环境:
镜像版本:v1.15.0 — 软件包也要为v1.15.0
flannel.tar 为:v0.10.0-amd6
1.安装
(1)关闭swap
swapoff -a
vim /etc/fstab
关闭火墙/让火墙允许服务通过
(2)安装
yum install -y *
cri-tools-1.13.0-0.x86_64.rpm kubelet-1.15.0-0.x86_64.rpm
kubeadm-1.15.0-0.x86_64.rpm kubernetes-cni-0.7.5-0.x86_64.rpm
kubectl-1.15.0-0.x86_64.rpm
2.导入镜像
for i in *.tar; do docker load -i $i ; done
coredns.tar etcd.tar
kube-apiserver.tar kube-controller-manager.tar
kube-proxy.tar kube-scheduler.tar
pause.tar
3.vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
sysctl --system
4.其他两个节点也一样
scp /etc/sysctl.d/k8s.conf server4:/etc/sysctl.d/
sysctl --system
scp /etc/sysctl.d/k8s.conf server6:/etc/sysctl.d/
sysctl --system
5.主节点初始化kubeadm (cpu至少两个)
kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=172.25.60.5
有两个warning,可以忽略
6.根据提示在其他docker节点上执行命令
kubeadm join 172.25.60.5:6443 --token vsbib2.q8fx0hbgwdkc2hc8 \
--discovery-token-ca-cert-hash \
sha256:633b0abc5d56564265e202d17e0a945ffabd1fc97eb769d693679de036e6c96c
注:net.ipv4.ip_forward = 1
sysctl -a| grep ip_forward //查看
vim /etc/sysctl.conf //更改
sysctl -p //刷新
7.主节点建立用户并授权
[root@server5 ~]#useradd kubeadm
[root@server5 ~]#vim /etc/sudoers
kubeadm ALL=(ALL) NOPASSWD:ALL
[root@server5 ~]#su - kubeadm
##初始化主节点时以提示以下操作
[kubeadm@server5 ~]$ mkdir -p $HOME/.kube
[kubeadm@server5 ~]$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[kubeadm@server5 ~]$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
查看:此时查看处于NotReady
8.server4/5/6: 导入镜像flannel.tar
docker load -i flannel.tar
9.Master: 编辑kube-flannel.yml
[kubeadm@server5 ~]$ kubectl apply -f kube-flannel.yml
查看:再查看就好了
10.解决kubeadm用户Tab问题:
[kubeadm@server5 ~]$ echo "source < (kubectl completion bash)" >> .bashrc
1.三个节点导入镜像
kubernetes-dashboard.tar
2. su - kubeadm
(1) kubectl create -f kubernetes-dashboard.yaml
(2)
kubectl describe svc kubernetes-dashboard -n kube-system
kubectl edit service kubernetes-dashboard -n kube-system
service/kubernetes-dashboard edited //更改Type:NodePort(倒数第三行)
kubectl describe svc kubernetes-dashboard -n kube-system
(3)vim dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
kubectl create -f dashboard-admin.yaml 查看端口号
测试: IP+端口号+token置进行访问
查看用户名:
[kubeadm@server5 ~]$ kubectl get secrets -n kube-system | grep admin
admin-user-token-bt5kk kubernetes.io/service-account-token 3 3m5s
根据用户名查看token值:
[kubeadm@server5 ~]$ kubectl describe secrets admin-user-token-bt5kk -n kube-system