k8s 1.17.3 安装 kubesphere 3.0.0

1. 安装 k8s 1.17.3

###安装Docker、kubeadm、kubelet
1、安装docker源
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

2、安装docker
yum install -y docker-ce
systemctl start docker
systemctl enable docker

tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://jqqwsp8f.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

3、设置开机自启
systemctl enable docker && systemctl start docker
查看版本
docker  --version

4、安装kubeadm、kubelet核kubectl
#指定安装源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

#本地映射/etc/hosts
vim /etc/hosts
192.168.226.128 master
192.168.226.129 node1
192.168.226.130 node2
--->wq

#指定安装版本
yum install -y kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3
rpm -qa | grep kube

#设置开机自启动
systemctl enable kubelet

#关闭swap
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab  
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system


######操作位置：master
mkdir k8s && cd k8s
kubeadm init \
--apiserver-advertise-address=192.168.226.128 \                #本地IP
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.15.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16

mkdir k8s && cd k8s
kubeadm init \
--apiserver-advertise-address=192.168.226.128 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.15.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16

#使用kubectl工具
mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

###记录kubeadm join xxxxxxxxx(用于添加node节点）
kubeadm join 192.168.226.128:6443 --token vvbp4o.91yfaklznloczfnb \
    --discovery-token-ca-cert-hash sha256:ace39b8db9d1c40fe31b85ff2923eedbe16d6587491eca10488fa9c31041faea



#安装pod网络插件（flannel）
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml


#查看组件状态 && 查看节点状态（稍等一会）
kubectl get cs
kubectl get nodes


#####操作位置：node
#docker 拉取flannel镜像
docker pull lizhenliang/flannel:v0.11.0-amd64

swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab  
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system

#添加节点（kubeadm join，节点token会周期性变化，kubeadm token list查看token）
kubeadm join 192.168.226.128:6443 --token ld7odd.egdzg4z9h37dvumc \
    --discovery-token-ca-cert-hash sha256:8e904682e6c1d670cf8b5524b3e03d1e5e5cb4156984f87414f093dc80e1fb23 

#出错的时候重载配置（node节点）
kubeadm reset
#重载配置（master节点的）
mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
需要删除以上配置才可以继续kube init 初始化

#master节点查看node状态 “三个ready”
kubectl get nodes
#打node标签
kubectl label node node1 node-role.kubernetes.io/node=node
kubectl label node node2 node-role.kubernetes.io/node=node

#kubectl get pods -n kube-system 查看pod 状态 "1/1 Running"为正常
kubectl get pods -n kube-system

####重新生成token
#若token 过期或丢失，需要先申请新的token 令牌
kubeadm token create
#列出token
kubeadm token list  | awk -F" " '{print $1}' |tail -n 1
#然后获取CA公钥的的hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed  's/^ .* //'

#替换join中token及sha256：
kubeadm join 192.168.226.128:6443 --token ld7odd.egdzg4z9h37dvumc \
    --discovery-token-ca-cert-hash sha256:8e904682e6c1d670cf8b5524b3e03d1e5e5cb4156984f87414f093dc80e1fb23 

2. kubesphere 介绍

KubeSphere 是一款面向云原生设计的开源项目，在目前主流容器调度平台 Kubernetes 之上构建的分布式多租户容器管理平台，提供简单易用的操作界面以及向导式操作方式，在降低用户使用容器调度平台学习成本的同时，极大降低开发、测试、运维的日常工作的复杂度。

官网：https://kubesphere.io/

3.0安装文档：https://kubesphere.io/zh/docs/installing-on-kubernetes/introduction/overview/

2.1安装文档：https://v2-1.docs.kubesphere.io/docs/zh-CN/installation/install-on-k8s/

3. 安装 Helm 和 tiller

wget http://101.34.22.188/k8s/helm-v2.17.0-linux-amd64.tar.gz 
tar xf helm-v2.17.0-linux-amd64.tar.gz
cp linux-amd64/helm /usr/local/bin
cp linux-amd64/tiller /usr/local/bin
helm version
#此时 helm 已经安装好

##创建 rbac 权限文件
cat > helm-rbac.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system
EOF

kubectl apply -f helm-rbac.yaml

#安装 tiller
helm init --service-account tiller --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.17.0  --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

kubectl get pods --all-namespaces

#检查
tiller
helm version

4. 安装 OpenEBS

文档：https://v2-1.docs.kubesphere.io/docs/zh-CN/appendix/install-openebs/

#去除 master 上污点
kubectl get node -o wide
kubectl describe node master | grep Taint
kubectl taint nodes master node-role.kubernetes.io/master:NoSchedule-
kubectl describe node master | grep Taint

#安装 openebs
kubectl create ns openebs
kubectl apply -f https://openebs.github.io/charts/openebs-operator-1.5.0.yaml

#安装 storageclass
cat > sc.yaml << EOF
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: storage-nfs
provisioner: storage.pri/nfs
reclaimPolicy: Delete
EOF

kubectl apply -f sc.yaml
kubectl get sc

#设置默认 storageclass
kubectl patch storageclass openebs-hostpath -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

kubectl get pod -n openebs
kubectl get sc

5. 安装 kubesphere

文档：https://kubesphere.io/zh/docs/installing-on-kubernetes/introduction/overview/

kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.0.0/kubesphere-installer.yaml
kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.0.0/cluster-configuration.yaml
#使用如下命令监控
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
kubectl get pod --all-namespaces

访问：http://IP:30880

账号：admin

密码：P@88w0rd

重新给 master 打上污点

kubectl taint nodes master node-role.kubernetes.io/master=:NoSchedule
kubectl describe node master | grep Taint

6. 可插拔安裝插件

文档：https://kubesphere.io/zh/docs/pluggable-components/devops/

——————————————————————————————————————————————————

https://www.cnblogs.com/hujinzhong/p/14229728.html