由于二进制安装的学习k8s: 步骤繁琐,于是就有大佬用ansibe和saltstack来简化二进制安装流程 ansible 一键自动化安装 https://github.com/easzlab/kubeasz saltstack 一键自动化安装 https://github.com/unixhot/salt-k8s kubeadm安装k8s: 需要google官方的docker镜像,需要解决网络问题 环境要求:
1:安装指定版本docker #所有节点 curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo sed -i s+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+ /etc/yum.repos.d/docker-ce.repo yum list docker-ce --showduplicates #安装指定版本的服务器租用学习docker yum install docker-ce-18.09.7 -y2:安装kubeadm #所有节点 cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF yum install kubelet-1.15.5-0 kubeadm-1.15.5-0 kubectl-1.15.5-0 -y systemctl enable kubelet && systemctl start kubelet3:使用kubeadm初始化k8s集群 #所有节点 cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system swapoff -a vim /etc/fstab #控制节点 kubeadm init --kubernetes-version=v1.15.0 --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --service-cidr=10.254.0.0/16 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config4:给k8s集群加入node节点: #node节点 kubeadm join 10.0.0.11:6443 --token 47hq6d.uvtn5ymfah6egl53 \ --discovery-token-ca-cert-hash sha256:ff283c3350b5dfa0ac8c093383416c535485ec18d5cdd6b82273e0d1981576055:为k8s集群配置网络插件 wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml #修改网段范围为 kubectl create -f kube-flannel.yml kubectl get all -n kube-system kubectl get nodes6:为k8s集群配置dashboard服务 kubeadm安装k8s 1.15部署dashboard wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml vi kubernetes-dashboard.yaml #修改service类型为NodePort类型 kubectl create -f kubernetes-dashboard.yaml #解决Google浏览器不能打开kubernetes dashboard方法 mkdir key && cd key #生成证书 openssl genrsa -out dashboard.key 2048 openssl req -new -out dashboard.csr -key dashboard.key -subj /CN=10.0.0.11 openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt #删除原有的证书secret kubectl delete secret kubernetes-dashboard-certs -n kube-system #创建新的证书secret kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system #查看pod kubectl get pod -n kube-system #删除pod,启动新pod生效 kubectl delete pod -n kube-sytem kubernetes-dashboard-7c697b776b-zph98 #编辑文件vim k8s-admin.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: admin annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: admin namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: admin namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubectl create -f k8s-admin.yaml kubectl get serviceaccount -n kube-system kubectl describe serviceaccount admin -n kube-system kubectl describe secret admin-token-29977 -n kube-system #保存查看到的源码下载学习token密钥,就是学习登录dashboard需要的令牌
|
