kubeadm 安装k8s 1.15版

kubeadm 安装k8s 1.15版环境要求:1:安装指定版本docker2:安装kubeadm3:使用kubeadm初始化k8s集群4:给k8s集群加入node节点:5:为k8s集群配置网络插件6:为k8s集群配置dashboard服务

由于二进制安装的k8s: 步骤繁琐,于是就有大佬用ansibe和saltstack来简化二进制安装流程

ansible 一键自动化安装 https://github.com/easzlab/kubeasz

saltstack 一键自动化安装 https://github.com/unixhot/salt-k8s

kubeadm安装k8s: 需要google官方的docker镜像，需要解决网络问题

环境要求:

机器名	ip地址	cpu和内存要求
kubernetes-master	10.0.0.11	2c4g(关闭swap)
kubernetes-node1	10.0.0.12	2c4g(关闭swap)

1:安装指定版本docker


x
1
#所有节点
2
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
3
wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
4
sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
5
yum list docker-ce --showduplicates
6
7
#安装指定版本的docker
8
yum install docker-ce-18.09.9 docker-ce-cli-18.09.9  -y
9
systemctl start docker  && systemctl  enable docker

2:安装kubeadm


xxxxxxxxxx
13
1
#所有节点
2
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
3
[kubernetes]
4
name=Kubernetes
5
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
6
enabled=1
7
gpgcheck=1
8
repo_gpgcheck=1
9
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
10
EOF
11
12
yum install kubelet-1.15.5-0 kubeadm-1.15.5-0 kubectl-1.15.5-0 -y
13
systemctl enable kubelet && systemctl start kubelet

3:使用kubeadm初始化k8s集群


xxxxxxxxxx
17
1
#所有节点
2
cat <<EOF >  /etc/sysctl.d/k8s.conf
3
net.bridge.bridge-nf-call-ip6tables = 1
4
net.bridge.bridge-nf-call-iptables = 1
5
EOF
6
7
sysctl  --system
8
9
#关闭swap
10
swapoff -a
11
vim /etc/fstab
12
13
#控制节点上运行，注意最后的输出
14
kubeadm init --kubernetes-version=v1.15.5 --image-repository registry.aliyuncs.com/google_containers  --pod-network-cidr=10.244.0.0/16 --service-cidr=10.254.0.0/16
15
16
mkdir -p $HOME/.kube
17
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
18
sudo chown $(id -u):$(id -g) $HOME/.kube/config

4:给k8s集群加入node节点:


xxxxxxxxxx
3
1
#node节点上执行前面控制节点提示的加入命令
2
kubeadm join 10.0.0.11:6443 --token 47hq6d.uvtn5ymfah6egl53 \
3
    --discovery-token-ca-cert-hash sha256:ff283c3350b5dfa0ac8c093383416c535485ec18d5cdd6b82273e0d198157605

5:为k8s集群配置网络插件


xxxxxxxxxx
5
1
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
2
#修改网段范围为
3
kubectl create -f kube-flannel.yml
4
kubectl get all -n kube-system
5
kubectl get nodes

6:为k8s集群配置dashboard服务


xxxxxxxxxx
55
1
kubeadm安装k8s 1.15部署dashboard
2
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
3
4
vi kubernetes-dashboard.yaml 
5
#修改service类型为NodePort类型
6
kubectl create -f kubernetes-dashboard.yaml
7
8
#解决Google浏览器不能打开kubernetes dashboard方法
9
mkdir key && cd key
10
#生成证书
11
openssl genrsa -out dashboard.key 2048 
12
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=10.0.0.11'
13
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt 
14
#删除原有的证书secret
15
kubectl delete secret kubernetes-dashboard-certs -n kube-system
16
#创建新的证书secret
17
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system
18
#查看pod
19
kubectl get pod -n kube-system
20
#删除pod，启动新pod生效
21
kubectl delete  pod -n kube-sytem  kubernetes-dashboard-7c697b776b-zph98
22
23
#编辑文件vim k8s-admin.yaml
24
kind: ClusterRoleBinding
25
apiVersion: rbac.authorization.k8s.io/v1beta1
26
metadata:
27
  name: admin
28
  annotations:
29
    rbac.authorization.kubernetes.io/autoupdate: "true"
30
roleRef:
31
  kind: ClusterRole
32
  name: cluster-admin
33
  apiGroup: rbac.authorization.k8s.io
34
subjects:
35
- kind: ServiceAccount
36
  name: admin
37
  namespace: kube-system
38
39
---
40
apiVersion: v1
41
kind: ServiceAccount
42
metadata:
43
  name: admin
44
  namespace: kube-system
45
  labels:
46
    kubernetes.io/cluster-service: "true"
47
    addonmanager.kubernetes.io/mode: Reconcile
48
49
50
kubectl create -f k8s-admin.yaml
51
kubectl get serviceaccount -n kube-system
52
kubectl describe serviceaccount admin  -n kube-system
53
kubectl describe secret  admin-token-29977  -n kube-system
54
55
#保存查看到的token密钥，就是登录dashboard需要的令牌

1573523318322


xxxxxxxxxx
10
1
kubeconfig文件生成方法：
2
DASH_TOCKEN=$(kubectl get secret -n kube-system admin-token-mcqj5 -o jsonpath={.data.token}|base64 -d)
3
4
kubectl config set-cluster kubernetes --server=10.0.0.11:6443 --kubeconfig=/root/dashbord-admin.conf
5
6
kubectl config set-credentials admin --token=$DASH_TOCKEN --kubeconfig=/root/dashbord-admin.conf
7
8
kubectl config set-context admin --cluster=kubernetes --user=admin --kubeconfig=/root/dashbord-admin.conf
9
10
kubectl config use-context admin  --kubeconfig=/root/dashbord-admin.conf