ThinkChat2.0新版上线,更智能更精彩,支持会话、画图、阅读、搜索等,送10W Token,即刻开启你的AI之旅 广告
#### 基础环境 | 系统 | IP地址 | 节点角色 | CPU | 内存 | 主机名 | | :------------: | :------------: | :------------: | :------------: | :------------: | :------------: | | centos-7.8 |192.168.88.101 | Master | 2 | 2G | docker-2-12-101 | | centos-7.8 |192.168.88.102 | Node| 2 | 2G |docker-2-12-102 | | centos-7.8 |192.168.88.103 | Node| 2 | 2G | docker-2-12-103 | #### 系统初始化 部署依赖 ``` yum update yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp ``` 内核参数优化 ``` cat > /etc/sysctl.d/kubernetes.conf <<EOF net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 vm.swappiness=0 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 EOF sysctl -p /etc/sysctl.d/kubernetes.conf ``` 关闭服务 ``` # 关闭防火墙 systemctl stop firewalld && systemctl disable firewalld # 重置iptables iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT # 关闭swap(基于性能考虑,初始化参数可以忽略) swapoff -a sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab # 关闭selinux setenforce 0 # 关闭dnsmasq(否则可能导致docker容器无法解析域名) service dnsmasq stop && systemctl disable dnsmasq ``` 初始化主机名 ``` cat >> /etc/hosts << EOF 192.168.88.101 main-101 c7-docker-101 192.168.88.102 node-102 c7-docker-102 192.168.88.103 node-103 c7-docker-103 EOF ``` 修改Docker的驱动模式为systemmd,请先确认方式一没有配置/etc/docker/daemon.json ``` cat /etc/docker/daemon.json { ..... "exec-opts": ["native.cgroupdriver=systemd"] ..... } ``` 安装工具(所有节点) ``` # 配置阿里云yum源 cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # 安装 yum install -y kubelet-1.17.9 kubeadm-1.17.9 kubectl-1.17.9 # 启动不符 systemctl enable kubelet && systemctl start kubelet ``` #### 初始化K8s需要的容器镜像 ``` kubeadm init \ --apiserver-advertise-address=192.168.88.101 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.17.9 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16 # 配置文件中从阿里云拉取的容器镜像,速度很快 # 1.16之后参数有变化 experimental-upload-certs更换为upload-certs ``` 初始化管理服务器配置 ``` mkdir -p ~/.kube cp -i /etc/kubernetes/admin.conf ~/.kube/config ``` ##### Node节点加入集群 ``` kubeadm join 192.168.88.233:6443 --token xzp2kb.habisql3vkgyx02d \ --discovery-token-ca-cert-hash sha256:4526f6e8f08a5c5564e5488c5b939753ee26b7fd0c8ca81423af2d4a58c718a6 ``` 如果你忘记了,可以再创建一次加入集群命令 ``` kubeadm token create --print-join-command ``` #### 初始化flannel网络 ``` # 指定文件启动 1.17版本之后使用 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml # 查看状态 kubectl get pods -n kube-system ``` #### 部署dashboard ``` # 根据版本下载 https://github.com/kubernetes/dashboard/releases # 修改文件,发布端口 spec: type: NodePort ports: - port: 443 targetPort: 8443 nodePort: 30001 # 创建服务 kubectl apply -f /opt/recommended.yaml # 查看服务运行情况 kubectl get services kubernetes-dashboard -n kube-system kubectl --namespace kube-system get pods -o wide ``` 设置dashboard权限 k8s-dashboard-create-admin.yaml ``` apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard # 创建了一个admin-user的用户,并绑定在kubernetes-dashboard的命名空间下 --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard # 把cluster-admin的角色绑定到admin-user ``` 网上也有人绑定在kube-system空间下,目前还不是很明白 获取token ``` kubectl apply -f k8s-dashboard-create-admin.yaml kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}') ``` 手动建立 ``` # 创建service account kubectl create sa admin-user -n kube-system # 创建角色绑定关系 kubectl create clusterrolebinding admin-user --clusterrole=cluster-admin --serviceaccount=kube-system:admin-user # 获取token kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}') ``` 访问node节点IP:30001,然后用toke登录即可