Kubernetes1.12版本三节点详细搭建及Dashboard

一. Kubernetes简介

二. Kubernetes搭建环境
Centos7系统
Mster节点 190.168.3.230
Node1节点 190.168.3.231
Node2节点 190.168.3.232
Etcd三节点高可用
搭建之间确保三台主机时间同步,关闭selinux和firewalld
三.搭建Kubernetes
1.搭建etcd
自签Etcd SSL证书,并在三节点搭建etcd集群

a.下载生成证书工具,并检查安装是否正常
vim cfssl.sh
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo

b.为etcd生成证书

[[email protected] etcd-cert]# vim etcd-cert.sh
cat > ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"www": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF

cat > ca-csr.json <<EOF
{
"CN": "etcd CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing"
}
]
}
EOF

cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

#-----------------------
cat > server-csr.json <<EOF
{
"CN": "etcd",
"hosts": [
"190.168.3.230",
"190.168.3.231",
"190.168.3.232"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
EOF

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server

注:将server-csr.json 文件里的hosts地址改为etcd三台集群的地址

执行ca证书脚本

c.安装master节点的etcd
下载etcd包

创建etcd目录,并将服务脚本拷贝到etcd的工作目录下/opt/etcd/bin/

创建etcd.sh 生成配置文件脚本
[[email protected] k8s]# vim etcd.sh
[[email protected] k8s]# chmod +x etcd.sh
#!/bin/bash

example: ./etcd.sh etcd01 192.168.1.10 etcd02=https://192.168.1.11:2380,etcd03=https://192.168.1.12:2380

ETCD_NAME=$1
ETCD_IP=$2
ETCD_CLUSTER=$3

WORK_DIR=/opt/etcd

cat <<EOF >$WORK_DIR/cfg/etcd
#[Member]
ETCD_NAME="${ETCD_NAME}"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://${ETCD_IP}:2380"
ETCD_LISTEN_CLIENT_URLS="https://${ETCD_IP}:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://${ETCD_IP}:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://${ETCD_IP}:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://${ETCD_IP}:2380,${ETCD_CLUSTER}"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF

cat <<EOF >/usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=${WORK_DIR}/cfg/etcd
ExecStart=${WORK_DIR}/bin/etcd \
--name=\${ETCD_NAME} \
--data-dir=\${ETCD_DATA_DIR} \
--listen-peer-urls=\${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=\${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls=\${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=\${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=\${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=\${ETCD_INITIAL_CLUSTER_TOKEN} \
--initial-cluster-state=new \
--cert-file=${WORK_DIR}/ssl/server.pem \
--key-file=${WORK_DIR}/ssl/server-key.pem \
--peer-cert-file=${WORK_DIR}/ssl/server.pem \
--peer-key-file=${WORK_DIR}/ssl/server-key.pem \
--trusted-ca-file=${WORK_DIR}/ssl/ca.pem \
--peer-trusted-ca-file=${WORK_DIR}/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable etcd
systemctl restart etcd

[[email protected] k8s]# ./etcd.sh etcd01 190.168.3.230 etcd02=https://190.168.3.231:2380,etcd03=https://190.168.3.232:2380

查看生成的etcd配置文件

将之前生成的证书拷贝到/opt/etcd/ssl下

拷贝完后启动服务,第一次主节点启动服务比较慢
[[email protected] k8s]# systemctl start etcd

查看mster节点的etcd已经启动

[[email protected] k8s]# systemctl enable etcd 开机自启

d.安装node节点的etcd
将主节点配置好的文件直接拷贝到其他两个节点上

node1节点执行刚才的etcd.sh脚本
[[email protected] ~]# ./etcd.sh etcd02 190.168.3.231 etcd01=https://190.168.3.230:2380,etcd03=https://190.168.3.232:2380
检查node1下etcd的配置文件是否正确
[[email protected] ~]# vim /opt/etcd/cfg/etcd

[[email protected] ~]# systemctl start etcd
[[email protected] ~]# systemctl enable etcd

node2节点和node1节点一样执行脚本
[[email protected] ~]# ./etcd.sh etcd03 190.168.3.232 etcd01=https://190.168.3.230:2380,etcd02=https://190.168.3.231:2380

[[email protected] ~]# systemctl start etcd
[[email protected] ~]# systemctl enable etcd

e.etcd三节点集群安装完成
查看集群状态

[[email protected] ssl]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://190.168.3.230:2379,https://190.168.3.231:2379,https://190.168.3.232:2379" cluster-health

member 25ff557ca2a90385 is healthy: got healthy result from https://190.168.3.230:2379
member e94bc10222c25d21 is healthy: got healthy result from https://190.168.3.231:2379
member f196ddd8571e9f64 is healthy: got healthy result from https://190.168.3.232:2379
cluster is healthy

2.node节点搭建docker
两个节点做同样的操作
在官网上下载最新版本
https://docs.docker.com/install/linux/docker-ce/centos/

安装docker依赖
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2

添加docker源仓库
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo

安装docker
yum install docker-ce -y

systemctl start docker
systemctl enable docker

设置使用国内镜像
https://www.daocloud.io/mirror

curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io

3.部署flannel网络
a.写入子网到etcd中供flannel使用
进入到etcd-cert证书目录

[[email protected] etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://190.168.3.230:2379,https://190.168.3.231:2379,https://190.168.3.232:2379" set /coreos.com/network/config ‘{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}‘
{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}

b.下载部署flannel包并部署
创建kubernetes下的flannel目录
[[email protected] ~]# mkdir -p /opt/kubernetes/{bin,cfg,ssl}
下载flannel包和编写部署脚本

将解压后的flanneld mk-docker-opts.sh拷贝到/opt/kubernetes/bin下

查看flannel.sh脚本
[[email protected] ~]# vim flannel.sh

#!/bin/bash

ETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"}

cat <<EOF >/opt/kubernetes/cfg/flanneld

FLANNEL_OPTIONS="--etcd-endpoints=${ETCD_ENDPOINTS} \
-etcd-cafile=/opt/etcd/ssl/ca.pem \
-etcd-certfile=/opt/etcd/ssl/server.pem \
-etcd-keyfile=/opt/etcd/ssl/server-key.pem"

EOF

cat <<EOF >/usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service

[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/flanneld
ExecStart=/opt/kubernetes/bin/flanneld --ip-masq \$FLANNEL_OPTIONS
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure

[Install]
WantedBy=multi-user.target

EOF
cat <<EOF >/usr/lib/systemd/system/dockerd.service

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=/run/flannel/subnet.env
ExecStart=/usr/bin/dockerd \$DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP \$MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

EOF

systemctl daemon-reload
systemctl enable flanneld
systemctl restart flanneld
systemctl restart dockerd

执行flannel.sh脚本
[[email protected] ~]# ./flannel.sh

执行完修改配置文件为以下参数
[[email protected] ~]# vim /opt/kubernetes/cfg/flanneld

查看脚本生成的flanneld.service文件

[[email protected] ~]# systemctl start flanneld
[[email protected] ~]# systemctl enable flanneld

查看生成的子网

c.配置docker启动时配置使用flannel子网
将以下的配置设置到docker开机启动项中
[[email protected] ~]# cat flannel.sh

EnvironmentFile=/run/flannel/subnet.env
ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS

[[email protected] ~]# vim /usr/lib/systemd/system/docker.service

查看设置结果
设置完后重新启动,docker进入到flannel的子网了

d.配置node2上的flannel网络
将node1 下的/opt/kubernetes目录直接拷贝到node2

拷贝服务文件

证书用的是之前etcd下ssl目录里的证书
[[email protected] ~]# systemctl start flanneld
[[email protected] ~]# systemctl enable flanneld

[[email protected] ~]# vim /usr/lib/systemd/system/docker.service

设置完后重新启动,node2节点的docker进入到flannel的子网了

e.测试两个节点配置的网络是否通
node1

node2

两个节点用容器测试


两个不同节点的容器可以通

4.部署master组件
自签ssl证书
kube-apiserver
kube-controller-manager
kube-scheduler

a.生成自签ssl证书


cat > ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"kubernetes": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF

cat > ca-csr.json <<EOF
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "System"
}
]
}
EOF

cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

#-----------------------

cat > server-csr.json <<EOF
{
"CN": "kubernetes",
"hosts": [
"10.0.0.1",
"127.0.0.1",
"190.168.3.250",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server

#-----------------------

"CN": "kubernetes",
"hosts": [
  "10.0.0.1",
  "127.0.0.1",
  "190.168.3.230",
  "kubernetes",
  "kubernetes.default",
  "kubernetes.default.svc",
  "kubernetes.default.svc.cluster",
  "kubernetes.default.svc.cluster.local"
],
"key": {
    "algo": "rsa",
    "size": 2048
},
"names": [
    {
        "C": "CN",
        "L": "BeiJing",
        "ST": "BeiJing",
        "O": "k8s",
        "OU": "System"
    }
]

}
EOF

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server

#-----------------------
cat > admin-csr.json <<EOF
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "system:masters",
"OU": "System"
}
]
}
EOF

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin

#-----------------------

cat > kube-proxy-csr.json <<EOF
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy

执行创建脚本
[[email protected] k8s-cert]# chmod +x k8s-cert.sh
[[email protected] k8s-cert]# ./k8s-cert.sh

b.kube-apiserver部署
[[email protected] k8s]# mkdir soft
[[email protected] k8s]# cd soft/

将需要的二进制命令拷贝到
[[email protected] bin]# cp kube-apiserver kubectl kube-controller-manager kube-scheduler /opt/kubernetes/bin/

查看aipserver部署脚本
[[email protected] soft]# cat apiserver.sh
#!/bin/bash

MASTER_ADDRESS=$1
ETCD_SERVERS=$2

cat <<EOF >/opt/kubernetes/cfg/kube-apiserver

KUBE_APISERVER_OPTS="--logtostderr=true \
--v=4 \
--etcd-servers=${ETCD_SERVERS} \
--bind-address=${MASTER_ADDRESS} \
--secure-port=6443 \
--advertise-address=${MASTER_ADDRESS} \
--allow-privileged=true \
--service-cluster-ip-range=10.0.0.0/24 \
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \
--kubelet-https=true \
--enable-bootstrap-token-auth \
--token-auth-file=/opt/kubernetes/cfg/token.csv \
--service-node-port-range=30000-50000 \
--tls-cert-file=/opt/kubernetes/ssl/server.pem \
--tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \
--client-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \
--etcd-cafile=/opt/etcd/ssl/ca.pem \
--etcd-certfile=/opt/etcd/ssl/server.pem \
--etcd-keyfile=/opt/etcd/ssl/server-key.pem"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserver
ExecStart=/opt/kubernetes/bin/kube-apiserver \$KUBE_APISERVER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-apiserver
systemctl restart kube-apiserver

将之前生成的master节点部署生成的证书拷贝到/opt/kubernetes/ssl/下

设置aipserver启动需要的token.csv文件

[[email protected] soft]# vim /opt/kubernetes/cfg/token.csv
0767cd1f442ba2834a103fdc7cd3c7ce,kubelet-bootstrap,10001,"system:kubelet-bootstrap"

生成aipserver服务文件
[[email protected] soft]# chmod +x apiserver.sh
[[email protected] soft]# ./apiserver.sh 190.168.3.230 https://190.168.3.230:2379,https://190.168.3.231:2379,https://190.168.3.232:2379

启动apiserver服务

c.部署启动kube-controller-manager
查看controller-manager配置脚本
[[email protected] soft]# cat controller-manager.sh
#!/bin/bash

MASTER_ADDRESS=$1

cat <<EOF >/opt/kubernetes/cfg/kube-controller-manager

KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \
--v=4 \
--master=${MASTER_ADDRESS}:8080 \
--leader-elect=true \
--address=127.0.0.1 \
--service-cluster-ip-range=10.0.0.0/24 \
--cluster-name=kubernetes \
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \
--root-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \
--experimental-cluster-signing-duration=87600h0m0s"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-manager
ExecStart=/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-controller-manager
systemctl restart kube-controller-manager

启动服务

d.kube-scheduler调度服务启动
查看配置服务脚本
[[email protected] soft]# cat scheduler.sh
#!/bin/bash

MASTER_ADDRESS=$1

cat <<EOF >/opt/kubernetes/cfg/kube-scheduler

KUBE_SCHEDULER_OPTS="--logtostderr=true \
--v=4 \
--master=${MASTER_ADDRESS}:8080 \
--leader-elect"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-scheduler
ExecStart=/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-scheduler
systemctl restart kube-scheduler

启动服务

e.查看mster部署结果是否正常
[[email protected] soft]# /opt/kubernetes/bin/kubectl get cs

5.部署node组件

a.创建kubeconfig文件
将master kubernetes下的二进制命令kubelet kube-proxy传给node1

配置kubelet kube-proxy的环境变量
[[email protected] kubeconfig]# vim /etc/profile

[[email protected] kubeconfig]# source /etc/profile

将之前生成的token写入到kubeconfig.sh文件里

修改配置文件
[[email protected] kubeconfig]# vim kubeconfig.sh

创建 TLS Bootstrapping Token

#BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ‘ ‘)
#BOOTSTRAP_TOKEN=0fb61c46f8991b718eb38d27b605b008

#cat > token.csv <<EOF
#${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
#EOF

#----------------------

APISERVER=$1
SSL_DIR=$2

创建kubelet bootstrapping kubeconfig

export KUBE_APISERVER="https://$APISERVER:6443"

BOOTSTRAP_TOKEN=0767cd1f442ba2834a103fdc7cd3c7ce

设置集群参数

kubectl config set-cluster kubernetes \
--certificate-authority=$SSL_DIR/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=bootstrap.kubeconfig

设置客户端认证参数

kubectl config set-credentials kubelet-bootstrap \
--token=${BOOTSTRAP_TOKEN} \
--kubeconfig=bootstrap.kubeconfig

设置上下文参数

kubectl config set-context default \
--cluster=kubernetes \
--user=kubelet-bootstrap \
--kubeconfig=bootstrap.kubeconfig

设置默认上下文

kubectl config use-context default --kubeconfig=bootstrap.kubeconfig

#----------------------

创建kube-proxy kubeconfig文件

kubectl config set-cluster kubernetes \
--certificate-authority=$SSL_DIR/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=kube-proxy.kubeconfig

kubectl config set-credentials kube-proxy \
--client-certificate=$SSL_DIR/kube-proxy.pem \
--client-key=$SSL_DIR/kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=kube-proxy.kubeconfig

kubectl config set-context default \
--cluster=kubernetes \
--user=kube-proxy \
--kubeconfig=kube-proxy.kubeconfig

kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig

生成配置文件

b.将kubelet-bootstrap用户绑定到系统集群角色
[[email protected] k8s-cert]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap

c.node1部署kubelet

node节点下载node.zip

node1 节点kubelet配置
查看配置脚本
[[email protected] ~]# cat kubelet.sh
#!/bin/bash

NODE_ADDRESS=$1
DNS_SERVER_IP=${2:-"10.0.0.2"}

cat <<EOF >/opt/kubernetes/cfg/kubelet

KUBELET_OPTS="--logtostderr=true \
--v=4 \
--address=${NODE_ADDRESS} \
--hostname-override=${NODE_ADDRESS} \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet.config \
--cert-dir=/opt/kubernetes/ssl \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"

EOF

cat <<EOF >/opt/kubernetes/cfg/kubelet.config

kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: ${NODE_ADDRESS}
port: 10250
cgroupDriver: cgroupfs
clusterDNS:

  • ${DNS_SERVER_IP}
    clusterDomain: cluster.local.
    failSwapOn: false

EOF

cat <<EOF >/usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet

执行脚本
[[email protected] ~]# ./kubelet.sh 190.168.3.231 10.0.0.2
后面是加的是dns,后面会部署

注:这一步记得前面要将kubelet-bootstrap用户绑定到系统集群角色

d.node1部署kube-proxy组件

[[email protected] ~]# cat proxy.sh
#!/bin/bash

NODE_ADDRESS=$1

cat <<EOF >/opt/kubernetes/cfg/kube-proxy

KUBE_PROXY_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=${NODE_ADDRESS} \
--cluster-cidr=10.0.0.0/24 \
--proxy-mode=ipvs \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-proxy
systemctl restart kube-proxy

执行脚本并检查执行结果

e.在主节点上检查是否有节点的签发证书请求

同意请求,加入集群几点
[[email protected] k8s-cert]# kubectl certificate approve node-csr-WLWkm04vtzQ8NPZ3giDV1PBNFxy-q2eQ1KCYdYLFHRE

f.配置node2节点的kubelet和kube-proxy
由于node1 下的 /opt/kubernetes目录和node2一直,可以直接拷过去

切换到node2节点

修改地址
[[email protected] cfg]# vim kubelet

[[email protected] cfg]# vim kube-proxy

将node1的服务文件拷贝到node2上

在node2上删除生成的证书
[[email protected] cfg]# rm -f /opt/kubernetes/ssl/*

启动服务kubelet和kube-proxy服务

启动成功

g.在master放行第二个节点

四.部署Web UI(Dashboard)
1.解压包,进入目录
包就在之前的master部署组件里
这里里面kubernetes-server-linux-amd64.tar.gz

2.执行yaml文件

查看启动的pod,没在默认命名空间,在kube-system下

注:
其中dashboard-controller.yaml这个里面的dashboard镜像是国外的,如果慢,可以换成国内的镜像地址 image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0

3.创建Dashboard服务


4.查看启动的Dashboard服务

外网访问的是端口是44721

5.设置登陆令牌,访问web界面
创建用户访问,绑定集群管理员,使用它产生的密钥

创建账户产生的token

查看token

复制token到页面上即可

原文地址:http://blog.51cto.com/anfishr/2333033

时间: 2024-11-10 16:08:39

Kubernetes1.12版本三节点详细搭建及Dashboard的相关文章

Kubernetes1.12版本Dashboard和coredns安装

一.部署Web UI(Dashboard)1.解压包,进入目录包就在之前的master部署组件里这里里面kubernetes-server-linux-amd64.tar.gz 2.执行yaml文件 查看启动的pod,没在默认命名空间,在kube-system下 注:其中dashboard-controller.yaml这个里面的dashboard镜像是国外的,如果慢,可以换成国内的镜像地址 image: registry.cn-hangzhou.aliyuncs.com/google_cont

OK335xS Ubuntu 12.04.1 版本 Android 开发环境搭建

/******************************************************************************************** * OK335xS Ubuntu 12.04.1 版本 Android 开发环境搭建 * * 声明: * 1. 本人用的虚拟机是 VMware 10.0.5 64位: * 2. 本人测试过 Ubuntu 12.04.2.Ubuntu 12.04.4,.Ubuntu 14.04 版本,出现一些问题: * 1. U

ceph搭建配置-三节点

主机名 IP 磁盘 角色 ceph01 10.10.20.55     ceph02 10.10.20.66     chph03 10.10.20.77     systemctl stop [email protected]systemctl stop [email protected]systemctl stop [email protected] [[email protected] ~]# parted /dev/sdb mklabel gptInformation: You may

docker技术剖析--docker1.12版本+swarmkit

防伪码:为目标,晚卧夜半,梦别星辰,脚踏实地,凌云舍我其谁! 1.Docker Swarm  是什么? Docker Swarm 是一个用于创建 Docker 主机(运行 Docker 守护进程的服务器)集群的工具, 使用 Swarm 操作集群,会使用户感觉就像是在一台主机上进行操作 docker1.12 集成了 swarmkit, 使你可以不用安装额外的软件包, 使用简单的命令启动创建 docker swarm 集群. 如果你在运行 Docker 1.12 时,你就可以原生创建一个 Swarm

理解 OpenStack Swift (1):OpenStack + 三节点Swift 集群+ HAProxy + UCARP 安装和配置

本系列文章着重学习和研究OpenStack Swift,包括环境搭建.原理.架构.监控和性能等. (1)OpenStack + 三节点Swift 集群+ HAProxy + UCARP 安装和配置 (2)Swift 原理和架构 (3)Swift 监控 (4)Swift 性能 要实现的系统的效果图: 特点: 使用三个对等物理节点,每个节点上部署所有Swift 服务 使用开源的 UCARP 控制一个 VIP,它会被绑定到三个物理网卡中的一个. 使用开源的 HAProxy 做负载均衡 开启 Swift

CentOS7.5 使用 kubeadm 安装配置 Kubernetes1.12(四)

在之前的文章,我们已经演示了yum 和二进制方式的安装方式,本文我们将用官方推荐的kubeadm来进行安装部署. kubeadm是 Kubernetes 官方提供的用于快速安装Kubernetes集群的工具,伴随Kubernetes每个版本的发布都会同步更新,kubeadm会对集群配置方面的一些实践做调整,通过实验kubeadm可以学习到Kubernetes官方在集群配置上一些新的最佳实践. 一.所有节点环境准备 1.软件版本 软件 版本 kubernetes v1.12.2 CentOS 7.

Redis5以上版本伪集群搭建(高可用集群模式)

redis集群需要至少要三个master节点,我们这里搭建三个master节点,并且给每个master再搭建一个slave节点,总共6个redis节点,这里用一台机器(可以多台机器部署,修改一下ip地址就可以了)部署6个redis实例,三主三从,搭建集群的步骤如下: 第一步:在第一台机器的/usr/local/redis下创建文件夹redis-cluster,然后在其下面创建6个文件夹如下: mkdir -p /usr/local/redis/redis-cluster 进入redis-clus

Linux文件系统中的inode节点详细介绍

这篇文章主要介绍了Linux文件系统中的inode节点,详细讲解了inode是什么.inode包含的信息.inode号码的相关资料等. 一.inode是什么? 理解inode,要从文件储存说起.文件储存在硬盘上,硬盘的最小存储单位叫做"扇区"(Sector).每个扇区储存512字节(相当于0.5KB). 操作系统读取硬盘的时候,不会一个个扇区地读取,这样效率太低,而是一次性连续读取多个扇区,即一次性读取一个"块"(block).这种由多个扇区组成的"块&q

javascript中12种DOM节点类型概述

× 目录 [1]元素 [2]特性 [3]文本[4]CDATA[5]实体引用[6]实体名称[7]处理指令[8]注释[9]文档[10]文档类型[11]文档片段[12]DTD 前面的话 DOM是javascript操作网页的接口,全称为文档对象模型(Document Object Model).它的作用是将网页转为一个javascript对象,从而可以使用javascript对网页进行各种操作(比如增删内容).浏览器会根据DOM模型,将HTML文档解析成一系列的节点,再由这些节点组成一个树状结构.DO