?

阿里云部署k8s集群

前言

1、k8集群架構

Kubernetes Cluster = N Master Node + N Worker Node：N主節點+N工作節點； N>=1

2、機器準備：

阿里云 4c8g * 3, CentOs8.4

一、初始化機器

1、安裝yum

yum install -y yum-utils##配置yum 源 sudo yum-config-manager \ --add-repo \ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

2、安裝docker

#以下是在安裝k8s的時候使用 yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7 containerd.io-1.4.6 #設置開機自啟 systemctl enable docker --now

3、配置加速

sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' {"registry-mirrors": ["https://82m9ar63.mirror.aliyuncs.com"],"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"storage-driver": "overlay2" } EOF sudo systemctl daemon-reload sudo systemctl restart docker

4、機器基礎設置

#各個機器設置自己的域名 hostnamectl set-hostname xxxx

將 SELinux 設置為 permissive 模式（相當于將其禁用）

sudo setenforce 0 sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config#關閉swap swapoff -a sed -ri 's/.*swap.*/#&/' /etc/fstab#允許 iptables 檢查橋接流量 cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf br_netfilter EOFcat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sudo sysctl --system

二、工具鏈安裝K8s集群

1、安裝kubelet、kubeadm、kubectl

1.1、配置下載源

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttp://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOF

1.2、下載安裝kubelet、kubeadm、kubectl

sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes

1.3、啟動kubelet

sudo systemctl enable --now kubelet ##此時kubelet 現在每隔幾秒就會重啟，因為它陷入了一個等待 kubeadm 指令的死循環

2、使用kubeadm引導集群

2.1、下載各個機器需要的鏡像

sudo tee ./images.sh <<-'EOF' #!/bin/bash images=( kube-apiserver:v1.20.9 kube-proxy:v1.20.9 kube-controller-manager:v1.20.9 kube-scheduler:v1.20.9 coredns:1.7.0 etcd:3.4.13-0 pause:3.2 ) for imageName in ${images[@]} ; do docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName done EOFchmod +x ./images.sh && ./images.sh

2.2、初始化主節點

-- 所有機器添加master域名映射#所有機器添加master域名映射，以下需要修改為自己的 echo "172.24.83.127 cluster-endpoint" >> /etc/hosts echo "172.24.83.127 master" >> /etc/hosts echo "172.25.38.252 node02" >> /etc/hosts echo "172.24.83.128 node01" >> /etc/hosts

– 主節點初始化

##service-cidr pod-network-cidr開始建議不要改 kubeadm init \ --apiserver-advertise-address=172.24.83.127 \ --control-plane-endpoint=cluster-endpoint \ --image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \ --kubernetes-version v1.20.9 \ --service-cidr=10.96.0.0/16 \ --pod-network-cidr=192.168.0.0/16

#所有網絡范圍不重疊
– 初始化結束后出現的提示

1、To start using your cluster, you need to run the following as a regular user:2、You should now deploy a pod network to the cluster.3、You can now join any number of control-plane nodes by copying certificate authoritiesand service account keys on each node and then running the following as root:4、Then you can join any number of worker nodes by running the following on each as root:Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/You can now join any number of control-plane nodes by copying certificate authorities and service account keys on each node and then running the following as root:kubeadm join cluster-endpoint:6443 --token bdpwwp.54qld2jmnaflv6y9 \--discovery-token-ca-cert-hash sha256:3a67feef775da795701168d8d3f105a7631bad5f46cb00eba76210ad7dfbb6d3 \--control-plane Then you can join any number of worker nodes by running the following on each as root:kubeadm join cluster-endpoint:6443 --token bdpwwp.54qld2jmnaflv6y9 \--discovery-token-ca-cert-hash sha256:3a67feef775da795701168d8d3f105a7631bad5f46cb00eba76210ad7dfbb6d3

– 添加master

kubeadm join cluster-endpoint:6443 --token bdpwwp.54qld2jmnaflv6y9 \--discovery-token-ca-cert-hash sha256:3a67feef775da795701168d8d3f105a7631bad5f46cb00eba76210ad7dfbb6d3 \--control-plane

– 添加node

kubeadm join cluster-endpoint:6443 --token bdpwwp.54qld2jmnaflv6y9 \--discovery-token-ca-cert-hash sha256:3a67feef775da795701168d8d3f105a7631bad5f46cb00eba76210ad7dfbb6d3

2.3 、設置.kube/config

mkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config

2.4、安裝網絡組件

目前使用的calico，也可以使用其他的flannel等，基本實現原理類似。

curl https://docs.projectcalico.org/manifests/calico.yaml -O kubectl apply -f calico.yaml

注意：如果在初始化主節點時修改了–pod-network-cidr=192.168.0.0/16 參數，需要在calico的yaml文件中修改對應的ip

[root@master ~]# cat calico.yaml|grep 192.168# value: "192.168.0.0/16"

2.5、加入node節點（在node節點執行）

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join cluster-endpoint:6443 --token bdpwwp.54qld2jmnaflv6y9 \--discovery-token-ca-cert-hash sha256:3a67feef775da795701168d8d3f105a7631bad5f46cb00eba76210ad7dfbb6d3 忘記token的話，重新獲取token kubeadm token create --print-join-command

三、部署dashboard

1、部署

kubernetes官方提供的可視化界面 https://github.com/kubernetes/dashboard kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

下載不下來用下面的文件也可

# Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License.apiVersion: v1 kind: Namespace metadata:name: kubernetes-dashboard---apiVersion: v1 kind: ServiceAccount metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Service apiVersion: v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard spec:ports:- port: 443targetPort: 8443selector:k8s-app: kubernetes-dashboard---apiVersion: v1 kind: Secret metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-certsnamespace: kubernetes-dashboard type: Opaque---apiVersion: v1 kind: Secret metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-csrfnamespace: kubernetes-dashboard type: Opaque data:csrf: ""---apiVersion: v1 kind: Secret metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-key-holdernamespace: kubernetes-dashboard type: Opaque---kind: ConfigMap apiVersion: v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-settingsnamespace: kubernetes-dashboard---kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard rules:# Allow Dashboard to get, update and delete Dashboard exclusive secrets.- apiGroups: [""]resources: ["secrets"]resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]verbs: ["get", "update", "delete"]# Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.- apiGroups: [""]resources: ["configmaps"]resourceNames: ["kubernetes-dashboard-settings"]verbs: ["get", "update"]# Allow Dashboard to get metrics.- apiGroups: [""]resources: ["services"]resourceNames: ["heapster", "dashboard-metrics-scraper"]verbs: ["proxy"]- apiGroups: [""]resources: ["services/proxy"]resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]verbs: ["get"]---kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard rules:# Allow Metrics Scraper to get metrics from the Metrics server- apiGroups: ["metrics.k8s.io"]resources: ["pods", "nodes"]verbs: ["get", "list", "watch"]---apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: kubernetes-dashboard subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:name: kubernetes-dashboard roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: kubernetes-dashboard subjects:- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard---kind: Deployment apiVersion: apps/v1 metadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboardnamespace: kubernetes-dashboard spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: kubernetes-dashboardtemplate:metadata:labels:k8s-app: kubernetes-dashboardspec:containers:- name: kubernetes-dashboardimage: kubernetesui/dashboard:v2.3.1imagePullPolicy: Alwaysports:- containerPort: 8443protocol: TCPargs:- --auto-generate-certificates- --namespace=kubernetes-dashboard# Uncomment the following line to manually specify Kubernetes API server Host# If not specified, Dashboard will attempt to auto discover the API server and connect# to it. Uncomment only if the default does not work.# - --apiserver-host=http://my-address:portvolumeMounts:- name: kubernetes-dashboard-certsmountPath: /certs# Create on-disk volume to store exec logs- mountPath: /tmpname: tmp-volumelivenessProbe:httpGet:scheme: HTTPSpath: /port: 8443initialDelaySeconds: 30timeoutSeconds: 30securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001volumes:- name: kubernetes-dashboard-certssecret:secretName: kubernetes-dashboard-certs- name: tmp-volumeemptyDir: {}serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedule---kind: Service apiVersion: v1 metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard spec:ports:- port: 8000targetPort: 8000selector:k8s-app: dashboard-metrics-scraper---kind: Deployment apiVersion: apps/v1 metadata:labels:k8s-app: dashboard-metrics-scrapername: dashboard-metrics-scrapernamespace: kubernetes-dashboard spec:replicas: 1revisionHistoryLimit: 10selector:matchLabels:k8s-app: dashboard-metrics-scrapertemplate:metadata:labels:k8s-app: dashboard-metrics-scraperannotations:seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'spec:containers:- name: dashboard-metrics-scraperimage: kubernetesui/metrics-scraper:v1.0.6ports:- containerPort: 8000protocol: TCPlivenessProbe:httpGet:scheme: HTTPpath: /port: 8000initialDelaySeconds: 30timeoutSeconds: 30volumeMounts:- mountPath: /tmpname: tmp-volumesecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsUser: 1001runAsGroup: 2001serviceAccountName: kubernetes-dashboardnodeSelector:"kubernetes.io/os": linux# Comment the following tolerations if Dashboard must not be deployed on mastertolerations:- key: node-role.kubernetes.io/mastereffect: NoSchedulevolumes:- name: tmp-volumeemptyDir: {}

2、設置訪問端口

kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard type: ClusterIP 改為 type: NodePortkubectl get svc -A |grep kubernetes-dashboard

找到端口，在安全組放行
訪問： https://集群任意IP:端口 https://公網ip:32287

3、創建訪問賬號

#創建訪問賬號，準備一個yaml文件； vi dash.yaml

apiVersion: v1 kind: ServiceAccount metadata:name: admin-usernamespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:name: admin-user roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin subjects: - kind: ServiceAccountname: admin-usernamespace: kubernetes-dashboard kubectl apply -f dash.yaml

4、令牌訪問

#獲取訪問令牌 kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}" tokeneyJhbGciOiJSUzI1NiIsImtpZCI6Im5wazkwZGFkeGZUOE0tamwtRUFINUJGS1Nlazd3TXJxcEZ2ZVo4cnRRYlUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXdjZHcyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1NTdhYTk2OC04YWMyLTQyODMtYjg3ZS00OGVlNjM1MzUyNWQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.c19bt_ST3y2YRsGGAUBB-srqVapWqgw3ZfqHd7nnbXxQNVDTKvkrVZ02dBZ4mgu0m2NvwTCYlhZ8Ttfkl_XAMh4yEcOvMoxNEMqiz206PU1aozMCWlJ2Fsg6mMeZ0nM25tihG2or4w8NrN8l_kZFrORDIOjPGgsil5iyZEdeiOQ6iMZ_2AZsboaobcyoA52aEHEn03gTEHq1EBJwZ-vwql0sx_NU_9uB5NgvuQLiaAMwnu6r_aJmv8P4l4-6a2ArDUsgWwgIp3lKjbM3wMrzJ6nU5Ruq7lI4HZm0iGHLGnvD69Tqm2o0TOyHZbKm9CspKzF0GNix8I1ERpr0e7aTHQ

四、Ingress安裝

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.47.0/deploy/static/provider/baremetal/deploy.yaml

?

總結

以上是生活随笔為你收集整理的阿里云部署k8s集群的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。