基础环境说明
本实验要求Kubernetes版本为1.18.1
实验基于先电Docker及Harbor仓库部署流程搭建环境
部署Kubernetes集群
安装Kubeadm工具
# yum install -y kubelet-1.18.1 kubeadm-1.18.1 kubectl-1.18.1
# systemctl restart kubelet && systemctl enable kubelet
初始化master节点
# kubelet init --kubernetes-version=1.18.1 --apiserver-advertise-address=10.16.106.50 --imager-repository 10.16.106.50/library --pod-network-cidr=10.244.0.0/16
# mkdir -p /root/.kube
# cp -i /etc/kubernetes/admin.conf /root/.kube/config
# chown root:root /root/.kube/config
# kubectl get pod -n kube-system -owide
部署flannel网络
# sed -i "s/quay.io\/coreos/10.16.106.50\/library/g" /opt/yaml/flannel/kube-flannel.yaml
# kubectl apply -f /opt/yaml/flannnel/kube-flannel.yaml
部署dashboard
创建证书
# mkdir dashboard-certs && cd dashboard-certs
# kubectl create -out dashboard.key 2048
# kubectl create namespace kubernetes-dashboard
# openssl genrsa -out dashboard.key 2048
# openssl req -days 36000 -new -out dashboard.csr -key dashboard.key -subj '/CN=dashboard-cert'
# openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
# kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
# sed -i "s/kubernetesui/10.16.106.50\/library/g" /opt/yaml/dashboard/recommended.yaml
安装dashboard
# kubectl apply -f /opt/yaml/dashboard/recommended.yaml
# kubeclt apply -f /opt/yaml/dashboard/dashboard-adminuser.yaml
去除污点
出于安全考虑,默认配置下Kubernetes不会将Pod调度到Master节点。如果希望将master也当作Node节点使用,可以去除污点
# kubectl taint nodes master node-role.kubernetes.io/master-
污点详解
查看污点节点
# kubectl describe node node-name
节点添加污点
# kubectl taint nodes node-name node-role.kubernetes.io/master:NoSchedule
# kubectl taint nodes node-name node-role.kubernetes.io/master:NoExecute
# kubectl taint nodes node-name node-role.kubernetes.io/master:PreferNoSchedule
- NoSchedule :表示k8s将不会将Pod调度到具有该污点的Node上
- PreferNoSchedule :表示k8s将尽量避免将Pod调度到具有该污点的Node上
- NoExecute :表示k8s将不会将Pod调度到具有该污点的Node上,同时会将Node上已经存在的Pod驱逐出去
节点去除污点
//最后一个'-'代表去除
# kubectl taint nodes k8s-master02 node-role.kubernetes.io/master-
Web访问集群
dashboard地址:https://$:30000
获取登陆令牌
# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep dashboard-admin | awk '{print $1}')
node节点加入集群
//在master节点运行
# kubeadm token create --print-join-command --ttl 0
//运行完出现一条命令,在node执行这条命令
kubeadm join 10.16.106.50:6443 --token 2027js.rsvzvlycmlvhes5n --discovery-token-ca-cert-hash sha256:60bbb881fde6d3fe45e54d1087906d7eea9c403c369fdbef7a5497eefd7bc9b5
//在master查看是否加入集群
# kubectl get nodes
Q.E.D.