当前位置: 首页 > article >正文

kubeadm方式安装k8s

article 2024/11/11 5:12:26

1、Master高可用

其他 master 加⼊集群时,输⼊如下命令
如:需要⾼可⽤时,⼜克隆了 master02 03... 等,那么这些节点都执⾏下⾯的命令
注意: 每个主机的 token 值是不⼀样的,下⾯是我192.168.15.11 (master)主机的 token 值,这是集群初始化⽣成的代码,需要在当时记录下来。 
kubeadm join 192.168.15.11:6443 --token
7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash \
sha256:73dc6f8d973fc70818e309386c1bfc5d330c19d52b4
94c6f88f634a6b1250a2f \
--control-plane --certificate-key \
80fcc505867ccbc6550c18ed11f40e64ecf486d626403823f5
48dda65c19953d
2、Token 过期处理
注意: * * 以下步骤是上述初始化命令产⽣的 Token 过期了才需要执⾏以下步骤,如果没有过期不需要执⾏,直接 join 即可。 **Token 过期后⽣成新的 token
kubeadm token create --print-join-command
Master 需要⽣成 --certificate-key
kubeadm init phase upload-certs --upload-certs
3、、Node 节点配置
Node 节点上主要部署公司的⼀些业务应⽤,⽣产环境中不建议
Master 节点部署系统组件之外的其他 Pod ,测试环境可以允许
Master 节点部署 Pod 以节省系统资源。
1 node 加⼊集群 
[root@k8s-node01 ~]# kubeadm join
192.168.15.11:6443 --token 7t2weq.bjbawausm0jaxury
\ # node01通过复制master初始化⽣成的token来加⼊集群
> --discovery-token-ca-cert-hash \
>
sha256:73dc6f8d973fc70818e309386c1bfc5d330c19d52b4
94c6f88f634a6b1250a2f
[preflight] Running pre-flight checks
[preflight] Reading configuration from the
cluster...
[preflight] FYI: You can look at this config file
with 'kubectl -n kube-system get cm kubeadm-config
-o yaml'
[kubelet-start] Writing kubelet configuration to
file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file
with flags to file "/var/lib/kubelet/kubeadmflags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform
the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to
apiserver and a response was received.
* The Kubelet was informed of the new secure
connection details.
Run 'kubectl get nodes' on the control-plane to
see this node join the cluster.
# 正确加⼊集群后的输出信息
2 )查看集群状态
master 上查看集群状态( NotReady 不影响) 
[root@k8s-master ~]# kubectl get node # 获取所有节
点信息
NAME STATUS ROLES AGE 
VERSION
k8s-master NotReady control-plane 35m 
v1.28.2
k8s-node01 NotReady <none> 6m39s 
v1.28.2
k8s-node02 NotReady <none> 7m27s 
v1.28.2
4、Calico 组件安装
1 )切换 git 分⽀ 
[root@k8s-master ~]# cd /root/k8s-ha-install &&
git checkout manual-installation-v1.28.x && cd
calico/
分⽀ 'manual-installation-v1.28.x' 设置为跟踪
'origin/manual-installation-v1.28.x'。
切换到⼀个新分⽀ 'manual-installation-v1.28.x'
2 )修改 Pod ⽹段 
[root@k8s-master calico]# POD_SUBNET=`cat
/etc/kubernetes/manifests/kube-controllermanager.yaml | grep cluster-cidr= | awk -F=
'{print $NF}'` # 获取已定义的Pod⽹段
[root@k8s-master calico]# sed -i
"s#POD_CIDR#${POD_SUBNET}#g" calico.yaml # 修改
calico.yml⽂件中的pod⽹段
[root@k8s-master calico]# kubectl apply -f
calico.yaml # 创建calico的pod
3 )查看容器和节点状态 
[root@k8s-master calico]# kubectl get po -n kubesystem
NAME READY 
STATUS RESTARTS AGE
calico-kube-controllers-6d48795585-wj8g5 1/1 
Running 0 130m
calico-node-bk4p5 1/1 
Running 0 130m
calico-node-kmsh7 1/1 
Running 0 130m
calico-node-qthgh 1/1 
Running 0 130m
coredns-6554b8b87f-jdc2b 1/1 
Running 0 133m
coredns-6554b8b87f-thftb 1/1 
Running 0 133m
etcd-master 1/1 
Running 0 133m
kube-apiserver-master 1/1 
Running 0 133m
kube-controller-manager-master 1/1 
Running 0 133m
kube-proxy-46j4z 1/1 
Running 0 131m
kube-proxy-8g887 1/1 
Running 0 133m
kube-proxy-vwp27 1/1 
Running 0 131m
kube-scheduler-master 1/1 
Running 0 133m
[root@k8s-master calico]# kubectl get node # 此
时节点全部准备完成
NAME STATUS ROLES AGE 
VERSION
k8s-master Ready control-plane 40m 
v1.28.2
k8s-node01 Ready <none> 12m 
v1.28.2
k8s-node02 Ready <none> 12m 
v1.28.2
5、Metrics 部署
在新版的 Kubernetes 中系统资源的采集均使⽤ Metrics-server ,可以通过 Metrics 采集节点和 Pod 的内存、磁盘、 CPU 和⽹络的使⽤率。
1 )复制证书到所有 node 节点
master 节点的 front-proxy-ca.crt 复制到所有 Node 节点,每有⼀个节点执⾏⼀次,仅需修改命令内的 node 节点主机名即可。 
[root@k8s-master calico]# scp
/etc/kubernetes/pki/front-proxy-ca.crt k8snode01:/etc/kubernetes/pki/front-proxy-ca.crt #
向node01节点发送代理证书
front-proxy-ca.crt 
100% 1123 937.0KB/s 00:00 
[root@k8s-master calico]# scp
/etc/kubernetes/pki/front-proxy-ca.crt k8snode02:/etc/kubernetes/pki/front-proxy-ca.crt #
向node02节点发送代理证书
front-proxy-ca.crt 
100% 1123 957.4KB/s 00:00 
# 若有其他node节点,按照格式执⾏下⾯命令,这⾥不⽤执⾏,因
为node只有两台主机
[root@k8s-master calico]# scp
/etc/kubernetes/pki/front-proxy-ca.crt k8snode03:/etc/kubernetes/pki/front-proxy-ca.crt
2 )安装 metrics server 
[root@k8s-master calico]# cd /root/k8s-hainstall/kubeadm-metrics-server
[root@k8s-master kubeadm-metrics-server]# kubectl 
create -f comp.yaml # 添加metric server的pod资源
serviceaccount/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:aggre
gated-metrics-reader created
clusterrole.rbac.authorization.k8s.io/system:metri
cs-server created
rolebinding.rbac.authorization.k8s.io/metricsserver-auth-reader created
clusterrolebinding.rbac.authorization.k8s.io/metri
cs-server:system:auth-delegator created
clusterrolebinding.rbac.authorization.k8s.io/syste
m:metrics-server created
service/metrics-server created
deployment.apps/metrics-server created
apiservice.apiregistration.k8s.io/v1beta1.metrics.
k8s.io created
3 )查看 metrics server 状态 
[root@master kubeadm-metrics-server]# kubectl get
po -n kube-system -l k8s-app=metrics-server # 在
kube-system命名空间下查看metrics server的pod运⾏状态
NAME READY STATUS 
RESTARTS AGE
metrics-server-8df99c47f-mkbfd 1/1 Running 
0 34s
[root@master kubeadm-metrics-server]# kubectl top
node # 查看node节点的系统资源使⽤情况
NAME CPU(cores) CPU% MEMORY(bytes) 
MEMORY% 
k8s-node01 51m 1% 831Mi 
23% 
k8s-node02 55m 1% 931Mi 
25% 
master 107m 2% 1412Mi 
39% 
[root@master kubeadm-metrics-server]# kubectl top
po -A
NAMESPACE NAME 
 CPU(cores) MEMORY(bytes) 
kube-system calico-kube-controllers-6d48795585-
wj8g5 2m 25Mi 
kube-system calico-node-bk4p5 
 20m 155Mi 
kube-system calico-node-kmsh7 
 25m 152Mi 
kube-system calico-node-qthgh 
 24m 145Mi
kube-system coredns-6554b8b87f-jdc2b 
 1m 22Mi 
kube-system coredns-6554b8b87f-thftb 
 1m 20Mi 
kube-system etcd-master 
 14m 66Mi 
kube-system kube-apiserver-master 
 29m 301Mi 
kube-system kube-controller-manager-master 
 10m 56Mi 
kube-system kube-proxy-46j4z 
 1m 22Mi 
kube-system kube-proxy-8g887 
 1m 24Mi 
kube-system kube-proxy-vwp27 
 1m 22Mi 
kube-system kube-scheduler-master 
 2m 26Mi 
kube-system metrics-server-8df99c47f-mkbfd 
 3m 29Mi
6、Dashboard 部署
Dashboard ⽤于展示集群中的各类资源,同时也可以通过
Dashboard 实时查看 Pod 的⽇志和在容器中执⾏⼀些命令等。
1 )安装组件 
[root@master kubeadm-metrics-server]# cd
/root/k8s-ha-install/dashboard/
[root@master dashboard]# kubectl create -f . #
建⽴dashboard的pod资源
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin
-user created
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetesdashboard created
clusterrole.rbac.authorization.k8s.io/kubernetesdashboard created
rolebinding.rbac.authorization.k8s.io/kubernetesdashboard created
clusterrolebinding.rbac.authorization.k8s.io/kuber
netes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
2 )登录 dashboard
如果是⾕歌浏览器,需要在启动⽂件中加⼊下⾯的启动参数,⽤于解决⽆法访问 Dashboard 的问题
--test-type --ignore-certificate-errors
3 )更改 svc 模式 
[root@master dashboard]# kubectl edit svc
kubernetes-dashboard -n kubernetes-dashboard 
# edit:进⼊kubernetes的⽂本编辑器
# svc:指定某个服务项,这⾥指定的是kubernetes-dashboard
# -n:指定命名空间,kubernetes-dashboard
# 命令执⾏后相当于进⼊vim⽂本编辑器,不要⽤⿏标滚轮,会输出
乱码的!可以使⽤“/”搜索,输⼊“/type”找到⽬标,如果已经为
NodePort忽略此步骤
......省略部分内容......
 selector:
 k8s-app: kubernetes-dashboard
 sessionAffinity: None
 type: NodePort

4 )查看访问端⼝号 
[root@master dashboard]# kubectl get svc
kubernetes-dashboard -n kubernetes-dashboard # 获
取kubernetes-dashboard状态信息,包含端⼝,服务IP等
NAME TYPE CLUSTER-IP 
EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.96.137.94 
<none> 443:30582/TCP 8m50s
找到端⼝号后,通过 master IP+ 端⼝ 即可访问 dashboard (端⼝为终端查询到的端⼝,要⽤ https 协议访问)
5 )创建登录 token 
[root@master dashboard]# kubectl create token
admin-user -n kube-system
eyJhbGciOiJSUzI1NiIsImtpZCI6Inlvc2g1cWhWcjduaXI1ZU
FpQWNwRFJYYW1saXVFM3lrdlJnaHlUSmY0RTAifQ.eyJhdWQiO
lsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN
0ZXIubG9jYWwiXSwiZXhwIjoxNzAzMDU2Nzg4LCJpYXQiOjE3M
DMwNTMxODgsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZ
hdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pb
yI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2V
hY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiN
zE0YWU1N2UtNjRiNC00NTU0LTk5OTctYjE2NmEwZTQyNzhjIn1
9LCJuYmYiOjE3MDMwNTMxODgsInN1YiI6InN5c3RlbTpzZXJ2a
WNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbi11c2VyIn0.l6z
gXfNhppndKAqFJrR_vCi7w0_esGp7yQGNYdrQGlE5latyFKRXN
Jub8dvDe-ZyquW1H-KTvZntAluwOXv79WKY8Z8d31FePN9LHzCXPDordzyg8rE7qvgAPNeU8FgVnYtr_ujpBmuBinjnzT7LjysJiBi6fsndiD5RUYcYr6bsLg91bcLgAdW3bn_
9W5587z_q-910wpxl9AwUL9xVzyvsVDDdXe1VthkoGYxyaznRf5omkmpwabQ3JQ0L8U_8Oop6HaZs
g5cEBCqBHrgyjBsYRALjzRlFlC9CB4hrYY4P_zRSdoI0lyiG4Z
eh0ber6awoeeKSMbJMTqwMlw
输⼊ token *” 内输⼊终端⽣成的 token

http://www.kler.cn/a/290335.html

相关文章:

  • 使用SearXNG-搭建个人搜索引擎(附国内可用Docker镜像源)
  • 【Ubuntu24.04】从双系统到虚拟机再到单系统的故事
  • 网络基础:http协议和内外网划分
  • 【论文复现】MSA+抑郁症模型总结(三)
  • 如何在 Android 上增加 SELinux 权限
  • TIOBE 编程指数 11 月排行榜公布 VB.Net第九
  • iomuxc、pinctrl子系统、gpio子系统(学习总结)
  • 使用命令行编译cces工程(Blackfin 或 SHARC)
  • 如何在国内下载llama模型
  • Go入门:gin框架极速搭建图书管理系统
  • ubuntu24安装cuda和cudnn
  • 图像缩放操作
  • go-gin响应被覆盖为400,即使正常返回
  • 向对象八股文(长期跟新_整理收集_排版未优化_day04_20个)
  • IEC61968标准是什么?
  • 《Java面试题集中营》- Redis
  • OceanBase block_file与log过大 的问题
  • 污点、容忍和数据卷
  • 将x减到零的最小操作数问题
  • 应用层(Web与HTTP)
  • 什么是CAPTCHA?工作原理详解与应对方案
  • git 常用基础命令
  • 【MeterSphere】vnc连接不上selenium-chrome容器
  • 编译原理项目——C++实现C语言编译器输出为8086级汇编(代码/报告材料)
  • vue的侦听器、表单输入绑定、模版引用
  • Redis过期键监听