Foreword:
The microservices haven't played around yet, and the advent of the service grid has admired me for three consecutive times. In accordance with the principle of not dying without death, I conducted a deep (ru) study. This series consists of 4 articles, namely "Installation of k8s and DashBoard based on kubeadm of service grid", "Installation of Istio based on Kubernetes of service grid", "Istio basic practice of service grid", "Service grid Use Istio to develop microservices.
The road to learning is bumpy, but this road is pit after pit, pitting you to doubt your life. Therefore, this article gathered the best practices on the Internet and my pit-stepping practices, and concluded that the installation of k8s tutorial without pits and routines is applauded and encouraged.
Opening words:
Note: If the status of k8s is wrong, please check the status of kubelet service and pay attention to whether the set host takes effect
#View kubelet log information
journalctl -xeu kubelet
Environment: The installation environment is a Hyper-V virtual machine, running CentOS 7, and Kubernetes is 1.18
Basic settings of the machine
Create a virtual machine.
Use Hyper-V to create a virtual machine and install CentOS. How CentOS in Hyper-V goes to the Internet is a question.
The easiest way is to create a network in Hyper-V, and then use the created network for the virtual machine. At the same time, it can be shared in the network of its own physical machine to the network created in Hyper-V, so that the virtual machine can access the external network, as shown in the figure:
The hostname can be set on only one machine, or on all nodes.
#Master node execution hostnamectl set-hostname k8s-master #Execute from the node hostnamectl set-hostname k8s-node1
Modify the / etc / hosts file to map hostname and ip address.
vim /etc/hosts ## Append the following content to the file ip address k8s - master ip address k8s -node1
Set a static IP address to prevent the IP from changing every time you restart.
#Switch to this path cd /etc/sysconfig/network-scripts #View 文件 信息 ls # Edit the first file, the general name is ifcfg- ens + number, my local is ifcfg- eth0 vim ifcfg-eth0 BOOTPROTO = " static " #Modify to static IPADDR = 192.168 . 242.138 #Can be modified by yourself GATEWAY = 192.168 . 242.2 # It is the same as the gateway in the network created on the physical machine NETMASK = 255.255 . 255.0 ONBOOT = yes
Set up DNS
vim /etc/resolv.conf #Write the following nameserver 192.168 . 242.2 #Same as gateway
Restart network service
service network restart
test
ping www.baidu.com
Turn off and disable the firewall
systemctl stop firewalld
systemctl disable firewalld
Close SeLinux
Close selinux to allow the container to access the host's file system.
#禁用 sed -i 's/enforcing/disabled/' /etc/selinux/config #Verify that it is closed cat /etc/selinux/config
Disable swap
If you do not close the operation of kubernetes, an error will occur. Even if the installation is successful, the operation error of kubern etes server will also appear after node restarts .
#Edit the file, use # annotate swap
vim /etc/fstab
Restart the computer
reboot
View swap
free -h
View selinux status
getenforce Disabled
Docker settings
Configure Docker's yum installation source and install docker-ce.
Configure docker installation source
yum -y install yum-utils yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Check the available versions and select the appropriate version
yum list docker-ce --showduplicates|grep "^doc"|sort -r
installation
yum -y install docker-ce-18.06.1.ce-3.el7
Start docker
systemctl start docker
systemctl enable docker
#Verify the status of docker
systemctl status docker
Install k8s
Configure kubernetes as Alibaba Cloud yum mirror
echo "[kubernetes]name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 pgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg" > /etc/yum.repos.d/kubernetes.repo
Install kubernetes components
yum install -y parenting beadm kubectl --disableexcludes = kubernetes systemctl enable
# #验证验证 parenting 状态
systemctl status parenting
The previous command should be executed on the master and each node separately.
Install kubernetes master node
Note that if it is a single-node Kubernetes, you need to set to allow pods to be distributed on the master node, as follows
kubectl taint nodes --all node-role.kubernetes.io/master-
Make a list of images that need to be installed
kubeadm config images list
Install pull tool
curl -Lo /usr/local/bin/azk8spull https://github.com/xuxinkun/littleTools/releases/download/v1.0.0/azk8spullchmod +x /usr/local/bin/azk8spull
How to use: azk8spull k8s.gcr.io/pause:3.1
Use the azk8spull tool to pull the required images in sequence
Network Configuration
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables echo 1 > /proc/sys/net/ipv4/ip_forward
Initialize the master
sudo kubeadm init --pod-network-cidr = 10.244 . 0.0 / 16
Note: You must set --pod-network-cidr, the ip address is best written as above, because this is also the same as the flannel address
After the installation is successful, the statement and token value of the join cluster will be output as follows:
Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.137.205:6443 --token 66ym67.0wdrafrclpzuwk74 --discovery-token-ca-cert-hash sha256:e7b32df67ec6d75bf79c94499a40450aa5e33f6b23365cd7f0f6eaeba4f15c70
Can be saved for node installation
If the installation fails, you can reset
kubeadm reset
Configure authorization information
After the init is successful, the master node is initialized successfully, and some operations will be prompted after the success. (If it fails, make improvements based on the problem).
To start using the cluster, you need to run the following command:
That is to configure authorization information, mainly to save the related configuration information in the user directory, so that there is no need to enter the relevant authentication information every time.
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
Check kubelet configuration
cat / var / lib / kubelet / kubeadm-flags. env
KUBELET_KUBEADM_ARGS = - cgroup-driver = cgroupfs --network-plugin = cni
Install flannel
Flannel is an Overlay Network tool designed by the CoreOS team for Kubernetes. Its purpose is to help every CoreOS host using Kuberentes have a complete subnet.
sysctl net.bridge.bridge-nf-call-iptables=kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml systemctl restart docker kubectl get nodes
Install node
If you only want to install master, you can skip
1. Install the image
2. Network configuration
3. Use the statement saved in the master to join the node to the cluster
kubeadm join 192.168.137.205:6443 --token 66ym67.0wdrafrclpzuwk74 --discovery-token-ca-cert-hash sha256:e7b32df67ec6d75bf79c94499a40450aa5e33f6b23365cd7f0f6eaeba4f15c70
If you forget, you can use the following statement to get
kubeadm token create --print-join-command
Install dashboard
Get dashboard's yaml file
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
如果有墙,可以先把文件下载下来,然后复制到服务器
安装dashboard到k8s
kubectl apply -f kubernetes-dashboard.yaml
创建Admin用户
kubectl create clusterrolebinding admin --clusterrole=cluster-admin --user=admin
绑定Admin用户到kubernetes-dashboard服务
####如提示已经存在,则修改 clusterrolebinding 后的名称即可
kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
进行端口转发
默认情况下,dashboard只能在localhost访问,所以需要对端口转发
####这样使用https://ip:10443端口访问即可 nohup kubectl port-forward -n kubernetes-dashboard service/kubernetes-dashboard 10443:443 --address 0.0.0.0 &
经过一系列操作之后,可以通过https://ip:10443进行访问,但是此时是只能通过token访问的,token获取方式如下:
####执行如下命令,获取所有的secret,找到名字为dashboard-admin的kubectl get secrets NAME TYPE DATA
AGEdashboard-admin-sa-token-zhjng kubernetes.io/service-account-token 3 16h
default-token-vqjcd kubernetes.io/service-account-token 3 17h ####执行如下命令,获取Token kubectl describe secret dashboard-admin-sa-token-zhjng
复制输出的token到登录界面即可。
启用Basic Auth(用户名和密码)
默认是token方式,比较繁琐
编辑kubernetes-dashboard.yaml文件(默认在/etc/kubernetesdashboard下)
####找到kind为Deployment下的containers-->节点,加入如下配置,默认为token
- --authentication-mode=basic
保存退出,现在访问https://ip:10443会有一个用户名和密码的输入框,可以登录成功,但是看不到数据。
通过kubectl getpods -n kubernetes-dashboard 查看DashBoard的pods状态,如果状态不为 Running,则表明其实失败或启动中。可以通过 kubectl describe pods -n kubernetes-dashboard进行查看,确定是否存在异常,如果发现最后的状态是Pull Image,表明拉取镜像太慢,可以手动通过 azk8spull imagename或者是通过docker pull imagename手动拉取。
Tips:强制替换执行yaml文件
kubectl replace --force -f kubernetes-dashboard.yaml
解决访问安全问题
经过上边的操作,可以使用用户名和密码登录,但是看不到数据,继续折腾。创建包含用户名和密码的csv文件
####格式是 密码,用户名,uid echo "admin,admin,1" > /etc/kubernetes/config/basic_auth.csv
编辑kube-apiserver.yaml文件
vim /etc/kubernetes/mainfests/kube-apierver.yaml ####找到-kube-apiserver节点,加入如下配置,注意层级 - --basic-auth-file=/etc/kubernetes/config/k8sdashboardauth.csv - --authorization-mode=Node,RBAC ####由于使用了配置文件,则需要把宿主机器的config文件夹挂载到容器中 ####1.在配置文件中找到volumes节点,加入如下配置,注意层级 - hostPath: path: /etc/kubernetes/config type: DirectoryOrCreate name: k8s-auth-config ####2.在配置文件中找到volumeMounts节点,加入如下配置,注意层级 - mountPath: /etc/kubernetes/config name: k8s-auth-config readOnly: true ####退出编辑,保存文件
这个时候,退出登录DashBoard,重新登录,不出意外,可以看到所有的数据了,到此为止,DashBoard实现了使用用户名和密码登录。
注意:不管是启动的kubernest相关的组件,还是DashBoard,都是运行在docker中的容器,当出现问题的时候,可以使用docker logs 容器名称(容器id)查看日志,或者使用 kubectl pods -n namespace方式查看pod的信息,进行确定问题所在。
总结:
通过一步一步,我们终于把kubernetes给安装成功了,同时也安装了一个dashboard可以可视化操作,也开启了用户名和密码方式的登录。到这里,kubernetes的安装工作就完成了,相信你跟着上述的步骤,可以成功的安装成功。
参考文章
https://blog.csdn.net/jholy/article/details/84962357