这里的安装流程看了很多博客教程还有文档,有些是引用了一些博客上写明的东西,如果作者需要我表明,请邮件联系
2357431193@qq.com
,在此说声抱歉
安装helm
找到对应的安装版 github.com/helm/helm/r… wget 下载对应的发行版
解压出helm
tar -xzf helm-v3.0.2-linux-and64.tar.gz
移动到bin目录下
mv linux-amd64/helm /usr/local/bin/helm
查看版本
helm version
安装官方charts
helm repo add stable http://mirror.azure.cn/kubernetes/charts
这样基本就安装好了,因为安装的是3.0版本的,所以不用安装tiller, 具体可看helm的issues https://github.com/helm/helm/issues/7052
安装helm私有仓库(minio)
https://blog.51cto.com/14625168/2454842
安装nfs提供
yum -y install nfs-utils rpcbind
vi /etc/exports
/data/k8s *(rw,sync,no_root_squash)
systemctl start rpcbind.service
systemctl enable rpcbind
systemctl status rpcbind
systemctl start nfs.service
systemctl enable nfs
systemctl status nfs
安装StorageClass
安装MetalLB (loadbalance)
https://hub.helm.sh/charts/stable/metallb
helm install metallb stable/metallb -n kube-system
metallb配合nginx-ingress不知道为啥用master的ip无法进行ingress负载
配置分配ip地址范围
apiVersion: v1
kind: ConfigMap
metadata:
namespace: kube-system
name: metallb-config
data:
config: |
address-pools:
- name: my-ip-space
protocol: layer2
addresses:
- 172.16.24.221-172.16.24.222 ## 这里用的是阿里云的私有地址范围,这里只能用地址范围
安装tls
下面安装了cert-manager就不需要创建tls了,会自动创建
生成key和crt
openssl req -newkey rsa:2048 -nodes -keyout tls.key -x509 -days 36500 -out tls.crt
生成对应的secret
kubectl create secret -n kube-system tls kakj-dashboard-com-tls --key ./tls.key --cert ./tls.crt
查看
kubectl get secret -n kube-system |grep kakj-
安装ingress-nginx
查看loadbalance的ip并测试访问 curl -I http://120.26.49.1/healthz
helm install nginx-ingress nginx-stable/nginx-ingress
metallb配合nginx-ingress不知道为啥用master的ip无法进行ingress负载
安装cert-manager
kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.13/deploy/manifests/00-crds.yaml
helm repo add jetstack https://charts.jetstack.io
helm install --name-template cert-manager --namespace kube-system --set ingressShim.defaultIssuerName=letsencrypt-prod --set ingressShim.defaultIssuerKind=ClusterIssuer jetstack/cert-manager --version v0.13.0
安装k8s-dashboard
创建配置的yaml,注意这里用的repository不是k8s.gcr.io/kubernetes-dashboard-amd64
image:
repository: registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64
tag: v1.10.1
replicaCount: 1
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: 'true'
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
paths:
- /
hosts:
- kakj.dashboard.com
tls:
- secretName: kakj-dashboard-com-tls
hosts:
- kakj.dashboard.com
rbac:
clusterAdminRole: true
serviceAccount:
name: dashboard-admin
安装
helm install kubernetes-dashboard stable/kubernetes-dashboard -f kubernetes-dashboard.yaml --namespace kube-system
安装无法获取的images
docker pull mirrorgooglecontainers/defaultbackend-amd64:1.5
docker tag mirrorgooglecontainers/defaultbackend-amd64:1.5 k8s.gcr.io/defaultbackend-amd64:1.5
注意 在阿里云不要使用org的域名,用http和https解析不了,会造成访问不到
查看登陆令牌 vi token.sh
#!/bin/sh
TOKENS=$(kubectl describe serviceaccount dashboard-admin -n kube-system | grep "Tokens:" | awk '{ print $2}')
kubectl describe secret $TOKENS -n kube-system | grep "token:" | awk '{ print $2}'
执行
sh token.sh
安装metrics-server
helm安装
args:
- --logtostderr
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
helm install --name-template metric --namespace kube-system -f metrics-value.yaml stable/metrics-server
yaml安装
安装heapster
## Default values for heapster.
##
replicaCount: 1
image:
repository: registry.aliyuncs.com/google_containers/heapster-amd64
tag: v1.5.4
pullPolicy: IfNotPresent
## Here labels can be added to the heapster deployment
# labels:
# kubernetes.io/cluster-service: "true"
# kubernetes.io/name: "Heapster"
labels: {}
## Here labels can be added to the heapster deployment
# annotations:
# scheduler.alpha.kubernetes.io/critical-pod: ''
annotations: {}
## Here annotations can be added for the heapster Pod
# podAnnotations:
# prometheus.io/scrape: "true"
podAnnotations: {}
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
service:
type: ClusterIP
externalPort: 8082
internalPort: 8082
## This allows an override of the heapster service name
## Default: {{ .Chart.Name }}
# nameOverride:
## Here labels can be added to the heapster service
# labels:
# kubernetes.io/cluster-service: "true"
# kubernetes.io/name: "Heapster"
labels:
## Here annotations can be added to the heapster service
# annotations:
# prometheus.io/path: /metrics
# prometheus.io/port: "8082"
# prometheus.io/scrape: "true"
annotations: {}
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
## Heapster command and arguments
## Default source=kubernetes.summary_api:''
## ref: https://github.com/kubernetes/heapster/blob/master/docs/source-configuration.md
##
## By default sink not set
## ref: https://github.com/kubernetes/heapster/blob/master/docs/sink-configuration.md
##
command:
- "/heapster"
- "--source=kubernetes:https://kubernetes.default:443?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250&insecure=true"
## heapster env variables
env: []
## Resizer scales resources linearly with the number of nodes in the cluster
## Resizer is enabled by default
##
resizer:
enabled: true
image:
repository: registry.aliyuncs.com/google_containers/addon-resizer
tag: 1.7
pullPolicy: IfNotPresent
resources:
limits:
cpu: 50m
memory: 90Mi
requests:
cpu: 50m
memory: 90Mi
## Flags used for /pod_nanny command
## container and deployment flags already determined chart name
## ref: https://github.com/kubernetes/contrib/blob/master/addon-resizer/README.md
##
flags:
- "--cpu=150m"
- "--extra-cpu=10m"
- "--memory=200Mi"
- "--extra-memory=6Mi"
- "--threshold=5"
- "--poll-period=300000"
## For RBAC support:
rbac:
create: false
## Ignored if rbac.create is true
##
serviceAccountName: dashboard-admin
## eventer can send the kubernetes event logs to a remote destination
## it uses the same image as heapster but has its own resizer nanny pod
## eventer is disabled by default
## see https://github.com/kubernetes/heapster/blob/master/docs/overview.md for the flags you can use
## you will probably want to change the --sink parameter
eventer:
enabled: false
flags:
- "--source=kubernetes:https://kubernetes.default"
- "--sink=log"
resources: {}
# limits:
# cpu: 100m
# memory: 250Mi
# requests:
# cpu: 100m
# memory: 250Mi
resizer:
enabled: true
resources: {}
# limits:
# cpu: 50m
# memory: 90Mi
# requests:
# cpu: 50m
# memory: 90Mi
flags:
- "--cpu=150m"
- "--extra-cpu=10m"
- "--memory=200Mi"
- "--extra-memory=6Mi"
- "--threshold=5"
- "--poll-period=300000"
创建
helm install heapster stable/heapster -f heapster.yaml --namespace kube-system
执行提示的命令
export POD_NAME=$(kubectl get pods --namespace kube-system -l "app=heapster" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace kube-system port-forward $POD_NAME 8082