0
基于centos7.9二进制部署kubernetes1.25.4(下)
source link: https://blog.51cto.com/dayu/5860878
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
基于centos7.9二进制部署kubernetes1.25.4(下)
精选 原创8、安装Calico
# 以下步骤只在master01执行
[root@k8s-master01 k8s-ha-install]#cd /root/k8s-ha-install/calico/
# 更改calico的网段,主要需要将红色部分的网段,改为自己的Pod网段
[root@k8s-master01 calico]#sed -i "s#POD_CIDR#172.16.0.0/12#g" calico.yaml
# 检查网段是自己的Pod网段, grep "IPV4POOL_CIDR" calico.yaml -A 1
[root@k8s-master01 k8s-ha-install]#cd /root/k8s-ha-install/calico/
# 更改calico的网段,主要需要将红色部分的网段,改为自己的Pod网段
[root@k8s-master01 calico]#sed -i "s#POD_CIDR#172.16.0.0/12#g" calico.yaml
# 检查网段是自己的Pod网段, grep "IPV4POOL_CIDR" calico.yaml -A 1
更改后如下所示:
[root@k8s-master01 calico]# kubectl apply -f calico.yaml
#稍等几分钟,查看pod状态
[root@k8s-master01 k8s-ha-install]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-86d8c4fb68-9wtm4 1/1 Running 0 2m53s
calico-node-kwhrq 1/1 Running 0 2m52s
calico-node-nm7qs 1/1 Running 0 2m53s
calico-node-qkzlv 1/1 Running 0 2m53s
calico-node-tpl5n 1/1 Running 0 2m53s
calico-typha-768795f74d-bht5m 1/1 Running 0 2m53s
#稍等几分钟,查看pod状态
[root@k8s-master01 k8s-ha-install]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-86d8c4fb68-9wtm4 1/1 Running 0 2m53s
calico-node-kwhrq 1/1 Running 0 2m52s
calico-node-nm7qs 1/1 Running 0 2m53s
calico-node-qkzlv 1/1 Running 0 2m53s
calico-node-tpl5n 1/1 Running 0 2m53s
calico-typha-768795f74d-bht5m 1/1 Running 0 2m53s
9、安装CoreDNS
# master01
[root@k8s-master01 calico]# cd /root/k8s-ha-install/
# 如果更改了k8s service的网段需要将coredns的serviceIP改成k8s service网段的第十个IP
[root@k8s-master01 k8s-ha-install]# COREDNS_SERVICE_IP=`kubectl get svc | grep kubernetes | awk '{print $3}'`0
[root@k8s-master01 k8s-ha-install]# echo ${COREDNS_SERVICE_IP}
10.96.0.10
[root@k8s-master01 k8s-ha-install]# sed -i "s#KUBEDNS_SERVICE_IP#${COREDNS_SERVICE_IP}#g" CoreDNS/coredns.yaml
# 安装coredns
[root@k8s-master01 k8s-ha-install]# kubectl create -f CoreDNS/coredns.yaml
[root@k8s-master01 calico]# cd /root/k8s-ha-install/
# 如果更改了k8s service的网段需要将coredns的serviceIP改成k8s service网段的第十个IP
[root@k8s-master01 k8s-ha-install]# COREDNS_SERVICE_IP=`kubectl get svc | grep kubernetes | awk '{print $3}'`0
[root@k8s-master01 k8s-ha-install]# echo ${COREDNS_SERVICE_IP}
10.96.0.10
[root@k8s-master01 k8s-ha-install]# sed -i "s#KUBEDNS_SERVICE_IP#${COREDNS_SERVICE_IP}#g" CoreDNS/coredns.yaml
# 安装coredns
[root@k8s-master01 k8s-ha-install]# kubectl create -f CoreDNS/coredns.yaml
10、安装Metrics Server
说明:在新版的Kubernetes中系统资源的采集均使用Metrics-server,可以通过Metrics采集节点和Pod的内存、磁盘、CPU和网络的使用率。
# 安装metrics server
[root@k8s-master01 k8s-ha-install]# cd /root/k8s-ha-install/metrics-server
[root@k8s-master01 metrics-server]# ls
comp.yaml
[root@k8s-master01 metrics-server]# kubectl create -f .
[root@k8s-master01 metrics-server]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master01 Ready <none> 23m v1.25.4
k8s-master02 Ready <none> 22m v1.25.4
k8s-master03 Ready <none> 65s v1.25.4
k8s-node01 Ready <none> 22m v1.25.4
k8s-node02 Ready <none> 21m v1.25.4
[root@k8s-master01 k8s-ha-install]# cd /root/k8s-ha-install/metrics-server
[root@k8s-master01 metrics-server]# ls
comp.yaml
[root@k8s-master01 metrics-server]# kubectl create -f .
[root@k8s-master01 metrics-server]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master01 Ready <none> 23m v1.25.4
k8s-master02 Ready <none> 22m v1.25.4
k8s-master03 Ready <none> 65s v1.25.4
k8s-node01 Ready <none> 22m v1.25.4
k8s-node02 Ready <none> 21m v1.25.4
11、集群验证
安装busybox
[root@k8s-master01 metrics-server]# cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: registry.cn-beijing.aliyuncs.com/dotbalo/redis-trib:4.0.10
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
EOF
[root@k8s-master01 metrics-server]# kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 0 29s
1. Pod必须能解析Service
2. Pod必须能解析跨namespace的Service
3. 每个节点都必须要能访问Kubernetes的kubernetes svc 443和kube-dns的service 53
4. Pod和Pod之前要能通
a) 同namespace能通信
b) 跨namespace能通信
c) 跨机器能通信
[root@k8s-master01 metrics-server]# cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: registry.cn-beijing.aliyuncs.com/dotbalo/redis-trib:4.0.10
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
EOF
[root@k8s-master01 metrics-server]# kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 0 29s
1. Pod必须能解析Service
2. Pod必须能解析跨namespace的Service
3. 每个节点都必须要能访问Kubernetes的kubernetes svc 443和kube-dns的service 53
4. Pod和Pod之前要能通
a) 同namespace能通信
b) 跨namespace能通信
c) 跨机器能通信
12、安装dashboard
[root@k8s-master01 kubernetes]# cd /root/k8s-ha-install/dashboard/
[root@k8s-master01 dashboard]# kubectl create -f .
[root@k8s-master01 dashboard]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
# 创建管理员用户
[root@k8s-master01 dashboard]# vim admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
[root@k8s-master01 dashboard]# kubectl apply -f admin.yaml -n kube-system
# 查看token值(注意不要复制到空格):
[root@k8s-master01 dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
# 将ClusterIP更改为NodePort(如果已经为NodePort忽略此步骤):
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
[root@k8s-master01 dashboard]# kubectl create -f .
[root@k8s-master01 dashboard]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
# 创建管理员用户
[root@k8s-master01 dashboard]# vim admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
[root@k8s-master01 dashboard]# kubectl apply -f admin.yaml -n kube-system
# 查看token值(注意不要复制到空格):
[root@k8s-master01 dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
# 将ClusterIP更改为NodePort(如果已经为NodePort忽略此步骤):
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
根据自己的实例端口号,通过任意安装了kube-proxy的宿主机的IP+端口即可访问到dashboard:
访问Dashboard:[ https://192.168.100.156:31703/(请更改31703为自己的端口),选择登录方式为令牌(即token方式)
13、命令补全
[root@k8s-master01 dashboard]# yum install bash-completion -y
[root@k8s-master01 dashboard]# source /usr/share/bash-completion/bash_completion
[root@k8s-master01 dashboard]# source <(kubectl completion bash)
[root@k8s-master01 dashboard]# echo "source <(kubectl completion bash)" >> ~/.bashrc
[root@k8s-master01 dashboard]# source /usr/share/bash-completion/bash_completion
[root@k8s-master01 dashboard]# source <(kubectl completion bash)
[root@k8s-master01 dashboard]# echo "source <(kubectl completion bash)" >> ~/.bashrc
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK