Last active
August 28, 2019 17:20
-
-
Save olivx/c7d20c0e0c40fbbf3baacb21dc8f5a59 to your computer and use it in GitHub Desktop.
how to install kubernetes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kubectl apply -f jenkins-pv-pcv.yaml | |
| # install jenkins with helm | |
| # chart doc https://github.com/helm/charts/tree/master/stable/jenkins | |
| helm install --name jenkins --set Persistence.ExistingClaim=jenkins --set Master.ServiceType=NodePort --set Master.NodePort=30808 --namespace devops stable/jenkins | |
| # role binding | |
| kubectl create rolebinding sa-devops-role-clusteradmin --clusterrole=cluster-admin --serviceaccount=devops:default --namespace=devops | |
| kubectl create rolebinding sa-devops-role-clusteradmin-kubesystem --clusterrole=cluster-admin --serviceaccount=devops:default --namespace=kube-system |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| kind: PersistentVolume | |
| apiVersion: v1 | |
| metadata: | |
| name: jenkins | |
| labels: | |
| type: local | |
| spec: | |
| storageClassName: manual-for-jenkins | |
| capacity: | |
| storage: 16Gi | |
| accessModes: | |
| - ReadWriteOnce | |
| hostPath: | |
| path: "/mnt/data-jenkins" | |
| --- | |
| kind: PersistentVolumeClaim | |
| apiVersion: v1 | |
| metadata: | |
| name: jenkins | |
| namespace: devops | |
| spec: | |
| storageClassName: manual-for-jenkins | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 16Gi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # copy config file exemplo | |
| scp -r [email protected]:/home/vagrant/.kube . | |
| # install dahsboard | |
| kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml | |
| kubectl expose deployment kubernetes-dashboard --name=kubernetes-dashboard-nodeport --port=443 --target-port=8443 --type=NodePort -n kube-system | |
| # Service Account and permission 'cluster-admin' | |
| kubectl create serviceaccount kubeadmin -n kube-system | |
| kubectl create clusterrolebinding kubeadmin-binding --clusterrole=cluster-admin --serviceaccount=kube-system:kubeadmin | |
| kubectl patch dployment -n kube-system tiiler-deploy -p '{"spec": {"template": {"spec": {"serviceAccount": tiller}}}}' | |
| kubectl describe sa kubeadmin -n kube-system | |
| kubectl get secret <TOKEN-ID> -n kube-system -o yaml | |
| echo `echo <TOKEN> | base64 --decode` | |
| ou | |
| echo $(kubectl get secret $(kubectl describe sa kubeadmin -n kube-system| awk '/(kubeadmin).*/{print $3}') -n kube-system -o yaml | awk '/.(token:)/{print $2}')| base64 --decode |xclip -selection clipboard |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # uninstall kuberntes | |
| kubeadm reset | |
| sudo apt-get purge kubeadm kubectl kubelet kubernetes-cni kube* | |
| sudo apt-get autoremove | |
| sudo rm -rf ~/.kube | |
| # install docker | |
| sudo apt-get update | |
| sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common | |
| sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | |
| sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | |
| sudo apt-get update | |
| sudo apt-get install -y docker-ce | |
| # optional | |
| sudo usermod -aG docker $USER | |
| # command show how add node | |
| kubeadm token create --print-join-command | |
| # docker add to cgroup | |
| docker info |grep -i cgroup | |
| vim /etc/docker/daemon.json | |
| mkdir -p /etc/systemd/system/docker.service.d | |
| systemctl deamon-reload | |
| systemcetl restart docker | |
| docker info |grep -i cgroup | |
| systemctl status docker | |
| #install docker compose | |
| sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
| sudo chmod +x /usr/local/bin/docker-compose | |
| # install kubernetes | |
| sudo su | |
| curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - | |
| cat <<EOF >/etc/apt/sources.list.d/kubernetes.list | |
| deb https://apt.kubernetes.io/ kubernetes-xenial main | |
| EOF | |
| apt-get update | |
| apt-get install -y kubelet=1.11.3-00 kubeadm=1.11.3-00 kubectl=1.11.3-00 | |
| apt-mark hold kubelet kubeadm kubectl | |
| exit | |
| # init cluster | |
| # flannel | |
| sudo kubeadm init --pod-network-cidr=10.244.0.0/16 | |
| # config .kube/config | |
| mkdir -p $HOME/.kube | |
| sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config | |
| sudo chown $(id -u):$(id -g) $HOME/.kube/config | |
| kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml | |
| # calico | |
| kubectl --pod-network-cidr=192.168.0.0/16 | |
| # after kubectl init config .kube/config | |
| mkdir -p $HOME/.kube | |
| sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config | |
| sudo chown $(id -u):$(id -g) $HOME/.kube/config | |
| kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml | |
| kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml | |
| # master like wworker | |
| kubectl taint nodes --all node-role.kubernetes.io/master- | |
| #helm | |
| kubectl create serviceaccount --namespace=kube-system tiller | |
| ubectl create clusterrolebinding tiller-cluster-role --clusterrole=cluster-admin --serviceaccount=kube-system:tiller | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: tiller | |
| namespace: kube-system | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: allresources | |
| rules: | |
| - apiGroups: ["*"] | |
| resources: ["*"] | |
| verbs: ["*"] | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: tiller | |
| subjects: | |
| - kind: ServiceAccount | |
| namespace: kube-system | |
| name: tiller | |
| apiGroup: "" | |
| roleRef: | |
| kind: ClusterRole | |
| name: allresources | |
| apiGroup: rbac.authorization.k8s.io | |
| kubectl apply -f tiller-account.yaml | |
| if helm init # use the patch command | |
| kubectl patch deployments -n kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' | |
| or | |
| helm init --service-account tiller | |
| # pluging helm | |
| helm plugin install https://github.com/chartmuseum/helm-push | |
| #chartmuseum | |
| env: | |
| open: | |
| STORAGE: local | |
| DISABLE_API: false | |
| ALLOW_OVERWRITE: true | |
| service: | |
| type: NodePort | |
| nodePort: 30010 | |
| #exemplo chartmuseum install | |
| helm install --name helm --namespace devops -f 02-chartmuseum-conf.yaml stable/chartmuseum | |
| helm repo add questcode http://$(kubectl get nodes --namespace devops -o jsonpath="{.items[0].status.addresses[0].address}"):30010 | |
| helm lint backend-user/ | |
| helm push backend-user/ questcode | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: staging | |
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: prod | |
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: devops |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: tiller | |
| namespace: kube-system | |
| --- | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: allresources | |
| rules: | |
| - apiGroups: ["*"] | |
| resources: ["*"] | |
| verbs: ["*"] | |
| --- | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| metadata: | |
| name: tiller | |
| subjects: | |
| - kind: ServiceAccount | |
| namespace: kube-system | |
| name: tiller | |
| apiGroup: "" | |
| roleRef: | |
| kind: ClusterRole | |
| name: allresources | |
| apiGroup: rbac.authorization.k8s.io |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment