k8s 1.13 kubeadm deployment (with dashboard) and modify the default certificate period

Explain:

This k8s installation is version 1.13.0, and the default certificate period is modified by recompilation during the installation process, and finally the dashboard is deployed

Before installation, make sure that k8s, docker and etcd that have not been installed or installed before have been uninstalled

yum -y remove kubernetes*  docker* docker-selinux etcd


One: environment preparation (all nodes operate)

1: turn off the firewall

systemctl stop firewalld && systemctl disable firewalld

2: permanently shut down selinux and modify / etc/selinux/config

SELINUX=disabled

3: configure kernel parameters

echo "
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
" >> /etc/sysctl.conf

sysctl -p

sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory. Execute the modprobe Br? Netfilter command. Reexecution

4: turn off the operating system swap partition

swapoff -a


II. All nodes execute and download the package required for installation

Links: https://pan.baidu.com/s/1P092eXC6iwreFYd8r700nw

Extraction code: 4wph


All nodes decompress the installation package and guide the image

tar zvxf k8s_1.13.0.tar.gz
cd rpm/
yum localinstall *.rpm
systemctl start docker
systemctl enable docker
systemctl enable kubelet
cd images
docker load  -i k8s.gcr.io.basic_1.13.0.tar.gz


3. Modify the default certificate period in the master node (operate in the master node)

1: pull source code

cd /data && git clone https://github.com/kubernetes/kubernetes.git

2: switch to version 1.13.0

git checkout -b remotes/origin/release-1.13 v1.13.0


3: install go environment

cd /data/soft && wgethttps://dl.google.com/go/go1.11.2.linux-amd64.tar.gz
tar zxvf go1.11.2.linux-amd64.tar.gz  -C /usr/local

4: edit the / etc/profile file and add the following:

#go setting
export GOROOT=/usr/local/go
export GOPATH=/usr/local/gopath
export PATH=$PATH:$GOROOT/bin

5: entry into force

source /etc/profile

6: modify the source code. The original one year, * 10 means 10 years

vi /data/kubernetes/staging/src/k8s.io/client-go/util/cert/cert.go

112  NotAfter:     time.Now().Add(duration365d * 10).UTC(),
187  NotAfter:  validFrom.Add(maxAge *10),
215  NotAfter:  validFrom.Add(maxAge * 10),

7: compile

cd /data/kubernetes/ && make WHAT=cmd/kubeadm


View compiled files

ls -l /data/kubernetes/_output/bin/kubeadm

8: replace kubeadm

mv /usr/bin/kubeadm /usr/bin/kubeadm_backup
ln -s /data/kubernetes/_output/bin/kubeadm /usr/bin/kubeadm


IV. install the master node

kubeadm init --kubernetes-version=v1.13.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12

After initialization, follow the prompts

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

View certificate period

openssl x509 -in front-proxy-client.crt   -noout -text  |grep Not

5. Install the node node. This step is based on the return operation of the master deployment

kubeadm join 18.16.200.150:6443 --token x8qzph.fq0cxnjkfwzcp90f --discovery-token-ca-cert-hash sha256:c5335fc478597b0272f2794f07bf4f9d1f4d85ca5ac29eb3928db7006d4e2639

Vi. installation of dashboard

1: pull the required image

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0  k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-
dashboard.yaml

2: Amendment kubernetes-dashboard.yaml

3: deploy dashboard

kubectl create -f kubernetes-dashboard.yaml

4: create dashboard user

Create admin-token.yaml as follows:

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile

Create user

kubectl create -f admin-token.yaml

5: get login token

kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system


6: log in with Firefox and paste the acquired token into the token

















Tags: Linux Kubernetes Docker SELinux git

Posted on Sun, 01 Dec 2019 23:26:48 -0800 by mariom