kubernetes V1.10.4 单节点部署 ?(手动生成证书)

1.1 服务器信息

1.2 软件版本信息

2. 部署

2.1 服务器初始化

基础软件安装

yuminstallvimnet-toolsgit-y

关闭selinux

编辑/etc/sysconfig/selinuxSELINUX=disabled

关闭firewall防火墙

systemctldisablefirewalld&&systemctlstopfirewalld

更新服务器后重启

yumupdate-y&&reboot

修改内核参数

创建/etc/sysctl.d/k8s.conf文件

net.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1sysctl-p/etc/sysctl.d/k8s.conf#生效

2.2kubeadm，kubectl，kubelet ，docker 安装

2.2.1 添加yum源

创建/etc/yum.repos.d/k8s.repo文件

[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttps://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

2.2.2 安装

yuminstallkubeadmkubectlkubeletdocker-ysystemctlenabledocker&&systemctlenablekubelet

2.3 导入docker镜像

镜像包列表

[root@k8s01images]#lltotal1050028-rw-r--r--1rootroot193461760Jun1411:15etcd-amd64_3.1.12.tar-rw-r--r--1rootroot45306368Jun1411:15flannel_v0.10.0-amd64.tar-rw-r--r--1rootroot75337216Jun1411:15heapster-amd64_v1.5.3.tar-rw-r--r--1rootroot41239040Jun1411:15k8s-dns-dnsmasq-nanny-amd64_1.14.8.tar-rw-r--r--1rootroot50727424Jun1411:15k8s-dns-kube-dns-amd64_1.14.8.tar-rw-r--r--1rootroot42481152Jun1411:15k8s-dns-sidecar-amd64_1.14.8.tar-rw-r--r--1rootroot225355776Jun1411:16kube-apiserver-amd64_v1.10.4.tar-rw-r--r--1rootroot148135424Jun1411:16kube-controller-manager-amd64_v1.10.4.tar-rw-r--r--1rootroot98951168Jun1411:16kube-proxy-amd64_v1.10.4.tar-rw-r--r--1rootroot102800384Jun1411:16kubernetes-dashboard-amd64_v1.8.3.tar-rw-r--r--1rootroot50658304Jun1411:16kube-scheduler-amd64_v1.10.4.tar-rw-r--r--1rootroot754176Jun1411:16pause-amd64_3.1.tar

导入

forjin`ls./`;dodockerload--input./$j;done

查看镜像

dockerimagesREPOSITORYTAGIMAGEIDCREATEDSIZEk8s.gcr.io/kube-proxy-amd64v1.10.43f9ff47d0fca7daysago97.1MBk8s.gcr.io/kube-controller-manager-amd64v1.10.41a24f55865987daysago148MBk8s.gcr.io/kube-apiserver-amd64v1.10.4afdd56622af37daysago225MBk8s.gcr.io/kube-scheduler-amd64v1.10.46fffbea311f07daysago50.4MBk8s.gcr.io/heapster-amd64v1.5.3f57c75cd7b0a6weeksago75.3MBk8s.gcr.io/etcd-amd643.1.1252920ad46f5b3monthsago193MBk8s.gcr.io/kubernetes-dashboard-amd64v1.8.30c60bcf899004monthsago102MBquay.io/coreos/flannelv0.10.0-amd64f0fad859c9094monthsago44.6MBk8s.gcr.io/k8s-dns-dnsmasq-nanny-amd641.14.8c2ce1ffb51ed5monthsago41MBk8s.gcr.io/k8s-dns-sidecar-amd641.14.86f7f2dc7fab55monthsago42.2MBk8s.gcr.io/k8s-dns-kube-dns-amd641.14.880cc5ea4b5475monthsago50.5MBk8s.gcr.io/pause-amd643.1da86e6ba6ca15monthsago742kB

2.4 证书生成

拉取github脚本

gitclone&&cdk8s-tls/&&chmod+xrun.sh

编辑apiserver.json文件

{"CN":"kube-apiserver","hosts":["172.16.50.131",#本机IP地址"10.96.0.1","k8s01",#本机主机名"kubernetes","kubernetes.default","kubernetes.default.svc","kubernetes.default.svc.cluster","kubernetes.default.svc.cluster.local"],"key":{"algo":"rsa","size":2048}}

执行

./run.sh

查看证书

ll/etc/kubernetes/pki/total48-rw-r--r--1rootroot1403Jun1411:34apiserver.crt-rw-------1rootroot1679Jun1411:34apiserver.key-rw-r--r--1rootroot1257Jun1411:34apiserver-kubelet-client.crt-rw-------1rootroot1675Jun1411:34apiserver-kubelet-client.key-rw-r--r--1rootroot1143Jun1411:34ca.crt-rw-------1rootroot1675Jun1411:34ca.key-rw-r--r--1rootroot1143Jun1411:34front-proxy-ca.crt-rw-------1rootroot1679Jun1411:34front-proxy-ca.key-rw-r--r--1rootroot1208Jun1411:34front-proxy-client.crt-rw-------1rootroot1675Jun1411:34front-proxy-client.key-rw-r--r--1rootroot891Jun1411:34sa.key-rw-r--r--1rootroot272Jun1411:34sa.pub

2.5 初始化master

kubeadminit--apiserver-advertise-address=172.16.50.131--pod-network-cidr=10.244.0.0/16--kubernetes-version=v1.10.4[init]UsingKubernetesversion:v1.10.4[init]UsingAuthorizationmodes:[NodeRBAC][preflight]Runningpre-flightchecks.[WARNINGFileExisting-crictl]:crictlnotfoundinsystempathSuggestion:gogetgithub.com/kubernetes-incubator/cri-tools/cmd/crictl[preflight]Startingthekubeletservice[certificates]Usingtheexistingcacertificateandkey.[certificates]Usingtheexistingapiservercertificateandkey.[certificates]Usingtheexistingapiserver-kubelet-clientcertificateandkey.[certificates]Usingtheexistingsakey.[certificates]Usingtheexistingfront-proxy-cacertificateandkey.[certificates]Usingtheexistingfront-proxy-clientcertificateandkey.[certificates]Generatedetcd/cacertificateandkey.[certificates]Generatedetcd/servercertificateandkey.[certificates]etcd/serverservingcertissignedforDNSnames[localhost]andIPs[127.0.0.1][certificates]Generatedetcd/peercertificateandkey.[certificates]etcd/peerservingcertissignedforDNSnames[k8s01]andIPs[172.16.50.131][certificates]Generatedetcd/healthcheck-clientcertificateandkey.[certificates]Generatedapiserver-etcd-clientcertificateandkey.[certificates]Validcertificatesandkeysnowexistin"/etc/kubernetes/pki"[kubeconfig]WroteKubeConfigfiletodisk:"/etc/kubernetes/admin.conf"[kubeconfig]WroteKubeConfigfiletodisk:"/etc/kubernetes/kubelet.conf"[kubeconfig]WroteKubeConfigfiletodisk:"/etc/kubernetes/controller-manager.conf"[kubeconfig]WroteKubeConfigfiletodisk:"/etc/kubernetes/scheduler.conf"[controlplane]WroteStaticPodmanifestforcomponentkube-apiserverto"/etc/kubernetes/manifests/kube-apiserver.yaml"[controlplane]WroteStaticPodmanifestforcomponentkube-controller-managerto"/etc/kubernetes/manifests/kube-controller-manager.yaml"[controlplane]WroteStaticPodmanifestforcomponentkube-schedulerto"/etc/kubernetes/manifests/kube-scheduler.yaml"[etcd]WroteStaticPodmanifestforalocaletcdinstanceto"/etc/kubernetes/manifests/etcd.yaml"[init]WaitingforthekubelettobootupthecontrolplaneasStaticPodsfromdirectory"/etc/kubernetes/manifests".[init]Thismighttakeaminuteorlongerifthecontrolplaneimageshavetobepulled.[apiclient]Allcontrolplanecomponentsarehealthyafter25.004724seconds[uploadconfig]StoringtheconfigurationusedinConfigMap"kubeadm-config"inthe"kube-system"Namespace[markmaster]Willmarknodek8s01asmasterbyaddingalabelandataint[markmaster]Masterk8s01taintedandlabelledwithkey/value:node-role.kubernetes.io/master=""[bootstraptoken]Usingtoken:doz2px.eb7wncizjnwnk63q[bootstraptoken]ConfiguredRBACrulestoallowNodeBootstraptokenstopostCSRsinorderfornodestogetlongtermcertificatecredentials[bootstraptoken]ConfiguredRBACrulestoallowthecsrapprovercontrollerautomaticallyapproveCSRsfromaNodeBootstrapToken[bootstraptoken]ConfiguredRBACrulestoallowcertificaterotationforallnodeclientcertificatesinthecluster[bootstraptoken]Creatingthe"cluster-info"ConfigMapinthe"kube-public"namespace[addons]Appliedessentialaddon:kube-dns[addons]Appliedessentialaddon:kube-proxyYourKubernetesmasterhasinitializedsuccessfully!Tostartusingyourcluster,youneedtorunthefollowingasaregularuser:mkdir-p$HOME/.kubesudocp-i/etc/kubernetes/admin.conf$HOME/.kube/configsudochown$(id-u):$(id-g)$HOME/.kube/configYoushouldnowdeployapodnetworktothecluster.Run"kubectlapply-f[podnetwork].yaml"withoneoftheoptionslistedat:https://kubernetes.io/docs/concepts/cluster-administration/addons/Youcannowjoinanynumberofmachinesbyrunningthefollowingoneachnodeasroot:kubeadmjoin172.16.50.131:6443--tokendoz2px.eb7wncizjnwnk63q--discovery-token-ca-cert-hashsha256:bc57f885b7be70cb94b457bc4795de3e678058eb05082658ab79629696d1884b

后续操作

mkdir-p$HOME/.kubecp-i/etc/kubernetes/admin.conf$HOME/.kube/config让master参与工作负载，因为服务器就一台，没用node节点kubectltaintnodes$HOSTNAMEnode-role.kubernetes.io/master-

查看pod

kubectlgetpods--all-namespacesNAMESPACENAMEREADYSTATUSRESTARTSAGEkube-systemetcd-k8s011/1Running01mkube-systemkube-apiserver-k8s011/1Running059skube-systemkube-controller-manager-k8s011/1Running01mkube-systemkube-dns-86f4d74b45-psqrb0/3Pending01mkube-systemkube-proxy-8sgzr1/1Running01mkube-systemkube-scheduler-k8s011/1Running01m

2.6 部署网络插件flannel

在压缩包yaml目录

cd/data/v1.10.4/yaml#kubectlcreate-fkube-flannel.yamlclusterrole.rbac.authorization.k8s.io"flannel"createdclusterrolebinding.rbac.authorization.k8s.io"flannel"createdserviceaccount"flannel"createdconfigmap"kube-flannel-cfg"createddaemonset.extensions"kube-flannel-ds"created

待更新....

kubernetes V1.10.4 单节点部署 ?(手动生成证书)

原文地址：http://blog.51cto.com/11889458/2129294