1、安装docker
curl -fsSL https://get.docker.com | sudo sh
2、修改docker镜像源 位置 /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://xxxxxx.mirror.aliyuncs.com", "http://hub-mirror.c.163.com"]
}
重启docker
systemctl restart docker
3、安装kubelet kubeadm kubectl
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet=1.15.2-00 kubeadm=1.15.2-00 kubectl=1.15.2-00
systemctl enable kubelet
4、关闭swap
swapoff -a
同时将/etc/fstab文件的swap行用#注释
5、初始化
kubeadm init --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16
#kubeadm init <br> --kubernetes-version=v1.15.4 <br> --image-repository registry.aliyuncs.com/google_containers <br> --pod-network-cidr=10.244.0.0/16 <br> --ignore-preflight-errors=Swap
成功后的提示
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.74.56:6443 --token aymgar.38tlm262ueiwwzmd <br> --discovery-token-ca-cert-hash sha256:586febf4e9a0a24d1e61c0a4da675993319e94b572fa05297e26c27132155dc9
根据提示执行中间的三行代码
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
6、安装pod Network
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
7、关闭master节点默认不允许部署pod
kubectl taint nodes --all node-role.kubernetes.io/master-
禁止master节点部署pod kubectl taint nodes k8s node-role.kubernetes.io/master=true:NoSchedule
8、查看pod情况
get pods -n kube-system
结果如下:
coredns-bccdc95cf-bz74d 1/1 Running 0 5m27s
coredns-bccdc95cf-f5nmj 1/1 Running 0 5m27s
etcd-reco-web 1/1 Running 0 4m23s
kube-apiserver-reco-web 1/1 Running 0 4m45s
kube-controller-manager-reco-web 1/1 Running 0 4m18s
kube-flannel-ds-dft5l 1/1 Running 0 2m2s
kube-proxy-4q2nb 1/1 Running 0 5m27s
kube-scheduler-reco-web 1/1 Running 0 4m45s
9、安装UI
本例使用kuboard 有SSO配置,可设置gitlab登录
1.安装
kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml
kuboard.yaml内容
apiVersion: apps/v1
kind: Deployment
metadata:
name: kuboard
namespace: kube-system
annotations:
k8s.kuboard.cn/displayName: kuboard
k8s.kuboard.cn/ingress: "true"
k8s.kuboard.cn/service: NodePort
k8s.kuboard.cn/workload: kuboard
labels:
k8s.kuboard.cn/layer: monitor
k8s.kuboard.cn/name: kuboard
spec:
replicas: 1
selector:
matchLabels:
k8s.kuboard.cn/layer: monitor
k8s.kuboard.cn/name: kuboard
template:
metadata:
labels:
k8s.kuboard.cn/layer: monitor
k8s.kuboard.cn/name: kuboard
spec:
containers:
- name: kuboard
image: eipwork/kuboard:latest
imagePullPolicy: Always
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
operator: Exists
---
apiVersion: v1
kind: Service
metadata:
name: kuboard
namespace: kube-system
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 32567
selector:
k8s.kuboard.cn/layer: monitor
k8s.kuboard.cn/name: kuboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kuboard-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kuboard-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kuboard-user
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kuboard-viewer
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kuboard-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects:
- kind: ServiceAccount
name: kuboard-viewer
namespace: kube-system
# ---
# apiVersion: extensions/v1beta1
# kind: Ingress
# metadata:
# name: kuboard
# namespace: kube-system
# annotations:
# k8s.kuboard.cn/displayName: kuboard
# k8s.kuboard.cn/workload: kuboard
# nginx.org/websocket-services: "kuboard"
# nginx.com/sticky-cookie-services: "serviceName=kuboard srv_id expires=1h path=/"
# spec:
# rules:
# - host: kuboard.yourdomain.com
# http:
# paths:
# - path: /
# backend:
# serviceName: kuboard
# servicePort: http
2.获取登录token
echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{}' | base64 -d)
3.登录
http://192.168.1.105:32567/
10、Api访问和获取创建资源
访问地址:https://hostIP:6443/
使用bearer token 方式请求,可以使用第9、中的token,也可以自己创建角色绑定后获取token
podList: https://hostIP:6443/api/v1/pods
deploymentList: https://hostIP:6443/apis/apps/v1/namespaces/kube-public/deployments
serviceList: https://hostIP:6443//api/v1/services
api官方地址:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#-strong-api-overview-strong-
更多信息请关注公众号:[Z技术]
