master节点部署

部署

安装部署工具

apt-get update && apt-get install -y apt-transport-https curl
apt-get install docker.io
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl --allow-unauthenticated
apt-mark hold kubelet kubeadm kubectl

拉取基础镜像

 docker pull         gcrxio/kube-proxy:v1.12.1                
 docker pull         gcrxio/kube-scheduler:v1.12.1
 docker pull         gcrxio/kube-apiserver:v1.12.1
 docker pull         gcrxio/kube-controller-manager:v1.12.1
 docker pull         gcrxio/coredns:1.2.2
 docker pull         gcrxio/etcd:3.2.24
 docker pull         quay.io/coreos/flannel:v0.10.0-amd64
 docker pull         gcrxio/pause-amd64:3.1
 docker pull         gcrxio/pause:3.1

 docker tag          gcrxio/kube-proxy:v1.12.1                         k8s.gcr.io/kube-proxy:v1.12.1                              
 docker tag          gcrxio/kube-scheduler:v1.12.1         k8s.gcr.io/kube-scheduler:v1.12.1          
 docker tag          gcrxio/kube-apiserver:v1.12.1         k8s.gcr.io/kube-apiserver:v1.12.1           
 docker tag          gcrxio/kube-controller-manager:v1.12.1         k8s.gcr.io/kube-controller-manager:v1.12.1    
 docker tag          gcrxio/coredns:1.2.2         k8s.gcr.io/coredns:1.2.2                         
 docker tag          gcrxio/etcd:3.2.24         k8s.gcr.io/etcd:3.2.24                      
 docker tag          quay.io/coreos/flannel:v0.10.0-amd64         quay.io/coreos/flannel:v0.10.0-amd64               
 docker tag          gcrxio/pause-amd64:3.1         k8s.gcr.io/pause-amd64:3.1                        
 docker tag          gcrxio/pause:3.1         k8s.gcr.io/pause:3.1

创建kubeadm-config.yml 配置文件

apiVersion: kubeadm.k8s.io/v1alpha3
kind: ClusterConfiguration
kubernetesVersion: v1.12.1
apiServerCertSANs:
- "192.168.1.66"
controlPlaneEndpoint: "192.168.1.66:6443"
etcd:
  external:
    endpoints:
    - http://192.168.1.94:2379
    - http://192.168.1.66:2379
    - http://192.168.1.22:2379
networking:
    # This CIDR is a Calico default. Substitute or remove for your CNI provider.
    podSubnet: "10.244.0.0/16"

配置环境变量

 vim /root/.bashrc  
 export KUBECONFIG="/etc/kubernetes/admin.conf"
 source ~/.bashrc

启动master节点

 kubeadm init --config=kubeadm-config.yml  --ignore-preflight-errors=all

启动flannel覆盖网络

 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml

部署kubernetes-dashboard

发布CA证书

kubectl create secret generic kubernetes-dashboard-certs --from-file=/certs -n kube-system

证书文件命名

/certs/dashboard.crt
/certs/dashboard.key

创建管理员账号

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-cluster-admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard-admin
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kubernetes-dashboard-admin
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile

部署dashboard


# ------------------- Dashboard Deployment ------------------- #

kind: Deployment
apiVersion: apps/v1beta2
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
      - name: kubernetes-dashboard
        imagePullPolicy: Never
        image: gcrxio/kubernetes-dashboard-amd64:v1.10.0
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          - --auto-generate-certificates
          # Uncomment the following line to manually specify Kubernetes API server Host
          # If not specified, Dashboard will attempt to auto discover the API server and connect
          # to it. Uncomment only if the default does not work.
          # - --apiserver-host=http://my-address:port
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
          # Create on-disk volume to store exec logs
        - mountPath: /tmp
          name: tmp-volume
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard-admin
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule

---
# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30000
  selector:
    k8s-app: kubernetes-dashboard

最后编辑: 马运宝文档更新时间: 2021-01-08 14:32 作者：马运宝