kubeadm 安装k8s 1.15版

1：环境要求

机器名 ip地址 cpu和内存要求
kubernetes-master 10.0.0.11 2c2g(关闭swap)
kubernetes-node1 10.0.0.12 2c2g(关闭swap)

2：安装指定版本docker

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum list docker-ce --showduplicates

#安装指定版本的docker

yum install docker-ce-18.09.9 -y

3：安装kubeadm

#所有节点

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum install kubelet-1.15.5-0 kubeadm-1.15.5-0 kubectl-1.15.5-0 -y
systemctl enable kubelet && systemctl start kubelet

4：使用kubeadm初始化k8s集群

#所以节点

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

sysctl  --system

swapoff -a

vim /etc/fstab 注释下面这一行

#控制节点

kubeadm init --kubernetes-version=v1.15.12 --image-repository registry.aliyuncs.com/google_containers  --pod-network-cidr=10.244.0.0/16 --service-cidr=10.254.0.0/16

需要下载 稍等一下

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

5：给k8s集群加入node节点:

kubeadm join 10.0.0.11:6443 --token wlpnla.gtgc4wsx6n0anqos     --discovery-token-ca-cert-hash sha256:b6fcf697a92203455d219b81da604f97ff8ce5a0319769c5437d924f0aa145c4

验证

kubectl get node

6：为k8s集群配置网络插件
1）

wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
#修改网段范围为
kubectl create -f kube-flannel.yml
kubectl get all -n kube-system
kubectl get nodes

验证

kubectl get all -n kube-system
kubectl get nodes

7：为k8s集群配置dashboard服务

kubeadm安装k8s 1.15部署dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
​
vi kubernetes-dashboard.yaml 
#修改service类型为NodePort类型
kubectl create -f kubernetes-dashboard.yaml
​
#解决Google浏览器不能打开kubernetes dashboard方法
mkdir key && cd key
#生成证书
openssl genrsa -out dashboard.key 2048 
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=10.0.0.11'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt 
#删除原有的证书secret
kubectl delete secret kubernetes-dashboard-certs -n kube-system
#创建新的证书secret
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kube-system
#查看pod
kubectl get pod -n kube-system
#删除pod，启动新pod生效
kubectl delete  pod -n kube-sytem  kubernetes-dashboard-7c697b776b-zph98
​
#编辑文件vim k8s-admin.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system
​
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
​
​
kubectl create -f k8s-admin.yaml
kubectl get serviceaccount -n kube-system
kubectl describe serviceaccount admin  -n kube-system
kubectl describe secret  admin-token-29977  -n kube-system
​
#保存查看到的token密钥，就是登录dashboard需要的令牌