kubeadm方式安装k8s
1、Master高可用其他 master 加⼊集群时,输⼊如下命令 如:必要⾼可⽤时,⼜克隆了 master02、03...等,那么这些节点都执⾏下⾯的命令 留意:每个主机的 token 值是不⼀样的,下⾯是我192.168.15.11 (master)主机的 token 值,这是集群初始化⽣成的代码,必要在当时记录下来。kubeadm join 192.168.15.11:6443 --token
7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash \
sha256:73dc6f8d973fc70818e309386c1bfc5d330c19d52b4
94c6f88f634a6b1250a2f \
--control-plane --certificate-key \
80fcc505867ccbc6550c18ed11f40e64ecf486d626403823f5
48dda65c19953d 2、Token 逾期处置惩罚 留意: * * 以下步骤是上述初始化命令产⽣的 Token 逾期了才必要执⾏以下步骤,假如没有逾期不必要执⾏,直接 join 即可。 **Token 逾期后⽣成新的 token kubeadm token create --print-join-command Master 必要⽣成 --certificate-key: kubeadm init phase upload-certs --upload-certs 3、、Node 节点设置 Node 节点上主要部署公司的⼀些业务应⽤,⽣产情况中不发起 Master 节点部署系统组件之外的其他 Pod ,测试情况可以答应 Master 节点部署 Pod 以节流系统资源。 ( 1 ) node 加⼊集群 # kubeadm join
192.168.15.11:6443 --token 7t2weq.bjbawausm0jaxury
\ # node01通过复制master初始化⽣成的token来加⼊集群
> --discovery-token-ca-cert-hash \
>
sha256:73dc6f8d973fc70818e309386c1bfc5d330c19d52b4
94c6f88f634a6b1250a2f
Running pre-flight checks
Reading configuration from the
cluster...
FYI: You can look at this config file
with 'kubectl -n kube-system get cm kubeadm-config
-o yaml'
Writing kubelet configuration to
file "/var/lib/kubelet/config.yaml"
Writing kubelet environment file
with flags to file "/var/lib/kubelet/kubeadmflags.env"
Starting the kubelet
Waiting for the kubelet to perform
the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to
apiserver and a response was received.
* The Kubelet was informed of the new secure
connection details.
Run 'kubectl get nodes' on the control-plane to
see this node join the cluster.
# 正确加⼊集群后的输出信息 ( 2 )检察集群状态 master 上检察集群状态( NotReady 不影响) # kubectl get node # 获取所有节
点信息
NAME STATUS ROLES AGE
VERSION
k8s-master NotReady control-plane 35m
v1.28.2
k8s-node01 NotReady <none> 6m39s
v1.28.2
k8s-node02 NotReady <none> 7m27s
v1.28.2 4、Calico 组件安装 ( 1 )切换 git 分⽀ # cd /root/k8s-ha-install &&
git checkout manual-installation-v1.28.x && cd
calico/
分⽀ 'manual-installation-v1.28.x' 设置为跟踪
'origin/manual-installation-v1.28.x'。
切换到⼀个新分⽀ 'manual-installation-v1.28.x' ( 2 )修改 Pod ⽹段 # POD_SUBNET=`cat
/etc/kubernetes/manifests/kube-controllermanager.yaml | grep cluster-cidr= | awk -F=
'{print $NF}'` # 获取已定义的Pod⽹段
# sed -i
"s#POD_CIDR#${POD_SUBNET}#g" calico.yaml # 修改
calico.yml⽂件中的pod⽹段
# kubectl apply -f
calico.yaml # 创建calico的pod ( 3 )检察容器和节点状态 # kubectl get po -n kubesystem
NAME READY
STATUS RESTARTS AGE
calico-kube-controllers-6d48795585-wj8g5 1/1
Running 0 130m
calico-node-bk4p5 1/1
Running 0 130m
calico-node-kmsh7 1/1
Running 0 130m
calico-node-qthgh 1/1
Running 0 130m
coredns-6554b8b87f-jdc2b 1/1
Running 0 133m
coredns-6554b8b87f-thftb 1/1
Running 0 133m
etcd-master 1/1
Running 0 133m
kube-apiserver-master 1/1
Running 0 133m
kube-controller-manager-master 1/1
Running 0 133m
kube-proxy-46j4z 1/1
Running 0 131m
kube-proxy-8g887 1/1
Running 0 133m
kube-proxy-vwp27 1/1
Running 0 131m
kube-scheduler-master 1/1
Running 0 133m
# kubectl get node # 此
时节点全部准备完成
NAME STATUS ROLES AGE
VERSION
k8s-master Ready control-plane 40m
v1.28.2
k8s-node01 Ready <none> 12m
v1.28.2
k8s-node02 Ready <none> 12m
v1.28.2 5、Metrics 部署 在新版的 Kubernetes 中系统资源的采集均使⽤ Metrics-server ,可以通过 Metrics 采集节点和 Pod 的内存、磁盘、 CPU 和⽹络的使⽤率。 ( 1 )复制证书到全部 node 节点 将 master 节点的 front-proxy-ca.crt 复制到全部 Node 节点,每有⼀个节点执⾏⼀次,仅需修改命令内的 node 节点主机名即可。 # scp
/etc/kubernetes/pki/front-proxy-ca.crt k8snode01:/etc/kubernetes/pki/front-proxy-ca.crt #
向node01节点发送代理证书
front-proxy-ca.crt
100% 1123 937.0KB/s 00:00
# scp
/etc/kubernetes/pki/front-proxy-ca.crt k8snode02:/etc/kubernetes/pki/front-proxy-ca.crt #
向node02节点发送代理证书
front-proxy-ca.crt
100% 1123 957.4KB/s 00:00
# 若有其他node节点,按照格式执⾏下⾯命令,这⾥不⽤执⾏,因
为node只有两台主机
# scp
/etc/kubernetes/pki/front-proxy-ca.crt k8snode03:/etc/kubernetes/pki/front-proxy-ca.crt ( 2 )安装 metrics server # cd /root/k8s-hainstall/kubeadm-metrics-server
# kubectl
create -f comp.yaml # 添加metric server的pod资源
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggre
gated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metri
cs-server created
rolebinding.rbac.authorization.k8s.io/metricsserver-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metri
cs-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/syste
m:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.
k8s.io created ( 3 )检察 metrics server 状态 # kubectl get
po -n kube-system -l k8s-app=metrics-server # 在
kube-system命名空间下查看metrics server的pod运⾏状态
NAME READY STATUS
RESTARTS AGE
metrics-server-8df99c47f-mkbfd 1/1 Running
0 34s
# kubectl top
node # 查看node节点的系统资源使⽤情况
NAME CPU(cores) CPU% MEMORY(bytes)
MEMORY%
k8s-node01 51m 1% 831Mi
23%
k8s-node02 55m 1% 931Mi
25%
master 107m 2% 1412Mi
39%
# kubectl top
po -A
NAMESPACE NAME
CPU(cores) MEMORY(bytes)
kube-system calico-kube-controllers-6d48795585-
wj8g5 2m 25Mi
kube-system calico-node-bk4p5
20m 155Mi
kube-system calico-node-kmsh7
25m 152Mi
kube-system calico-node-qthgh
24m 145Mi
kube-system coredns-6554b8b87f-jdc2b
1m 22Mi
kube-system coredns-6554b8b87f-thftb
1m 20Mi
kube-system etcd-master
14m 66Mi
kube-system kube-apiserver-master
29m 301Mi
kube-system kube-controller-manager-master
10m 56Mi
kube-system kube-proxy-46j4z
1m 22Mi
kube-system kube-proxy-8g887
1m 24Mi
kube-system kube-proxy-vwp27
1m 22Mi
kube-system kube-scheduler-master
2m 26Mi
kube-system metrics-server-8df99c47f-mkbfd
3m 29Mi 6、Dashboard 部署 Dashboard ⽤于展示集群中的各类资源,同时也可以通过 Dashboard 及时检察 Pod 的⽇志和在容器中执⾏⼀些命令等。 ( 1 )安装组件 # cd
/root/k8s-ha-install/dashboard/
# kubectl create -f . #
建⽴dashboard的pod资源
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin
-user created
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetesdashboard created
clusterrole.rbac.authorization.k8s.io/kubernetesdashboard created
rolebinding.rbac.authorization.k8s.io/kubernetesdashboard created
clusterrolebinding.rbac.authorization.k8s.io/kuber
netes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created ( 2 )登录 dashboard 假如是⾕歌浏览器,必要在启动⽂件中加⼊下⾯的启动参数,⽤于办理⽆法访问 Dashboard 的题目 --test-type --ignore-certificate-errors https://i-blog.csdnimg.cn/direct/99155940e5c24b6bb93dc9689bd60bec.png ( 3 )更改 svc 模式 # kubectl edit svc
kubernetes-dashboard -n kubernetes-dashboard
# edit:进⼊kubernetes的⽂本编辑器
# svc:指定某个服务项,这⾥指定的是kubernetes-dashboard
# -n:指定命名空间,kubernetes-dashboard
# 命令执⾏后相当于进⼊vim⽂本编辑器,不要⽤⿏标滚轮,会输出
乱码的!可以使⽤“/”搜索,输⼊“/type”找到⽬标,如果已经为
NodePort忽略此步骤
......省略部分内容......
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort https://i-blog.csdnimg.cn/direct/82cb2581429e48f699f502d016e28b1a.png
( 4 )检察访问端⼝号 # kubectl get svc
kubernetes-dashboard -n kubernetes-dashboard # 获
取kubernetes-dashboard状态信息,包含端⼝,服务IP等
NAME TYPE CLUSTER-IP
EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.96.137.94
<none> 443:30582/TCP 8m50s 找到端⼝号后,通过 master 的 IP+ 端⼝ 即可访问 dashboard (端⼝为终端查询到的端⼝,要⽤ https 协议访问) https://i-blog.csdnimg.cn/direct/3ce02b0cfafa4808809c13ff6334ee4c.png ( 5 )创建登录 token # kubectl create token
admin-user -n kube-system
eyJhbGciOiJSUzI1NiIsImtpZCI6Inlvc2g1cWhWcjduaXI1ZU
FpQWNwRFJYYW1saXVFM3lrdlJnaHlUSmY0RTAifQ.eyJhdWQiO
lsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN
0ZXIubG9jYWwiXSwiZXhwIjoxNzAzMDU2Nzg4LCJpYXQiOjE3M
DMwNTMxODgsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZ
hdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pb
yI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2V
hY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiN
zE0YWU1N2UtNjRiNC00NTU0LTk5OTctYjE2NmEwZTQyNzhjIn1
9LCJuYmYiOjE3MDMwNTMxODgsInN1YiI6InN5c3RlbTpzZXJ2a
WNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbi11c2VyIn0.l6z
gXfNhppndKAqFJrR_vCi7w0_esGp7yQGNYdrQGlE5latyFKRXN
Jub8dvDe-ZyquW1H-KTvZntAluwOXv79WKY8Z8d31FePN9LHzCXPDordzyg8rE7qvgAPNeU8FgVnYtr_ujpBmuBinjnzT7LjysJiBi6fsndiD5RUYcYr6bsLg91bcLgAdW3bn_
9W5587z_q-910wpxl9AwUL9xVzyvsVDDdXe1VthkoGYxyaznRf5omkmpwabQ3JQ0L8U_8Oop6HaZs
g5cEBCqBHrgyjBsYRALjzRlFlC9CB4hrYY4P_zRSdoI0lyiG4Z
eh0ber6awoeeKSMbJMTqwMlw 在 “ 输⼊ token *” 内输⼊终端⽣成的 token https://i-blog.csdnimg.cn/direct/00376c9f5d2e4bcfa972dce04b7c3833.png
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]