1. 部署环境
k8s集群部署以四台机器做实验,一台部署节点,三台集群节点。在部署节点上通过ansible将关于k8s相关部署文件发送给集群节点进行部署。
四台主机:node、node1、node2、node3;
a) 部署节点:node;
b) master节点:node1;
c) etcd节点:node1、node2、node3;
d) 计算(node)节点:node1、node2、node3。
版本组件
kubernetes v1.9.7
etcd v3.3.4
docker 18.03.0-ce
calico/node:v3.0.6
calico/cni:v2.0.5
calico/kube-controllers:v2.0.4
centos 7.3+
2. 上传镜像至部署节点,解压
[root@node opt]# ls
kubernetes.tar.gz rh
[root@node opt]# tar zxf kubernetes.tar.gz3. 域名解析和免密钥,各机器均做
[root@node opt]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.254.20 reg.yunwei.edu
192.168.16.95 node
192.168.16.96 node1
192.168.16.98 node2
192.168.16.99 node3
[root@node opt]# ssh-keygen
[root@node opt]# ssh-copy-id node3
[root@node opt]# ssh-copy-id node2
[root@node opt]# ssh-copy-id node1
[root@node opt]# ssh-copy-id node4. 下载安装docker,参考docker安装部署。
5. 下载并运行docker版ansible
[root@node ~]# docker pull reg.yunwei.edu/learn/ansible:alpine3
[root@node ~]# docker images
reg.yunwei.edu/learn/ansible alpine3 1acb4fd5df5b 17 months ago 129MB
[root@node ~]# docker run -itd -v /etc/ansible:/etc/ansible -v /etc/kubernetes/:/etc/kubernetes/ -v /root/.kube:/root/.kube -v /usr/local/bin/:/usr/local/bin/ 1acb4fd5df5b /bin/sh
2a08c5849991a507219c5916b2fd2b26dc9e2befddcf2793bb35dacec1fe1da8
[root@node ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2a08c5849991 1acb4fd5df5b "/bin/sh" 30 seconds ago Up 29 seconds stupefied_easley
[root@node ~]# docker exec -it 2a08c5849991 /bin/sh
/ #6. 将编排文件移动至ansible目录
/etc/ansible/目录已映射至容器/etc/ansible/下,因此将所有k8s的编排文件移动至/etc/ansible目录即可
[root@node ~]# cd /opt/
[root@node opt]# ls
kubernetes kubernetes.tar.gz rh
[root@node kubernetes]# ls
bash image.tar.gz scope.yaml
ca.tar.gz k8s197.tar.gz sock-shop
harbor-offline-installer-v1.4.0.tgz kube-yunwei-197.tar.gz
[root@node kubernetes]# tar zxf kube-yunwei-197.tar.gz
[root@node kubernetes]# ls
bash kube-yunwei-197
ca.tar.gz kube-yunwei-197.tar.gz
harbor-offline-installer-v1.4.0.tgz scope.yaml
image.tar.gz sock-shop
k8s197.tar.gz
[root@node kube-yunwei-197]# mv ./* /etc/ansible/
进入容器查看
[root@node ~]# docker exec -it 2a08c5849991 /bin/sh
/ # cd /etc/ansible/
/etc/ansible # ls
01.prepare.yml 06.network.yml manifests
02.etcd.yml 99.clean.yml roles
03.docker.yml ansible.cfg tools
04.kube-master.yml bin
05.kube-node.yml example
将k8s的二级制文件移动到/bin下
[root@node kubernetes]# rm -rf kube-yunwei-197
[root@node kubernetes]# tar zxf k8s197.tar.gz
[root@node kubernetes]# ls
bash harbor-offline-installer-v1.4.0.tgz kube-yunwei-197.tar.gz
bin image.tar.gz scope.yaml
ca.tar.gz k8s197.tar.gz
[root@node kubernetes]# cd bin
[root@node bin]# ls
bridge docker-containerd-shim kube-apiserver
calicoctl dockerd kube-controller-manager
cfssl docker-init kubectl
cfssl-certinfo docker-proxy kubelet
cfssljson docker-runc kube-proxy
docker etcd kube-scheduler
docker-compose etcdctl loopback
docker-containerd flannel portmap
docker-containerd-ctr host-local
[root@node bin]# mv * /etc/ansible/bin/
[root@node bin]# ls
[root@node bin]# cd ..
[root@node kubernetes]# rm -rf bin/7. 编辑ansible的配置文件
root@node kubernetes]# cd /etc/ansible/
[root@node ansible]# ls
01.prepare.yml 04.kube-master.yml 99.clean.yml example tools
02.etcd.yml 05.kube-node.yml ansible.cfg manifests
03.docker.yml 06.network.yml bin roles
[root@node ansible]# cd example/
[root@node example]# ls
hosts.s-master.example
[root@node example]# cp hosts.s-master.example ../hosts #将示例文件复制到上层目录的hosts文件再进行编辑配置
[root@node example]# cd ..
[root@node ansible]# ls
01.prepare.yml 04.kube-master.yml 99.clean.yml example roles
02.etcd.yml 05.kube-node.yml ansible.cfg hosts tools
03.docker.yml 06.network.yml bin manifests
[root@node ansible]# vim hosts
[root@node ansible]# vim hosts # 部署节点:运行ansible 脚本的节点
[deploy]
192.168.16.95
192.168.16.98 NODE_NAME=etcd2 NODE_IP="192.168.16.98"
192.168.16.99 NODE_NAME=etcd3 NODE_IP="192.168.16.99"
[kube-master]
192.168.16.96 NODE_IP="192.168.16.96"
192.168.16.99 NODE_IP="192.168.16.99"
[all:vars]
# ---------集群主要参数---------------
#集群部署模式:allinone, single-master, multi-master
DEPLOY_MODE=single-master
#集群 MASTER IP
MASTER_IP="192.168.16.96"
#集群 APISERVER
KUBE_APISERVER="https://192.168.16.96:6443"
#TLS Bootstrapping 使用的 Token,使用 head -c 16 /dev/urandom | od -An -t
x | tr -d ' ' 生成
BOOTSTRAP_TOKEN="d18f94b5fa585c7123f56803d925d2e7"
# 集群网络插件,目前支持calico和flannel
CLUSTER_NETWORK="calico" #使用三层网络calico,可跨网段
CALICO_IPV4POOL_IPIP="always"
IP_AUTODETECTION_METHOD="can-reach=223.5.5.5"
FLANNEL_BACKEND="vxlan"
SERVICE_CIDR="10.68.0.0/16"
# POD 网段 (Cluster CIDR),部署前路由不可达,**部署后**路由可达
CLUSTER_CIDR="172.20.0.0/16"
# 服务端口范围 (NodePort Range)
NODE_PORT_RANGE="20000-40000"
# kubernetes 服务 IP (预分配,一般是 SERVICE_CIDR 中第一个IP)
CLUSTER_KUBERNETES_SVC_IP="10.68.0.1"
# 集群 DNS 服务 IP (从 SERVICE_CIDR 中预分配)
CLUSTER_DNS_SVC_IP="10.68.0.2"
# 集群 DNS 域名
CLUSTER_DNS_DOMAIN="cluster.local."
# etcd 集群间通信的IP和端口, **根据实际 etcd 集群成员设置**
ETCD_NODES="etcd1=https://192.168.16.96:2380,etcd2=https://192.168.16.98:
2380,etcd3=https://192.168.16.99:2380"
# etcd 集群服务地址列表, **根据实际 etcd 集群成员设置**
ETCD_ENDPOINTS="https://192.168.16.96:2379,https://192.168.16.98:2379,htt
ps://192.168.16.99:2379"
# 集群basic auth 使用的用户名和密码
BASIC_AUTH_USER="admin"
BASIC_AUTH_PASS="admin"
# ---------附加参数--------------------
#默认二进制文件目录
bin_dir="/usr/local/bin"
#证书目录
ca_dir="/etc/kubernetes/ssl"
#部署目录,即 ansible 工作目录
base_dir="/etc/ansible"
在容器中查看修改后的hosts文件
/etc/ansible # ls
01.prepare.yml 06.network.yml hosts
02.etcd.yml 99.clean.yml manifests
03.docker.yml ansible.cfg roles
04.kube-master.yml bin tools
05.kube-node.yml example
/etc/ansible # cat hosts
.....8. 部署文件hosts修改完成后先用ansible命令ping一下各节点,默认是无法ping通的。
/etc/ansible # ansible all -m ping
192.168.16.99 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.16.99' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
192.168.16.98 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.16.98' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
192.168.16.96 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.16.96' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
192.168.16.95 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.16.95' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}需要在容器内生成秘钥,秘钥相关文件存放在/root/.ssh目录
/etc/ansible # ssh-keygen
回车 回车 回车
发送密钥匙要注意,因为容器并没有做域名解析,因此直接将秘钥发送给主机ip
/etc/ansible # ssh-copy-id 192.168.16.95
/etc/ansible # ssh-copy-id 192.168.16.96
/etc/ansible # ssh-copy-id 192.168.16.98
/etc/ansible # ssh-copy-id 192.168.16.99
秘钥发送完成后就能ping通了
/etc/ansible # ansible all -m ping
192.168.16.99 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.16.96 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.16.98 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.16.95 | SUCCESS => {
"changed": false,
"ping": "pong"
}9. 进入ansible目录,执行.yml文件
/etc/ansible # cd /etc/ansible/
/etc/ansible # ls
01.prepare.yml 06.network.yml hosts
02.etcd.yml 99.clean.yml manifests
03.docker.yml ansible.cfg roles
04.kube-master.yml bin tools
05.kube-node.yml example第一步:准备环境
/etc/ansible # ansible-playbook 01.prepare.yml第二步:在三台节点部署etcd服务
/etc/ansible # ansible-playbook 02.etcd.yml第三步:在三台节点上安装docker
先清理干净以前的docker环境
[root@node1 ~]# ls
anaconda-ks.cfg apache2 doc_file docker test
[root@node1 ~]# cd doc
doc_file/ docker/
[root@node1 ~]# cd docker/
[root@node1 docker]# ls
ca.crt docker-app.tar.gz docker.sh remove.sh
[root@node1 docker]# sh remove.sh
[root@node2 ~]# cd docker/
[root@node2 docker]# sh remove.sh
Removed symlink /etc/systemd/system/multi-user.target.wants/docker.service.
[root@node2 docker]# docker images
-bash: /usr/local/bin/docker: No such file or directory
[root@node3 ~]# cd docker/
[root@node3 docker]# sh remove.sh
Removed symlink /etc/systemd/system/multi-user.target.wants/docker.service.
[root@node3 docker]# docker ps
-bash: /usr/local/bin/docker: No such file or directory安装docker
/etc/ansible # ansible-playbook 03.docker.ymldocker部署完成
/etc/ansible # ansible all -m shell -a 'docker ps'
192.168.16.96 | SUCCESS | rc=0 >>
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
192.168.16.99 | SUCCESS | rc=0 >>
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
192.168.16.98 | SUCCESS | rc=0 >>
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
192.168.16.95 | SUCCESS | rc=0 >>
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2a08c5849991 1acb4fd5df5b "/bin/sh" About an hour ago Up About an hour stupefied_easley第四步:部署kube-master节点
在部署kube-master之前要确保/root/.kube目录是映射完成的。
[root@node ansible]# cd
[root@node ~]# ls -a
. apache2 .bashrc doc_file .ssh
.. .bash_history .cache docker .tcshrc
anaconda-ks.cfg .bash_logout .config .kube test
.ansible .bash_profile .cshrc .pki .viminfo
[root@node ~]# cd .kube/
[root@node .kube]# ls
config
/etc/ansible # cd /root
~ # ls -a
. .ansible .cache .ssh
.. .ash_history .kube
~ # cd .kube/
~/.kube # ls
config部署master
/etc/ansible # ansible-playbook 04.kube-master.yml第五步:部署node节点
/etc/ansible # ansible-playbook 05.kube-node.yml将镜像文件发送给各节点,在各节点解压文件
[root@node opt]# cd kubernetes/
[root@node kubernetes]# ls
bash image.tar.gz scope.yaml
ca.tar.gz k8s197.tar.gz sock-shop
harbor-offline-installer-v1.4.0.tgz kube-yunwei-197.tar.gz
[root@node kubernetes]# scp image.tar.gz node1:/root
[root@node kubernetes]# scp image.tar.gz node2:/root
[root@node kubernetes]# scp image.tar.gz node3:/root
[root@node1 ~]# ls
anaconda-ks.cfg apache2 doc_file docker image.tar.gz test
[root@node1 ~]# tar zxf image.tar.gz
[root@node1 ~]# ls
anaconda-ks.cfg apache2 doc_file docker image image.tar.gz test
[root@node1 ~]# cd image/
[root@node1 image]# ls
bash-completion-2.1-6.el7.noarch.rpm
calico
coredns-1.0.6.tar.gz
grafana-v4.4.3.tar
heapster-v1.5.1.tar
influxdb-v1.3.3.tar
kubernetes-dashboard-amd64-v1.8.3.tar.gz
pause-amd64-3.1.tar
[root@node2 ~]# ls
anaconda-ks.cfg apache2 doc_file docker image.tar.gz test
[root@node2 ~]# tar zxf image.tar.gz
[root@node2 ~]# ls
anaconda-ks.cfg apache2 doc_file docker image image.tar.gz test
[root@node2 ~]# cd image/
[root@node2 image]# ls
bash-completion-2.1-6.el7.noarch.rpm
calico
coredns-1.0.6.tar.gz
grafana-v4.4.3.tar
heapster-v1.5.1.tar
influxdb-v1.3.3.tar
kubernetes-dashboard-amd64-v1.8.3.tar.gz
pause-amd64-3.1.tar
[root@node3 ~]# ls
anaconda-ks.cfg apache2 doc_file docker image.tar.gz test
[root@node3 ~]# tar zxf image.tar.gz
[root@node3 ~]# cd image/
[root@node3 image]# ls
bash-completion-2.1-6.el7.noarch.rpm
calico
coredns-1.0.6.tar.gz
grafana-v4.4.3.tar
heapster-v1.5.1.tar
influxdb-v1.3.3.tar
kubernetes-dashboard-amd64-v1.8.3.tar.gz
pause-amd64-3.1.tar将所有的镜像导入到各节点的容器中,包括calico目录包含的镜像。镜像导入只能一个一个到,不能一次性导入,因此用脚本实现
[root@node1 image]# mv coredns-1.0.6.tar.gz heapster-v1.5.1.tar kubernetes-dashboard-amd64-v1.8.3.tar.gz grafana-v4.4.3.tar influxdb-v1.3.3.tar pause-amd64-3.1.tar calico/
[root@node1 image]# cd calico/
[root@node1 calico]# ls
bash-completion-2.1-6.el7.noarch.rpm calico-kube-controllers-v2.0.4.tar coredns-1.0.6.tar.gz heapster-v1.5.1.tar kubernetes-dashboard-amd64-v1.8.3.tar.gz
calico-cni-v2.0.5.tar calico-node-v3.0.6.tar grafana-v4.4.3.tar influxdb-v1.3.3.tar pause-amd64-3.1.tar
[root@node1 calico]# for im in `ls`;do docker load -i $im;done
[root@node1 ~]# cd image/
[root@node1 image]# ls
bash-completion-2.1-6.el7.noarch.rpm coredns-1.0.6.tar.gz heapster-v1.5.1.tar kubernetes-dashboard-amd64-v1.8.3.tar.gz
calico grafana-v4.4.3.tar influxdb-v1.3.3.tar pause-amd64-3.1.tar
[root@node1 image]# coredns-1.0.6.tar.gz heapster-v1.5.1.tar kubernetes-dashboard-amd64-v1.8.3.tar.gz grafana-v4.4.3.tar influxdb-v1.3.3.tar pause-amd64-3.1.tar calico/
[root@node1 image]# cd calico/
[root@node1 calico]# ls
calico-kube-controllers-v2.0.4.tar coredns-1.0.6.tar.gz heapster-v1.5.1.tar kubernetes-dashboard-amd64-v1.8.3.tar.gz
calico-cni-v2.0.5.tar calico-node-v3.0.6.tar grafana-v4.4.3.tar influxdb-v1.3.3.tar pause-amd64-3.1.tar
[root@node1 calico]# for im in `ls`;do docker load -i $im;done
[root@node3 ~]# cd image/
[root@node3 image]# ls
bash-completion-2.1-6.el7.noarch.rpm
calico
coredns-1.0.6.tar.gz
grafana-v4.4.3.tar
heapster-v1.5.1.tar
influxdb-v1.3.3.tar
kubernetes-dashboard-amd64-v1.8.3.tar.gz
pause-amd64-3.1.tar
[root@node3 image]# coredns-1.0.6.tar.gz heapster-v1.5.1.tar kubernetes-dashboard-amd64-v1.8.3.tar.gz grafana-v4.4.3.tar influxdb-v1.3.3.tar pause-amd64-3.1.tar calico/
[root@node3 image]# cd calico/
[root@node3 calico]# ls
calico-kube-controllers-v2.0.4.tar coredns-1.0.6.tar.gz heapster-v1.5.1.tar kubernetes-dashboard-amd64-v1.8.3.tar.gz
calico-cni-v2.0.5.tar calico-node-v3.0.6.tar grafana-v4.4.3.tar influxdb-v1.3.3.tar pause-amd64-3.1.tar
[root@node3 calico]# for im in `ls`;do docker load -i $im;done第六步:部署网络
/etc/ansible # ansible-playbook 06.network.yml部署dns,实现容器域名解析
/etc/ansible # ls
01.prepare.yml 05.kube-node.yml example
02.etcd.yml 06.network.yml hosts
03.docker.retry 99.clean.yml manifests
03.docker.yml ansible.cfg roles
04.kube-master.yml bin tools
/etc/ansible # cd manifests/
/etc/ansible/manifests # ls
coredns dashboard efk heapster ingress kubedns
/etc/ansible/manifests # cd coredns/
/etc/ansible/manifests/coredns # ls
coredns.yaml
error: flag needs an argument: 'f' in -f
/etc/ansible/manifests/coredns # kubectl create -f .
/etc/ansible/manifests/coredns # cd ..
/etc/ansible/manifests # cd dashboard/
/etc/ansible/manifests/dashboard # ls
1.6.3 ui-admin-rbac.yaml
admin-user-sa-rbac.yaml ui-read-rbac.yaml
kubernetes-dashboard.yaml
/etc/ansible/manifests/dashboard # kubectl create -f .
/etc/ansible/manifests/dashboard #cd ..
/etc/ansible/manifests # ls
coredns dashboard efk heapster ingress kubedns
/etc/ansible/manifests # cd heapster/
/etc/ansible/manifests/heapster # ls
grafana.yaml influxdb-v1.1.1 influxdb.yaml
heapster.yaml influxdb-with-pv
/etc/ansible/manifests/heapster # kubectl create -f ./etc/ansible # ls
01.prepare.yml 05.kube-node.yml example
02.etcd.yml 06.network.yml hosts
03.docker.retry 99.clean.yml manifests
03.docker.yml ansible.cfg roles
04.kube-master.yml bin tools
/etc/ansible # cd manifests/
/etc/ansible/manifests # ls
coredns dashboard efk heapster ingress kubedns
/etc/ansible/manifests # cd coredns/
/etc/ansible/manifests/coredns # ls
coredns.yaml
error: flag needs an argument: 'f' in -f
/etc/ansible/manifests/coredns # kubectl create -f .
/etc/ansible/manifests/coredns # cd ..
/etc/ansible/manifests # cd dashboard/
/etc/ansible/manifests/dashboard # ls
1.6.3 ui-admin-rbac.yaml
admin-user-sa-rbac.yaml ui-read-rbac.yaml
kubernetes-dashboard.yaml
/etc/ansible/manifests/dashboard # kubectl create -f .
/etc/ansible/manifests/dashboard #cd ..
/etc/ansible/manifests # ls
coredns dashboard efk heapster ingress kubedns
/etc/ansible/manifests # cd heapster/
/etc/ansible/manifests/heapster # ls
grafana.yaml influxdb-v1.1.1 influxdb.yaml
heapster.yaml influxdb-with-pv
/etc/ansible/manifests/heapster # kubectl create -f .10> 在部署节点使用kubernetes自己的命令查看kubernetes是否部署完成
查看节点
[root@node ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.16.96 Ready,SchedulingDisabled <none> 48m v1.9.7
192.168.16.98 Ready <none> 45m v1.9.7
192.168.16.99 Ready <none> 45m v1.9.7
命名空间
[root@node ~]# kubectl get ns
NAME STATUS AGE
default Active 50m
kube-public Active 50m
kube-system Active 50m
pod
[root@node ~]# kubectl get pod
No resources found. #没有指定命名空间
指定命名空间,查看pod
[root@node ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-754c88ccc8-rbqlm 1/1 Running 0 23m
calico-node-8zxc4 2/2 Running 1 23m
calico-node-b2j8n 2/2 Running 0 23m
calico-node-zw8gg 2/2 Running 0 23m
coredns-6ff7588dc6-cpmxv 1/1 Running 0 17m
coredns-6ff7588dc6-pmqsn 1/1 Running 0 17m
heapster-7f8bf9bc46-4jn5n 1/1 Running 0 5m
kubernetes-dashboard-545b66db97-rlr88 1/1 Running 0 10m
monitoring-grafana-64747d765f-brbwj 1/1 Running 0 5m
monitoring-influxdb-565ff5f9b6-vrlcq 1/1 Running 0 5m
查看详细信息,加 -o wide
[root@node ~]# kubectl get pod -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE
calico-kube-controllers-754c88ccc8-rbqlm 1/1 Running 0 25m 192.168.16.99 192.168.16.99
calico-node-8zxc4 2/2 Running 1 25m 192.168.16.99 192.168.16.99
calico-node-b2j8n 2/2 Running 0 25m 192.168.16.98 192.168.16.98
calico-node-zw8gg 2/2 Running 0 25m 192.168.16.96 192.168.16.96
coredns-6ff7588dc6-cpmxv 1/1 Running 0 18m 172.20.104.1 192.168.16.98
coredns-6ff7588dc6-pmqsn 1/1 Running 0 18m 172.20.135.1 192.168.16.99
heapster-7f8bf9bc46-4jn5n 1/1 Running 0 6m 172.20.104.3 192.168.16.98
kubernetes-dashboard-545b66db97-rlr88 1/1 Running 0 11m 172.20.104.2 192.168.16.98
monitoring-grafana-64747d765f-brbwj 1/1 Running 0 6m 172.20.135.2 192.168.16.99
monitoring-influxdb-565ff5f9b6-vrlcq 1/1 Running 0 6m 172.20.135.3 192.168.16.9911> 验证集群是否正常工作
在集群节点中选择一个一个节点来ping pod的ip,在不同的节点上ping ip,如在node2上ping node3 的ip
[root@node2 calico]# ping 172.20.135.3
PING 172.20.135.3 (172.20.135.3) 56(84) bytes of data.
64 bytes from 172.20.135.3: icmp_seq=1 ttl=63 time=0.495 ms
64 bytes from 172.20.135.3: icmp_seq=2 ttl=63 time=0.423 ms
64 bytes from 172.20.135.3: icmp_seq=3 ttl=63 time=0.744 ms12> 集群部署完成后打开dashboard界面
先从集群信息获取地址
[root@node ~]# kubectl cluster-info
Kubernetes master is running at https://192.168.16.96:6443
CoreDNS is running at https://192.168.16.96:6443/api/v1/namespaces/kube-system/services/coredns:dns/proxy
kubernetes-dashboard is running at https://192.168.16.96:6443/api/v1/namespaces/kube-system
/services/https:kubernetes-dashboard:/proxy
monitoring-grafana is running at https://192.168.16.96:6443/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy复制地址至浏览器,输入用户密码为admin进行访问。
获取令牌
[root@node ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret|grep admin-user|awk '{print $1}')
....
token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXJ0cGJnIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1NTk5Nzk4Mi1hOTc3LTExZTktYmZhYy0wMDUwNTYyZDFjY2EiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Y8I1CePpxpjvjtVC4QrJdJvjN0oclLx_2sNyzr7OxXh5rWguRs2BjeRBybTgm2_bvtnkKlGcm5XMIdpUQPNq__VY4oBCEChOYsuZnzJWGGAZXi0GQWtG83ximTAnMhia0LJ9iOtyK7bNr8F5FWZEm0Z5DBXLhnx94B-8Ljsr_MuOxkCHx1cuPQScWFbOUy8Pp9xVaUofjN9zH2CnzKumAnkRUJOHA1HtsdemU2m6Ih-PTLMZZyq7j7qTRzOuDw3K-RRvzwlNhjPe4oQZglJPKCFw-pkzpOJKfBKwwjKzUaioiUeVd9Cl23ETG69BT_KM_oEKCf9gs1KFfNAb7ixCsg然后复制该令牌进行登录。
来源:oschina
链接:https://my.oschina.net/u/4324682/blog/3457387