Docker + k8s

環境：
鏡像版本：v1.15.0 — 軟件包也要爲v1.15.0
flannel.tar 爲：v0.10.0-amd6

1.安裝
(1)關閉swap

swapoff -a
vim /etc/fstab

關閉火牆/讓火牆允許服務通過

(2)安裝

yum install -y *
 
cri-tools-1.13.0-0.x86_64.rpm  kubelet-1.15.0-0.x86_64.rpm
kubeadm-1.15.0-0.x86_64.rpm    kubernetes-cni-0.7.5-0.x86_64.rpm
kubectl-1.15.0-0.x86_64.rpm

2.導入鏡像

for i in *.tar; do docker load -i $i ; done

coredns.tar				etcd.tar
kube-apiserver.tar		kube-controller-manager.tar
kube-proxy.tar			kube-scheduler.tar
pause.tar

3.vim /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
sysctl --system

4.其他兩個節點也一樣

scp /etc/sysctl.d/k8s.conf server4:/etc/sysctl.d/
sysctl --system

scp /etc/sysctl.d/k8s.conf server6:/etc/sysctl.d/
sysctl --system

5.主節點初始化kubeadm (cpu至少兩個)

kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=172.25.60.5

有兩個warning，可以忽略

6.根據提示在其他docker節點上執行命令

kubeadm join 172.25.60.5:6443 --token vsbib2.q8fx0hbgwdkc2hc8 \
    --discovery-token-ca-cert-hash \  
    sha256:633b0abc5d56564265e202d17e0a945ffabd1fc97eb769d693679de036e6c96c

注：net.ipv4.ip_forward = 1

sysctl -a| grep ip_forward	//查看
vim /etc/sysctl.conf		//更改
sysctl -p			//刷新

7.主節點建立用戶並授權

[root@server5 ~]#useradd kubeadm
[root@server5 ~]#vim /etc/sudoers
kubeadm ALL=(ALL)       NOPASSWD:ALL
[root@server5 ~]#su - kubeadm 
##初始化主節點時以提示以下操作
[kubeadm@server5 ~]$ mkdir -p $HOME/.kube		
[kubeadm@server5 ~]$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[kubeadm@server5 ~]$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

查看：此時查看處於NotReady

8.server4/5/6: 導入鏡像flannel.tar

docker load -i flannel.tar

9.Master: 編輯kube-flannel.yml

[kubeadm@server5 ~]$ kubectl apply -f kube-flannel.yml 

查看：再查看就好了

10.解決kubeadm用戶Tab問題：

[kubeadm@server5 ~]$ echo "source < (kubectl completion bash)" >> .bashrc 

1.三個節點導入鏡像

kubernetes-dashboard.tar

2. su - kubeadm

(1) kubectl create -f kubernetes-dashboard.yaml

(2)

kubectl describe svc kubernetes-dashboard -n kube-system
kubectl edit service kubernetes-dashboard -n kube-system
service/kubernetes-dashboard edited			//更改Type:NodePort(倒數第三行)
kubectl describe svc kubernetes-dashboard -n kube-system

(3)vim dashboard-admin.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
  
---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

kubectl create -f dashboard-admin.yaml 查看端口號

測試： IP+端口號+token置進行訪問

查看用戶名:

[kubeadm@server5 ~]$ kubectl get secrets -n kube-system | grep admin
admin-user-token-bt5kk      kubernetes.io/service-account-token   3      3m5s

根據用戶名查看token值:

[kubeadm@server5 ~]$ kubectl describe secrets admin-user-token-bt5kk -n kube-system