/kube-proxy:v1.14.0 k8s.gcr.io/kube-proxy:v1.14.0
docker rmi docker.io/mirrorgooglecontainers/kube-proxy:v1.14.0
查看master上面结点信息
kubectl get pods -n kube-system -o wide
查看错误原因的命令 kubectl describe pod kubernetes-dashboard-5f7b999d65-klr7j -n kube-system
删除不了的原因是因为没有添加命名空间
首先删除deployment再删除pod
管理平台界面
首先下载官方的yaml文件
wgethttps://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard.yaml
sed -i 's#k8s.gcr.io#gcrxio#g' kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard.yaml
# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ------------------- Dashboard Secret ------------------- # apiVersion: v1 kind: Secret metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-certs namespace: kube-system type: Opaque --- # ------------------- Dashboard Service Account ------------------- # apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Role & Role Binding ------------------- # kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: kubernetes-dashboard-minimal namespace: kube-system rules: # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. - apiGroups: [""] resources: ["secrets"] verbs: ["create"] # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - apiGroups: [""] resources: ["secrets"] resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] verbs: ["get", "update", "delete"] # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["kubernetes-dashboard-settings"] verbs: ["get", "update"] # Allow Dashboard to get metrics from heapster. - apiGroups: [""] resources: ["services"] resourceNames: ["heapster"] verbs: ["proxy"] - apiGroups: [""] resources: ["services/proxy"] resourceNames: ["heapster", "http:heapster:", "https:heapster:"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubernetes-dashboard-minimal namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubernetes-dashboard-minimal subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system --- # ------------------- Dashboard Deployment ------------------- # kind: Deployment apiVersion: apps/v1beta2 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: k8s-app: kubernetes-dashboard template: metadata: labels: k8s-app: kubernetes-dashboard spec: containers: - name: kubernetes-dashboard image: gcrxio/kubernetes-dashboard-amd64:v1.10.0 ports: - containerPort: 8443 protocol: TCP args: - --auto-generate-certificates # Uncomment the following line to manually specify Kubernetes API server Host # If not specified, Dashboard will attempt to auto discover the API server and connect # to it. Uncomment only if the default does not work. # - --apiserver-host=http://my-address:port volumeMounts: - name: kubernetes-dashboard-certs mountPath: /certs # Create on-disk volume to store exec logs - mountPath: /tmp name: tmp-volume livenessProbe: httpGet: scheme: HTTPS path: / port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 volumes: - name: kubernetes-dashboard-certs secret: secretName: kubernetes-dashboard-certs - name: tmp-volume emptyDir: {} serviceAccountName: kubernetes-dashboard # Comment the following tolerations if Dashboard must not be deployed on master tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule --- # ------------------- Dashboard Service ------------------- # kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kube-system spec: type: NodePort # 新增 ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard
查看暴露的端口
kubectl get svc -n kube-system
查看dash-board的输出信息
kubectl -n kube-system edit svc kubernetes-dashboard
问题1
查看dash-board的错误信息 kubectl logs kubernetes-dashboard-7b64bfd466-hxqtj -n kube-system
登录 https://47.102.46.176:32147/#!/login
登录方式使用tocken
https://blog.csdn.net/mr_rsq/article/details/87914766
dashboard登录不成功排查方式
执行命令如下:
kubectl get pods --all-namespaces -o wide
kubectl get services --all-namespaces