Last active
July 14, 2017 15:53
-
-
Save Clcanny/80c0a6a0e16aa50547dfe88293d5d63b to your computer and use it in GitHub Desktop.
k8s v1.7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /bin/bash | |
mkdir -p $HOME/.kube | |
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config | |
sudo chown $(id -u):$(id -g) $HOME/.kube/config |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /bin/bash | |
kubectl apply -f calico.yaml | |
kubectl get pods --all-namespaces |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Calico Version v2.3.0 | |
# http://docs.projectcalico.org/v2.3/releases#v2.3.0 | |
# This manifest includes the following component versions: | |
# calico/node:v1.3.0 | |
# calico/cni:v1.9.1 | |
# calico/kube-policy-controller:v0.6.0 | |
# This ConfigMap is used to configure a self-hosted Calico installation. | |
kind: ConfigMap | |
apiVersion: v1 | |
metadata: | |
name: calico-config | |
namespace: kube-system | |
data: | |
# Configure this with the location of your etcd cluster. | |
etcd_endpoints: "http://127.0.0.1:2379" | |
# Configure the Calico backend to use. | |
calico_backend: "bird" | |
# The CNI network configuration to install on each node. | |
cni_network_config: |- | |
{ | |
"name": "k8s-pod-network", | |
"cniVersion": "0.1.0", | |
"type": "calico", | |
"etcd_endpoints": "__ETCD_ENDPOINTS__", | |
"etcd_key_file": "__ETCD_KEY_FILE__", | |
"etcd_cert_file": "__ETCD_CERT_FILE__", | |
"etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__", | |
"log_level": "info", | |
"ipam": { | |
"type": "calico-ipam" | |
}, | |
"policy": { | |
"type": "k8s", | |
"k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__", | |
"k8s_auth_token": "__SERVICEACCOUNT_TOKEN__" | |
}, | |
"kubernetes": { | |
"kubeconfig": "__KUBECONFIG_FILEPATH__" | |
} | |
} | |
# If you're using TLS enabled etcd uncomment the following. | |
# You must also populate the Secret below with these files. | |
etcd_ca: "" # "/calico-secrets/etcd-ca" | |
etcd_cert: "" # "/calico-secrets/etcd-cert" | |
etcd_key: "" # "/calico-secrets/etcd-key" | |
--- | |
# The following contains k8s Secrets for use with a TLS enabled etcd cluster. | |
# For information on populating Secrets, see http://kubernetes.io/docs/user-guide/secrets/ | |
apiVersion: v1 | |
kind: Secret | |
type: Opaque | |
metadata: | |
name: calico-etcd-secrets | |
namespace: kube-system | |
data: | |
# Populate the following files with etcd TLS configuration if desired, but leave blank if | |
# not using TLS for etcd. | |
# This self-hosted install expects three files with the following names. The values | |
# should be base64 encoded strings of the entire contents of each file. | |
# etcd-key: null | |
# etcd-cert: null | |
# etcd-ca: null | |
--- | |
# This manifest installs the calico/node container, as well | |
# as the Calico CNI plugins and network config on | |
# each master and worker node in a Kubernetes cluster. | |
kind: DaemonSet | |
apiVersion: extensions/v1beta1 | |
metadata: | |
name: calico-node | |
namespace: kube-system | |
labels: | |
k8s-app: calico-node | |
spec: | |
selector: | |
matchLabels: | |
k8s-app: calico-node | |
template: | |
metadata: | |
labels: | |
k8s-app: calico-node | |
annotations: | |
scheduler.alpha.kubernetes.io/critical-pod: '' | |
scheduler.alpha.kubernetes.io/tolerations: | | |
[{"key": "dedicated", "value": "master", "effect": "NoSchedule" }, | |
{"key":"CriticalAddonsOnly", "operator":"Exists"}] | |
spec: | |
hostNetwork: true | |
serviceAccountName: calico-node | |
containers: | |
# Runs calico/node container on each Kubernetes node. This | |
# container programs network policy and routes on each | |
# host. | |
- name: calico-node | |
image: quay.io/calico/node:v1.3.0 | |
env: | |
# The location of the Calico etcd cluster. | |
- name: ETCD_ENDPOINTS | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: etcd_endpoints | |
# Choose the backend to use. | |
- name: CALICO_NETWORKING_BACKEND | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: calico_backend | |
# Disable file logging so `kubectl logs` works. | |
- name: CALICO_DISABLE_FILE_LOGGING | |
value: "true" | |
# Set Felix endpoint to host default action to ACCEPT. | |
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION | |
value: "ACCEPT" | |
# Configure the IP Pool from which Pod IPs will be chosen. | |
- name: CALICO_IPV4POOL_CIDR | |
value: "192.168.0.0/16" | |
- name: CALICO_IPV4POOL_IPIP | |
value: "always" | |
# Disable IPv6 on Kubernetes. | |
- name: FELIX_IPV6SUPPORT | |
value: "false" | |
# Set Felix logging to "info" | |
- name: FELIX_LOGSEVERITYSCREEN | |
value: "info" | |
# Location of the CA certificate for etcd. | |
- name: ETCD_CA_CERT_FILE | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: etcd_ca | |
# Location of the client key for etcd. | |
- name: ETCD_KEY_FILE | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: etcd_key | |
# Location of the client certificate for etcd. | |
- name: ETCD_CERT_FILE | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: etcd_cert | |
# Auto-detect the BGP IP address. | |
- name: IP | |
value: "" | |
securityContext: | |
privileged: true | |
resources: | |
requests: | |
cpu: 250m | |
volumeMounts: | |
- mountPath: /lib/modules | |
name: lib-modules | |
readOnly: true | |
- mountPath: /var/run/calico | |
name: var-run-calico | |
readOnly: false | |
- mountPath: /calico-secrets | |
name: etcd-certs | |
# This container installs the Calico CNI binaries | |
# and CNI network config file on each node. | |
- name: install-cni | |
image: quay.io/calico/cni:v1.9.1 | |
command: ["/install-cni.sh"] | |
env: | |
# The location of the Calico etcd cluster. | |
- name: ETCD_ENDPOINTS | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: etcd_endpoints | |
# The CNI network config to install on each node. | |
- name: CNI_NETWORK_CONFIG | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: cni_network_config | |
volumeMounts: | |
- mountPath: /host/opt/cni/bin | |
name: cni-bin-dir | |
- mountPath: /host/etc/cni/net.d | |
name: cni-net-dir | |
- mountPath: /calico-secrets | |
name: etcd-certs | |
volumes: | |
# Used by calico/node. | |
- name: lib-modules | |
hostPath: | |
path: /lib/modules | |
- name: var-run-calico | |
hostPath: | |
path: /var/run/calico | |
# Used to install CNI. | |
- name: cni-bin-dir | |
hostPath: | |
path: /opt/cni/bin | |
- name: cni-net-dir | |
hostPath: | |
path: /etc/cni/net.d | |
# Mount in the etcd TLS secrets. | |
- name: etcd-certs | |
secret: | |
secretName: calico-etcd-secrets | |
--- | |
# This manifest deploys the Calico policy controller on Kubernetes. | |
# See https://github.com/projectcalico/k8s-policy | |
apiVersion: extensions/v1beta1 | |
kind: Deployment | |
metadata: | |
name: calico-policy-controller | |
namespace: kube-system | |
labels: | |
k8s-app: calico-policy | |
annotations: | |
scheduler.alpha.kubernetes.io/critical-pod: '' | |
scheduler.alpha.kubernetes.io/tolerations: | | |
[{"key": "dedicated", "value": "master", "effect": "NoSchedule" }, | |
{"key":"CriticalAddonsOnly", "operator":"Exists"}] | |
spec: | |
# The policy controller can only have a single active instance. | |
replicas: 1 | |
strategy: | |
type: Recreate | |
template: | |
metadata: | |
name: calico-policy-controller | |
namespace: kube-system | |
labels: | |
k8s-app: calico-policy | |
spec: | |
# The policy controller must run in the host network namespace so that | |
# it isn't governed by policy that would prevent it from working. | |
hostNetwork: true | |
serviceAccountName: calico-policy-controller | |
containers: | |
- name: calico-policy-controller | |
image: quay.io/calico/kube-policy-controller:v0.6.0 | |
env: | |
# The location of the Calico etcd cluster. | |
- name: ETCD_ENDPOINTS | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: etcd_endpoints | |
# Location of the CA certificate for etcd. | |
- name: ETCD_CA_CERT_FILE | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: etcd_ca | |
# Location of the client key for etcd. | |
- name: ETCD_KEY_FILE | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: etcd_key | |
# Location of the client certificate for etcd. | |
- name: ETCD_CERT_FILE | |
valueFrom: | |
configMapKeyRef: | |
name: calico-config | |
key: etcd_cert | |
# The location of the Kubernetes API. Use the default Kubernetes | |
# service for API access. | |
- name: K8S_API | |
value: "https://kubernetes.default:443" | |
# Since we're running in the host namespace and might not have KubeDNS | |
# access, configure the container's /etc/hosts to resolve | |
# kubernetes.default to the correct service clusterIP. | |
- name: CONFIGURE_ETC_HOSTS | |
value: "true" | |
volumeMounts: | |
# Mount in the etcd TLS secrets. | |
- mountPath: /calico-secrets | |
name: etcd-certs | |
volumes: | |
# Mount in the etcd TLS secrets. | |
- name: etcd-certs | |
secret: | |
secretName: calico-etcd-secrets | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: calico-policy-controller | |
namespace: kube-system | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: calico-node | |
namespace: kube-system |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /bin/bash | |
kubectl create -f https://git.io/kube-dashboard | |
kubectl get pods --all-namespaces | grep dashboard |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /bin/bash | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | |
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | |
sudo apt-get update | |
sudo apt-get install -y docker-ce | |
sudo usermod -aG docker ${USER} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /bin/bash | |
apt-get update && apt-get install -y apt-transport-https | |
apt install selinux-utils && setenforce 0 | |
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - | |
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list | |
deb http://apt.kubernetes.io/ kubernetes-xenial main | |
EOF | |
apt-get update | |
apt-get install -y kubelet kubeadm |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /bin/bash | |
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl | |
chmod +x ./kubectl | |
sudo mv ./kubectl /usr/local/bin/kubectl | |
kubectl cluster-info |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /bin/bash | |
sudo kubeadm join --token 0f5880.615c363bd26be328 119.28.137.112:6443 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
重启服务并改变配置
sudo -i
kubeadm reset
kubeadm init --apiserver-advertise-address=119.28.137.112
exit