K8s实践

• 安装Master

#添加更新源地址
deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main
$apt-get update
$apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 6A030B21BA07F4FB
$apt-get update
apt-get install kubeadm kubectl kubelet
apt-mark hold kubeadm kubectl kubelet

#kubeadm初始化
echo "127.0.0.1 ubuntu-master" >> /etc/hosts
sudo swapoff -a #关闭swap

#查看需要下载的镜像文件
kubeadm config images list
#拉取k8s镜像文件（由于源站无法访问）
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.18.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.18.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.18.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.7
#标记本地镜像
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.18.1 k8s.gcr.io/kube-apiserver:v1.18.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.18.1 k8s.gcr.io/kube-proxy:v1.18.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.18.1 k8s.gcr.io/kube-scheduler:v1.18.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.18.1 k8s.gcr.io/kube-controller-manager:v1.18.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2 k8s.gcr.io/pause:3.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.7 k8s.gcr.io/coredns:1.6.7

systemctl enable docker.service
kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=[master server IP] --node-name=ubuntu-master --ignore-preflight-errors=ImagePull

mkdir -p $HOME/.kube
cp /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
 

• 安装Node

apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet kubeadm kubectl

apt-get install docker.io
systemctl enable docker.service
swapoff -a

#查看需要下载的镜像文件，并下载、打TAG
kubeadm config images list
#见安装Master中拉取、标记镜像描述
kubeadm token list # 查看 token(master)
kubeadm token create --print-join-command # 创建 token 并打印 join 命令(master)
kubeadm join 192.168.3.187:6443 --token 5ymb4a.f739yvsrdc8fnoff --discovery-token-unsafe-skip-ca-verification --ignore-preflight-errors=all

• 安装Dashboard

#dashboard
#获取“https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml” 内容，保存在/etc/kubernetes/yaml/dashborad.yaml
修改文件内容：
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
kubectl apply -f /etc/kubernetes/yaml/dashboard.yaml
#访问地址：
https://localhost:30001/#/login
#获取token
kubectl describe secret -n kube-system $(kubectl get secret -n kube-system | grep aks-dashboard-admin | awk '{print $1}')

• 使用dashboard

dashboard.yaml中权限配置可根据实际情况配置不同的角色（Role），并进行绑定（RoleBinding）。

使用不同的角色的token登录后，权限是不同的。

点击dashboard上的“+”，创建

创建service：

创建成功后，会自动生成pod。