k8s是什么意思？kubeadm部署k8s集群（k8s部署）-PetaExpres

k8s是什么意思？kubeadm部署k8s集群（k8s部署）|PetaExpresk8s是什么意思？kubernetes簡稱K8s，是一個開源的，用于管理云平臺中多個主機上的容器化的應用，Kubernetes的目標是讓部署容器化的應用簡單并且高效（powerful）,Kubernetes提供了應用部署，規(guī)劃，更新，維護的一種機制。在Kubernetes中，我們可以創(chuàng)建多個容器，每個容器里面運行一個應用實例，然后通過內(nèi)置的負載均衡策略，實現(xiàn)對這一組應用實例的管理、發(fā)現(xiàn)、訪問，而這些細節(jié)都不需要運維人員去進行復雜的手工配置和處理。kubernetes（K8s）特點：可移植:支持公有云，私有云，混合云，多重云（multi-cloud）可擴展:模塊化，插件化，可掛載，可組合自動化:自動部署，自動重啟，自動復制，自動伸縮/擴展kubeadm部署k8s集群（k8s部署）：kubernetes（k8s）三種部署方式minikubeMinikube是一種可以在本地快速運行單點Kubernetes的工具，僅用于嘗試Kubernetes或日常開發(fā)的用戶。kubeadmKubeadm也是提供kubeadm的工具init和kubeadmjoin，用于快速部署Kubernetes集群。二進制包推薦，從官方下載發(fā)行版的二進制包，手動部署每個組件，形成Kubernetes集群。安裝kubeadm環(huán)境準備以下操作,在三臺節(jié)點都執(zhí)行2.2.1環(huán)境需求環(huán)境：centos7.4+硬件需求：CPU>=2c,內(nèi)存>=2G環(huán)境角色IP角色安裝軟件00k8s-Masterkube-apiserverkube-schdulerkube-controller-managerdockerflannelkubelet01k8s-node01kubeletkube-proxydockerflannel02k8s-node02kubeletkube-proxydockerflannel1、關閉防火墻及selinuxsystemctlstopfirewalld&&systemctldisablefirewalldsed-i's/^SELINUX=.*/SELINUX=disabled/'/etc/selinux/config&&setenforce02、關閉swap分區(qū)swapoff-a#臨時sed-i'/swap/s/^(.*)$/#1/g'/etc/fstab#永久3、分別在00、01、02上設置主機名及配置hostshostnamectlset-hostnamek8s-masterhostnamectlset-hostnamek8s-node01hostnamectlset-hostnamek8s-node024、在所有主機上上添加如下命令cat>>/etc/hosts<<EOF00k8s-master01k8s-node002k8s-node02EOF5、內(nèi)核調(diào)整,將橋接的IPv4流量傳遞到iptables的鏈cat>/etc/sysctl.d/k8s.conf<<EOFnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOFsysctl--system6、設置系統(tǒng)時區(qū)并同步時間服務器yuminstall-yntpdatentpdate2.2.4docker安裝wgethttps://06)">mirro/docker-ce/linux/centos/docker-ce.repo-O/etc/yum.repos.d/docker-ce.repoyum-yinstalldocker-ce-18.06.1.ce-3.el7systemctlenabledocker&&systemctlstartdockerdocker--versionDockerversion18.06.1-ce,builde68fc7a2.2.5添加kubernetesYUM軟件源cat>/etc/yum.repos.d/kubernetes.repo<<EOF[kubernetes]name=Kubernetesbaseurl=/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=/kubernetes/yum/doc/yum-key.gpg/kubernetes/yum/doc/rpm-package-key.gpgEOF2.2.6安裝kubeadm,kubelet和kubectl2.2.6上所有主機都需要操作yuminstall-ykubelet-1.15.0kubeadm-1.15.0kubectl-1.15.0systemctlenablekubelet如果遇到下面情況清除yum緩存，然后再執(zhí)行安裝命令yumcleanall如果還不行，則直接安裝最新版的yummakecachefastyuminstall-ykubeletkubeadmkubectl2.3部署KubernetesMaster只需要在Master節(jié)點執(zhí)行，這里的apiserve需要修改成自己的master地址[root@k8s-master~]#kubeadminit--apiserver-advertise-address=00--image-repository/google_containers--kubernetes-versionv1.15.0--service-cidr=/16--pod-network-cidr=/16由于默認拉取鏡像地址k8s.gcr.io國內(nèi)無法訪問，這里指定阿里云鏡像倉庫地址。輸出結(jié)果則為成功:YourKubernetescontrol-planehasinitializedsuccessfully!Tostartusingyourcluster,youneedtorunthefollowingasaregularuser:mkdir-p$HOME/.kubesudocp-i/etc/kubernetes/admin.conf$HOME/.kube/configsudochown(id-u):(id-g)$HOME/.kube/configYoushouldnowdeployapodnetworktothecluster.Run"kubectlapply-f[podnetwork].yaml"withoneoftheoptionslistedat:https://kubernetes.io/docs/concepts/cluster-administration/addons/Thenyoucanjoinanynumberofworkernodesbyrunningthefollowingoneachasroot:kubeadmjoin00:6443--tokenfylid0.3udi31k2aw9zvjtc--discovery-token-ca-cert-hashsha256:3fbb4b58eccff32668473b99cc3b0c64964f1363c93d7c6a8f502d43d34718d3根據(jù)輸出提示操作：[root@k8s-master~]#mkdir-p$HOME/.kube[root@k8s-master~]#sudocp-i/etc/kubernetes/admin.conf$HOME/.kube/config[root@k8s-master~]#sudochown(id-u):(id-g)$HOME/.kube/config重新生成新的token（初次不執(zhí)行）默認token的有效期為24小時，當過期之后，該token就不可用了，如果后續(xù)有nodes節(jié)點加入，解決方法如下：重新生成新的tokenkubeadmtokencreate[root@k8s-master~]#kubeadmtokencreate0w3a92.ijgba9ia0e3scicg[root@k8s-master~]#kubeadmtokenlistTOKENTTLEXPIRESUSAGESDESCRIPTIONEXTRAGROUPS0w3a92.ijgba9ia0e3scicg23h2019-09-08T22:02:40+08:00authentication,signingsystem:bootstrappers:kubeadm:default-node-tokent0ehj8.k4ef3gq0icr3etl022h2019-09-08T20:58:34+08:00authentication,signingThedefaultbootstraptokengeneratedby'kubeadminit'.system:bootstrappers:kubeadm:default-node-token[root@k8s-master~]#獲取ca證書sha256編碼hash值[root@k8s-master~]#opensslx509-pubkey-in/etc/kubernetes/pki/ca.crt|opensslrsa-pubin-outformder2>/dev/null|openssldgst-sha256-hex|sed's/^.*//'ce07a7f5b259961884c55e3ff8784b1eda6f8b5931e6fa2ab0b30b6a4234c09a節(jié)點加入集群[root@k8s-node01~]#kubeadmjoin--tokenaa78f6.8b4cafc8ed26c34f--discovery-token-ca-cert-hashsha256:0fd95a9bc67a7bf0ef42da968a0d55d92e52898ec37c971bd77ee501d845b53800:6443--skip-preflight-chec2.4加入KubernetesNode在兩個Node節(jié)點執(zhí)行使用kubeadmjoin注冊Node節(jié)點到Matserkubeadmjoin的內(nèi)容，在上面kubeadminit已經(jīng)生成好了[root@k8s-node01~]#kubeadmjoin00:6443--tokenfylid0.3udi31k2aw9zvjtc--discovery-token-ca-cert-hashsha256:3fbb4b58eccff32668473b99cc3b0c64964f1363c93d7c6a8f502d43d34718d3輸出內(nèi)容則為成功：[preflight]Runningpre-flightchecks[WARNINGIsDockerSystemdCheck]:detected"cgroupfs"astheDockercgroupdriver.Therecommendeddriveris"systemd".Pleasefollowtheguideathttps://kubernetes.io/docs/setup/cri/[preflight]Readingconfigurationfromthecluster...[preflight]FYI:Youcanlookatthisconfigfilewith'kubectl-nkube-systemgetcmkubeadm-config-oyaml'[kubelet-start]Downloadingconfigurationforthekubeletfromthe"kubelet-config-1.15"ConfigMapinthekube-systemnamespace[kubelet-start]Writingkubeletconfigurationtofile"/var/lib/kubelet/config.yaml"[kubelet-start]Writingkubeletenvironmentfilewithflagstofile"/var/lib/kubelet/kubeadm-flags.env"[kubelet-start]Activatingthekubeletservice[kubelet-start]WaitingforthekubelettoperformtheTLSBootstrap...Thisnodehasjoinedthecluster:Certificatesigningrequestwassenttoapiserverandaresponsewasreceived.TheKubeletwasinformedofthenewsecureconnectiondetails.Run'kubectlgetnodes'onthecontrol-planetoseethisnodejointhecluster.2.5安裝網(wǎng)絡插件只需要在Master節(jié)點執(zhí)行[root@k8s-master~]#wget/coreos/flannel/master/Documentation/kube-flannel.yml修改鏡像地址：(有可能默認不能拉取，確保能夠訪問到quay.io這個registery,否則修改如下內(nèi)容)[root@k8s-master~]#vimkube-flannel.yml進入編輯，把106行，120行的內(nèi)容，替換如下image，替換之后查看如下為正確[root@k8s-master~]#cat-nkube-flannel.yml|greplizhenliang/flannel:v0.11.0-amd64172image:lizhenliang/flannel:v0.11.0-amd64186image:lizhenliang/flannel:v0.11.0-amd64[root@k8s-master~]#kubectlapply-fkube-flannel.yml[root@k8s-master~]#kubectlgetpods-nkube-systemNAMEREADYSTATUSRESTARTSAGEcoredns-bccdc95cf-b9pz71/1Running010mcoredns-bccdc95cf-dfb581/1Running010metcd-k8s-master1/1Running09m47skube-apiserver-k8s-master1/1Running09m49skube-controller-manager-k8s-master1/1Running09m46skube-flannel-ds-amd64-5lqjb1/1Running02m6skube-flannel-ds-amd64-jvvpx0/1Init:0/102m6skube-proxy-hjwzg1/1Running010mkube-proxy-rxm2g1/1Running06m51skube-scheduler-k8s-master1/1Running09m41s2.6查看集群node狀態(tài)查看集群的node狀態(tài)，安裝完網(wǎng)絡工具之后，只有顯示如下狀態(tài)，所有節(jié)點全部都Ready好了之后才能繼續(xù)后面的操作[root@k8s-master~]#kubectlgetnodesNAMESTATUSROLESAGEVERSIONk8s-masterReadymaster37mv1.15.0k8s-node01Ready5m22sv1.15.0k8s-node02Ready5m18sv1.15.0[root@k8s-node01~]#kubectlgetpod-nkube-systemNAMEREADYSTATUSRESTARTSAGEcoredns-bccdc95cf-6pdgv1/1Running080mcoredns-bccdc95cf-f845x1/1Running080metcd-k8s-master1/1Running080mkube-apiserver-k8s-master1/1Running079mkube-controller-manager-k8s-master1/1Running080mkube-flannel-ds-amd64-chpz81/1Running070mkube-flannel-ds-amd64-jx56v1/1Running070mkube-flannel-ds-amd64-tsgvv1/1Running070mkube-proxy-d5b7l1/1Running080mkube-proxy-f7v461/1Running075mkube-proxy-wqhsj1/1Running078mkube-scheduler-k8s-master1/1Running080mkubernetes-dashboard-8499f49758-6f6ct1/1Running042m只有全部都為1/1則可以成功執(zhí)行后續(xù)步驟，如果flannel需檢查網(wǎng)絡情況，重新進行如下操作kubectldelete-fkube-flannel.yml然后重新wget，然后修改鏡像地址，然后kubectlapply-fkube-flannel.yml2.7創(chuàng)建一個nignx在Kubernetes集群中創(chuàng)建一個pod，然后暴露端口，驗證是否正常訪問：[root@k8s-master~]#kubectlcreatedeploymentnginx--image=nginxdeployment.apps/nginxcreated[root@k8s-master~]#kubectlexposedeploymentnginx--port=80--type=NodePortservice/nginxexposed[root@k8s-master~]#kubectlgetpods,svcNAMEREADYSTATUSRESTARTSAGEpod/nginx-554b9c67f9-wf5lm1/1Running024sNAMETYPECLUSTER-IPEXTERNAL-IPPORT(S)AGEservice/kubernetesClusterIP443/TCP39mservice/nginxNodePort5180:32039/TCP9s訪問地址：http://NodeIP:Port,此例就是：01:320392.8部署Dashboard[root@k8s-master~]#wget/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml[root@k8s-master~]#vimkubernetes-dashboard.yaml修改內(nèi)容：109spec:110containers:111-name:kubernetes-dashboard112image:lizhenliang/kubernetes-dashboard-amd64:v1.10.1#修改此行......157spec:158type:NodePort#增加此行159ports:160-port:443161targetPort:8443162nodePort:30001#增加此行163selector:164k8s-app:kubernetes-dashboard[root@k8s-master~]#kubectlapply-fkubernetes-dashboard.yaml[root@k8s-master~]#kubectlgetpod-nkube-system[root@k8s-master~]#kubectlgetpods,svc-nkube-system在火狐瀏覽器訪問(google受信任問題不能訪問)地址：01:30001創(chuàng)建serviceaccount并綁定默認cluster-admin管理員集群角色：[root@k8s-master~]#kubectlcreateserviceaccountdashboard-admin-nkube-system[root@k8s-master~]#kubectlcreateclusterrolebindingdashboard-admin--clusterrole=cluster-admin[root@k8s-master~]#kubectldescribesecrets-nkube-system$(kubectl-nkube-systemgetsecret|awk'/dashboard-admin/{print$1}')2.9解決其他瀏覽器不能訪問的問題[root@k8s-master~]#cd/etc/kubernetes/pki/[root@k8s-masterpki]#mkdirui[root@k8s-masterpki]#cpapiserver.crtui/[root@k8s-masterpki]#cpapiser