kubernetes 1.13部署

參考：
https://blog.csdn.net/qq_42006894/article/details/86214085
https://blog.csdn.net/networken/article/details/84991940

集羣信息

10.22.60.26 master
10.22.60.172 node01 
10.22.60.173 node02

 

1、安裝基本服務（所有節點：master + node）

yum install -y net-tools epel-release

yum install -y vim yum-utils device-mapper-persistent-data lvm2

 

2、配置docker-ce 和 k8s yum 源（所有節點：master + node）

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

 

cat <<EOF > /etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/

enabled=1

gpgcheck=1

repo_gpgcheck=1

gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

 

3、防火牆、Selinux和swap分區（所有節點：master + node）

sudo systemctl stop firewalld.service #停止firewall

sudo systemctl disable firewalld.service #禁止firewall開機啓動

sudo swapoff -a

sudo setenforce 0

sudo vi /etc/selinux/config

#SELINUX修改爲disabled

SELINUX=disabled

4、安裝docker-ce 和k8s（所有節點：master + node）

yum install docker-ce-18.06.0.ce

# 直接 yum install docker-ce，docker-ce的版本太高，可能存在兼容問題，未測試

systemctl enable docker

systemctl start docker

 

 

 

yum install kubectl-1.13.1 kubelet-1.13.1 kubernetes-cni-1.13.1 kubeadm-1.13.1   ## 如果不加版本號，會自動安裝最新的版本，當前最新的版本已經到1.14.1

systemctl enable kubelet

# 默認安裝需要禁用swap，這裏配置/etc/sysconfig/kubelet 忽略禁用swap

vim /etc/sysconfig/kubelet

KUBELET_EXTRA_ARGS="--fail-swap-on=false"

 

5、修改鏡像源（所有節點：master + node）

vim /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

修改爲：

# Note: This dropin only works with kubeadm and kubelet v1.11+

[Service]

Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"

Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"

# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically

EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env

# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use

# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.

# "KUBE_PAUSE" 指定pause鏡像的位置，需要在最後一行添加設置的"KUBE_PAUSE"的參數

Environment="KUBE_PAUSE=--pod-infra-container-image=10.22.60.25/kubernetes/pause:3.1"

EnvironmentFile=-/etc/sysconfig/kubelet

ExecStart=

ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS $KUBE_PAUSE

 

6、橋接網絡設置（所有節點：master + node）

 

modprobe br_netfilter

cat <<EOF > /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

EOF

sysctl -p /etc/sysctl.d/k8s.conf

ls /proc/sys/net/bridge

7、配置 /etc/hosts（所有節點：master + node）

10.22.60.26 ODCBSCMCP01

10.22.60.172 DCK8SNO103

10.22.60.173 DCK8SNO104

8、集羣初始化（master節點操作：請記錄初始化最後打印出的kubeadm join 信息）

 

# --ignore-preflight-errors=Swap 忽略禁用swap ，必須要加上

由於網段衝突，導致dns解析有問題，所有這裏我改爲192.168.0.0/16，默認爲"10.244.0.0/16"

kubeadm init \

--kubernetes-version=v1.13.1 \

--pod-network-cidr=192.168.0.0/16 \

--apiserver-advertise-address=10.22.60.26 \

--image-repository=registry.odc.sunline.cn/kubernetes

 

 

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

 

9、安裝calico網絡插件

wget https://raw.githubusercontent.com/Lentil1016/kubeadm-ha/1.13.0/calico/rbac.yaml

wget https://raw.githubusercontent.com/Lentil1016/kubeadm-ha/1.13.0/calico/calico.yaml

"calico.yaml"文件中的鏡像可以換成內網的鏡像地址，

"calico.yaml"中的集羣IP範圍可根據需求修改，默認爲"10.244.0.0/16"，由於網段衝突，導致dns解析有問題，所有這裏我改爲192.168.0.0/16

kubectl apply -f rbac.yaml

kubectl apply -f calico.yaml

 

10、安裝dashboard

wget https://raw.githubusercontent.com/cherryleo/k8s-apps/master/k8s-dashboard/kubernetes-dashboard.yaml

修改裏面的鏡像地址，改爲阿里的"registry.cn-hangzhou.aliyuncs.com/houfei/kubernetes-dashboard-amd64:v1.10.1"

kubectl apply -f kubernetes-dashboard.yaml

 

# 在火狐瀏覽器訪問主機的https://10.22.60.26/30080端口，其他瀏覽器訪問是時候有問題,如果出現頁面代表服務正常

11、配置dashboard的登錄權限

創建文件：cat admin-user.yaml

apiVersion: v1

kind: ServiceAccount

metadata:

name: admin-user

namespace: kube-system

 

---

apiVersion: rbac.authorization.k8s.io/v1beta1

kind: ClusterRoleBinding

metadata:

name: admin-user

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: cluster-admin

subjects:

- kind: ServiceAccount

name: admin-user

namespace: kube-system

 

kubectl apply -f admin-user.yaml

 

# 獲取登錄頁面的token

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')