【k8s】openEuler 22.03 LTS x86_64 基于 Kubeasz 3.6.7 部署 k8s v1.33.1单节点 + dashboard 7.13.0
版本信息,源自解压出来的values.yml。观察日志,可以看到使用的是内网ip地址!修改values.yml, 变动如下。
·
环境准备
安装git,ansible
yum install -y git ansible tar
下载kubeasz源代码(基于Docker,非podman/containerd)
git clone https://gh-proxy.com/https://github.com/easzlab/kubeasz
[root@localhost src]# git clone https://gh-proxy.com/https://github.com/easzlab/kubeasz
Cloning into 'kubeasz'...
remote: Enumerating objects: 13219, done.
remote: Counting objects: 100% (731/731), done.
remote: Compressing objects: 100% (255/255), done.
Receiving objects: 92% (12201/13219), 14.46 MiB | 2.14 MiB/s
查看最新发布版本
[root@localhost src]# cd kubeasz/
[root@localhost kubeasz]# git tag
0.1.0
0.2.0
0.2.1
0.2.2
0.3.0
0.3.1
0.4.0
0.5.0
0.5.1
0.6.0
0.6.1
1.0.0
1.0.0rc1
1.0.1
1.1.0
1.2.0
1.3.0
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
3.0.0
3.0.1
3.1.0
3.1.1
3.2.0
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.5.0
3.5.1
3.5.2
3.5.3
3.6.0
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
v1100-r1
v1102-r1
v184-r1
v184-r2
v186-r1
v188-r1
v190-r1
v193-r1
v194-r1
v196-r1
切换到3.6.7
git checkout 3.6.7
[root@localhost kubeasz]# git checkout 3.6.7
Note: switching to '3.6.7'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at e67ca29 kubeasz release 3.6.7
[root@localhost kubeasz]# git branch
* (HEAD detached at 3.6.7)
master
下载离线资源包(可用于离线环境部署)
./ezdown -D
[root@localhost kubeasz]# ./ezdown -D
2025-08-13 09:42:42 [ezdown:717] INFO Action begin: download_all
2025-08-13 09:42:42 [ezdown:162] INFO downloading docker binaries, arch:x86_64, version:28.0.4
--2025-08-13 09:42:42-- https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/static/stable/x86_64/docker-28.0.4.tgz
Resolving mirrors.tuna.tsinghua.edu.cn (mirrors.tuna.tsinghua.edu.cn)... 2402:f000:1:400::2, 101.6.15.130
Connecting to mirrors.tuna.tsinghua.edu.cn (mirrors.tuna.tsinghua.edu.cn)|2402:f000:1:400::2|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 78805317 (75M) [application/octet-stream]
Saving to: ‘docker-28.0.4.tgz’
docker-28.0.4.tgz 100%[==============================================>] 75.15M 3.15MB/s in 43s
2025-08-13 09:43:25 (1.76 MB/s) - ‘docker-28.0.4.tgz’ saved [78805317/78805317]
./ezdown: line 171: tar: command not found
2025-08-13 09:43:25 [ezdown:718] ERROR Action failed: download_all
[root@localhost kubeasz]# yum install tar -y
Last metadata expiration check: 0:28:06 ago on Wed 13 Aug 2025 09:16:02 AM CST.
Dependencies resolved.
====================================================================================================================
Package Architecture Version Repository Size
====================================================================================================================
Installing:
tar x86_64 2:1.34-5.oe2203sp4 everything 781 k
Transaction Summary
====================================================================================================================
Install 1 Package
Total size: 781 k
Installed size: 3.3 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: tar-2:1.34-5.oe2203sp4.x86_64 1/1
Installing : tar-2:1.34-5.oe2203sp4.x86_64 1/1
Running scriptlet: tar-2:1.34-5.oe2203sp4.x86_64 1/1
Verifying : tar-2:1.34-5.oe2203sp4.x86_64 1/1
Installed:
tar-2:1.34-5.oe2203sp4.x86_64
Complete!
[root@localhost kubeasz]# ./ezdown -D
2025-08-13 09:44:22 [ezdown:717] INFO Action begin: download_all
2025-08-13 09:44:22 [ezdown:160] WARN docker binaries already existed
Unit docker.service could not be found.
2025-08-13 09:44:23 [ezdown:183] DEBUG generate docker service file
2025-08-13 09:44:23 [ezdown:209] DEBUG generate docker config: /etc/docker/daemon.json
2025-08-13 09:44:23 [ezdown:211] DEBUG prepare register mirror for CN
2025-08-13 09:44:23 [ezdown:253] DEBUG turn off selinux
2025-08-13 09:44:23 [ezdown:258] DEBUG enable and start docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /etc/systemd/system/docker.service.
2025-08-13 09:44:27 [ezdown:268] INFO downloading kubeasz: 3.6.7
3.6.7: Pulling from easzlab/kubeasz
f56be85fc22e: Pull complete
ea5757f4b3f8: Pull complete
bd0557c686d8: Pull complete
37d4153ce1d0: Pull complete
b39eb9b4269d: Pull complete
a3cff94972c7: Pull complete
2c40391e647d: Pull complete
Digest: sha256:9797d885d5b70fa6d10b96def6630024abf55efb72dd566054044e97615e2417
Status: Downloaded newer image for easzlab/kubeasz:3.6.7
docker.io/easzlab/kubeasz:3.6.7
2025-08-13 09:44:53 [ezdown:277] DEBUG run a temporary container
397194c73797c3a281ff1e4b0191ea22f244f9cbbe1bd28bb26feee1d8341627
2025-08-13 09:44:54 [ezdown:284] DEBUG cp kubeasz code from the temporary container
Successfully copied 9.88MB to /etc/kubeasz
2025-08-13 09:44:54 [ezdown:286] DEBUG stop&remove temporary container
temp_easz
2025-08-13 09:44:54 [ezdown:298] INFO downloading kubernetes: v1.33.1 binaries
v1.33.1: Pulling from easzlab/kubeasz-k8s-bin
1b7ca6aea1dd: Pull complete
e64499fdb44a: Pull complete
6fc12c244611: Pull complete
Digest: sha256:86d3b109854d62aa4b340459125783d210ed4c71a08426f797ef158972793792
Status: Downloaded newer image for easzlab/kubeasz-k8s-bin:v1.33.1
docker.io/easzlab/kubeasz-k8s-bin:v1.33.1
2025-08-13 09:48:16 [ezdown:302] DEBUG run a temporary container
d6c22267c2c3e2020b2a50c39b22fd88e0564194c40cf4c99fad6fb2faf96de2
2025-08-13 09:48:17 [ezdown:304] DEBUG cp k8s binaries
Successfully copied 471MB to /etc/kubeasz/k8s_bin_tmp
2025-08-13 09:48:17 [ezdown:307] DEBUG stop&remove temporary container
temp_k8s_bin
2025-08-13 09:48:17 [ezdown:315] INFO downloading extral binaries kubeasz-ext-bin:1.12.5
1.12.5: Pulling from easzlab/kubeasz-ext-bin
a88dc8b54e91: Pull complete
af3d3090a988: Pull complete
1e9ab0d32fc2: Pull complete
73292d7116a4: Pull complete
27ae59744a19: Pull complete
be76dc5aad43: Pull complete
f2b3d68a8cbf: Pull complete
Digest: sha256:47992541a82e01ca39e6bd926bcc51c846920d596870f65f99fe549cc641f021
Status: Downloaded newer image for easzlab/kubeasz-ext-bin:1.12.5
docker.io/easzlab/kubeasz-ext-bin:1.12.5
2025-08-13 09:49:29 [ezdown:319] DEBUG run a temporary container
e2eeadaab48fa31f24c0edfab0f29b1d47c71c881e1061a9cd154439badd67b0
2025-08-13 09:49:30 [ezdown:321] DEBUG cp extral binaries
Successfully copied 759MB to /etc/kubeasz/extra_bin_tmp
2025-08-13 09:49:31 [ezdown:324] DEBUG stop&remove temporary container
temp_ext_bin
2: Pulling from library/registry
44cf07d57ee4: Pull complete
bbbdd6c6894b: Pull complete
8e82f80af0de: Pull complete
3493bf46cdec: Pull complete
6d464ea18732: Pull complete
Digest: sha256:a3d8aaa63ed8681a604f1dea0aa03f100d5895b6a58ace528858a7b332415373
Status: Downloaded newer image for registry:2
docker.io/library/registry:2
2025-08-13 09:49:38 [ezdown:587] INFO start local registry ...
e0f20b4eacc8706361aa0f7d7dd75e7b83a80631d81e2bdcf4cd953e7ad67113
2025-08-13 09:49:38 [ezdown:358] INFO download default images, then upload to the local registry
v3.28.4: Pulling from calico/cni
2772ed331197: Pull complete
b9043961d354: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:f918594378cd13afa910744a56ff1e196134f863fda8b4fdd5346b46643ec6ce
Status: Downloaded newer image for calico/cni:v3.28.4
docker.io/calico/cni:v3.28.4
The push refers to repository [easzlab.io.local:5000/easzlab/cni]
5f70bf18a086: Pushed
4de9eb0e9294: Pushed
86065ae9ccaa: Pushed
v3.28.4: digest: sha256:55818ec0c4bdfc1467805659b04eeddefc7c8539e192944c4141d4363a8fab4e size: 946
v3.28.4: Pulling from calico/kube-controllers
2772ed331197: Already exists
914be66db056: Pull complete
Digest: sha256:539d1e3985426cc39426a3cc769c69646e043790a7ee920c8c0edfe9987d0772
Status: Downloaded newer image for calico/kube-controllers:v3.28.4
docker.io/calico/kube-controllers:v3.28.4
The push refers to repository [easzlab.io.local:5000/easzlab/kube-controllers]
eeda6dac98fd: Pushed
86065ae9ccaa: Mounted from easzlab/cni
v3.28.4: digest: sha256:1c07cc091d70a525b305e84c3c83086046b71875fb07ffafb8154301cde1f2ee size: 740
v3.28.4: Pulling from calico/node
385e82df3dbc: Pull complete
Digest: sha256:77f4e494343f41763bb7438e1ab61d07094abe07584b56c01ab5c3fb0b9bb4de
Status: Downloaded newer image for calico/node:v3.28.4
docker.io/calico/node:v3.28.4
The push refers to repository [easzlab.io.local:5000/easzlab/node]
c679b3382fdd: Pushed
v3.28.4: digest: sha256:cec640f3131eb91fece8b7dc14f5241b5192fe7faa107f91e2497c09332b96c8 size: 530
1.12.1: Pulling from coredns/coredns
51c1b6699f43: Pull complete
2e4cf50eeb92: Pull complete
4e9f20d26c87: Pull complete
0f8b424aa0b9: Pull complete
d557676654e5: Pull complete
d82bc7a76a83: Pull complete
d858cbc252ad: Pull complete
1069fc2daed1: Pull complete
b40161cd83fc: Pull complete
3f4e2c586348: Pull complete
80a8c047508a: Pull complete
223c9efaad58: Pull complete
5e6e165105d6: Pull complete
Digest: sha256:e8c262566636e6bc340ece6473b0eed193cad045384401529721ddbe6463d31c
Status: Downloaded newer image for coredns/coredns:1.12.1
docker.io/coredns/coredns:1.12.1
The push refers to repository [easzlab.io.local:5000/easzlab/coredns]
829ff45fdd64: Pushed
c408dc7747e2: Pushed
b336e209998f: Pushed
f4aee9e53c42: Pushed
1a73b54f556b: Pushed
2a92d6ac9e4f: Pushed
bbb6cacb8c82: Pushed
6f1cdceb6a31: Pushed
af5aa97ebe6c: Pushed
4d049f83d9cf: Pushed
48c0fb67386e: Pushed
8fa10c0194df: Pushed
b7f712dabf33: Pushed
1.12.1: digest: sha256:4f7a57135719628cf2070c5e3cbde64b013e90d4c560c5ecbf14004181f91998 size: 3024
1.25.0: Pulling from easzlab/k8s-dns-node-cache
4d90f05edc6a: Pull complete
6e5e4cf4e35d: Pull complete
Digest: sha256:d4fdae378fc4acaa9d2cfd6bcc960076ba97efda1e8a575acb05e88b87d3e70b
Status: Downloaded newer image for easzlab/k8s-dns-node-cache:1.25.0
docker.io/easzlab/k8s-dns-node-cache:1.25.0
The push refers to repository [easzlab.io.local:5000/easzlab/k8s-dns-node-cache]
65fcb383dcd9: Pushed
f3d4d2f2afaf: Pushed
1.25.0: digest: sha256:4e5fa559c951f55da216c5686e10ab305019e294a6107ea8cd6e74c870d8c6f2 size: 741
v0.7.2: Pulling from easzlab/metrics-server
f531499c6b73: Pull complete
e8d9a567199d: Pull complete
058cf3d8c2ba: Pull complete
b6824ed73363: Pull complete
7c12895b777b: Pull complete
33e068de2649: Pull complete
5664b15f108b: Pull complete
27be814a09eb: Pull complete
4aa0ea1413d3: Pull complete
da7816fa955e: Pull complete
9aee425378d2: Pull complete
c530a5b08991: Pull complete
Digest: sha256:f039a4c80832dcde570f7ce552a493612a24f8424c841bf3eb6acdbdc9f06eaf
Status: Downloaded newer image for easzlab/metrics-server:v0.7.2
docker.io/easzlab/metrics-server:v0.7.2
The push refers to repository [easzlab.io.local:5000/easzlab/metrics-server]
d4e932ee8cbd: Pushed
b336e209998f: Mounted from easzlab/coredns
f4aee9e53c42: Mounted from easzlab/coredns
1a73b54f556b: Mounted from easzlab/coredns
2a92d6ac9e4f: Mounted from easzlab/coredns
bbb6cacb8c82: Mounted from easzlab/coredns
ac805962e479: Pushed
af5aa97ebe6c: Mounted from easzlab/coredns
4d049f83d9cf: Mounted from easzlab/coredns
945d17be9a3e: Pushed
49626df344c9: Pushed
f144bb4c7c7f: Pushed
v0.7.2: digest: sha256:7dc15914036d5f44069c96a02ec9e8eb4f063ab4cb918f38eedecf1eed3f519e size: 2814
3.10: Pulling from easzlab/pause
61d9e957431b: Pull complete
Digest: sha256:c7e33e8cea1c259324e8b20c62819b6a3703087088a8172d408d50e7c73099f4
Status: Downloaded newer image for easzlab/pause:3.10
docker.io/easzlab/pause:3.10
The push refers to repository [easzlab.io.local:5000/easzlab/pause]
d8bdedd33a4e: Pushed
3.10: digest: sha256:7faf0ab837630eb90a8e919f1ef2ba350609983bb001c4d76a27972c664a0dd9 size: 527
2025-08-13 10:05:54 [ezdown:719] INFO Action successed: download_all
检查下载资源
下载的程序
[root@localhost kubeasz]# ll /etc/kubeasz/bin/
total 1006344
-rwxr-xr-x. 1 root root 68093830 Apr 16 10:36 calicoctl
-rwxr-xr-x. 1 root root 14082256 Jun 8 14:16 cfssl
-rwxr-xr-x. 1 root root 10588496 Jun 8 14:16 cfssl-certinfo
-rwxr-xr-x. 1 root root 6209688 Jun 8 14:16 cfssljson
-rwxr-xr-x. 1 root root 1144320 Aug 19 2023 chronyd
-rwxr-xr-x. 1 root root 149233848 Apr 4 05:14 cilium
drwxr-xr-x. 2 root root 4096 Jun 8 14:16 cni-bin
drwxr-xr-x. 2 root root 4096 Jun 8 14:16 containerd-bin
-rwxr-xr-x. 1 root root 42681992 Apr 22 15:44 crictl
drwxr-xr-x. 2 root root 4096 Aug 13 09:44 docker-bin
-rwxr-xr-x. 1 root root 64694701 Jan 16 2025 docker-compose
-rwxr-xr-x. 1 root root 24072344 Mar 28 06:59 etcd
-rwxr-xr-x. 1 root root 18419864 Mar 28 06:59 etcdctl
-rwxr-xr-x. 1 root root 59683000 Jun 2 21:00 helm
-rwxr-xr-x. 1 root root 97157304 May 1 07:23 hubble
-rwxr-xr-x. 1 root root 1805984 Aug 19 2023 keepalived
-rwxr-xr-x. 1 root root 97960120 May 15 16:40 kube-apiserver
-rwxr-xr-x. 1 root root 90759352 May 15 16:40 kube-controller-manager
-rwxr-xr-x. 1 root root 60121272 May 15 16:40 kubectl
-rwxr-xr-x. 1 root root 81690916 May 15 16:40 kubelet
-rwxr-xr-x. 1 root root 70594744 May 15 16:40 kube-proxy
-rwxr-xr-x. 1 root root 69603512 May 15 16:40 kube-scheduler
-rwxr-xr-x. 1 root root 1820288 Aug 19 2023 nginx
下载的镜像
[root@localhost kubeasz]# ll /etc/kubeasz/down/
total 1172492
-rw-------. 1 root root 212541952 Aug 13 09:50 cni_v3.28.4.tar
-rw-------. 1 root root 76130304 Aug 13 09:54 coredns_1.12.1.tar
-rw-r--r--. 1 root root 78805317 Mar 27 21:46 docker-28.0.4.tgz
-rw-------. 1 root root 85645312 Aug 13 10:05 k8s-dns-node-cache_1.25.0.tar
-rw-------. 1 root root 173505024 Aug 13 09:44 kubeasz_3.6.7.tar
-rw-------. 1 root root 80226816 Aug 13 09:50 kube-controllers_v3.28.4.tar
-rw-------. 1 root root 68152832 Aug 13 10:05 metrics-server_v0.7.2.tar
-rw-------. 1 root root 398838272 Aug 13 09:51 node_v3.28.4.tar
-rw-------. 1 root root 749568 Aug 13 10:05 pause_3.10.tar
-rw-------. 1 root root 26021376 Aug 13 09:49 registry-2.tar
[root@localhost kubeasz]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
easzlab/kubeasz 3.6.7 24a8d22e9c7a 2 months ago 164MB
easzlab/kubeasz-ext-bin 1.12.5 9535746412b7 2 months ago 764MB
easzlab/kubeasz-k8s-bin v1.33.1 4a8b02853b2d 2 months ago 1.24GB
calico/kube-controllers v3.28.4 a9718f987733 3 months ago 80.2MB
easzlab.io.local:5000/easzlab/kube-controllers v3.28.4 a9718f987733 3 months ago 80.2MB
calico/cni v3.28.4 a6b51008a3d2 3 months ago 212MB
easzlab.io.local:5000/easzlab/cni v3.28.4 a6b51008a3d2 3 months ago 212MB
calico/node v3.28.4 c08601d8f8df 3 months ago 395MB
easzlab.io.local:5000/easzlab/node v3.28.4 c08601d8f8df 3 months ago 395MB
coredns/coredns 1.12.1 52546a367cc9 4 months ago 75MB
easzlab.io.local:5000/easzlab/coredns 1.12.1 52546a367cc9 4 months ago 75MB
easzlab/k8s-dns-node-cache 1.25.0 4f3d9b7cd639 6 months ago 84.4MB
easzlab.io.local:5000/easzlab/k8s-dns-node-cache 1.25.0 4f3d9b7cd639 6 months ago 84.4MB
easzlab/metrics-server v0.7.2 83375c676b80 11 months ago 67.1MB
easzlab.io.local:5000/easzlab/metrics-server v0.7.2 83375c676b80 11 months ago 67.1MB
easzlab/pause 3.10 bf1f83806dd2 14 months ago 736kB
easzlab.io.local:5000/easzlab/pause 3.10 bf1f83806dd2 14 months ago 736kB
registry 2 26b2eb03618e 22 months ago 25.4MB
安装单节点k8s
零时禁用其他ip!!
[root@localhost kubeasz]# docker rm -f kubeasz
kubeasz
[root@localhost kubeasz]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:04:0a:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.4.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fe04:a2b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:04:0a:2c brd ff:ff:ff:ff:ff:ff
inet 192.168.0.2/24 brd 192.168.0.255 scope global dynamic noprefixroute eth1
valid_lft 86111sec preferred_lft 86111sec
inet6 240e:868:0:4e6d:acb5:8e7c:4437:78e9/64 scope global dynamic noprefixroute
valid_lft 86293sec preferred_lft 14293sec
inet6 fe80::bdfa:f60a:8839:e358/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 9e:b6:50:b4:02:cd brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
[root@localhost kubeasz]# ifdown eth1
Connection 'eth1' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@localhost kubeasz]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:04:0a:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.4.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fe04:a2b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:04:0a:2c brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 9e:b6:50:b4:02:cd brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
容器化运行 kubeasz
./ezdown -S
观察日志,可以看到使用的是内网ip地址!
[root@localhost kubeasz]# ./ezdown -S
2025-08-13 10:53:28 [ezdown:717] INFO Action begin: start_kubeasz_docker
Loaded image: easzlab/kubeasz:3.6.7
2025-08-13 10:53:28 [ezdown:619] INFO try to run kubeasz in a container
2025-08-13 10:53:28 [ezdown:623] DEBUG get host IP: 192.168.1.2
82754747acfff7c13435ba1da7d7b30425b0eea21916e976ac2dcf8c64001e7c
2025-08-13 10:53:29 [ezdown:719] INFO Action successed: start_kubeasz_docker
使用默认配置安装 aio 集群
docker exec -it kubeasz ezctl start-aio
[root@localhost kubeasz]# docker exec -it kubeasz ezctl start-aio
2025-08-13 10:56:13 [ezctl:447] INFO get local host ipadd: 192.168.1.2
2025-08-13 10:56:13 [ezctl:145] DEBUG generate custom cluster files in /etc/kubeasz/clusters/default
2025-08-13 10:56:13 [ezctl:151] DEBUG set versions
2025-08-13 10:56:13 [ezctl:178] DEBUG cluster default: files successfully created.
2025-08-13 10:56:13 [ezctl:179] INFO next steps 1: to config '/etc/kubeasz/clusters/default/hosts'
2025-08-13 10:56:13 [ezctl:180] INFO next steps 2: to config '/etc/kubeasz/clusters/default/config.yml'
ansible-playbook -i clusters/default/hosts -e @clusters/default/config.yml playbooks/90.setup.yml
*** Component Version *********************
*******************************************
* kubernetes: v1.33.1
* etcd: v3.5.21
* calico: v3.28.4
*******************************************
2025-08-13 10:56:13 [ezctl:245] INFO cluster:default setup step:all begins in 5s, press any key to abort:
PLAY [kube_master,kube_node,etcd,ex_lb,chrony] ********************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
PLAY [localhost] **************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [deploy : prepare some dirs] *********************************************************************************************************************************************************************************************************************************************
changed: [localhost] => (item=/etc/kubeasz/clusters/default/ssl)
changed: [localhost] => (item=/etc/kubeasz/clusters/default/backup)
changed: [localhost] => (item=/etc/kubeasz/clusters/default/yml)
ok: [localhost] => (item=~/.kube)
TASK [deploy : 本地设置 bin 目录权限] *****************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [deploy : 读取ca证书stat信息] ********************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [deploy : 准备CA配置文件和签名请求] **************************************************************************************************************************************************************************************************************************************
changed: [localhost] => (item=ca-config.json)
changed: [localhost] => (item=ca-csr.json)
TASK [deploy : 生成 CA 证书和私钥] ********************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 准备kubectl使用的admin证书签名请求] ****************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 创建admin证书与私钥] *******************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置集群参数] **************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置客户端认证参数] ********************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置上下文参数] ************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 选择默认上下文] ************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 安装kubeconfig] ************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 准备kube-proxy 证书签名请求] ***********************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 创建 kube-proxy证书与私钥] *************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置集群参数] **************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置客户端认证参数] ********************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置上下文参数] ************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 选择默认上下文] ************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 准备kube-controller-manager 证书签名请求] **********************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 创建 kube-controller-manager证书与私钥] ************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置集群参数] **************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置认证参数] **************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置上下文参数] ************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 选择默认上下文] ************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 准备kube-scheduler 证书签名请求] *******************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 创建 kube-scheduler证书与私钥] *********************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置集群参数] **************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置认证参数] **************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 设置上下文参数] ************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 选择默认上下文] ************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [deploy : 本地创建 ezdown/ezctl 工具的软连接] ****************************************************************************************************************************************************************************************************************************
ok: [localhost] => (item=ezdown)
ok: [localhost] => (item=ezctl)
TASK [deploy : ansible 控制端创建 kubectl 软链接] *****************************************************************************************************************************************************************************************************************************
changed: [localhost]
PLAY [kube_master,kube_node,etcd] *********************************************************************************************************************************************************************************************************************************************
TASK [prepare : 禁用系统 swap] ************************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [prepare : 删除fstab swap 相关配置] **************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [prepare : 加载内核模块] *************************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2] => (item=br_netfilter)
ok: [192.168.1.2] => (item=ip_vs)
ok: [192.168.1.2] => (item=ip_vs_rr)
ok: [192.168.1.2] => (item=ip_vs_wrr)
ok: [192.168.1.2] => (item=ip_vs_sh)
ok: [192.168.1.2] => (item=nf_conntrack)
TASK [prepare : 尝试加载nf_conntrack_ipv4] ************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [prepare : 启用systemd自动加载模块服务] **********************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [prepare : 增加内核模块开机加载配置] *************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [prepare : 设置系统参数] *************************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [prepare : 查看是否需要设置 fs.may_detach_mounts] ************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [prepare : 查看是否需要设置 net.ipv4.tcp_tw_recycle] *********************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [prepare : 生效系统参数] *************************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [prepare : 创建 systemd 配置目录] ****************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [prepare : 设置系统 ulimits] *********************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [prepare : 把SCTP列入内核模块黑名单] *************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [prepare : prepare some dirs] ********************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2] => (item=/opt/kube/bin)
changed: [192.168.1.2] => (item=/etc/kubernetes/ssl)
ok: [192.168.1.2] => (item=/root/.kube)
TASK [prepare : 复制kubectl kubeconfig] ***************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [prepare : 写入环境变量$PATH] ********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [prepare : ansible 控制端写入命令别名] ***********************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [prepare : 添加 local registry hosts 解析] *******************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [prepare : 设置节点 hostname] ********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [prepare : 设置 k8s_nodename 在 master[0] 节点 /etc/hosts 地址解析] ******************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [prepare : 获取 master[0] 节点由kubeasz 创建的 /etc/hosts 地址解析] ******************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [prepare : 删除 master[0] 节点由kubeasz 创建的 /etc/hosts 地址解析] ******************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [prepare : 设置 k8s_nodename 在所有节点的 /etc/hosts 地址解析] ***********************************************************************************************************************************************************************************************************
changed: [192.168.1.2] => (item=192.168.1.2)
ok: [192.168.1.2] => (item=192.168.1.2)
PLAY [etcd] *******************************************************************************************************************************************************************************************************************************************************************
TASK [etcd : prepare some dirs] ***********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [etcd : 下载etcd二进制文件] **********************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2] => (item=etcd)
ok: [192.168.1.2] => (item=etcdctl)
TASK [etcd : 创建etcd证书请求] ************************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [etcd : 创建 etcd证书和私钥] *********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [etcd : 分发etcd证书相关] ************************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2] => (item=ca.pem)
changed: [192.168.1.2] => (item=etcd.pem)
changed: [192.168.1.2] => (item=etcd-key.pem)
TASK [etcd : 创建etcd的systemd unit文件] **************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [etcd : 开机启用etcd服务] ************************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [etcd : 开启etcd服务] ****************************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [etcd : 以轮询的方式等待服务同步完成] ************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
PLAY [kube_master,kube_node] **************************************************************************************************************************************************************************************************************************************************
TASK [containerd : 准备containerd相关目录] ************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2] => (item=/opt/kube/bin/containerd-bin)
changed: [192.168.1.2] => (item=/etc/containerd)
changed: [192.168.1.2] => (item=/etc/containerd/certs.d/docker.io)
TASK [containerd : 加载内核模块 overlay] **************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [containerd : 下载 containerd 二进制文件] ********************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/containerd-bin/runc)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/containerd-bin/containerd-shim-runc-v2)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/containerd-bin/ctr)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/containerd-bin/containerd)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/containerd-bin/containerd-stress)
TASK [containerd : 下载 crictl] ***********************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [containerd : 添加 crictl 自动补全] **************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [containerd : 创建 containerd 配置文件] **********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [containerd : 创建systemd unit文件] **************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [containerd : 创建 crictl 配置] ******************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [containerd : 开机启用 containerd 服务] **********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [containerd : 开启 containerd 服务] **************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [containerd : 轮询等待containerd服务运行] ********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
PLAY [kube_master] ************************************************************************************************************************************************************************************************************************************************************
TASK [kube-lb : prepare some dirs] ********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2] => (item=/etc/kube-lb/sbin)
changed: [192.168.1.2] => (item=/etc/kube-lb/logs)
changed: [192.168.1.2] => (item=/etc/kube-lb/conf)
TASK [kube-lb : 下载二进制文件kube-lb(nginx)] *********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-lb : 创建kube-lb的配置文件] ****************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-lb : 创建kube-lb的systemd unit文件] ********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-lb : 开机启用kube-lb服务] ******************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-lb : 开启kube-lb服务] **********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-lb : 以轮询的方式等待kube-lb服务启动] ******************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 下载 kube_master 二进制] **********************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2] => (item=kube-apiserver)
ok: [192.168.1.2] => (item=kube-controller-manager)
ok: [192.168.1.2] => (item=kube-scheduler)
ok: [192.168.1.2] => (item=kubectl)
TASK [kube-master : 分发controller/scheduler kubeconfig配置文件] **************************************************************************************************************************************************************************************************************
changed: [192.168.1.2] => (item=kube-controller-manager.kubeconfig)
changed: [192.168.1.2] => (item=kube-scheduler.kubeconfig)
TASK [kube-master : 创建 kubernetes 证书签名请求] *****************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 创建 kubernetes 证书和私钥] *******************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 创建 aggregator proxy证书签名请求] ************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 创建 aggregator-proxy证书和私钥] **************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 分发 kubernetes证书] **************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2] => (item=ca.pem)
changed: [192.168.1.2] => (item=ca-key.pem)
changed: [192.168.1.2] => (item=kubernetes.pem)
changed: [192.168.1.2] => (item=kubernetes-key.pem)
changed: [192.168.1.2] => (item=aggregator-proxy.pem)
changed: [192.168.1.2] => (item=aggregator-proxy-key.pem)
TASK [kube-master : 替换 kubeconfig 的 apiserver 地址] ************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2] => (item=/etc/kubernetes/kube-controller-manager.kubeconfig)
changed: [192.168.1.2] => (item=/etc/kubernetes/kube-scheduler.kubeconfig)
TASK [kube-master : 创建 master 服务的 systemd unit 文件] *********************************************************************************************************************************************************************************************************************
changed: [192.168.1.2] => (item=kube-apiserver.service)
changed: [192.168.1.2] => (item=kube-controller-manager.service)
changed: [192.168.1.2] => (item=kube-scheduler.service)
TASK [kube-master : enable master 服务] ***************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 启动 master 服务] *****************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 轮询等待kube-apiserver启动] *******************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 轮询等待kube-controller-manager启动] **********************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 轮询等待kube-scheduler启动] *******************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 复制kubectl.kubeconfig] ***********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 替换 kubeconfig 的 apiserver 地址] ************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [kube-master : 轮询等待master服务启动完成] *******************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 获取user:kubernetes是否已经绑定对应角色] ******************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-master : 创建user:kubernetes角色绑定] ******************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 创建kube_node 相关目录] *************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2] => (item=/var/lib/kubelet)
changed: [192.168.1.2] => (item=/var/lib/kube-proxy)
ok: [192.168.1.2] => (item=/etc/cni/net.d)
ok: [192.168.1.2] => (item=/opt/cni/bin)
TASK [kube-node : 下载 kubelet,kube-proxy 二进制] *****************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2] => (item=kubectl)
ok: [192.168.1.2] => (item=kubelet)
ok: [192.168.1.2] => (item=kube-proxy)
TASK [kube-node : 下载 cni plugins 二进制文件] ********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/portmap)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/LICENSE)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/vrf)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/dhcp)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/dummy)
changed: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/bandwidth)
changed: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/host-local)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/macvlan)
changed: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/tuning)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/firewall)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/ptp)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/static)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/README.md)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/tap)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/host-device)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/vlan)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/bridge)
changed: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/loopback)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/sbr)
ok: [192.168.1.2] => (item=/etc/kubeasz/bin/cni-bin/ipvlan)
TASK [kube-node : 添加 kubectl 自动补全] **************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 准备kubelet 证书签名请求] ***********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 创建 kubelet 证书与私钥] ************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 设置集群参数] ***********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 设置客户端认证参数] *****************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 设置上下文参数] *********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 选择默认上下文] *********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 分发ca 证书] ************************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [kube-node : 分发kubelet 证书] *******************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2] => (item=kubelet.pem)
changed: [192.168.1.2] => (item=kubelet-key.pem)
TASK [kube-node : 分发kubeconfig] *********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 准备 cni配置文件] *******************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 创建kubelet的配置文件] **************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 检查文件/run/systemd/resolve/resolv.conf] *******************************************************************************************************************************************************************************************************************
ok: [192.168.1.2]
TASK [kube-node : 创建kubelet的systemd unit文件] ******************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 开机启用kubelet 服务] ***************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 开启kubelet 服务] *******************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 分发 kube-proxy.kubeconfig配置文件] *************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 替换 kube-proxy.kubeconfig 的 apiserver 地址] ***************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 创建kube-proxy 配置] ****************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 创建kube-proxy 服务文件] ************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 开机启用kube-proxy 服务] ************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 开启kube-proxy 服务] ****************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 轮询等待kube-proxy启动] *************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 轮询等待kubelet启动] ****************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : 轮询等待node达到Ready状态] **********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : Setting worker role name] ***********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [kube-node : Setting master role name] ***********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
PLAY [kube_node] **************************************************************************************************************************************************************************************************************************************************************
PLAY [kube_master,kube_node] **************************************************************************************************************************************************************************************************************************************************
TASK [calico : 创建calico 证书请求] *******************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [calico : 创建 calico证书和私钥] *****************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [calico : 删除旧 calico-etcd-secrets] ************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [calico : 创建 calico-etcd-secrets] **************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [calico : 配置 calico DaemonSet yaml文件] ********************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [calico : 运行 calico网络] ***********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [calico : 在节点创建相关目录] ********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2] => (item=/etc/calico/ssl)
TASK [calico : 分发calico证书相关] ********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2] => (item=ca.pem)
changed: [192.168.1.2] => (item=calico.pem)
changed: [192.168.1.2] => (item=calico-key.pem)
TASK [calico : 删除默认cni配置] ***********************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
TASK [calico : 下载calicoctl 客户端] ******************************************************************************************************************************************************************************************************************************************
ok: [192.168.1.2] => (item=calicoctl)
TASK [calico : 准备 calicoctl配置文件] ****************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
FAILED - RETRYING: [192.168.1.2]: 轮询等待calico-node 运行 (15 retries left).
TASK [calico : 轮询等待calico-node 运行] **************************************************************************************************************************************************************************************************************************************
changed: [192.168.1.2]
PLAY [localhost] **************************************************************************************************************************************************************************************************************************************************************
TASK [cluster-addon : 获取所有已经创建的POD信息] ******************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [cluster-addon : 准备 DNS的部署文件] *************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [cluster-addon : 创建coredns部署] ****************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [cluster-addon : 准备dnscache的部署文件] *********************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [cluster-addon : 创建dnscache部署] ***************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [cluster-addon : 准备 metrics-server的部署文件] **************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [cluster-addon : 创建 metrics-server部署] ********************************************************************************************************************************************************************************************************************************
changed: [localhost]
PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************
192.168.1.2 : ok=112 changed=89 unreachable=0 failed=0 skipped=210 rescued=0 ignored=0
localhost : ok=40 changed=36 unreachable=0 failed=0 skipped=69 rescued=0 ignored=0
验证安装
$ source ~/.bashrc
$ kubectl version # 验证集群版本
$ kubectl get node # 验证节点就绪 (Ready) 状态
$ kubectl get pod -A # 验证集群pod状态,默认已安装网络插件、coredns、metrics-server等
$ kubectl get svc -A # 验证集群服务状态
[root@k8s-192.168.1.2 kubeasz]# kubectl version
Client Version: v1.33.1
Kustomize Version: v5.6.0
Server Version: v1.33.1
[root@k8s-192.168.1.2 kubeasz]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-192.168.1.2 Ready master 3m47s v1.33.1
[root@k8s-192.168.1.2 kubeasz]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-647ddc7bfd-jb7sw 1/1 Running 0 3m47s
kube-system calico-node-c768j 1/1 Running 0 3m47s
kube-system coredns-5c4d969fb-fmk47 1/1 Running 0 39s
kube-system metrics-server-74f6d6fdd5-vpb5m 1/1 Running 0 37s
kube-system node-local-dns-q77pp 1/1 Running 0 38s
[root@k8s-192.168.1.2 kubeasz]# kubectl get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.68.0.1 <none> 443/TCP 4m18s
kube-system kube-dns ClusterIP 10.68.0.2 <none> 53/UDP,53/TCP,9153/TCP 43s
kube-system kube-dns-upstream ClusterIP 10.68.244.153 <none> 53/UDP,53/TCP 42s
kube-system metrics-server ClusterIP 10.68.164.143 <none> 443/TCP 41s
kube-system node-local-dns ClusterIP None <none> 9253/TCP 42s
[root@k8s-192.168.1.2 kubeasz]# kubectl cluster-info
Kubernetes control plane is running at https://192.168.1.2:6443
CoreDNS is running at https://192.168.1.2:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
KubeDNSUpstream is running at https://192.168.1.2:6443/api/v1/namespaces/kube-system/services/kube-dns-upstream:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
启动的程序
[root@k8s-192.168.1.2 kubeasz]# ps aux | grep kube
root 1197 0.1 0.6 3141156 104512 ? Ssl Aug13 1:48 /opt/kube/bin/dockerd
root 2299 0.0 0.1 1238720 17304 ? Sl Aug13 0:03 /opt/kube/bin/containerd-shim-runc-v2 -namespace moby -id ef9e84c93700cbba2dc806532cf751d8aa7acfed0b19ebc5ff422b5d6c501afd -address /var/run/docker/containerd/containerd.sock
root 8993 0.5 0.7 10758548 124108 ? Ssl Aug13 6:48 /opt/kube/bin/etcd --name=etcd-192.168.1.2 --cert-file=/etc/kubernetes/ssl/etcd.pem --key-file=/etc/kubernetes/ssl/etcd-key.pem --peer-cert-file=/etc/kubernetes/ssl/etcd.pem --peer-key-file=/etc/kubernetes/ssl/etcd-key.pem --trusted-ca-file=/etc/kubernetes/ssl/ca.pem --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem --initial-advertise-peer-urls=https://192.168.1.2:2380 --listen-peer-urls=https://192.168.1.2:2380 --listen-client-urls=https://192.168.1.2:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.1.2:2379 --initial-cluster-token=etcd-cluster-0 --initial-cluster=etcd-192.168.1.2=https://192.168.1.2:2380 --initial-cluster-state=new --data-dir=/var/lib/etcd --wal-dir= --snapshot-count=50000 --auto-compaction-retention=1 --auto-compaction-mode=periodic --max-request-bytes=10485760 --quota-backend-bytes=8589934592
root 12460 0.4 0.4 2969864 78384 ? Ssl Aug13 6:03 /opt/kube/bin/containerd-bin/containerd --log-level warn
root 14254 0.0 0.0 3112 232 ? Ss Aug13 0:00 nginx: master process /etc/kube-lb/sbin/kube-lb -c /etc/kube-lb/conf/kube-lb.conf -p /etc/kube-lb
root 20702 1.0 2.2 1532516 350548 ? Ssl Aug13 13:53 /opt/kube/bin/kube-apiserver --allow-privileged=true --anonymous-auth=false --api-audiences=api,istio-ca --authorization-mode=Node,RBAC --bind-address=192.168.1.2 --client-ca-file=/etc/kubernetes/ssl/ca.pem --endpoint-reconciler-type=lease --etcd-cafile=/etc/kubernetes/ssl/ca.pem --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem --etcd-servers=https://192.168.1.2:2379 --kubelet-certificate-authority=/etc/kubernetes/ssl/ca.pem --kubelet-client-certificate=/etc/kubernetes/ssl/kubernetes.pem --kubelet-client-key=/etc/kubernetes/ssl/kubernetes-key.pem --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc --service-account-signing-key-file=/etc/kubernetes/ssl/ca-key.pem --service-account-key-file=/etc/kubernetes/ssl/ca.pem --service-cluster-ip-range=10.68.0.0/16 --service-node-port-range=30000-32767 --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem --requestheader-allowed-names= --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --proxy-client-cert-file=/etc/kubernetes/ssl/aggregator-proxy.pem --proxy-client-key-file=/etc/kubernetes/ssl/aggregator-proxy-key.pem --enable-aggregator-routing=true --v=2
root 20738 0.1 0.4 1299076 72152 ? Ssl Aug13 1:22 /opt/kube/bin/kube-scheduler --authentication-kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --authorization-kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --bind-address=0.0.0.0 --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig --leader-elect=true --v=2
root 23574 0.5 0.8 1320660 133460 ? Ssl Aug13 7:11 /opt/kube/bin/kube-controller-manager --allocate-node-cidrs=true --authentication-kubeconfig=/etc/kubernetes/kube-controller-manager.kubeconfig --authorization-kubeconfig=/etc/kubernetes/kube-controller-manager.kubeconfig --bind-address=0.0.0.0 --cluster-cidr=172.20.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem --kubeconfig=/etc/kubernetes/kube-controller-manager.kubeconfig --leader-elect=true --node-cidr-mask-size=24 --root-ca-file=/etc/kubernetes/ssl/ca.pem --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem --service-cluster-ip-range=10.68.0.0/16 --use-service-account-credentials=true --v=2
root 33468 0.7 0.7 3085104 114004 ? Ssl Aug13 9:32 /opt/kube/bin/kubelet --config=/var/lib/kubelet/config.yaml --container-runtime-endpoint=unix:///run/containerd/containerd.sock --hostname-override=k8s-192.168.1.2 --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --root-dir=/var/lib/kubelet --v=2
root 35469 0.0 0.4 1300304 72672 ? Ssl Aug13 1:10 /opt/kube/bin/kube-proxy --config=/var/lib/kube-proxy/kube-proxy-config.yaml
root 40376 0.0 0.0 1238720 14852 ? Sl Aug13 0:03 /opt/kube/bin/containerd-shim-runc-v2 -namespace moby -id afc931b6dc5c181eb56bb15e8e57132ebbb383ed93b45af159de4e66b6c6175f -address /var/run/docker/containerd/containerd.sock
root 40520 0.0 0.0 1233504 12584 ? Sl Aug13 1:14 /opt/kube/bin/containerd-bin/containerd-shim-runc-v2 -namespace k8s.io -id a86d698ade08ec729b213d8b94cb7e93e5344a32ca903fa3e4ce354ed45992cc -address /run/containerd/containerd.sock
root 40767 0.0 0.0 1233504 13428 ? Sl Aug13 1:09 /opt/kube/bin/containerd-bin/containerd-shim-runc-v2 -namespace k8s.io -id 94cc590a0a3cbbd2deb8cf9512afa159d457d90c56511d9248ea6eb2b2c204a5 -address /run/containerd/containerd.sock
systemd+ 40901 0.0 0.3 1278940 58204 ? Ssl Aug13 0:15 /usr/bin/kube-controllers
root 42048 0.0 0.0 1233504 11956 ? Sl Aug13 0:19 /opt/kube/bin/containerd-bin/containerd-shim-runc-v2 -namespace k8s.io -id 108c43c098d77bcae20d7bec50e0a7a413f4334c95d8924a50ba3bdf16dfb767 -address /run/containerd/containerd.sock
root 42336 0.0 0.0 1233504 12164 ? Sl Aug13 0:19 /opt/kube/bin/containerd-bin/containerd-shim-runc-v2 -namespace k8s.io -id 419c2058a422a08bad6e80f48f0d933e2f604ba9adc942ab9e8790cf915dc8df -address /run/containerd/containerd.sock
root 42635 0.0 0.2 1269324 42616 ? Ssl Aug13 1:03 /node-cache -localip 169.254.20.10 -conf /etc/Corefile -upstreamsvc kube-dns-upstream
root 42842 0.0 0.0 1233760 12556 ? Sl Aug13 0:19 /opt/kube/bin/containerd-bin/containerd-shim-runc-v2 -namespace k8s.io -id 13419a2cc0ed405686fc6b5658df71e5b042572a66bee2f90947f5a7bd7b028c -address /run/containerd/containerd.sock
1000 43024 0.1 0.4 1286400 66100 ? Ssl Aug13 1:41 /metrics-server --cert-dir=/tmp --secure-port=10250 --kubelet-insecure-tls --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --kubelet-use-node-status-port --metric-resolution=15s
root 344325 0.0 0.1 1238464 16712 ? Sl Aug13 0:03 /opt/kube/bin/containerd-shim-runc-v2 -namespace moby -id 59c16822fb2938df8604b52325fb49a3cee12e5dba0125b95ee88ac0b322f243 -address /var/run/docker/containerd/containerd.sock
root 344403 0.0 0.0 1226456 4164 ? Sl Aug13 0:00 /opt/kube/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.2 -container-port 80 -use-listen-fd
root 344410 0.0 0.0 1226456 4224 ? Sl Aug13 0:00 /opt/kube/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.17.0.2 -container-port 80 -use-listen-fd
root 344418 0.0 0.0 1226456 4156 ? Sl Aug13 0:00 /opt/kube/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.17.0.2 -container-port 443 -use-listen-fd
root 344426 0.0 0.0 1226456 4220 ? Sl Aug13 0:00 /opt/kube/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.17.0.2 -container-port 443 -use-listen-fd
dashboard安装
下载dashboard源代码,解压
cd /media
wget https://gh-proxy.com/https://github.com/kubernetes/dashboard/releases/download/kubernetes-dashboard-7.13.0/kubernetes-dashboard-7.13.0.tgz
tar -xvf kubernetes-dashboard-7.13.0.tgz
提前下载镜像,基于register.librax.org加速地址
版本信息,源自解压出来的values.yml
[root@k8s-192.168.1.2 kubernetes-dashboard]# docker pull register.librax.org/kubernetesui/dashboard-auth:1.3.0
1.3.0: Pulling from kubernetesui/dashboard-auth
dd7ab32cec82: Pull complete
4639d08f818d: Pull complete
c0ee37d1b28b: Pull complete
Digest: sha256:8641c111b9d7e4d5ae502b2afc56765b624a42071ba5b612a01a108827730673
Status: Downloaded newer image for register.librax.org/kubernetesui/dashboard-auth:1.3.0
register.librax.org/kubernetesui/dashboard-auth:1.3.0
[root@k8s-192.168.1.2 kubernetes-dashboard]# docker pull register.librax.org/kubernetesui/dashboard-api:1.13.0
1.13.0: Pulling from kubernetesui/dashboard-api
25ab36ed23f0: Pull complete
27303f75b6cd: Pull complete
a498a7f4cffc: Pull complete
Digest: sha256:96642ed8d9e27c13afafd045fb79c67fa98887416a13d497bdad9815e313262e
Status: Downloaded newer image for register.librax.org/kubernetesui/dashboard-api:1.13.0
register.librax.org/kubernetesui/dashboard-api:1.13.0
[root@k8s-192.168.1.2 kubernetes-dashboard]# docker pull register.librax.org/kubernetesui/dashboard-web:1.7.0
1.7.0: Pulling from kubernetesui/dashboard-web
9cf341babd6d: Pull complete
7d92209f6482: Pull complete
ac9d6367ac55: Pull complete
0df42705e6db: Pull complete
59e0aefd9ab2: Pull complete
fcf244073548: Pull complete
Digest: sha256:cc7c31bd2d8470e3590dcb20fe980769b43054b31a5c5c0da606e9add898d85d
Status: Downloaded newer image for register.librax.org/kubernetesui/dashboard-web:1.7.0
register.librax.org/kubernetesui/dashboard-web:1.7.0
[root@k8s-192.168.1.2 kubernetes-dashboard]# docker pull register.librax.org/kubernetesui/dashboard-metrics-scraper:1.2.2
1.2.2: Pulling from kubernetesui/dashboard-metrics-scraper
c9b27bd2c132: Pull complete
d3a59e3d645e: Pull complete
4bfb1c5f5213: Pull complete
Digest: sha256:5154b68252bd601cf85092b6413cb9db224af1ef89cb53009d2070dfccd30775
Status: Downloaded newer image for register.librax.org/kubernetesui/dashboard-metrics-scraper:1.2.2
register.librax.org/kubernetesui/dashboard-metrics-scraper:1.2.2
修改values.yml, 变动如下
[root@k8s-192.168.1.2 kubernetes-dashboard]# diff values.yaml.bak values.yaml -Npr
*** values.yaml.bak 2025-08-14 09:56:51.767929922 +0800
--- values.yaml 2025-08-14 09:57:45.933968595 +0800
*************** app:
*** 144,150 ****
auth:
role: auth
image:
! repository: docker.io/kubernetesui/dashboard-auth
tag: 1.3.0
scaling:
replicas: 1
--- 144,150 ----
auth:
role: auth
image:
! repository: register.librax.org/kubernetesui/dashboard-auth
tag: 1.3.0
scaling:
replicas: 1
*************** auth:
*** 186,192 ****
api:
role: api
image:
! repository: docker.io/kubernetesui/dashboard-api
tag: 1.13.0
scaling:
replicas: 1
--- 186,192 ----
api:
role: api
image:
! repository: register.librax.org/kubernetesui/dashboard-api
tag: 1.13.0
scaling:
replicas: 1
*************** api:
*** 246,252 ****
web:
role: web
image:
! repository: docker.io/kubernetesui/dashboard-web
tag: 1.7.0
scaling:
replicas: 1
--- 246,252 ----
web:
role: web
image:
! repository: register.librax.org/kubernetesui/dashboard-web
tag: 1.7.0
scaling:
replicas: 1
*************** metricsScraper:
*** 309,315 ****
enabled: true
role: metrics-scraper
image:
! repository: docker.io/kubernetesui/dashboard-metrics-scraper
tag: 1.2.2
scaling:
replicas: 1
--- 309,315 ----
enabled: true
role: metrics-scraper
image:
! repository: register.librax.org/kubernetesui/dashboard-metrics-scraper
tag: 1.2.2
scaling:
replicas: 1
配置docker加速
[root@k8s-192.168.1.2 kubernetes-dashboard]# cat /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://register.librax.org",
"https://docker.1ms.run",
"https://hub1.nat.tf",
"https://docker.1panel.live",
"https://proxy.1panel.live",
"https://hub.rat.dev",
"https://docker.amingg.com"
],
"insecure-registries": ["http://easzlab.io.local:5000"],
"max-concurrent-downloads": 10,
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"data-root": "/var/lib/docker"
}
# 重启docker
[root@k8s-192.168.1.2 kubernetes-dashboard]# systemctl restart docker
配置cri镜像加速(k8s运行时)
vim /etc/containerd/config.toml
[plugins.'io.containerd.cri.v1.images'.registry.mirrors."docker.io"]
endpoint = ["https://register.librax.org", "https://docker.1ms.run", "https://hub1.nat.tf", "https://docker.1panel.live", "https://proxy.1panel.live", "https://hub.rat.dev", "https://docker.amingg.com"]
重启
# 1. 重启 containerd
systemctl restart containerd
# 2. 重启 kubelet
systemctl restart kubelet
# 3. 验证配置
crictl info | grep -A 15 registry
执行helm安装部署dashboard
helm upgrade --install kubernetes-dashboard /media/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
[root@k8s-192.168.1.2 kubernetes-dashboard]# helm upgrade --install kubernetes-dashboard /media/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
Release "kubernetes-dashboard" does not exist. Installing it now.
NAME: kubernetes-dashboard
LAST DEPLOYED: Thu Aug 14 10:00:53 2025
NAMESPACE: kubernetes-dashboard
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*************************************************************************************************
*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
*************************************************************************************************
Congratulations! You have just installed Kubernetes Dashboard in your cluster.
To access Dashboard run:
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443
NOTE: In case port-forward command does not work, make sure that kong service name is correct.
Check the services in Kubernetes Dashboard namespace using:
kubectl -n kubernetes-dashboard get svc
Dashboard will be available at:
https://localhost:8443
检查pod
[root@k8s-192.168.1.2 containerd]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-647ddc7bfd-jb7sw 1/1 Running 0 23h
kube-system calico-node-c768j 1/1 Running 0 23h
kube-system coredns-5c4d969fb-fmk47 1/1 Running 0 23h
kube-system metrics-server-74f6d6fdd5-vpb5m 1/1 Running 0 23h
kube-system node-local-dns-q77pp 1/1 Running 0 23h
kubernetes-dashboard kubernetes-dashboard-api-58bddf74f6-7cvpq 1/1 Running 0 13m
kubernetes-dashboard kubernetes-dashboard-auth-55d4c97f5c-7mz9b 1/1 Running 0 13m
kubernetes-dashboard kubernetes-dashboard-kong-648658d45f-ccnqj 1/1 Running 0 13m
kubernetes-dashboard kubernetes-dashboard-metrics-scraper-8bf8798b4-6qssv 1/1 Running 0 13m
kubernetes-dashboard kubernetes-dashboard-web-78cb48d87c-mms7d 1/1 Running 0 13m
检查svc
[root@k8s-192.168.1.2 containerd]# kubectl get svc -A
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.68.0.1 <none> 443/TCP 23h
kube-system kube-dns ClusterIP 10.68.0.2 <none> 53/UDP,53/TCP,9153/TCP 23h
kube-system kube-dns-upstream ClusterIP 10.68.244.153 <none> 53/UDP,53/TCP 23h
kube-system metrics-server ClusterIP 10.68.164.143 <none> 443/TCP 23h
kube-system node-local-dns ClusterIP None <none> 9253/TCP 23h
kubernetes-dashboard kubernetes-dashboard-api ClusterIP 10.68.68.212 <none> 8000/TCP 13m
kubernetes-dashboard kubernetes-dashboard-auth ClusterIP 10.68.232.76 <none> 8000/TCP 13m
kubernetes-dashboard kubernetes-dashboard-kong-proxy ClusterIP 10.68.35.205 <none> 443/TCP 13m
kubernetes-dashboard kubernetes-dashboard-metrics-scraper ClusterIP 10.68.208.77 <none> 8000/TCP 13m
kubernetes-dashboard kubernetes-dashboard-web ClusterIP 10.68.159.140 <none> 8000/TCP 13m
修改为NodePort类型
[root@k8s-192.168.1.2 ~]# kubectl patch svc kubernetes-dashboard-kong-proxy -n kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}'
service/kubernetes-dashboard-kong-proxy patched
[root@k8s-192.168.1.2 ~]# kubectl get svc -n kubernetes-dashboard kubernetes-dashboard-kong-proxy
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard-kong-proxy NodePort 10.68.35.205 <none> 443:31363/TCP 52m
查看服务账号、绑定权限
[root@k8s-192.168.1.2 ~]# kubectl get deployment -n kubernetes-dashboard kubernetes-dashboard-web \
> -o jsonpath='{.spec.template.spec.serviceAccountName}'
kubernetes-dashboard-web[root@k8s-192.168.1.2 ~]#
绑定权限
[root@k8s-192.168.1.2 ~]# kubectl create clusterrolebinding kubernetes-dashboard-web \
> --clusterrole=cluster-admin \
> --serviceaccount=kubernetes-dashboard:kubernetes-dashboard-web
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-web created
创建 Dashboard 服务账号的 token
# 创建登录所需的 token
[root@k8s-192.168.1.2 ~]# kubectl -n kubernetes-dashboard create token kubernetes-dashboard-web
鲲鹏昇腾开发者社区是面向全社会开放的“联接全球计算开发者,聚合华为+生态”的社区,内容涵盖鲲鹏、昇腾资源,帮助开发者快速获取所需的知识、经验、软件、工具、算力,支撑开发者易学、好用、成功,成为核心开发者。
更多推荐
1
0- 0
已为社区贡献2条内容
所有评论(0)