Kubernetes1.9.6部署(二)

一、部署Calico服务

1.1 修改Kubernetes服务的启动参数,并重启服务。

  • 设置 Master 上 kube-apiserver 服务的启动参数:–allow-privileged=true,calico-node 需要以特权模式运行在各 Node 上。
  • 设置各 Node 上 kubelet 服务的启动参数:–network-plugin=cni

1.2 修改 calico.yaml 文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#获取calico.yaml
wget https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/calico.yaml

#修改calico.yaml文件
#!/bin/bash

sed -i 's@.*etcd_endpoints:.*@\ \ etcd_endpoints:\ \"https://10.0.3.6:2379\"@gi' calico.yaml

#
export ETCD_CERT=`cat /etc/kubernetes/ssl/kubernetes.pem | base64 | tr -d '\n'`
export ETCD_KEY=`cat /etc/kubernetes/ssl/kubernetes-key.pem | base64 | tr -d '\n'`
export ETCD_CA=`cat /etc/kubernetes/ssl/ca.pem | base64 | tr -d '\n'`

sed -i "s@.*etcd-cert:.*@\ \ etcd-cert:\ ${ETCD_CERT}@gi" calico.yaml
sed -i "s@.*etcd-key:.*@\ \ etcd-key:\ ${ETCD_KEY}@gi" calico.yaml
sed -i "s@.*etcd-ca:.*@\ \ etcd-ca:\ ${ETCD_CA}@gi" calico.yaml

sed -i 's@.*etcd_ca:.*@\ \ etcd_ca:\ "/calico-secrets/etcd-ca"@gi' calico.yaml
sed -i 's@.*etcd_cert:.*@\ \ etcd_cert:\ "/calico-secrets/etcd-cert"@gi' calico.yaml
sed -i 's@.*etcd_key:.*@\ \ etcd_key:\ "/calico-secrets/etcd-key"@gi' calico.yaml

注意:
如果开启了 RBAC 访问控制,还需要进行角色绑定,赋予相应权限:

1
wget https://github.com/projectcalico/calico/blob/master/v3.1/getting-started/kubernetes/installation/rbac.yaml

1.3 部署 calico 服务

1
2
kubectl create -f calico.yaml
kubectl create -f rbac.yaml

二、部署 kube-dns 服务

1
2
3
4
5
6
7
8
9
10
11
12
#获取DNS的yaml文件
wget https://raw.githubusercontent.com/kubernetes/kubernetes/master/cluster/addons/dns/kube-dns.yaml.sed
mv kube-dns.yaml.sed kube-dns.yaml

###对DNS的yaml文件进行修改

#!/bin/bash
sed -i 's/$DNS_DOMAIN/cluster.local/gi' kube-dns.yaml
sed -i 's/$DNS_SERVER_IP/10.254.0.100/gi' kube-dns.yaml

#创建
kubectl create -f kube-dns.yaml

三、部署 Heapster+Influxdb+Grafana

1
2
3
4
5
6
7
8
9
10
11
#获取yaml文件
wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/grafana.yaml
wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml
wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml
wget https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml

#创建
kubectl create -f grafana.yaml
kubectl create -f heapster.yaml
kubectl create -f influxdb.yaml
kubectl create -f heapster-rbac.yaml

四、部署Dashboard

1
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

修改 dashboard.yaml 的 service 部分,添加端口映射暴露服务:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
# protocol: TCP
selector:
k8s-app: kubernetes-dashboard

然后进行创建即可。

访问 dashbord 时需要 token,通过以下方式创建admin access token:

1
2
3
4
5
6
7
8
9
10
!/bin/bash

if kubectl get sa dashboard-admin -n kube-system &> /dev/null;then
echo -e "\033[33mWARNING: ServiceAccount dashboard-admin exist!\033[0m"
else
kubectl create sa dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
fi

kubectl describe secret -n kube-system $(kubectl get secrets -n kube-system | grep dashboard-admin | cut -f1 -d ' ') | grep -E '^token'

执行该脚本,将生成的 token 保存下来,以后每次访问 dashboard 时会用到。

在部署完成后,查看 dashboard 界面,发现收集不到容器和主机的资源使用情况,查看 dashboard 日志,发现出现 skipping metrics 等类似信息。然后在 kubernetes-dashboard.yaml 中做如下修改

修改dashbaord

最终部署完成后 dashboard 界面如下:

dashboard
dashboard

文章参考:

[1]. https://jimmysong.io/kubernetes-handbook/practice/install-kubernetes-on-centos.html

[2]. https://mritd.me/