Kubernetes
kubernetes其实就是容器集群的管理系统 。
1.安装
1.安装docker。(以前博客有安装docker的教程)
2.关闭Centos自带的防火墙服务 。
3.初始化系统,安装kubernetes所需的相关程序(所有master和node节点) 。
#vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
4.关闭selinux
setenforce 0
5.安装K8S组件 执行以下命令安装kubelet、kubeadm、kubectl:
#指定版本否则都会默认安装库中最新版本,会因为彼此依赖的版本不同安装失败,版本一定要选择好
$ yum install -y kubelet-1.13.1 kubeadm-1.13.1 kubectl-1.13.1 kubernetes-cni-0.6.0
#设置开机启动并启动kubelet
$ systemctl enable kubelet && systemctl start kubelet
6.查看需要依赖的镜像版本
#kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.13.1
k8s.gcr.io/kube-controller-manager:v1.13.1
k8s.gcr.io/kube-scheduler:v1.13.1
k8s.gcr.io/kube-proxy:v1.13.1
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.2.24
k8s.gcr.io/coredns:1.2.6
7.新建一个sh文件,内容如下:
下载k8s相关镜像,下载后将镜像名改为k8s.gcr.io/开头的名字,以便kubeadm识别使用)
#!/bin/bash
images=(
kube-apiserver:v1.13.2
kube-controller-manager:v1.13.2
kube-scheduler:v1.13.2
kube-proxy:v1.13.2
pause:3.1
etcd:3.2.24
coredns:1.2.6
)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/${image} k8s.gcr.io/${imageName}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}
done
**如果那个脚本不管用,就手动拉取、改镜像名称:**虽然笨了一点!
$拉取镜像
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24&&
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1&&
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.13.1&&
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.13.1&&
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.13.1&&
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.13.1&&
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.6
$修改镜像名称,要改成k8s.gcr.io开头的才有效。
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.13.1 k8s.gcr.io/kube-proxy:v1.13.1&&
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.13.1 k8s.gcr.io/kube-apiserver:v1.13.1&&
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.13.1 k8s.gcr.io/kube-controller-manager:v1.13.1&&
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.13.1 k8s.gcr.io/kube-scheduler:v1.13.1&&
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1&&
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6&&
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
$删除原始的镜像
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24&&
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1&&
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.13.1&&
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.13.1&&
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.13.1&&
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.13.1&&
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.6
8.初始化
kubeadm init --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.13.1
出现:Your Kubernetes master has initialized successfully!
说明安装成功!!!
9.配置访问集群的,同时好需要执行如下命令:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
10.执行命令如下: 增加污点,使master和node可以运行在同一服务器上
kubectl taint nodes --all node-role.kubernetes.io/master-
11.验证master节点信息
kubectl get cs
安装失败了??不要怕,再来一次!k8s卸载:好用!!! 执行就完事了
kubeadm reset -f
modprobe -r ipip
lsmod
rm -rf ~/.kube/
rm -rf /etc/kubernetes/
rm -rf /etc/systemd/system/kubelet.service.d
rm -rf /etc/systemd/system/kubelet.service
rm -rf /usr/bin/kube*
rm -rf /etc/cni
rm -rf /opt/cni
rm -rf /var/lib/etcd
rm -rf /var/etcd
yum clean all
yum remove kube*
遇到问题查看K8S日志:journalctl -xefu kubelet
查看pod状态:
kubectl get pods --all-namespaces
遇到问题汇总:
转载:https://zhuanlan.zhihu.com/p/114072542
这个汇总的很全面!
遇到问题:初始化集群coredns容器一直处于pending状态
解决:缺少网络插件,部署flannel网络插件
部署:
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看状态:
kubectl describe pod -n kube-system kube-flannel-ds-amd64-c4h6p
手动拉取镜像:
docker pull quay.io/coreos/flannel:你的版本
拉取完成后:flannel的pod起来后过一会coredns也就起来了
2.可视化界面安装
需要可视化界面的可以安装:
下载文件:
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
修改文件:
vi recommended.yaml
修改Service部分
-----------------------------------------------
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30443
selector:
k8s-app: kubernetes-dashboard
修改完以后更新配置
kubectl apply -f recommended.yaml
浏览器访问dashboard:
https://10.129.123.145:30443
选择token登录的方式,拿token命令如下:
$查看secrets名称
kubectl -n kubernetes-dashboard get secrets
$获取token
kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-token-bmr6n
我的是kubernetes-dashboard-token-bmr6n,你要替换成你的secrets名称才行!
成功!!!
配置RBGA权限查看OpenAPI (如果你想看API就搞这个,否则不用)
通过https://10.127.253.212:6443/swagger-ui.html 可以访问api的接口,查看相关开发接口,
token就是登陆ui界面的token,我访问的时候报错403-Forbidden ,禁止访问了,我想肯定是权限问题,就查阅资料,果然是因为RBGA(反正就是管理权限的东西)没有配好,具体操作一大堆,我也没看懂呢,因为我这是开发环境,先关闭了它再说(就是这么暴力!)
vim /etc/kubernetes/manifests/kube-apiserver.yaml
修改完不用重新apply,它会自动生效的,避免重新启动造成端口冲突的问题。
就是这一行,注释掉就行了,完美访问!
postman的setting中ssl的设置要关了才行!!!!