说明:
本次k8s安装是1.13.0版本,并且在安装过程中通过重新编译修改其默认证书期限,最后部署dashboard
安装之前确保之前没有安装或者安装的k8s以及docker,etcd已经卸载
yum -y remove kubernetes* docker* docker-selinux etcd
一:环境准备工作(所有节点都操作)
1:关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
2:永久关闭selinux,修改/etc/selinux/config
SELINUX=disabled
3:配置内核参数
echo " net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 " >> /etc/sysctl.conf sysctl -p
若执行报错sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory。 执行modprobe br_netfilter命令。再重新执行
4:关闭操作系统交换分区
swapoff -a
二:所有节点执行,下载安装所需包
链接:https://pan.baidu.com/s/1P092eXC6iwreFYd8r700nw
提取码:4wph
所有节点解压安装包,导镜像
tar zvxf k8s_1.13.0.tar.gz cd rpm/ yum localinstall *.rpm systemctl start docker systemctl enable docker systemctl enable kubelet cd images docker load -i k8s.gcr.io.basic_1.13.0.tar.gz
三:master节点修改默认证书期限(在master节点操作)
1:拉取源码
cd /data && git clone https://github.com/kubernetes/kubernetes.git
2:切换到1.13.0版本
git checkout -b remotes/origin/release-1.13 v1.13.0
3:安装go环境
cd /data/soft && wgethttps://dl.google.com/go/go1.11.2.linux-amd64.tar.gz tar zxvf go1.11.2.linux-amd64.tar.gz -C /usr/local
4:编辑/etc/profile文件,添加如下:
#go setting export GOROOT=/usr/local/go export GOPATH=/usr/local/gopath export PATH=$PATH:$GOROOT/bin
5:生效
source /etc/profile
6:修改源码,原来1年,*10表示10年
vi /data/kubernetes/staging/src/k8s.io/client-go/util/cert/cert.go
112 NotAfter: time.Now().Add(duration365d * 10).UTC(), 187 NotAfter: validFrom.Add(maxAge *10), 215 NotAfter: validFrom.Add(maxAge * 10),
7:编译
cd /data/kubernetes/ && make WHAT=cmd/kubeadm
查看编译后的文件
ls -l /data/kubernetes/_output/bin/kubeadm
8:替换kubeadm
mv /usr/bin/kubeadm /usr/bin/kubeadm_backup ln -s /data/kubernetes/_output/bin/kubeadm /usr/bin/kubeadm
四:安装master节点
kubeadm init --kubernetes-version=v1.13.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
初始化完成按照提示操作
mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看证书期限
openssl x509 -in front-proxy-client.crt -noout -text |grep Not
五:安装node节点,此步骤根据你部署master的返回操作
kubeadm join 18.16.200.150:6443 --token x8qzph.fq0cxnjkfwzcp90f --discovery-token-ca-cert-hash sha256:c5335fc478597b0272f2794f07bf4f9d1f4d85ca5ac29eb3928db7006d4e2639
六:安装dashboard
1:拉取所需镜像
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0 wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes- dashboard.yaml
3:部署dashboard
kubectl create -f kubernetes-dashboard.yaml
4:创建dashboard用户
创建admin-token.yaml,内容如下:
kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: admin annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: admin namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: admin namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile
创建用户
kubectl create -f admin-token.yaml
5:获取登录token
kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system
6:用火狐登录,将获取的token粘贴到令牌中
转载于:https://blog.51cto.com/lvsir666/2344986
扫一扫
191
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
