#安装docker
•参考 http://www.cnblogs.com/freefei/p/9263998.html
yum install -y --setopt=obsoletes=0
docker-ce-17.12.1.ce-1.el7.centos.x86_64
docker-ce-selinux-17.12.1.ce-1.el7.centos.noarch
#开机启动
systemctl enable docker
#启动
systemctl start docker
配置
•关闭linux swap
vim /etc/fstab (注释swap那行)
echo “vm.swappiness = 0”>> /etc/sysctl.conf
swapoff -a
•docker关闭selinux,增加"selinux-enabled"”": false
vim /etc/docker/daemon.json
{
“selinux-enabled”: false
}
systemctl daemon-reload
systemctl restart docker
•配置yum源
cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
•编辑 kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
api:
advertiseAddress: “192.168.229.132”
networking:
podSubnet: “10.244.0.0/16”
kubernetesVersion: “v1.11.1”
imageRepository: “registry.cn-hangzhou.aliyuncs.com/google_containers”
•安装kubeadm kubectl kubelet
yum install -y kubeadm kubelet kubectl
初始化
•关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
•配置 /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
vim /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
[Service]
Environment=“KUBELET_KUBECONFIG_ARGS=–bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf”
Environment=“KUBELET_CONFIG_ARGS=–config=/var/lib/kubelet/config.yaml”
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS --cgroup-driver=cgroupfs --pod-infra-container-image=registry.cn-ha ngzhou.aliyuncs.com/google-containers/pause-amd64:3.0
最后一行加了 --cgroup-driver=cgroupfs --pod-infra-container-image=registry.cn-ha ngzhou.aliyuncs.com/google-containers/pause-amd64:3.0
•kubeadm init --config kubeadm.yaml
这个过程会下载一些镜像
◦失败重新init时请重置 kubeadm reset
◦可能会遇到的问题
◦再执行以下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown ( i d − u ) : (id -u): (id−u):(id -g) $HOME/.kube/config
•安装网络
cat < /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl get pod -n kube-system -o wide
•其它结点安装同主,只是不需要kubeadm init了
•其它结点加入cluster
kubeadm join 192.168.229.132:6443 --token 9bahe0.v8etmmcb2bo6djx4 --discovery-token-ca-cert-hash sha256:e577511a04d5c71daa2109fed13a8e0a7593092febbcef81479b9a08cb7b977f
•查看结点
kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s.master Ready master 1m v1.11.2
k8s.node1 Ready 35s v1.11.2
kubectl taint nodes --all node-role.kubernetes.io/k8s.master-
注:如果–all不认识,通过kubectl get nodes 获得主机名,比如:localhost.localdomain
kubectl taint nodes localhost.localdomain node-role.kubernetes.io/master-
•安装dashboard
◦认证准备
mkdir certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/dashboard.key -x509 -days 365 -out certs/dashboard.crt
volumes:
参考 https://blog.csdn.net/gunner2014/article/details/80966671
◦先下载镜像,因为需要墙,所以手动下载一下,再打tag
docker pull siriuszg/kubernetes-dashboard-amd64:v1.10.0
docker tag siriuszg/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
kubectl create -f kubernetes-dashboard.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
•浏览器打开 https://192.168.229.139:30001
◦选择口令登录,获取口令,在master上运行
kubectl -n kube-system get secret | grep kubernetes-dashboard-admin|awk ‘{print “secret/”$1}’|xargs kubectl describe -n kube-system|grep token:|awk -F : ‘{print $2}’|xargs echo
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi10b2tlbi01bW4ybiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjRlYWFlYWUxLWIyYjgtMTFlOC04ZTdiLTAwMGMyOWFkNWU2ZSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiJ9.BRkFqz3NVAglqePlOeUf1hy8he2eUb7rQKJV9xX1qLHJ0mmtdw7FNQLreQxHNM17sYDXZa6q6h9KVCS-7E9tmpO8rXozFGUZpVfhVu6LHPLcMGL5DPG6hxWLKGW82nvlYlgm8wOQ6C_h2IkULNagKa1BkweUICsRanKQgCYnLCaaB52JlBeUUVtGo48zlGnyUxSZw8ovFEHY6EXq8xLtcG7XGI_mcbR9Lo4Bglx1yh_J0biX5Ta41s22udZuESLJ83GSF07ZwoMpoCzx1u5YWjigRjeJRtLtTuh_IyJl47pV42_-bc_aY3HUzqfbNAgDSVSCWD15aeHQbL5lS-QXTg
•为dashboard指定用户名密码
◦添加目录/etc/kubernetes/dashboard/ ◾添加文件dashboard-abac.json如下 bash
cat /etc/kubernetes/dashboard/dashboard-abac.json
{“apiVersion”: “abac.authorization.kubernetes.io/v1beta1”, “kind”: “Policy”, “spec”: {“user”: “admin”, “namespace”: “", “resource”: "”, “apiGroup”: “*”}}
◾添加文件dashboard.basic如下 bash
cat /etc/kubernetes/dashboard/dashboard.basic
123456,admin,1,system:authenticated
dashboard.basic文件格式: password,user,uid,“group1,group2,group3”
◦kubernetes-dashboard.yaml配置 ◾添加–authentication-mode=basic > 在- --auto-generate-certificates的后面
◦/etc/kubernetes/manifests/kube-apiserver.yaml bash
注意:执行kubeadm reset后,kube-apiserver.yaml会还原
新加ABAC以及以列出的,具体参考https://blog.csdn.net/mailjoin/article/details/79679853
◦删除旧的dashboard容器,重新运行 bash
kubectl delete -f kubernetes-dashboard.yaml
kubectl create -f kubernetes-dashboard.yaml