1. 安装 k8s 1.17.3
###安装Docker、kubeadm、kubelet 1、安装docker源 yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 2、安装docker yum install -y docker-ce systemctl start docker systemctl enable docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://jqqwsp8f.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker 3、设置开机自启 systemctl enable docker && systemctl start docker 查看版本 docker --version 4、安装kubeadm、kubelet核kubectl #指定安装源 cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF #本地映射/etc/hosts vim /etc/hosts 192.168.226.128 master 192.168.226.129 node1 192.168.226.130 node2 --->wq #指定安装版本 yum install -y kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3 rpm -qa | grep kube #设置开机自启动 systemctl enable kubelet #关闭swap swapoff -a sed -i 's/.*swap.*/#&/' /etc/fstab cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system ######操作位置:master mkdir k8s && cd k8s kubeadm init \ --apiserver-advertise-address=192.168.226.128 \ #本地IP --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.15.0 \ --service-cidr=10.1.0.0/16 \ --pod-network-cidr=10.244.0.0/16 mkdir k8s && cd k8s kubeadm init \ --apiserver-advertise-address=192.168.226.128 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.15.0 \ --service-cidr=10.1.0.0/16 \ --pod-network-cidr=10.244.0.0/16 #使用kubectl工具 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config ###记录kubeadm join xxxxxxxxx(用于添加node节点) kubeadm join 192.168.226.128:6443 --token vvbp4o.91yfaklznloczfnb \ --discovery-token-ca-cert-hash sha256:ace39b8db9d1c40fe31b85ff2923eedbe16d6587491eca10488fa9c31041faea #安装pod网络插件(flannel) kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml #查看组件状态 && 查看节点状态(稍等一会) kubectl get cs kubectl get nodes #####操作位置:node #docker 拉取flannel镜像 docker pull lizhenliang/flannel:v0.11.0-amd64 swapoff -a sed -i 's/.*swap.*/#&/' /etc/fstab cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system #添加节点(kubeadm join,节点token会周期性变化,kubeadm token list查看token) kubeadm join 192.168.226.128:6443 --token ld7odd.egdzg4z9h37dvumc \ --discovery-token-ca-cert-hash sha256:8e904682e6c1d670cf8b5524b3e03d1e5e5cb4156984f87414f093dc80e1fb23 #出错的时候重载配置(node节点) kubeadm reset #重载配置(master节点的) mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config 需要删除以上配置才可以继续kube init 初始化 #master节点查看node状态 “三个ready” kubectl get nodes #打node标签 kubectl label node node1 node-role.kubernetes.io/node=node kubectl label node node2 node-role.kubernetes.io/node=node #kubectl get pods -n kube-system 查看pod 状态 "1/1 Running"为正常 kubectl get pods -n kube-system ####重新生成token #若token 过期或丢失,需要先申请新的token 令牌 kubeadm token create #列出token kubeadm token list | awk -F" " '{print $1}' |tail -n 1 #然后获取CA公钥的的hash值 openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^ .* //' #替换join中token及sha256: kubeadm join 192.168.226.128:6443 --token ld7odd.egdzg4z9h37dvumc \ --discovery-token-ca-cert-hash sha256:8e904682e6c1d670cf8b5524b3e03d1e5e5cb4156984f87414f093dc80e1fb23
2. kubesphere 介绍
KubeSphere 是一款面向云原生设计的开源项目,在目前主流容器调度平台 Kubernetes 之上构建的分布式多租户容器管理平台,提供简单易用的操作界面以及向导式操作方式,在降低用户使用容器调度平台学习成本的同时,极大降低开发、测试、运维的日常工作的复杂度。
3.0安装文档:https://kubesphere.io/zh/docs/installing-on-kubernetes/introduction/overview/
2.1安装文档:https://v2-1.docs.kubesphere.io/docs/zh-CN/installation/install-on-k8s/
3. 安装 Helm 和 tiller
wget http://101.34.22.188/k8s/helm-v2.17.0-linux-amd64.tar.gz tar xf helm-v2.17.0-linux-amd64.tar.gz cp linux-amd64/helm /usr/local/bin cp linux-amd64/tiller /usr/local/bin helm version #此时 helm 已经安装好 ##创建 rbac 权限文件 cat > helm-rbac.yaml << EOF apiVersion: v1 kind: ServiceAccount metadata: name: tiller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: tiller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: tiller namespace: kube-system EOF kubectl apply -f helm-rbac.yaml #安装 tiller helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.17.0 --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts kubectl get pods --all-namespaces #检查 tiller helm version
4. 安装 OpenEBS
文档:https://v2-1.docs.kubesphere.io/docs/zh-CN/appendix/install-openebs/
#去除 master 上污点 kubectl get node -o wide kubectl describe node master | grep Taint kubectl taint nodes master node-role.kubernetes.io/master:NoSchedule- kubectl describe node master | grep Taint #安装 openebs kubectl create ns openebs kubectl apply -f https://openebs.github.io/charts/openebs-operator-1.5.0.yaml #安装 storageclass cat > sc.yaml << EOF apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: storage-nfs provisioner: storage.pri/nfs reclaimPolicy: Delete EOF kubectl apply -f sc.yaml kubectl get sc #设置默认 storageclass kubectl patch storageclass openebs-hostpath -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}' kubectl get pod -n openebs kubectl get sc
5. 安装 kubesphere
文档:https://kubesphere.io/zh/docs/installing-on-kubernetes/introduction/overview/
kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.0.0/kubesphere-installer.yaml kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.0.0/cluster-configuration.yaml #使用如下命令监控 kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f kubectl get pod --all-namespaces
账号:admin
密码:P@88w0rd
重新给 master 打上污点
kubectl taint nodes master node-role.kubernetes.io/master=:NoSchedule kubectl describe node master | grep Taint
6. 可插拔安裝插件
文档:https://kubesphere.io/zh/docs/pluggable-components/devops/
——————————————————————————————————————————————————