Centos7服务器安装k8s

[toc]

防火墙状态与关闭

[root@localhost ~]# systemctl status firewalld.service 
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl disable firewalld.service

SELinux永久关闭or禁用

[root@localhost ~]# sudo nano /etc/selinux/config

把里面内容改为:

SELINUX=disabled

或者使用下面禁用方法

[root@localhost ~]# sudo setenforce 0
# 将 SELinux 设置为 permissive 模式意味着 SELinux 仍然会记录违规操作，但不会阻止它们。
[root@localhost ~]# sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

swap禁用

先把swap禁用

[root@localhost ~]# free -h
              total        used        free      shared  buff/cache   available
Mem:           3.7G        712M        2.3G         25M        697M        2.7G
Swap:          3.9G          0B        3.9G
[root@localhost ~]# swapoff -a  
[root@localhost ~]# free -h
              total        used        free      shared  buff/cache   available
Mem:           3.7G        708M        2.3G         25M        697M        2.7G
Swap:            0B          0B          0B

永久禁止swap启用

下面sed那个语句就是注释含有swap的配置行

[root@localhost ~]# sed -ri 's/.*swap.*/#&/' /etc/fstab

[root@localhost ~]# cat /etc/fstab

#
# /etc/fstab
# Created by anaconda on Thu May 30 04:10:42 2024
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=f6071794-cb7e-4882-ab44-ecddae691138 /boot                   xfs     defaults        0 0
/dev/mapper/centos-home /home                   xfs     defaults        0 0
#/dev/mapper/centos-swap swap                    swap    defaults        0 0

换源

更换软件源

[root@localhost ~]#  wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

然后更新

[root@localhost ~]# yum update -y && yum upgrade -y

更换docker软件源

[root@localhost ~]#  sudo yum install -y yum-utils
[root@localhost ~]#  sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

安装指定docker

yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7  containerd.io-1.4.6

docker配置

服务设置

设置重启docker和开机自启docker

[root@localhost ~]#  systemctl restart docker.service
[root@localhost ~]#  systemctl enable docker --now

阿里云docker镜像源配置设置

[root@localhost ~]#  sudo mkdir -p /etc/docker
[root@localhost ~]#  sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}
EOF
[root@localhost ~]#  sudo systemctl daemon-reload
[root@localhost ~]#  sudo systemctl restart docker

安装k8s

添加k8s软件源

[root@localhost ~]# cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
> [kubernetes]
> name=Kubernetes
> baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg \
>         http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> exclude=kubelet kubeadm kubectl
> EOF

k8s服务安装和设置

[root@localhost ~]# sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes

[root@localhost ~]# sudo systemctl enable --now kubelet

克隆

master

[root@localhost ~]# hostnamectl set-hostname master

echo "192.168.15.128  master" >> /etc/hosts

nodex

[root@localhost ~]# hostnamectl set-hostname node1

。。。

echo "192.168.15.128  master" >> /etc/hosts

。。。

主节点初始化

master

#主节点初始化
kubeadm init \
--apiserver-advertise-address=192.168.15.128 \
--control-plane-endpoint=master \
--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
--kubernetes-version v1.20.9 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=192.16.0.0/16

得到

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubeadm join master:6443 --token x80x7w.zdjqhivr1jopdk2i \
    --discovery-token-ca-cert-hash sha256:9e35229e76fd4c97e062fa4ddccb22bab93973ecb67cdaf073b7d3beab561ff0

但是先执行,剩下那个是给node节点的

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

下载网络组件

[root@master ~]# curl https://docs.projectcalico.org/v3.20/manifests/calico.yaml -O

应用网络组件

[root@master ~]# kubectl apply -f calico.yaml 

查看集群部署了哪些应用

#查看集群部署了哪些应用？
docker ps   ===   kubectl get pods -A
# 运行中的应用在docker里面叫容器，在k8s里面叫Pod
kubectl get pods -A

node

子节点加入master

kubeadm join master:6443 --token x80x7w.zdjqhivr1jopdk2i \
    --discovery-token-ca-cert-hash sha256:9e35229e76fd4c97e062fa4ddccb22bab93973ecb67cdaf073b7d3beab561ff0

验证集群

[root@master ~]# kubectl get nodes
NAME     STATUS   ROLES                  AGE   VERSION
master   Ready    control-plane,master   79m   v1.20.9
node1    Ready    <none>                 23m   v1.20.9
node2    Ready    <none>                 23m   v1.20.9

K8S命令

生成新的令牌： 使用 kubeadm token create 命令生成一个新的加入令牌：

kubeadm token create --print-join-command

检查和管理现有令牌

1. 查看现有令牌： 你可以使用以下命令查看当前有效的令牌：

   kubeadm token list

2. 删除过期令牌： 如果有需要，可以删除过期或不再使用的令牌：

   kubeadm token delete <token-id>

部署dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

recommended.yaml

可以通过下面命令查看dashboard启动情况

[root@master ~]# kubectl get pod -A
NAMESPACE              NAME                                         READY   STATUS    RESTARTS   AGE
kube-system            calico-kube-controllers-577f77cb5c-gmhpd     1/1     Running   1          146m
kube-system            calico-node-bm67j                            1/1     Running   1          129m
kube-system            calico-node-h55js                            1/1     Running   1          146m
kube-system            calico-node-j8x6m                            1/1     Running   1          129m
kube-system            coredns-5897cd56c4-gd2qj                     1/1     Running   1          3h4m
kube-system            coredns-5897cd56c4-ltk4h                     1/1     Running   1          3h4m
kube-system            etcd-master                                  1/1     Running   1          3h4m
kube-system            kube-apiserver-master                        1/1     Running   1          3h4m
kube-system            kube-controller-manager-master               1/1     Running   1          3h4m
kube-system            kube-proxy-72hqs                             1/1     Running   1          3h4m
kube-system            kube-proxy-dw6z2                             1/1     Running   1          129m
kube-system            kube-proxy-xlxqj                             1/1     Running   1          129m
kube-system            kube-scheduler-master                        1/1     Running   1          3h4m
kubernetes-dashboard   dashboard-metrics-scraper-79c5968bdc-nkbtb   1/1     Running   0          37m
kubernetes-dashboard   kubernetes-dashboard-658485d5c7-v9mll        1/1     Running   0          37m

知道NAMESPACE之后，设置访问端口

kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

type: ClusterIP 改为 type: NodePort

查找访问端口

[root@master ~]# kubectl get svc -A |grep kubernetes-dashboard
kubernetes-dashboard   dashboard-metrics-scraper   ClusterIP   10.96.11.165   <none>        8000/TCP                 39m
kubernetes-dashboard   kubernetes-dashboard        NodePort    10.96.158.40   <none>        443:31718/TCP            39m

## 找到端口，在安全组放行,这里31718端口就是要访问的端口

不安全问题

无论是在谷歌浏览器还是edge浏览器都会出现这个，而且没得点进去好吧！这个时候可以在键盘输入thisisunsafe这个命令，页面自动给你跳转进去，非常神奇。

输入那个命令就跳转这个了

创建访问账号

#创建访问账号，准备一个yaml文件； nano dash-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

执行命令

kubectl apply -f dash-user.yaml

令牌访问

#获取访问令牌
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

eyJhbGciOiJSUzI1NiIsImtpZCI6IjRoa3k4djFzNUp4eENjN0Y0aXBybHNNaTFQd3hVM09HWGhLU24ycE9DMkkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTl4c3ZnIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhODI0YmQxYS1jNjc4LTQzYmUtODhkOC0wYTkxNDhjZjhmYTgiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.EaVJeEKLHTr_Oh05GkUTzuwYKdOQfa8slgz-RzRZfE9ow8wmU7JbWNOR5YMT9bhb_sYi5LTjtvcgPqM6szCOGzW1mc0sPurRorkCaxgLW-K61PPGfPmB54HJvBCG-Cp65vAM4AyKCEPVj-cNMgncpyxe9yuik4z69mwt632Idb1Lcdhf5Vut_1LmGQMc1osRqAF4jVcFy-uPRv4CE2RBR1PL_GXEDHsS4KQjttVyUWwf2lqJ0ZefWvjMUCVazXeQI16QHLRTiXBdpg_iOwk8lXsHvV_I4ZdhClZr8FxTa9Cg5-njG9iGvgmZ2mkvZnM2c_dzlh5y98cAKRaRR0HbaA

把得到的令牌粘贴到token里面

命令

# 随机一个机子拉取nginx
kubectl run mynginx --image=nginx
# 查看default名称空间的Pod
kubectl get pod 
# 描述
kubectl describe pod 你自己的Pod名字
# 删除
kubectl delete pod 你自己的Pod名字
# 查看Pod的运行日志
kubectl logs Pod名字
# 每个Pod - k8s都会分配一个ip
kubectl get pod -owide
# 使用Pod的ip+pod里面运行容器的端口
curl 192.168.169.136
# 集群中的任意一个机器以及任意的应用都能通过Pod分配的ip来访问这个Pod

test

nginx.yaml

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: mynginx
  name: mynginx
#  namespace: default
spec:
  containers:
  - image: nginx
    name: mynginx

myapp.yaml

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: myapp
  name: myapp
spec:
  containers:
  - image: nginx
    name: nginx
  - image: tomcat:8.5.68
    name: tomcat