說明:
本次k8s安裝是1.13.0版本,並且在安裝過程中通過重新編譯修改其默認證書期限,最後部署dashboard
安裝之前確保之前沒有安裝或者安裝的k8s以及docker,etcd已經卸載
yum -y remove kubernetes* docker* docker-selinux etcd
一:環境準備工作(所有節點都操作)
1:關閉防火牆
systemctl stop firewalld && systemctl disable firewalld
2:永久關閉selinux,修改/etc/selinux/config
SELINUX=disabled
3:配置內核參數
echo " net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 " >> /etc/sysctl.conf sysctl -p
若執行報錯sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory。 執行modprobe br_netfilter命令。再重新執行
4:關閉操作系統交換分區
swapoff -a
二:所有節點執行,下載安裝所需包
鏈接:https://pan.baidu.com/s/1P092eXC6iwreFYd8r700nw
提取碼:4wph
所有節點解壓安裝包,導鏡像
tar zvxf k8s_1.13.0.tar.gz cd rpm/ yum localinstall *.rpm systemctl start docker systemctl enable docker systemctl enable kubelet cd images docker load -i k8s.gcr.io.basic_1.13.0.tar.gz
三:master節點修改默認證書期限(在master節點操作)
1:拉取源碼
cd /data && git clone https://github.com/kubernetes/kubernetes.git
2:切換到1.13.0版本
git checkout -b remotes/origin/release-1.13 v1.13.0
3:安裝go環境
cd /data/soft && wgethttps://dl.google.com/go/go1.11.2.linux-amd64.tar.gz tar zxvf go1.11.2.linux-amd64.tar.gz -C /usr/local
4:編輯/etc/profile文件,添加如下:
#go setting export GOROOT=/usr/local/go export GOPATH=/usr/local/gopath export PATH=$PATH:$GOROOT/bin
5:生效
source /etc/profile
6:修改源碼,原來1年,*10表示10年
vi /data/kubernetes/staging/src/k8s.io/client-go/util/cert/cert.go
112 NotAfter: time.Now().Add(duration365d * 10).UTC(), 187 NotAfter: validFrom.Add(maxAge *10), 215 NotAfter: validFrom.Add(maxAge * 10),
7:編譯
cd /data/kubernetes/ && make WHAT=cmd/kubeadm
查看編譯後的文件
ls -l /data/kubernetes/_output/bin/kubeadm
8:替換kubeadm
mv /usr/bin/kubeadm /usr/bin/kubeadm_backup ln -s /data/kubernetes/_output/bin/kubeadm /usr/bin/kubeadm
四:安裝master節點
kubeadm init --kubernetes-version=v1.13.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
初始化完成按照提示操作
mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看證書期限
openssl x509 -in front-proxy-client.crt -noout -text |grep Not
五:安裝node節點,此步驟根據你部署master的返回操作
kubeadm join 18.16.200.150:6443 --token x8qzph.fq0cxnjkfwzcp90f --discovery-token-ca-cert-hash sha256:c5335fc478597b0272f2794f07bf4f9d1f4d85ca5ac29eb3928db7006d4e2639
六:安裝dashboard
1:拉取所需鏡像
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0 wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes- dashboard.yaml
3:部署dashboard
kubectl create -f kubernetes-dashboard.yaml
4:創建dashboard用戶
創建admin-token.yaml,內容如下:
kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: admin annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: admin namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: admin namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile
創建用戶
kubectl create -f admin-token.yaml
5:獲取登錄token
kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system
6:用火狐登錄,將獲取的token粘貼到令牌中