-
K8s安装教程
Kubernetes上安装KubeSphere
1、安装步骤
- 选择4核8G(master)、8核16G(node1)、8核16G(node2) 三台机器,按量付费进行实验,CentOS7.9
- 安装Docker
- 安装Kubernetes
- 安装KubeSphere前置环境
- 安装KubeSphere
经过本人测试发现还是腾讯的比较便宜,都选2核的。
1、安装Docker
- sudo yum remove docker*
- sudo yum install -y yum-utils
- #配置docker的yum地址
- sudo yum-config-manager \
- --add-repo \
- http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
- #安装指定版本
- #sudo yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7 containerd.io-1.4.6
- #友情提示上面的版本不存在
- sudo yum install -y docker-ce docker-ce-cli containerd.io
- # 启动&开机启动docker
- systemctl enable docker --now
- # docker加速配置
- sudo mkdir -p /etc/docker
- sudo tee /etc/docker/daemon.json <<-'EOF'
- {
- "registry-mirrors": ["https://82m9ar63.mirror.aliyuncs.com"],
- "exec-opts": ["native.cgroupdriver=systemd"],
- "log-driver": "json-file",
- "log-opts": {
- "max-size": "100m"
- },
- "storage-driver": "overlay2"
- }
- EOF
- sudo systemctl daemon-reload
- sudo systemctl restart docker
2、安装Kubernetes
1、基本环境
每个机器使用内网ip互通(也就是各个节点之间相互通信)
每个机器配置自己的hostname,不能用localhost
- #设置每个机器自己的hostname,主节点写 master ,从节点写node1 node2....
- hostnamectl set-hostname xxx
- #======================下面的每台机器都要执行=======================================
- # 将 SELinux 设置为 permissive 模式(相当于将其禁用)
- sudo setenforce 0
- sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
- #关闭swap
- swapoff -a
- sed -ri 's/.*swap.*/#&/' /etc/fstab
- #允许 iptables 检查桥接流量
- cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
- br_netfilter
- EOF
- cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
- net.bridge.bridge-nf-call-ip6tables = 1
- net.bridge.bridge-nf-call-iptables = 1
- EOF
- sudo sysctl --system
- #====================上面的每台机器都执行直接全部复制粘贴=========================
2、安装kubelet、kubeadm、kubectl
友情提示:
一、下面的命令每台机器都要执行
二、 echo "172.31.0.2 master" >> /etc/hosts
1、这个地址是主节点的内网Ip 通过ip a查看
2、master是上面取名hostname我们取名叫master
- #配置k8s的yum源地址
- cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
- [kubernetes]
- name=Kubernetes
- baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
- enabled=1
- gpgcheck=0
- repo_gpgcheck=0
- gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
- http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
- EOF
- #安装 kubelet,kubeadm,kubectl
- sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9
- #启动kubelet
- sudo systemctl enable --now kubelet
- #下面的需要注意,172.31.0.2是主机的内网ip
- #通过 ip a 查看,域名是之前上面写主节点的hostname 我们取名为master
- #所有机器配置master域名,这里需要注意
- echo "172.31.0.2 master" >> /etc/hosts
注意:上面的命令每台节点都执行网对各个节点ping操作,主要测试各个从节点能不能通过域名master进行ping通
3、初始化master节点
1、初始化
友情提示:
*下面的命令只在主节点执行
1、apiserver-advertise-address:对应的ip是主节点的内网ip通过命令 ip a 查看
2、其他的都可以不用修改
3、service-cidr 设置的就是service资源的ip地址都是这个网段的
4、pod-network-cidr 创建的pod资源的ip都是这个网段的
5、control-plane-endpoint 设置主节点的域名master
- kubeadm init \
- --apiserver-advertise-address=172.31.0.2 \
- --control-plane-endpoint=master \
- --image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
- --kubernetes-version v1.20.9 \
- --service-cidr=10.96.0.0/16 \
- --pod-network-cidr=192.168.0.0/16
2、上面执行结果显示
执行上面的命令会出现下面的内容
1、当执行完上面的命令等一会就会出现下面的内容,创建文件夹只需要在主节点执行。
记录master执行完成后的日志
友情提示:
1、第一个框,在主节点执行
2、配置pod网络,这里使用的是Calico网络插件配置
3、第三个框想让变成主节点的执行
4、第四个框想让变成从节点的执行
5、在执行第一个框之后需要安装Calico网络插件,下载yaml文件,并执行
3、安装Calico网络插件
友情提示:两个命令都是在主节点执行
1、友情提示:下面的命令执行是失败的,因为k8s版本不支持
- curl https://docs.projectcalico.org/manifests/calico.yaml -O
- kubectl apply -f calico.yaml
换成下面的
- curl https://docs.projectcalico.org/v3.18/manifests/calico.yaml -O
- kubectl apply -f calico.yaml
当执行上面命令后在主节点可以查看pod
4、加入worker节点
在每一个节点执行上面命令后在主节点查看节点
友情提示:上面的token命令是存在有效时间的,过期了在主节点执行下面的额一句话
- 新令牌
- kubeadm token create --print-join-command
如果想实现高可用,高可用部署方式,也是在这一步的时候,使用添加主节点的命令即可
总结:到此k8s安装完成
5、 部署dashboard(K8s自带的控制面板)
友情提示:可以不安装,就是方便查看
1、部署
kubernetes官方提供的可视化界面
https://github.com/kubernetes/dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml或者直接使用下面的文件执行
- # Copyright 2017 The Kubernetes Authors.
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- apiVersion: v1
- kind: Namespace
- metadata:
- name: kubernetes-dashboard
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- ---
- kind: Service
- apiVersion: v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- spec:
- ports:
- - port: 443
- targetPort: 8443
- selector:
- k8s-app: kubernetes-dashboard
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-certs
- namespace: kubernetes-dashboard
- type: Opaque
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-csrf
- namespace: kubernetes-dashboard
- type: Opaque
- data:
- csrf: ""
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-key-holder
- namespace: kubernetes-dashboard
- type: Opaque
- ---
- kind: ConfigMap
- apiVersion: v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard-settings
- namespace: kubernetes-dashboard
- ---
- kind: Role
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- rules:
- # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- - apiGroups: [""]
- resources: ["secrets"]
- resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
- verbs: ["get", "update", "delete"]
- # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- - apiGroups: [""]
- resources: ["configmaps"]
- resourceNames: ["kubernetes-dashboard-settings"]
- verbs: ["get", "update"]
- # Allow Dashboard to get metrics.
- - apiGroups: [""]
- resources: ["services"]
- resourceNames: ["heapster", "dashboard-metrics-scraper"]
- verbs: ["proxy"]
- - apiGroups: [""]
- resources: ["services/proxy"]
- resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
- verbs: ["get"]
- ---
- kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- rules:
- # Allow Metrics Scraper to get metrics from the Metrics server
- - apiGroups: ["metrics.k8s.io"]
- resources: ["pods", "nodes"]
- verbs: ["get", "list", "watch"]
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: kubernetes-dashboard
- subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: kubernetes-dashboard
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: kubernetes-dashboard
- subjects:
- - kind: ServiceAccount
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- ---
- kind: Deployment
- apiVersion: apps/v1
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- name: kubernetes-dashboard
- namespace: kubernetes-dashboard
- spec:
- replicas: 1
- revisionHistoryLimit: 10
- selector:
- matchLabels:
- k8s-app: kubernetes-dashboard
- template:
- metadata:
- labels:
- k8s-app: kubernetes-dashboard
- spec:
- containers:
- - name: kubernetes-dashboard
- image: kubernetesui/dashboard:v2.3.1
- imagePullPolicy: Always
- ports:
- - containerPort: 8443
- protocol: TCP
- args:
- - --auto-generate-certificates
- - --namespace=kubernetes-dashboard
- # Uncomment the following line to manually specify Kubernetes API server Host
- # If not specified, Dashboard will attempt to auto discover the API server and connect
- # to it. Uncomment only if the default does not work.
- # - --apiserver-host=http://my-address:port
- volumeMounts:
- - name: kubernetes-dashboard-certs
- mountPath: /certs
- # Create on-disk volume to store exec logs
- - mountPath: /tmp
- name: tmp-volume
- livenessProbe:
- httpGet:
- scheme: HTTPS
- path: /
- port: 8443
- initialDelaySeconds: 30
- timeoutSeconds: 30
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsUser: 1001
- runAsGroup: 2001
- volumes:
- - name: kubernetes-dashboard-certs
- secret:
- secretName: kubernetes-dashboard-certs
- - name: tmp-volume
- emptyDir: {}
- serviceAccountName: kubernetes-dashboard
- nodeSelector:
- "kubernetes.io/os": linux
- # Comment the following tolerations if Dashboard must not be deployed on master
- tolerations:
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
- ---
- kind: Service
- apiVersion: v1
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- name: dashboard-metrics-scraper
- namespace: kubernetes-dashboard
- spec:
- ports:
- - port: 8000
- targetPort: 8000
- selector:
- k8s-app: dashboard-metrics-scraper
- ---
- kind: Deployment
- apiVersion: apps/v1
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- name: dashboard-metrics-scraper
- namespace: kubernetes-dashboard
- spec:
- replicas: 1
- revisionHistoryLimit: 10
- selector:
- matchLabels:
- k8s-app: dashboard-metrics-scraper
- template:
- metadata:
- labels:
- k8s-app: dashboard-metrics-scraper
- annotations:
- seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
- spec:
- containers:
- - name: dashboard-metrics-scraper
- image: kubernetesui/metrics-scraper:v1.0.6
- ports:
- - containerPort: 8000
- protocol: TCP
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: 8000
- initialDelaySeconds: 30
- timeoutSeconds: 30
- volumeMounts:
- - mountPath: /tmp
- name: tmp-volume
- securityContext:
- allowPrivilegeEscalation: false
- readOnlyRootFilesystem: true
- runAsUser: 1001
- runAsGroup: 2001
- serviceAccountName: kubernetes-dashboard
- nodeSelector:
- "kubernetes.io/os": linux
- # Comment the following tolerations if Dashboard must not be deployed on master
- tolerations:
- - key: node-role.kubernetes.io/master
- effect: NoSchedule
- volumes:
- - name: tmp-volume
- emptyDir: {}
2、设置访问端口
友情提示:下面命令会进入编辑状态,修改 type: ClusterIP 改为 type: NodePort,因为ClusterIP 只能内网访问,NodePort才可以外网访问
kubectl edit svc kubernetes-dashboard -n kubernetes-dashboardtype: ClusterIP 改为 type: NodePort
下面是对其dashboard开放的端口在服务器的安全组中进行开放。
- kubectl get svc -A |grep kubernetes-dashboard
- ## 找到端口,在安全组放行
访问: https://集群任意IP:端口 https://139.198.165.238:32759(友情提示IP地址和端口查看自己的)
友情提示:下面就是如何获取密码
3、创建访问账号
友情提示:这样才能用账号登录dashboard
- #创建访问账号,准备一个yaml文件; vi dash.yaml
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: admin-user
- namespace: kubernetes-dashboard
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: admin-user
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
- subjects:
- - kind: ServiceAccount
- name: admin-user
- namespace: kubernetes-dashboard
kubectl apply -f dash.yaml4、令牌访问
- #获取访问令牌
- kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
随后生成一大串字符串,复制登录即可,下面的没用
访问的时候需要使用https://方式访问
5、界面
3、安装KubeSphere前置环境
1、nfs文件系统
1、安装nfs-server
友情提示:
1、除了yum install -y nfs-utils是所有机器都执行,其他的都是在主节点执行
2、下面的就相当于是nfs服务
- # 在每个机器。
- yum install -y nfs-utils
- # 在master 执行以下命令
- echo "/nfs/data/ *(insecure,rw,sync,no_root_squash)" > /etc/exports
- # 执行以下命令,启动 nfs 服务;创建共享目录
- mkdir -p /nfs/data
- # 在master执行
- systemctl enable rpcbind
- systemctl enable nfs-server
- systemctl start rpcbind
- systemctl start nfs-server
- # 使配置生效
- exportfs -r
- #检查配置是否生效
- exportfs
2、配置nfs-client(选做)
友情提示:这个命令只在从节点执行,相当于客户端
- showmount -e 172.31.0.2
- mkdir -p /nfs/data
- mount -t nfs 172.31.0.2:/nfs/data /nfs/data
3、配置默认存储
配置动态供应的默认存储类,这里动态分配存储空间,这是kubespher需要的环境,在节点执行
这里需要修改配置文件中的主节点的内网IP(所有Ip)
- ## 创建了一个存储类
- apiVersion: storage.k8s.io/v1
- kind: StorageClass
- metadata:
- name: nfs-storage
- annotations:
- storageclass.kubernetes.io/is-default-class: "true"
- provisioner: k8s-sigs.io/nfs-subdir-external-provisioner
- parameters:
- archiveOnDelete: "true" ## 删除pv的时候,pv的内容是否要备份
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: nfs-client-provisioner
- labels:
- app: nfs-client-provisioner
- # replace with namespace where provisioner is deployed
- namespace: default
- spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- app: nfs-client-provisioner
- template:
- metadata:
- labels:
- app: nfs-client-provisioner
- spec:
- serviceAccountName: nfs-client-provisioner
- containers:
- - name: nfs-client-provisioner
- image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/nfs-subdir-external-provisioner:v4.0.2
- # resources:
- # limits:
- # cpu: 10m
- # requests:
- # cpu: 10m
- volumeMounts:
- - name: nfs-client-root
- mountPath: /persistentvolumes
- env:
- - name: PROVISIONER_NAME
- value: k8s-sigs.io/nfs-subdir-external-provisioner
- - name: NFS_SERVER
- value: 172.31.0.2 ## 指定自己nfs服务器地址
- - name: NFS_PATH
- value: /nfs/data ## nfs服务器共享的目录
- volumes:
- - name: nfs-client-root
- nfs:
- server: 172.31.0.2
- path: /nfs/data
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: nfs-client-provisioner
- # replace with namespace where provisioner is deployed
- namespace: default
- ---
- kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: nfs-client-provisioner-runner
- rules:
- - apiGroups: [""]
- resources: ["nodes"]
- verbs: ["get", "list", "watch"]
- - apiGroups: [""]
- resources: ["persistentvolumes"]
- verbs: ["get", "list", "watch", "create", "delete"]
- - apiGroups: [""]
- resources: ["persistentvolumeclaims"]
- verbs: ["get", "list", "watch", "update"]
- - apiGroups: ["storage.k8s.io"]
- resources: ["storageclasses"]
- verbs: ["get", "list", "watch"]
- - apiGroups: [""]
- resources: ["events"]
- verbs: ["create", "update", "patch"]
- ---
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: run-nfs-client-provisioner
- subjects:
- - kind: ServiceAccount
- name: nfs-client-provisioner
- # replace with namespace where provisioner is deployed
- namespace: default
- roleRef:
- kind: ClusterRole
- name: nfs-client-provisioner-runner
- apiGroup: rbac.authorization.k8s.io
- ---
- kind: Role
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: leader-locking-nfs-client-provisioner
- # replace with namespace where provisioner is deployed
- namespace: default
- rules:
- - apiGroups: [""]
- resources: ["endpoints"]
- verbs: ["get", "list", "watch", "create", "update", "patch"]
- ---
- kind: RoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: leader-locking-nfs-client-provisioner
- # replace with namespace where provisioner is deployed
- namespace: default
- subjects:
- - kind: ServiceAccount
- name: nfs-client-provisioner
- # replace with namespace where provisioner is deployed
- namespace: default
- roleRef:
- kind: Role
- name: leader-locking-nfs-client-provisioner
- apiGroup: rbac.authorization.k8s.io
运行完上面的内容执行下面的命令
4、安装KubeSphere
面向云原生应用的容器混合云,支持 Kubernetes 多集群管理的 PaaS 容器云平台解决方案 | KubeSphere
1、下载核心文件
如果下载不到,请复制附录的内容
- wget https://github.com/kubesphere/ks-installer/releases/download/v3.1.1/kubesphere-installer.yaml
- wget https://github.com/kubesphere/ks-installer/releases/download/v3.1.1/cluster-configuration.yaml
2、修改cluster-configuration
在 cluster-configuration.yaml中指定我们需要开启的功能
参照官网“启用可插拔组件”,完整的改成true都配置如下
- ---
- apiVersion: installer.kubesphere.io/v1alpha1
- kind: ClusterConfiguration
- metadata:
- name: ks-installer
- namespace: kubesphere-system
- labels:
- version: v3.1.1
- spec:
- persistence:
- storageClass: "" # If there is no default StorageClass in your cluster, you need to specify an existing StorageClass here.
- authentication:
- jwtSecret: "" # Keep the jwtSecret consistent with the Host Cluster. Retrieve the jwtSecret by executing "kubectl -n kubesphere-system get cm kubesphere-config -o yaml | grep -v "apiVersion" | grep jwtSecret" on the Host Cluster.
- local_registry: "" # Add your private registry address if it is needed.
- etcd:
- monitoring: true # Enable or disable etcd monitoring dashboard installation. You have to create a Secret for etcd before you enable it.
- endpointIps: 172.31.0.2 # etcd cluster EndpointIps. It can be a bunch of IPs here.
- port: 2379 # etcd port.
- tlsEnable: true
- common:
- redis:
- enabled: true
- openldap:
- enabled: true
- minioVolumeSize: 20Gi # Minio PVC size.
- openldapVolumeSize: 2Gi # openldap PVC size.
- redisVolumSize: 2Gi # Redis PVC size.
- monitoring:
- # type: external # Whether to specify the external prometheus stack, and need to modify the endpoint at the next line.
- endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090 # Prometheus endpoint to get metrics data.
- es: # Storage backend for logging, events and auditing.
- # elasticsearchMasterReplicas: 1 # The total number of master nodes. Even numbers are not allowed.
- # elasticsearchDataReplicas: 1 # The total number of data nodes.
- elasticsearchMasterVolumeSize: 4Gi # The volume size of Elasticsearch master nodes.
- elasticsearchDataVolumeSize: 20Gi # The volume size of Elasticsearch data nodes.
- logMaxAge: 7 # Log retention time in built-in Elasticsearch. It is 7 days by default.
- elkPrefix: logstash # The string making up index names. The index name will be formatted as ks-<elk_prefix>-log.
- basicAuth:
- enabled: false
- username: ""
- password: ""
- externalElasticsearchUrl: ""
- externalElasticsearchPort: ""
- console:
- enableMultiLogin: true # Enable or disable simultaneous logins. It allows different users to log in with the same account at the same time.
- port: 30880
- alerting: # (CPU: 0.1 Core, Memory: 100 MiB) It enables users to customize alerting policies to send messages to receivers in time with different time intervals and alerting levels to choose from.
- enabled: true # Enable or disable the KubeSphere Alerting System.
- # thanosruler:
- # replicas: 1
- # resources: {}
- auditing: # Provide a security-relevant chronological set of records,recording the sequence of activities happening on the platform, initiated by different tenants.
- enabled: true # Enable or disable the KubeSphere Auditing Log System.
- devops: # (CPU: 0.47 Core, Memory: 8.6 G) Provide an out-of-the-box CI/CD system based on Jenkins, and automated workflow tools including Source-to-Image & Binary-to-Image.
- enabled: true # Enable or disable the KubeSphere DevOps System.
- jenkinsMemoryLim: 2Gi # Jenkins memory limit.
- jenkinsMemoryReq: 1500Mi # Jenkins memory request.
- jenkinsVolumeSize: 8Gi # Jenkins volume size.
- jenkinsJavaOpts_Xms: 512m # The following three fields are JVM parameters.
- jenkinsJavaOpts_Xmx: 512m
- jenkinsJavaOpts_MaxRAM: 2g
- events: # Provide a graphical web console for Kubernetes Events exporting, filtering and alerting in multi-tenant Kubernetes clusters.
- enabled: true # Enable or disable the KubeSphere Events System.
- ruler:
- enabled: true
- replicas: 2
- logging: # (CPU: 57 m, Memory: 2.76 G) Flexible logging functions are provided for log query, collection and management in a unified console. Additional log collectors can be added, such as Elasticsearch, Kafka and Fluentd.
- enabled: true # Enable or disable the KubeSphere Logging System.
- logsidecar:
- enabled: true
- replicas: 2
- metrics_server: # (CPU: 56 m, Memory: 44.35 MiB) It enables HPA (Horizontal Pod Autoscaler).
- enabled: false # Enable or disable metrics-server.
- monitoring:
- storageClass: "" # If there is an independent StorageClass you need for Prometheus, you can specify it here. The default StorageClass is used by default.
- # prometheusReplicas: 1 # Prometheus replicas are responsible for monitoring different segments of data source and providing high availability.
- prometheusMemoryRequest: 400Mi # Prometheus request memory.
- prometheusVolumeSize: 20Gi # Prometheus PVC size.
- # alertmanagerReplicas: 1 # AlertManager Replicas.
- multicluster:
- clusterRole: none # host | member | none # You can install a solo cluster, or specify it as the Host or Member Cluster.
- network:
- networkpolicy: # Network policies allow network isolation within the same cluster, which means firewalls can be set up between certain instances (Pods).
- # Make sure that the CNI network plugin used by the cluster supports NetworkPolicy. There are a number of CNI network plugins that support NetworkPolicy, including Calico, Cilium, Kube-router, Romana and Weave Net.
- enabled: true # Enable or disable network policies.
- ippool: # Use Pod IP Pools to manage the Pod network address space. Pods to be created can be assigned IP addresses from a Pod IP Pool.
- type: calico # Specify "calico" for this field if Calico is used as your CNI plugin. "none" means that Pod IP Pools are disabled.
- topology: # Use Service Topology to view Service-to-Service communication based on Weave Scope.
- type: none # Specify "weave-scope" for this field to enable Service Topology. "none" means that Service Topology is disabled.
- openpitrix: # An App Store that is accessible to all platform tenants. You can use it to manage apps across their entire lifecycle.
- store:
- enabled: true # Enable or disable the KubeSphere App Store.
- servicemesh: # (0.3 Core, 300 MiB) Provide fine-grained traffic management, observability and tracing, and visualized traffic topology.
- enabled: true # Base component (pilot). Enable or disable KubeSphere Service Mesh (Istio-based).
- kubeedge: # Add edge nodes to your cluster and deploy workloads on edge nodes.
- enabled: true # Enable or disable KubeEdge.
- cloudCore:
- nodeSelector: {"node-role.kubernetes.io/worker": ""}
- tolerations: []
- cloudhubPort: "10000"
- cloudhubQuicPort: "10001"
- cloudhubHttpsPort: "10002"
- cloudstreamPort: "10003"
- tunnelPort: "10004"
- cloudHub:
- advertiseAddress: # At least a public IP address or an IP address which can be accessed by edge nodes must be provided.
- - "" # Note that once KubeEdge is enabled, CloudCore will malfunction if the address is not provided.
- nodeLimit: "100"
- service:
- cloudhubNodePort: "30000"
- cloudhubQuicNodePort: "30001"
- cloudhubHttpsNodePort: "30002"
- cloudstreamNodePort: "30003"
- tunnelNodePort: "30004"
- edgeWatcher:
- nodeSelector: {"node-role.kubernetes.io/worker": ""}
- tolerations: []
- edgeWatcherAgent:
- nodeSelector: {"node-role.kubernetes.io/worker": ""}
- tolerations: []
3、执行安装
- kubectl apply -f kubesphere-installer.yaml
- kubectl apply -f cluster-configuration.yaml
4、查看安装进度
友情提示:通过下面的命令就能查看到账号和密码
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f运行到最后就能看到下面直接 运行即可
访问任意机器的 30880端口
账号 : admin
密码 : P@88w0rd
解决etcd监控证书找不到问题,下面的是当普莫米修斯pod出现问题执行下面这段
kubectl -n kubesphere-monitoring-system create secret generic kube-etcd-client-certs --from-file=etcd-client-ca.crt=/etc/kubernetes/pki/etcd/ca.crt --from-file=etcd-client.crt=/etc/kubernetes/pki/apiserver-etcd-client.crt --from-file=etcd-client.key=/etc/kubernetes/pki/apiserver-etcd-client.key怎么查看
附录
1、kubesphere-installer.yaml
- ---
- apiVersion: apiextensions.k8s.io/v1beta1
- kind: CustomResourceDefinition
- metadata:
- name: clusterconfigurations.installer.kubesphere.io
- spec:
- group: installer.kubesphere.io
- versions:
- - name: v1alpha1
- served: true
- storage: true
- scope: Namespaced
- names:
- plural: clusterconfigurations
- singular: clusterconfiguration
- kind: ClusterConfiguration
- shortNames:
- - cc
- ---
- apiVersion: v1
- kind: Namespace
- metadata:
- name: kubesphere-system
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: ks-installer
- namespace: kubesphere-system
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: ks-installer
- rules:
- - apiGroups:
- - ""
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - apps
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - extensions
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - batch
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - rbac.authorization.k8s.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - apiregistration.k8s.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - apiextensions.k8s.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - tenant.kubesphere.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - certificates.k8s.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - devops.kubesphere.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - monitoring.coreos.com
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - logging.kubesphere.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - jaegertracing.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - storage.k8s.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - admissionregistration.k8s.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - policy
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - autoscaling
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - networking.istio.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - config.istio.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - iam.kubesphere.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - notification.kubesphere.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - auditing.kubesphere.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - events.kubesphere.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - core.kubefed.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - installer.kubesphere.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - storage.kubesphere.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - security.istio.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - monitoring.kiali.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - kiali.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - networking.k8s.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - kubeedge.kubesphere.io
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - types.kubefed.io
- resources:
- - '*'
- verbs:
- - '*'
- ---
- kind: ClusterRoleBinding
- apiVersion: rbac.authorization.k8s.io/v1
- metadata:
- name: ks-installer
- subjects:
- - kind: ServiceAccount
- name: ks-installer
- namespace: kubesphere-system
- roleRef:
- kind: ClusterRole
- name: ks-installer
- apiGroup: rbac.authorization.k8s.io
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: ks-installer
- namespace: kubesphere-system
- labels:
- app: ks-install
- spec:
- replicas: 1
- selector:
- matchLabels:
- app: ks-install
- template:
- metadata:
- labels:
- app: ks-install
- spec:
- serviceAccountName: ks-installer
- containers:
- - name: installer
- image: kubesphere/ks-installer:v3.1.1
- imagePullPolicy: "Always"
- resources:
- limits:
- cpu: "1"
- memory: 1Gi
- requests:
- cpu: 20m
- memory: 100Mi
- volumeMounts:
- - mountPath: /etc/localtime
- name: host-time
- volumes:
- - hostPath:
- path: /etc/localtime
- type: ""
- name: host-time
2、cluster-configuration.yaml
- ---
- apiVersion: installer.kubesphere.io/v1alpha1
- kind: ClusterConfiguration
- metadata:
- name: ks-installer
- namespace: kubesphere-system
- labels:
- version: v3.1.1
- spec:
- persistence:
- storageClass: "" # If there is no default StorageClass in your cluster, you need to specify an existing StorageClass here.
- authentication:
- jwtSecret: "" # Keep the jwtSecret consistent with the Host Cluster. Retrieve the jwtSecret by executing "kubectl -n kubesphere-system get cm kubesphere-config -o yaml | grep -v "apiVersion" | grep jwtSecret" on the Host Cluster.
- local_registry: "" # Add your private registry address if it is needed.
- etcd:
- monitoring: true # Enable or disable etcd monitoring dashboard installation. You have to create a Secret for etcd before you enable it.
- endpointIps: 172.31.0.4 # etcd cluster EndpointIps. It can be a bunch of IPs here.
- port: 2379 # etcd port.
- tlsEnable: true
- common:
- redis:
- enabled: true
- openldap:
- enabled: true
- minioVolumeSize: 20Gi # Minio PVC size.
- openldapVolumeSize: 2Gi # openldap PVC size.
- redisVolumSize: 2Gi # Redis PVC size.
- monitoring:
- # type: external # Whether to specify the external prometheus stack, and need to modify the endpoint at the next line.
- endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090 # Prometheus endpoint to get metrics data.
- es: # Storage backend for logging, events and auditing.
- # elasticsearchMasterReplicas: 1 # The total number of master nodes. Even numbers are not allowed.
- # elasticsearchDataReplicas: 1 # The total number of data nodes.
- elasticsearchMasterVolumeSize: 4Gi # The volume size of Elasticsearch master nodes.
- elasticsearchDataVolumeSize: 20Gi # The volume size of Elasticsearch data nodes.
- logMaxAge: 7 # Log retention time in built-in Elasticsearch. It is 7 days by default.
- elkPrefix: logstash # The string making up index names. The index name will be formatted as ks-<elk_prefix>-log.
- basicAuth:
- enabled: false
- username: ""
- password: ""
- externalElasticsearchUrl: ""
- externalElasticsearchPort: ""
- console:
- enableMultiLogin: true # Enable or disable simultaneous logins. It allows different users to log in with the same account at the same time.
- port: 30880
- alerting: # (CPU: 0.1 Core, Memory: 100 MiB) It enables users to customize alerting policies to send messages to receivers in time with different time intervals and alerting levels to choose from.
- enabled: true # Enable or disable the KubeSphere Alerting System.
- # thanosruler:
- # replicas: 1
- # resources: {}
- auditing: # Provide a security-relevant chronological set of records,recording the sequence of activities happening on the platform, initiated by different tenants.
- enabled: true # Enable or disable the KubeSphere Auditing Log System.
- devops: # (CPU: 0.47 Core, Memory: 8.6 G) Provide an out-of-the-box CI/CD system based on Jenkins, and automated workflow tools including Source-to-Image & Binary-to-Image.
- enabled: true # Enable or disable the KubeSphere DevOps System.
- jenkinsMemoryLim: 2Gi # Jenkins memory limit.
- jenkinsMemoryReq: 1500Mi # Jenkins memory request.
- jenkinsVolumeSize: 8Gi # Jenkins volume size.
- jenkinsJavaOpts_Xms: 512m # The following three fields are JVM parameters.
- jenkinsJavaOpts_Xmx: 512m
- jenkinsJavaOpts_MaxRAM: 2g
- events: # Provide a graphical web console for Kubernetes Events exporting, filtering and alerting in multi-tenant Kubernetes clusters.
- enabled: true # Enable or disable the KubeSphere Events System.
- ruler:
- enabled: true
- replicas: 2
- logging: # (CPU: 57 m, Memory: 2.76 G) Flexible logging functions are provided for log query, collection and management in a unified console. Additional log collectors can be added, such as Elasticsearch, Kafka and Fluentd.
- enabled: true # Enable or disable the KubeSphere Logging System.
- logsidecar:
- enabled: true
- replicas: 2
- metrics_server: # (CPU: 56 m, Memory: 44.35 MiB) It enables HPA (Horizontal Pod Autoscaler).
- enabled: false # Enable or disable metrics-server.
- monitoring:
- storageClass: "" # If there is an independent StorageClass you need for Prometheus, you can specify it here. The default StorageClass is used by default.
- # prometheusReplicas: 1 # Prometheus replicas are responsible for monitoring different segments of data source and providing high availability.
- prometheusMemoryRequest: 400Mi # Prometheus request memory.
- prometheusVolumeSize: 20Gi # Prometheus PVC size.
- # alertmanagerReplicas: 1 # AlertManager Replicas.
- multicluster:
- clusterRole: none # host | member | none # You can install a solo cluster, or specify it as the Host or Member Cluster.
- network:
- networkpolicy: # Network policies allow network isolation within the same cluster, which means firewalls can be set up between certain instances (Pods).
- # Make sure that the CNI network plugin used by the cluster supports NetworkPolicy. There are a number of CNI network plugins that support NetworkPolicy, including Calico, Cilium, Kube-router, Romana and Weave Net.
- enabled: true # Enable or disable network policies.
- ippool: # Use Pod IP Pools to manage the Pod network address space. Pods to be created can be assigned IP addresses from a Pod IP Pool.
- type: calico # Specify "calico" for this field if Calico is used as your CNI plugin. "none" means that Pod IP Pools are disabled.
- topology: # Use Service Topology to view Service-to-Service communication based on Weave Scope.
- type: none # Specify "weave-scope" for this field to enable Service Topology. "none" means that Service Topology is disabled.
- openpitrix: # An App Store that is accessible to all platform tenants. You can use it to manage apps across their entire lifecycle.
- store:
- enabled: true # Enable or disable the KubeSphere App Store.
- servicemesh: # (0.3 Core, 300 MiB) Provide fine-grained traffic management, observability and tracing, and visualized traffic topology.
- enabled: true # Base component (pilot). Enable or disable KubeSphere Service Mesh (Istio-based).
- kubeedge: # Add edge nodes to your cluster and deploy workloads on edge nodes.
- enabled: true # Enable or disable KubeEdge.
- cloudCore:
- nodeSelector: {"node-role.kubernetes.io/worker": ""}
- tolerations: []
- cloudhubPort: "10000"
- cloudhubQuicPort: "10001"
- cloudhubHttpsPort: "10002"
- cloudstreamPort: "10003"
- tunnelPort: "10004"
- cloudHub:
- advertiseAddress: # At least a public IP address or an IP address which can be accessed by edge nodes must be provided.
- - "" # Note that once KubeEdge is enabled, CloudCore will malfunction if the address is not provided.
- nodeLimit: "100"
- service:
- cloudhubNodePort: "30000"
- cloudhubQuicNodePort: "30001"
- cloudhubHttpsNodePort: "30002"
- cloudstreamNodePort: "30003"
- tunnelNodePort: "30004"
- edgeWatcher:
- nodeSelector: {"node-role.kubernetes.io/worker": ""}
- tolerations: []
- edgeWatcherAgent:
- nodeSelector: {"node-role.kubernetes.io/worker": ""}
- tolerations: []
一键安装k8s
1、 安装docker
- sudo yum remove docker*
- sudo yum install -y yum-utils
- #配置docker的yum地址
- sudo yum-config-manager \
- --add-repo \
- http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
- #安装指定版本
- #sudo yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7 containerd.io-1.4.6
- #友情提示上面的版本不存在
- sudo yum install -y docker-ce docker-ce-cli containerd.io
- # 启动&开机启动docker
- systemctl enable docker --now
- # docker加速配置
- sudo mkdir -p /etc/docker
- sudo tee /etc/docker/daemon.json <<-'EOF'
- {
- "registry-mirrors": ["https://82m9ar63.mirror.aliyuncs.com"],
- "exec-opts": ["native.cgroupdriver=systemd"],
- "log-driver": "json-file",
- "log-opts": {
- "max-size": "100m"
- },
- "storage-driver": "overlay2"
- }
- EOF
- sudo systemctl daemon-reload
- sudo systemctl restart docker
2、安装依赖
- yum update
- yum install -y curl
- yum install -y socat
- yum install -y vim
- yum install -y conntrack
3、关闭防火墙和分区
- swapoff -a
- #查看防火墙状态
- firewall-cmd --state
- #CentOS 7.0默认使用的是firewall作为防火墙
- #停止firewall
- systemctl stop firewalld.service
- #禁止防火墙开启启动
- systemctl disable firewalld.service
4、通过kubekey安装
- export KKZONE=cn
- curl -sfL https://get-kk.kubesphere.io | VERSION=v2.2.1 sh -
- chmod +x kk
- #输入yes
- ./kk create cluster --with-kubernetes v1.22.10 --with-kubesphere v3.3.0
-
相关阅读:
【Ansible自动化运维工具 1】Ansible常用模块详解(附各模块应用实例和Ansible环境安装部署)
智慧公厕预见幸福生活、美好未来
B站app作品列表sign
leetcode算法之前缀和
有10个学生,每个学生的数据包括学号、姓名、3门课程的成绩,从键盘输人10个学
.NET 8新预览版本使用 Blazor 组件进行服务器端呈现
【比邻智选】M5310-E系列模组
GO微服务实战第八节 如何基于 Go-kit 开发 Web 应用:从接口层到业务层再到数据层
网络安全问题
那个写出最烂代码的程序员,不但进了Google,还财务自由了!
- 原文地址:https://blog.csdn.net/qq_36437693/article/details/126677700
