Kubernetes Cloud Native 实践 ( 一 ) 安装

kyaa111 10月前 ⋅ 350 阅读

全文目录

Kubernetes Cloud Native 实践 ( 一 ) 安装

Kubernetes Cloud Native 实践 ( 二 ) 简单使用

Kubernetes Cloud Native 实践 ( 三 ) NFS/PV/PVC

Kubernetes Cloud Native 实践 ( 四 ) 中间件上云

Kubernetes Cloud Native 实践 ( 五 ) 应用上云

Kubernetes Cloud Native 实践 ( 六 ) 集成ELK日志平台

Kubernetes Cloud Native 实践 ( 七 ) 应用监控

Kubernetes Cloud Native 实践 ( 八 ) CICD集成

Kubernetes Cloud Native 实践 ( 九 ) 运维管理

Kubernetes Cloud Native 实践 ( 十 ) 相关问题

Kubernetes Cloud Native 实践 ( 十一 ) 运行截图

安装

  1. 创建三个虚拟机, 创建一个, 克隆两个. 系统ubuntu22.04. 2核8G, 磁盘40G, 还一台装了MySQL集群和ElasticSearch等服务, 共四个实例
  2. 依次固定好ip, master: 192.168.222.129, slave1: 192.168.222.132, slave2: 192.168.222.133. vim /etc/netplan/00-installer-config.yaml netplan apply
network:
  ethernets:
    ens33:
      dhcp4: no
      addresses: [192.168.222.133/24]
      routes:
        - to: default
          via: 192.168.222.2
      nameservers:
        addresses: [192.168.222.2]
  version: 2
  1. 安装好docker
    1. vim /etc/docker/daemon.json
    2. {"registry-mirrors":["[https://dockerhub.azk8s.cn","https://reg-mirror.qiniu.com","https://quay-mirror.qiniu.com"],"exec-opts":](https://dockerhub.azk8s.cn","https://reg-mirror.qiniu.com","https://quay-mirror.qiniu.com"],"exec-opts":) ["native.cgroupdriver=systemd"]}
    3. systemctl daemon-reload
    4. systemctl restart docker
  2. 关闭 swap 内存. vim /etc/fstab 找到swap相关的行, 用#注释, 然后重启, free看swap都为0, 就是成功了
  3. k8s 要求 管理节点可以直接免密登录工作节点.
    1. 在master上ping下两台slave. ping通说明没问题
    2. 免密钥登录. 在master上执行: ssh-keygen. 将~/.ssh/id_rsa.pub的内容保持到两台slave的~/.ssh/authorized_keys中.
    3. 验证: ssh root@192.168.222.132
  4. 安装kubelet、kubeadm以及kubectl.
    1. apt-get update && apt-get install -y apt-transport-https
    2. curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
    3. apt-get update
    4. apt-get install -y kubelet=1.23.1-00 kubeadm=1.23.1-00 kubectl=1.23.1-00 注意版本
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list 
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
  1. 初始化 master 节点

    1. kubeadm init --kubernetes-version=1.23.1 --apiserver-advertise-address=192.168.222.129 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.10.0.0/16 --pod-network-cidr=10.244.0.0/16 ip改成master的ip
      1. 如果当前步骤报错: [ERROR CRI]: container runtime is not running: output:
      2. vim /etc/containerd/config.toml
      3. 将 disabled_plugin 更改为 enabled_plugin
      4. https://github.com/containerd/containerd/issues/8139#issuecomment-1478375386
    2. 若过程中因为某些原因导致错误, 使用kubeadm reset重置, 再重新初始化
    3. 完成后输出: kubeadm join 192.168.222.129:6443 --token 3b2pqq.fe3sjyd96ol0y564 --discovery-token-ca-cert-hash sha256:4188dca1cf2b7bc527ef2e6c4adbe631b36d1b6c388ecbfb145f7f2d1a768450复制下来留着slave加入集群用的
  2. 配置 kubectl 工具: mkdir -p /root/.kube && cp /etc/kubernetes/admin.conf /root/.kube/config

    1. 通过下面两条命令测试 kubectl是否可用
    2. 查看已加入的节点: kubectl get nodes
    3. 查看集群状态: kubectl get cs
  3. master安装calico

    1. kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/tigera-operator.yaml
    2. wet https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/custom-resources.yaml
    3. 将cidr改成前面init时使用的网段
    4. kubectl create -f custom-resources.yaml
  4. 将 slave 节点加入网络

    1. 在slave上重复step 2~6
    2. vim /etc/hostname 改为 slave1. vim /etc/hosts 修改 127.0.0.1 slave1
    3. kubeadm join 192.168.222.129:6443 --token 3b2pqq.fe3sjyd96ol0y564 --discovery-token-ca-cert-hash sha256:4188dca1cf2b7bc527ef2e6c4adbe631b36d1b6c388ecbfb145f7f2d1a768450 输入即可
    4. 报错: [ERROR FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists 将这个ca.crt文件删了就行 (之前没改主机名执行了命令导致已经初始化一次了)
    5. 出现This node has joined the cluster:即为成功, master可以再执行kubectl get nodes验证一下
  5. 安装dashboard

    1. wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc7/aio/deploy/recommended.yaml
    2. 在原来的line:40新增type: NodePort, 在targetPort下面新增nodePort: 30000
    3. kubectl apply -f recommended.yaml
    4. 打开https://192.168.222.129:30000/, 浏览器直接输入thisisunsafe
    5. 创建配置文件 dashboard-adminuser.yaml, 内容放在后面
    6. kubectl apply -f dashboard-adminuser.yaml
    7. kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
    8. 复制输出的文本到浏览器登录
    cat <<EOF > dashboard-adminuser.yaml
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: admin-user
      namespace: kubernetes-dashboard
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: admin-user
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: admin-user
      namespace: kubernetes-dashboard
    EOF
    
  6. k8s自带的dashboard不太方便, 可以使用kuboard

  7. docker run -d --restart=unless-stopped --name=kuboard -p 801:80/tcp -p 10081:10081/tcp -e KUBOARD_ENDPOINT="http://192.168.222.129:801" -e KUBOARD_AGENT_SERVER_TCP_PORT="10081" -v /usr/local/kuboard-data:/data eipwork/kuboard:v3

  8. 初始化后再在master节点安装metrics-servermetrics-scraper. kuboard会给出yaml文件, kubectl create -f xxxx.yaml即可