基于centos7.9二进制部署kubernetes1.25.4(下)

时间:2022-11-17 17:15:27
8、安装Calico
# 以下步骤只在master01执行
[root@k8s-master01 k8s-ha-install]#cd /root/k8s-ha-install/calico/
# 更改calico的网段,主要需要将红色部分的网段,改为自己的Pod网段
[root@k8s-master01 calico]#sed -i "s#POD_CIDR#172.16.0.0/12#g" calico.yaml
# 检查网段是自己的Pod网段, grep "IPV4POOL_CIDR" calico.yaml -A 1

更改后如下所示:

基于centos7.9二进制部署kubernetes1.25.4(下)

[root@k8s-master01 calico]# kubectl apply -f calico.yaml

#稍等几分钟,查看pod状态
[root@k8s-master01 k8s-ha-install]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-86d8c4fb68-9wtm4 1/1 Running 0 2m53s
calico-node-kwhrq 1/1 Running 0 2m52s
calico-node-nm7qs 1/1 Running 0 2m53s
calico-node-qkzlv 1/1 Running 0 2m53s
calico-node-tpl5n 1/1 Running 0 2m53s
calico-typha-768795f74d-bht5m 1/1 Running 0 2m53s
9、安装CoreDNS
# master01

[root@k8s-master01 calico]# cd /root/k8s-ha-install/

# 如果更改了k8s service的网段需要将coredns的serviceIP改成k8s service网段的第十个IP
[root@k8s-master01 k8s-ha-install]# COREDNS_SERVICE_IP=`kubectl get svc | grep kubernetes | awk '{print $3}'`0
[root@k8s-master01 k8s-ha-install]# echo ${COREDNS_SERVICE_IP}
10.96.0.10

[root@k8s-master01 k8s-ha-install]# sed -i "s#KUBEDNS_SERVICE_IP#${COREDNS_SERVICE_IP}#g" CoreDNS/coredns.yaml

# 安装coredns
[root@k8s-master01 k8s-ha-install]# kubectl create -f CoreDNS/coredns.yaml
10、安装Metrics Server

说明:在新版的Kubernetes中系统资源的采集均使用Metrics-server,可以通过Metrics采集节点和Pod的内存、磁盘、CPU和网络的使用率。

# 安装metrics server
[root@k8s-master01 k8s-ha-install]# cd /root/k8s-ha-install/metrics-server
[root@k8s-master01 metrics-server]# ls
comp.yaml

[root@k8s-master01 metrics-server]# kubectl create -f .

[root@k8s-master01 metrics-server]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master01 Ready <none> 23m v1.25.4
k8s-master02 Ready <none> 22m v1.25.4
k8s-master03 Ready <none> 65s v1.25.4
k8s-node01 Ready <none> 22m v1.25.4
k8s-node02 Ready <none> 21m v1.25.4
11、集群验证
安装busybox
[root@k8s-master01 metrics-server]# cat<<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: registry.cn-beijing.aliyuncs.com/dotbalo/redis-trib:4.0.10
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
EOF
[root@k8s-master01 metrics-server]# kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 0 29s

1. Pod必须能解析Service
2. Pod必须能解析跨namespace的Service
3. 每个节点都必须要能访问Kubernetes的kubernetes svc 443和kube-dns的service 53
4. Pod和Pod之前要能通
a) 同namespace能通信
b) 跨namespace能通信
c) 跨机器能通信
12、安装dashboard
[root@k8s-master01 kubernetes]# cd /root/k8s-ha-install/dashboard/
[root@k8s-master01 dashboard]# kubectl create -f .

[root@k8s-master01 dashboard]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml

# 创建管理员用户

[root@k8s-master01 dashboard]# vim admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system

[root@k8s-master01 dashboard]# kubectl apply -f admin.yaml -n kube-system

# 查看token值(注意不要复制到空格):
[root@k8s-master01 dashboard]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

# 将ClusterIP更改为NodePort(如果已经为NodePort忽略此步骤):
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

根据自己的实例端口号,通过任意安装了kube-proxy的宿主机的IP+端口即可访问到dashboard:

访问Dashboard:[​​https://192.168.100.156:31703/(请更改31703为自己的端口​​),选择登录方式为令牌(即token方式)

13、命令补全
[root@k8s-master01 dashboard]# yum install bash-completion -y
[root@k8s-master01 dashboard]# source /usr/share/bash-completion/bash_completion
[root@k8s-master01 dashboard]# source <(kubectl completion bash)
[root@k8s-master01 dashboard]# echo "source <(kubectl completion bash)" >> ~/.bashrc