k8s-国内环境集群搭建-通过sealos

k8s-国内环境集群搭建-通过sealos

准备工作

  • 获得 Kubernetes 最新版本离线包, 除默认的 1.14.1 版本外, 需要付费下载

  • 准备服务器

    • 主机名不可重复

      • 1
        2
        # 修改 hostname
        $ hostnamectl set-hostname --static k8s-x
    • 支持 root 用户远程 ssh 登录

      • 1
        2
        3
        4
        5
        6
        7
        $ vim /etc/ssh/sshd_config

        修改 PasswordAuthentication yes

        若无法使用 root 用户进行 SSH 登录, 还需修改 PermitRootLogin yes

        $ service sshd restart
    • 安装 sealos

      • 1
        2
        3
        # 下载并安装sealos, sealos是个golang的二进制工具,直接下载拷贝到bin目录即可, release页面也可下载
        wget -c https://sealyun.oss-cn-beijing.aliyuncs.com/latest/sealos && \
        chmod +x sealos && mv sealos /usr/bin
    • 提前下载离线资源包, 也可以 init 时直接指定下载地址

      • 1
        2
        # 下载离线资源包
        wget -c https://sealyun.oss-cn-beijing.aliyuncs.com/054f15a19f3c943bf387b3da25ef3de1-1.18.6/kube1.18.6.tar.gz

执行命令安装

  • 需要 root 用户执行

  • 1
    2
    3
    4
    5
    6
    # 安装 kubernetes 集群
    sealos init --passwd 123456 \
    --master 192.168.0.2 --master 192.168.0.3 --master 192.168.0.4 \
    --node 192.168.0.5 --node 192.168.0.6 --node 192.168.0.7 \
    --pkg-url https://sealyun.oss-cn-beijing.aliyuncs.com/054f15a19f3c943bf387b3da25ef3de1-1.18.6/kube1.18.6.tar.gz \
    --version v1.18.6

检查安装是否正常

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
[root@iZj6cdqfqw4o4o9tc0q44rZ ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
izj6cdqfqw4o4o9tc0q44rz Ready master 2m25s v1.14.1
izj6cdqfqw4o4o9tc0q44sz Ready master 119s v1.14.1
izj6cdqfqw4o4o9tc0q44tz Ready master 63s v1.14.1
izj6cdqfqw4o4o9tc0q44uz Ready <none> 38s v1.14.1
[root@iZj6cdqfqw4o4o9tc0q44rZ ~]# kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-5cbcccc885-9n2p8 1/1 Running 0 3m1s
kube-system calico-node-656zn 1/1 Running 0 93s
kube-system calico-node-bv5hn 1/1 Running 0 2m54s
kube-system calico-node-f2vmd 1/1 Running 0 3m1s
kube-system calico-node-tbd5l 1/1 Running 0 118s
kube-system coredns-fb8b8dccf-8bnkv 1/1 Running 0 3m1s
kube-system coredns-fb8b8dccf-spq7r 1/1 Running 0 3m1s
kube-system etcd-izj6cdqfqw4o4o9tc0q44rz 1/1 Running 0 2m25s
kube-system etcd-izj6cdqfqw4o4o9tc0q44sz 1/1 Running 0 2m53s
kube-system etcd-izj6cdqfqw4o4o9tc0q44tz 1/1 Running 0 118s
kube-system kube-apiserver-izj6cdqfqw4o4o9tc0q44rz 1/1 Running 0 2m15s
kube-system kube-apiserver-izj6cdqfqw4o4o9tc0q44sz 1/1 Running 0 2m54s
kube-system kube-apiserver-izj6cdqfqw4o4o9tc0q44tz 1/1 Running 1 47s
kube-system kube-controller-manager-izj6cdqfqw4o4o9tc0q44rz 1/1 Running 1 2m43s
kube-system kube-controller-manager-izj6cdqfqw4o4o9tc0q44sz 1/1 Running 0 2m54s
kube-system kube-controller-manager-izj6cdqfqw4o4o9tc0q44tz 1/1 Running 0 63s
kube-system kube-proxy-b9b9z 1/1 Running 0 2m54s
kube-system kube-proxy-nf66n 1/1 Running 0 3m1s
kube-system kube-proxy-q2bqp 1/1 Running 0 118s
kube-system kube-proxy-s5g2k 1/1 Running 0 93s
kube-system kube-scheduler-izj6cdqfqw4o4o9tc0q44rz 1/1 Running 1 2m43s
kube-system kube-scheduler-izj6cdqfqw4o4o9tc0q44sz 1/1 Running 0 2m54s
kube-system kube-scheduler-izj6cdqfqw4o4o9tc0q44tz 1/1 Running 0 61s
kube-system kube-sealyun-lvscare-izj6cdqfqw4o4o9tc0q44uz 1/1 Running 0 86s

其他

配置授权信息给非 root 用户

  • 登录需要授权的用户

  • 1
    2
    3
    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装 Web UI (Kuboard)

  • 在 master 服务器输入以下命令

    • 1
      2
      kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml
      kubectl apply -f https://addons.kuboard.cn/metrics-server/0.3.7/metrics-server.yaml
  • 查看 Kuboard 运行状态

    • 1
      kubectl get pods -l k8s.kuboard.cn/name=kuboard -n kube-system
    • 1
      2
      NAME                       READY   STATUS        RESTARTS   AGE
      kuboard-54c9c4f6cb-6lf88 1/1 Running 0 45s
  • 获取 token

    • 1
      echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)
    • 1
      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWc4aHhiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI5NDhiYjVlNi04Y2RjLTExZTktYjY3ZS1mYTE2M2U1ZjdhMGYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.DZ6dMTr8GExo5IH_vCWdB_MDfQaNognjfZKl0E5VW8vUFMVvALwo0BS-6Qsqpfxrlz87oE9yGVCpBYV0D00811bLhHIg-IR_MiBneadcqdQ_TGm_a0Pz0RbIzqJlRPiyMSxk1eXhmayfPn01upPdVCQj6D3vAY77dpcGplu3p5wE6vsNWAvrQ2d_V1KhR03IB1jJZkYwrI8FHCq_5YuzkPfHsgZ9MBQgH-jqqNXs6r8aoUZIbLsYcMHkin2vzRsMy_tjMCI9yXGiOqI-E5efTb-_KbDVwV5cbdqEIegdtYZ2J3mlrFQlmPGYTwFI8Ba9LleSYbCi4o0k74568KcN_w
  • 访问 Kuboard

    • Kuboard Service 使用了 NodePort 的方式暴露服务,NodePort 为 32567
    • 可以访问 http://任意一个 Worker 节点的 IP 地址:32567/
    • 输入前一步骤中获得的 token,可进入 Kuboard 集群概览页

不关闭 swap 的情况下加入节点

  • 解压离线包
  • 修改离线包中的内容
    • ./kube/shell/init.sh
      • 删去 swapoff -a || true
    • ./kube/bin/kubelet-pre-start.sh
      • 删去 swapoff -a
    • ./kube/conf/10-kubeadm.conf
      • 在其他``Environment下再加入一行Environment=”KUBELET_EXTRA_ARGS=–fail-swap-on=false”`
  • ./kube/shell 下执行 sh init.sh
  • 加入 ipvs 相关规则
    • sealos ipvs --vs 10.103.97.2:6443 --rs 192.168.99.136:6443 --health-path /healthz --health-schem https --run-once
    • echo "10.103.97.2 apiserver.cluster.local" >> /etc/hosts
  • (可选) 安装 socat, apt-get install socat
  • 输入node join 命令加入集群
    • 在 master 上通过 kubeadm token create --print-join-command 得到 node join 命令, 并在后面追加 --ignore-preflight-errors=Swap, 如:
      • kubeadm join apiserver.cluster.local:6443 --token 5w69vr.d6nj668vhefmttrk --discovery-token-ca-cert-hash sha256:13b74ebad8ae8ce1264a0eab7bd02895142009775a23feda158d29da464625ff --ignore-preflight-errors=Swap

官方文档:

https://sealyun.com/docs/

https://kuboard.cn/install/install-dashboard.html