kubeadm install - kubernetes-1.12

# --- https://github.com/kubernetes/kubernetes
# --- https://github.com/kubernetes/dashboard
    
# --- https://github.com/opsnull/follow-me-install-kubernetes-cluster

# --- https://blog.frognew.com/2018/08/kubeadm-install-kubernetes-1.11.html
# --- https://docs.oracle.com/cd/E52668_01/E88884/html/requirements-network.html
# --- https://blog.inkubate.io/install-and-configure-a-multi-master-kubernetes-cluster-with-kubeadm/
# --- https://blog.tekspace.io/kubernetes-dashboard-remote-access/

---yum repo
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
baseurl=http://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
baseurl=http://mirrors.aliyun.com/epel/7/x86_64
baseurl=http://mirrors.aliyun.com/centos/7/extras/x86_64/

#1. 配置系統相關參數
cat <<EOF> /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF
sysctl -p /etc/sysctl.d/k8s.conf

cat <<EOF> /etc/modules-load.d/k8s.conf
br_netfilter
ip_vs
ip_vs_sh
ip_vs_rr
ip_vs_wrr
EOF
/usr/lib/systemd/systemd-modules-load

swapoff -a
#sed -i 's|^/dev/mapper/centos_centos7macj-swap|#&|' /etc/fstab
sed -i '/ swap / s/^/#/' /etc/fstab

#2. 增長k8s repo
yum-config-manager --add-repo http://10.245.254.93/linux/soft/epel/7
echo "gpgcheck=0" >> /etc/yum.repos.d/10.245.254.93_linux_soft_epel_7.repo

#3. 安裝kubeadm & docker v17.3
yum -y install docker-ce kubeadm-1.12.2 kubelet-1.12.2 kubectl-1.12.2
systemctl enable docker kubelet
sed -i "17a\ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT" /usr/lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker

#4. 下載registry 訪問證書
wget -P /etc/docker/certs.d/ispcdocker.com http://10.245.254.93/linux/soft/docker/ispcdocker.com.crt
echo '10.247.15.90 ispcdocker.com' >> /etc/hosts

docker pull ispcdocker.com/k8s/coredns:1.2.2
docker pull ispcdocker.com/k8s/pause:3.1
docker pull ispcdocker.com/k8s/etcd-amd64:3.2.24
docker pull ispcdocker.com/k8s/kube-apiserver-amd64:v1.12.2
docker pull ispcdocker.com/k8s/kube-controller-manager-amd64:v1.12.2
docker pull ispcdocker.com/k8s/kube-scheduler-amd64:v1.12.2
docker pull ispcdocker.com/k8s/kube-proxy-amd64:v1.12.2

docker tag ispcdocker.com/k8s/coredns:1.2.2 k8s.gcr.io/coredns:1.2.2
docker tag ispcdocker.com/k8s/pause:3.1 k8s.gcr.io/pause:3.1
docker tag ispcdocker.com/k8s/etcd-amd64:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag ispcdocker.com/k8s/kube-apiserver-amd64:v1.12.2 k8s.gcr.io/kube-apiserver:v1.12.2
docker tag ispcdocker.com/k8s/kube-controller-manager-amd64:v1.12.2 k8s.gcr.io/kube-controller-manager:v1.12.2
docker tag ispcdocker.com/k8s/kube-scheduler-amd64:v1.12.2 k8s.gcr.io/kube-scheduler:v1.12.2
docker tag ispcdocker.com/k8s/kube-proxy-amd64:v1.12.2 k8s.gcr.io/kube-proxy:v1.12.2

# 新版kubeadm 1.13.x ，可以使用參數--image-repository ，指定我的鏡像庫；沒必要這麼手動下載再打標籤了.

#5. ----for Master site install
kubeadm init \
  --apiserver-advertise-address=10.247.15.75 \
  --kubernetes-version=v1.12.2 \
  --pod-network-cidr=10.244.0.0/16

# https://github.com/coreos/flannel
# https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
curl http://10.245.254.93/linux/soft/docker/kubernetes/kube-flannel-v0.10.0.yml > /tmp/flannel.yaml
sed -i "s#quay.io/coreos#ispcdocker.com/k8s#g" /tmp/flannel.yaml
sed -i '159,$d' /tmp/flannel.yaml
kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /tmp/flannel.yaml

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config  
kubectl get nodes
kubectl get cs
kubectl get pods --all-namespaces -o wide        # 查看dashboard被k8s分配到了哪一臺機器上
kubectl get services --all-namespaces             # 查看dashboard的集羣內部IP
kubectl get services -n kube-system

#6. ----for Minion site
docker pull ispcdocker.com/k8s/pause:3.1
docker pull ispcdocker.com/k8s/kube-proxy-amd64:v1.12.2
docker tag ispcdocker.com/k8s/pause:3.1 k8s.gcr.io/pause:3.1
docker tag ispcdocker.com/k8s/kube-proxy-amd64:v1.12.2 k8s.gcr.io/kube-proxy:v1.12.2

# kubeadm token create --print-join-command
kubeadm join 10.247.15.75:6443 --token d0z987.v3ckv1vnc39i54xv --discovery-token-ca-cert-hash sha256:feabf36f6dcc8743aee94a687f240102ce93cab32531b04eff59f16dc6937d96

#7. ----for Dashboard
# https://github.com/kubernetes/dashboard
# https://github.com/kubernetes/heapster

# https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
# https://docs.giantswarm.io/guides/install-kubernetes-dashboard/
# https://stackoverflow.com/questions/46664104/how-to-sign-in-kubernetes-dashboard
# https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above
# https://github.com/kubernetes/dashboard/wiki/Certificate-management

# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

#7.1 dashboard v1.10
wget http://10.245.254.93/linux/soft/docker/kubernetes/heapster/v110/grafana.yaml
wget http://10.245.254.93/linux/soft/docker/kubernetes/heapster/v110/heapster.yaml
wget http://10.245.254.93/linux/soft/docker/kubernetes/heapster/v110/influxdb.yaml
wget http://10.245.254.93/linux/soft/docker/kubernetes/heapster/v110/kubernetes-dashboard.yaml
wget http://10.245.254.93/linux/soft/docker/kubernetes/heapster/v183/kubernetes-dashboard-access.yaml
wget http://10.245.254.93/linux/soft/docker/kubernetes/heapster/v183/heapster-rbac.yaml
sed -i "s|k8s.gcr.io|ispcdocker.com/dashboard|g" *.yaml
sed -i "s|Opaque|NodePort|g" kubernetes-dashboard.yaml
echo "  type: NodePort" >> kubernetes-dashboard.yaml

mkdir heapster && mv *.yaml heapster

#7.2 --- https://github.com/kubernetes/dashboard/wiki/Certificate-management
openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
rm -f dashboard.pass.key
openssl req -new -key dashboard.key -out dashboard.csr -subj "/C=CN/ST=k8s/L=ChongQin/O=ispc/OU=ca/CN=50ca/emailAddress=mac.j@ispcdocker.com"
openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt

#openssl req -x509 -nodes -newkey rsa:2048 -sha256 -days 999 \
    -keyout dashboard.key \
    -out dashboard.crt \
    -subj "/C=CN/ST=docker/L=wuhan/O=ispc/OU=New site/CN=ispcdocker.com/emailAddress=macj@ispcdocker.com"
mkdir certs && mv dashboard.* certs

#7.3. --- https://github.com/kubernetes/dashboard/wiki/Installation#recommended-setup
kubectl create secret generic kubernetes-dashboard-certs --type=NodePort --from-file=$HOME/certs -n kube-system
kubectl apply -f ./heapster

#7.4. change confg , and check dashboard web port
--- https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above , 
這一動做，在步驟7.1處已經修改kubernetes-dashboard.yaml，因此可省略
kubectl -n kube-system edit service kubernetes-dashboard
    #--- Change type: ClusterIP to type: NodePort

    
kubectl -n kube-system get service kubernetes-dashboard
    NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
    kubernetes-dashboard   NodePort   10.99.108.136   <none>        443:32102/TCP   9m

Dashboard has been exposed on port 32102 (HTTPS). Now you can access it from your browser at: https://<master-ip>:32102. master-ip can be found by executing [kubectl cluster-info]. 

#7.5. get token
kubectl -n kube-system get secret | grep kubernetes-dashboard
kubectl -n kube-system describe secret kubernetes-dashboard-token-ncm5g
# kubectl -n kube-system describe secret $(
  kubectl -n kube-system get secret | awk '/^kubernetes-dashboard-token-/{print $1}'
  ) | awk '$1=="token:"{print $2}'

#7.6. web login
https://10.247.15.75:32102/#!/login

 

----------------
# 清空當前環境已經下載的docker image
docker images|grep -v "REPOSITORY"|grep -v "<none>" |awk '{print $1":"$2}' | xargs docker rmi

# 文件內容 http://10.245.254.93/linux/soft/docker/kubernetes/heapster/v183/kubernetes-dashboard-access.yaml   https://stackoverflow.com/questions/46664104/how-to-sign-in-kubernetes-dashboard $ cat <<EOF | kubectl create -f - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata:   name: kubernetes-dashboard   labels:     k8s-app: kubernetes-dashboard roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: cluster-admin subjects: - kind: ServiceAccount   name: kubernetes-dashboard   namespace: kube-system EOF