版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/c5113620/article/details/82763681
关闭防火墙
systemctl stop firewalld && sudo systemctl disable firewalld
安装docker-ce 17.06
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum install docker-ce-<VERSION STRING>
yum install docker-ce-17.06.2.ce-1.el7.centos
配置docker代理
docker 代理
mkdir /etc/systemd/system/docker.service.d
touch /etc/systemd/system/docker.service.d/http-proxy.conf
vi /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://192.168.199.190:1080" "NO_PROXY=localhost,172.16.0.0/16,127.0.0.1,10.244.0.0/16"
systemctl daemon-reload
systemctl show --property Environment docker 检测代理参数配置
systemctl restart docker
systemctl enable docker && systemctl start docker
安装kubelet kubeadm kubectl等组件
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
ip_resolve=IPv4
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF
setenforce 0 关闭selinux
//配置shell代理
export http_proxy=http://192.168.199.190:1080
export https_proxy=http://192.168.199.190:1080
curl www.google.com
yum install kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet && systemctl start kubelet
系统设置
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
关闭swap
swapoff -a
free -m |grep Swap
开始安装
kubeadm init --kubernetes-version=v1.10.0 --pod-network-cidr=10.244.0.0/16 加version,可能会错,cidr是flannel需要的
执行完看到,下面表示成功
Your Kubernetes master has initialized successfully!
记住最后的命令,是加入集群的,root执行
kubeadm join 192.168.204.130:6443 --token w0xm2g.lzdctrksboe9wh86 --discovery-token-ca-cert-hash sha256:2a7dd887db8b53477cd9358dd48d35383bc3830809c2a39f11ef3d2b1529c786
kubeadm token list 取得上面的token
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed 's/^.* //' 取得上面的hash
kubeadm token create token默认24小时过期
export KUBECONFIG=/etc/kubernetes/admin.conf init后,root执行,其他用户,执行安装完输出的命令,写入.bashrc
安装flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml
kubectl get pods --all-namespaces 确认CoreDNS pod running
使master可以安装pod,因为搭建的单节点集群,默认master是不会有pod的
kubectl taint nodes --all node-role.kubernetes.io/master- 使得master节点可以添加pod
安装过程有问题可以重置
kubeadm reset 重置
其他机器管理集群,需要复制admin.conf文件
scp root@<master ip>:/etc/kubernetes/admin.conf .
kubectl --kubeconfig ./admin.conf get nodes
systemctl status kubelet journalctl -xeu kubelet
报错No networks found in /etc/cni/net.d 需要取消shell代理,退出重进shell
安装dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
最下面的Dashboard Service改spec添加type: NodePort
spec:
type: NodePort
ports:
kubectl create -f kubernetes-dashboard.yaml
安装dashboard权限
touch kubernetes-dashboard-admin.rbac.yaml
写入文件kubernetes-dashboard-admin.rbac.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-admin
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard-admin
namespace: kube-system
kubectl create -f kubernetes-dashboard-admin.rbac.yaml
查看token并登陆dashboard
kubectl -n kube-system get secret | grep kubernetes-dashboard-admin
kubectl describe -n kube-system secret/kubernetes-dashboard-admin-token-vfxvf 上面显示的左边那个名称,这两个是为了取得token
kubectl get svc -n kube-system |grep dashboard 看端口,应该有两个(添加了NodePort后),后面那个
https://192.168.204.130:31326
由于我是在vmware里的centos安装的,虽然是虚拟机的ip地址, 由于是nat我可以直接访问虚拟机ip,kubeadm安装的也是虚拟机的ip,但是我在虚拟机外用网页就是访问不了(不是https证书,不安全,点继续,是chrome直接就断开连接,可能是https的缘故)
找到了需要kubectl proxy
master上执行,自己修改ip
kubectl proxy 默认监听127.0.0.1:8001
在其他机器需要admin.yaml
scp root@<master ip>:/etc/kubernetes/admin.conf .
kubectl --kubeconfig ./admin.conf proxy
kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='.*'
http://192.168.204.130:8001/ api列表json字符
http://192.168.204.130:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login dashboard地址,输入token
以下是安装centos7的window桌面,安装chrome,访问dashboard,
yum groupinstall GNOME Desktop
yum groupinstall "X Window System"
yum groupinstall "Desktop" 可能没有,没事执行运行
startx
安装chrome,需要代理
touch /etc/yum.repos.d/google-chrome.repo
vi /etc/yum.repos.d/google-chrome.repo
[google-chrome]
name=google-chrome
baseurl=http://dl.google.com/linux/chrome/rpm/stable/$basearch
ip_resolve=IPv4
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
yum info google-chrome-stable 看版本,最新是69
yum install google-chrome-stable
如果是root运行需要加参数
vi /usr/bin/google-chrome
最后一行的exec后面 -–no-sandbox
可以是命令行运行,或者桌面的application–internet–chrome运行
google-chrome &