This is the third day of my participation in Gwen Challenge
Build a single master Kubernetes cluster, use the official recommended kubeadm installation, official K8S from version 1.19 to support root certificate validity period of 10 years, API certificate validity period of one year, renewable, one year each time
Three machines:
192.168.1.100192.168.1.101192.168.1.102
Copy the codeEnvironment initialization
Set the number of open files
echo "* - nofile 100001" >> /etc/security/limits.conf
echo "* - nproc 100001" >> /etc/security/limits.conf
Copy the codeClose the selinux
sed -i "s/SELINUXTYPE=targeted/#SELINUXTYPE=targeted/" /etc/selinux/config
sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
Copy the codeInstalling Basic Tools
yum install wget iptables-services telnet net-tools git curl unzip sysstat lsof ntpdate lrzsz vim -y
Copy the codeConfiguring Time Synchronization
yum install ntp -y systemctl start ntpd systemctl enable ntpd timedatectl set-timezone Asia/Shanghai timedatectl set-ntp yes timedatectlCopy the codeDisable Firwalld and iptables
systemctl stop firewalld.service
systemctl disable firewalld.service
mv /etc/sysconfig/iptables /etc/sysconfig/iptables.bak
systemctl disable iptables.service
systemctl stop iptables.service
Copy the codeOptimizing SSH Login
echo "UseDNS no" >> /etc/ssh/sshd_config
echo "UseDNS no" >> /etc/ssh/sshd_config
systemctl restart sshd
Copy the codeClose the swap
swapoff -a
sed -i 's/.*swap/#&/' /etc/fstab
Copy the codeK8s-related kernel configuration
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
Copy the codeInstall the docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce
systemctl start docker
systemctl enable docker
docker version
Copy the codeInstall kubeadm(execute on three machines)
cat <<EOF> /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum list -y kubeadm --showduplicates
yum install -y kubeadm kubectl kubelet
kubeadm version
systemctl start kubelet
systemctl enable kubelet
Copy the codeDownload k8S base image (three machines)
kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers
docker images
Copy the codeCluster Initialization
The Master node is initialized. Procedure
Kubeadm init - pod - network - cidr = 192.168.0.0/16 - service - cidr = 10.1.0.0/16 --image-repository=registry.aliyuncs.com/google_containers mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config kubectl get pods -ACopy the codeInstall the network component Calico
kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml kubectl create -f https://docs.projectcalico.org/manifests/custom-resources.yaml watch kubectl get pods -n calico-system kubectl get nodes -o wideCopy the codeNode Initializes the Node
The related tokens are displayed after the master node is initialized
Kubeadm join 10.10.1.40:6443 --token tqdzx9.xxxxx -- discovery-tok-ca-cert-hash sha256:xxxxXXXXxxxxCopy the codeInstall the dashbord
Kubectl apply - https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml or fCopy the codeOr download it and change the configuration before applying
Create users and permissions and access the Dashbord UI
Creating a Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
Copy the codeCreating a ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
Copy the codeWrite the above two configurations to dashboard-Adminuser. yaml and apply
kubectl apply -f dashboard-adminuser.yaml
Getting a Bearer Token
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
Copy the codeAfter obtaining the token, open the UI and enter the token to log in
Reference:
Github.com/kubernetes/…
Docs.projectcalico.org/getting-sta…