一看必會系列:k8s-dashboard 1.10.1安裝手冊

來源:本站原創 Docker 超過2,248 views圍觀 0條評論

http://www.525.life/article?id=1510739742331

視頻版:https://ke.qq.com/course/266656

yum install -y epel-release lrzsz wget net-tools ntp

時間來來個同步

ntpdate cn.pool.ntp.org

關閉防火墻:

systemctl stop firewalld

systemctl disable firewalld

關閉selinux:

sed -i ‘s/enforcing/disabled/’ /etc/selinux/config

setenforce 0

關閉swap:

swapoff -a

臨時

vim /etc/fstab

永久

添加主機名與IP對應關系(記得設置主機名): cat /etc/hosts

192.168.0.11 k8s-master

192.168.0.12 k8s-node1

192.168.0.13 k8s-node2

將橋接的IPv4流量傳遞到iptables的鏈:

cat > /etc/sysctl.d/k8s.conf << EOF

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

EOF

sysctl –system

[[email protected] ~]# sudo sysctl -p /etc/sysctl.d/k8s.conf

sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory

sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory

[[email protected] ~]#

[[email protected] ~]# modprobe br_netfilter

[[email protected] ~]# sudo sysctl -p /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

[[email protected] ~]#

Kubernetes默認CRI(容器運行時)為Docker,因此先安裝Docker。

curl -fsSL https://get.docker.com | bash -s docker –mirror Aliyun

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo yum -y install docker-ce-18.06.1.ce-3.el7 systemctl enable docker && systemctl start docker

docker –version Docker version 18.06.1-ce, build e68fc7a

cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF

4. 所有節點安裝Docker/kubeadm/kubelet

裝之前先改hosts

[[email protected] ~]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.10.68 k8s-master

192.168.10.69 k8s-node1

由于版本更新頻繁,這里指定版本號部署:

yum install -y kubelet-1.13.3 kubeadm-1.13.3 kubectl-1.13.3

節點

yum install -y kubelet-1.13.3 kubeadm-1.13.3

systemctl enable kubelet

更換國內原,所有服務器都需要改成一樣的

vi /etc/docker/daemon.json

{

"registry-mirrors": [ "https://registry.docker-cn.com"]

}

也可能和阿里云,但需要自己注冊

{

"registry-mirrors": ["https://9syoriwt.mirror.aliyuncs.com"]

}

free -h

swapoff -a

vim /etc/fstab

kubeadm init \ –apiserver-advertise-address=192.168.10.68 \ –image-repository registry.aliyuncs.com/google_containers \ –kubernetes-version v1.13.3 \ –service-cidr=10.100.0.0/16\ –pod-network-cidr=10.244.0.0/16

如果初始化失敗,可以重置下,再初始化

kubeadm reset #——注意用完這個,重裝之后,可能遇到kubectl顯示認證不過無法使用,這是多執行一次屏幕回顯的注冊adminconf指令那幾條,就ok了

會生成token

7. 加入Kubernetes Node 向集群添加新節點,執行在kubeadm init輸出的kubeadm join命令:

記錄輸出,node加入集群只需要運行這個

You can now join any number of machines by running the following on each node

as root:

kubeadm join 192.168.10.68:6443 –token 95fvbt.xf7ycgtxfbzc2tyr –discovery-token-ca-cert-hash sha256:cc48567c61690242b3123e0f4f68cda9ff431562735a655a5ee7b544b8364d1c

TOKEN會過期,所以重新創建token

默認24小時過期

1.kubeadm token create

kubeadm token list

2 獲取ca證書sha256編碼hash值

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed ‘s/^.* //’

3.將完整命令到要加的NODE上運行

kubeadm join 192.168.10.68:6443 –token lh4nta.nmd0mzksdi3n0luo –discovery-token-ca-cert-hash sha256:cc48567c61690242b3123e0f4f68cda9ff431562735a655a5ee7b544b8364d1c

格式:

kubeadm join masterIP:6443 –token 剛生成的 –discovery-token-ca-cert-hash sha256:剛生成的

[[email protected] ~]# kubeadm token list #查看TOKEN

TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS

95fvbt.xf7ycgtxfbzc2tyr <invalid> 2019-03-03T12:55:43-05:00 authentication,signing The default bootstrap token generated by ‘kubeadm init’. system:bootstrappers:kubeadm:default-node-token

lh4nta.nmd0mzksdi3n0luo 23h 2019-03-04T22:38:25-05:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token

結果如下:

[[email protected] ~]# kubeadm join 192.168.10.68:6443 –token lh4nta.nmd0mzksdi3n0luo –discovery-token-ca-cert-hash cc48567c61690242b3123e0f4f68cda9ff431562735a655a5ee7b544b8364d1c

This node has joined the cluster:

* Certificate signing request was sent to apiserver and a response was received.

* The Kubelet was informed of the new secure connection details.

Run ‘kubectl get nodes’ on the master to see this node join the cluster.

[[email protected] ~]# kubectl get node

NAME STATUS ROLES AGE VERSION

k8s-master Ready master 34h v1.13.3

k8s-node1 Ready <none> 32h v1.13.3

k8s-node2 Ready <none> 4m25s v1.13.3

測試kubernetes集群 在Kubernetes集群中創建一個pod,驗證是否正常運行:

kubectl create deployment nginx –image=nginx

kubectl expose deployment nginx –port=80 –type=NodePort

kubectl get pod,svc

[[email protected] ~]# kubectl get pod,svc

NAME READY STATUS RESTARTS AGE

pod/nginx-5c7588df-dwbqx 1/1 Running 0 29s

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

service/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 74m

service/nginx NodePort 10.100.74.188 <none> 80:32020/TCP 12s

[[email protected] ~]#

其中有以下關鍵內容:

生成token記錄下來,后邊使用kubeadm join往集群中添加節點時會用到

下面的命令是配置常規用戶如何使用kubectl(客戶端)訪問集群,因為master節點也需要使用kubectl訪問集群,所以也需要運行以下命令:

mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config kubectl get nodes

[[email protected] ~]# mkdir -p $HOME/.kube

[[email protected] ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

[[email protected] ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

[[email protected] ~]# kubectl get nodes

NAME STATUS ROLES AGE VERSION

k8s-master NotReady master 4m23s v1.13.3

k8s-node1 Ready <none> 111s v1.13.3

[[email protected] ~]#

6. 安裝Pod網絡插件(CNI)

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml

[[email protected] ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml

clusterrole.rbac.authorization.k8s.io/flannel created

clusterrolebinding.rbac.authorization.k8s.io/flannel created

serviceaccount/flannel created

configmap/kube-flannel-cfg created

daemonset.extensions/kube-flannel-ds-amd64 created

daemonset.extensions/kube-flannel-ds-arm64 created

daemonset.extensions/kube-flannel-ds-arm created

daemonset.extensions/kube-flannel-ds-ppc64le created

daemonset.extensions/kube-flannel-ds-s390x created

[[email protected] ~]#

[[email protected] ~]# kubectl get cs

NAME STATUS MESSAGE ERROR

controller-manager Healthy ok

scheduler Healthy ok

etcd-0 Healthy {"health": "true"}

[[email protected] ~]#

創建一個應用測試

kubectl create deployment nginx –image=nginx kubectl expose deployment nginx –port=80 –type=NodePort kubectl get pod,svc

[[email protected] ~]# kubectl create deployment nginx –image=nginx

deployment.apps/nginx created

[[email protected] ~]# kubectl expose deployment nginx –port=80 –type=NodePort

service/nginx exposed

[[email protected] ~]# kubectl get pod,svc #查看pod和service

NAME READY STATUS RESTARTS AGE

pod/nginx-5c7588df-tmff9 1/1 Running 0 35s

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

service/kubernetes ClusterIP 10.100.0.1 <none> 443/TCP 9m27s

service/nginx NodePort 10.100.34.146 <none> 80:32016/TCP 18s

[[email protected] ~]#

[[email protected] ~]# kubectl get pod -o wide #查Pod運行在哪個node

NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES

nginx-5c7588df-dwbqx 1/1 Running 1 32h 10.244.1.82 k8s-node1 <none> <none>

[[email protected] ~]#

驗證:

容器間訪問訪問 http://10.100.34.146:80

外部訪問: http://nodeip:32016

9. 部署 Dashboard

換阿里源,需要注冊并獲取地址

[[email protected] ~]# cat /etc/docker/daemon.json

{

"registry-mirrors": ["https://9syoriwt.mirror.aliyuncs.com"]

}

[[email protected] ~]# systemctl daemon-reload

[[email protected] ~]# systemctl restart docker

wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

docker search kubernetes-dashboard-amd64:v1.10.1

[[email protected] ~]# docker search kubernetes-dashboard-amd64:v1.10.1

NAME DESCRIPTION STARS OFFICIAL AUTOMATED

mirrorgooglecontainers/kubernetes-dashboard-amd64 14

[[email protected] ~]# docker pull mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1

v1.10.1: Pulling from mirrorgooglecontainers/kubernetes-dashboard-amd64

63926ce158a6: Pull complete

Digest: sha256:d6b4e5d77c1cdcb54cd5697a9fe164bc08581a7020d6463986fe1366d36060e8

Status: Downloaded newer image for mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1

[[email protected] ~]#

默認鏡像國內無法訪問,修改鏡像地址為: mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1

默認Dashboard只能集群內部訪問,修改Service為NodePort類型,暴露到外部:

kind: Service

apiVersion: v1

metadata:

labels:

k8s-app: kubernetes-dashboard

name: kubernetes-dashboard

namespace: kube-system

spec:

type: NodePort

ports:

– port: 443

targetPort: 8443

nodePort: 30001

selector:

k8s-app: kubernetes-dashboard

kubectl apply -f kubernetes-dashboard.yaml

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1

刪除node

kubectl delete node swarm1

[[email protected] ~]# kubectl get pod –namespace=kube-system

NAME READY STATUS RESTARTS AGE

kubernetes-dashboard-57df4db6b-25ng8 0/1 ContainerCreating 0 9s

[[email protected] ~]#

#這兩個問題基本都是 無法下載鏡像和node的問題,鏡像要放在docker生成的節點上面

[[email protected] ~]# kubectl get pod –namespace=kube-system

NAME READY STATUS RESTARTS AGE

kubernetes-dashboard-57df4db6b-25ng8 0/1 ImagePullBackOff 0 134m

kubernetes-dashboard-847f8cb7b8-zp89j 0/1 CrashLoopBackOff 1 12s

[[email protected] ~]#

解決方法

#默認情況是會根據配置文件中的鏡像地址去拉取鏡像,如果設置為IfNotPresent 和Never就會使用本地鏡像。

IfNotPresent :如果本地存在鏡像就優先使用本地鏡像。

Never:直接不再去拉取鏡像了,使用本地的;如果本地不存在就報異常了。

參數的作用范圍:

spec:

containers:

– name: nginx

image: image: reg.docker.lc/share/nginx:latest

imagePullPolicy: IfNotPresent #或者使用Never

發現node 有問題,關掉node后成功, 但仍然無法訪問需要加https

[[email protected] ~]# kubectl get pod –namespace=kube-system |grep dash

kubernetes-dashboard-76479d66bb-smj7l 1/1 Running 0 5m45s

[[email protected] ~]#

訪問方式要注意https

https://192.168.10.68:30001/#!/login

創建service account并綁定默認cluster-admin管理員集群角色:

命令:

kubectl create serviceaccount dashboard-admin -n kube-system

kubectl create clusterrolebinding dashboard-admin –clusterrole=cluster-admin –serviceaccount=kube-system:dashboard-admin

kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk ‘/dashboard-admin/{print $1}’)

過程

[[email protected] ~]# kubectl create serviceaccount dashboard-admin -n kube-system

serviceaccount/dashboard-admin created

[[email protected] ~]# kubectl create clusterrolebinding dashboard-admin –clusterrole=cluster-admin –serviceaccount=kube-system:dashboard-admin

clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created

[[email protected] ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk ‘/dashboard-admin/{print $1}’)

Name: dashboard-admin-token-tcw9s

Namespace: kube-system

Labels: <none>

Annotations: kubernetes.io/service-account.name: dashboard-admin

kubernetes.io/service-account.uid: 27149d2e-3d1a-11e9-8c59-005056963bc8

Type: kubernetes.io/service-account-token

Data

====

ca.crt: 1025 bytes

namespace: 11 bytes

token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdGN3OXMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjcxNDlkMmUtM2QxYS0xMWU5LThjNTktMDA1MDU2OTYzYmM4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.UxfBnISzZD5JP_BFd9R3nrXSdlodSQaPX4bNM7g2TKuXRN3rzAdfCCp8ehj1BLxMcWSFFD9TzhEBsQNh5hxdV1mYgC9g5Z6suqAsCzqgYz6nzy95lEttp62O9xb_H-dLPJC4SbrO27ezCCBJVoLqDgkuJPAOZFhx31LayiiWLGqOXIBTslDAm5JMSNChHQpnbUtb_3kqdsLmCkcFdk-VtmHS8lHZOJt20eiwb4Q4KqRggjn8oj-cNvB1MQZrObZM_bB10kFV8JiKaOIq6yw6LqERevEwSz-qhMGxfQfE1Wa14d7ia-9qpPMFp8CXwzwZ6RxTYJI6QYFVn_MhdL5jnQ

[[email protected] ~]#

如果token忘了咋辦:方法如下

[[email protected] ~]# kubectl -n kube-system get secret | grep dashboard-admin

dashboard-admin-token-tcw9s kubernetes.io/service-account-token 3 33h

[[email protected] ~]#

[[email protected] ~]# kubectl describe -n kube-system secret/dashboard-admin-token-tcw9s

Data

====

ca.crt: 1025 bytes

namespace: 11 bytes

token: #這里就是

##eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdGN3OXMiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjcxNDlkMmUtM2QxYS0xMWU5LThjNTktMDA1MDU2OTYzYmM4Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.UxfBnISzZD5JP_BFd9R3nrXSdlodSQaPX4bNM7g2TKuXRN3rzAdfCCp8ehj1BLxMcWSFFD9TzhEBsQNh5hxdV1mYgC9g5Z6suqAsCzqgYz6nzy95lEttp62O9xb_H-dLPJC4SbrO27ezCCBJVoLqDgkuJPAOZFhx31LayiiWLGqOXIBTslDAm5JMSNChHQpnbUtb_3kqdsLmCkcFdk-VtmHS8lHZOJt20eiwb4Q4KqRggjn8oj-cNvB1MQZrObZM_bB10kFV8JiKaOIq6yw6LqERevEwSz-qhMGxfQfE1Wa14d7ia-9qpPMFp8CXwzwZ6RxTYJI6QYFVn_MhdL5jnQ

[[email protected] ~]#

—-查看命令

kubectl get all

kubectl get svc #service

kubectl get ns #namespace

kubectl get pod -o wide #查看支運行在哪個節點

——–查看及排錯

kubeadm 生成的token過期后,集群增加節點

解決方法如下:

重新生成新的token

[[email protected] kubernetes]# kubeadm token create

[kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use –ttl 0)

aa78f6.8b4cafc8ed26c34f

[[email protected] kubernetes]# kubeadm token list

TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS

aa78f6.8b4cafc8ed26c34f 23h 2017-12-26T16:36:29+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token

獲取ca證書sha256編碼hash值

[[email protected] kubernetes]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed ‘s/^.* //’

0fd95a9bc67a7bf0ef42da968a0d55d92e52898ec37c971bd77ee501d845b538

節點加入集群

[[email protected] kubernetes]# kubeadm join –token aa78f6.8b4cafc8ed26c34f –discovery-token-ca-cert-hash sha256:0fd95a9bc67a7bf0ef42da968a0d55d92e52898ec37c971bd77ee501d845b538 172.16.6.79:6443 –skip-preflight-checks

查看 namespace 里的pod

[[email protected] ~]# kubectl describe pod –namespace=kube-system kubernetes-dashboard-76479d66bb-pxgtf

Events:

Type Reason Age From Message

—- —— —- —- ——-

Normal Scheduled 31s default-scheduler Successfully assigned kube-system/kubernetes-dashboard-76479d66bb-gbsn9 to k8s-node1

Normal Pulled 6s (x3 over 30s) kubelet, k8s-node1 Container image "mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1" already present on machine

Normal Created 6s (x3 over 30s) kubelet, k8s-node1 Created container

Normal Started 6s (x3 over 30s) kubelet, k8s-node1 Started container

Warning BackOff 0s (x5 over 26s) kubelet, k8s-node1 Back-off restarting failed container

kubernetes—dashboardv1.8.3版本安裝詳細步驟

http://www.525.life/article?id=1510739742372

kubernetes—CentOS7安裝kubernetes1.11.2圖文完整版

http://www.525.life/article?id=1510739742331

http://dockone.io/article/2247

-----------拉取被屏蔽的docker image

將 k8s.gcr.io 替換成registry.cn-hangzhou.aliyuncs.com/google_containers/ 即可

[[email protected] heapster]# grep gcr.io *

grafana.yaml: image: k8s.gcr.io/heapster-grafana-amd64:v5.0.4

heapster.yaml: image: k8s.gcr.io/heapster-amd64:v1.5.4

influxdb.yaml: image: k8s.gcr.io/heapster-influxdb-amd64:v1.5.2

[[email protected] heapster]# docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/heapster-grafana-amd64:v5.0.4

文章出自:CCIE那點事 http://www.qdxgqk.live/ 版權所有。本站文章除注明出處外,皆為作者原創文章,可自由引用,但請注明來源。 禁止全文轉載。
本文鏈接:http://www.qdxgqk.live/?p=4067轉載請注明轉自CCIE那點事
如果喜歡:點此訂閱本站
  • 相關文章
  • 為您推薦
  • 各種觀點
?
暫時還木有人評論,坐等沙發!
發表評論

您必須 [ 登錄 ] 才能發表留言!

?
?
萌宠夺宝游戏