├── .gitattributes ├── README.md ├── frist-app ├── README.md ├── app.yaml └── pv-pvc.yaml └── kubernetes ├── dashboard.yaml ├── kubeadm.yaml └── weave-daemonset.yaml /.gitattributes: -------------------------------------------------------------------------------- 1 | *.yaml linguist-language=Shell 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # QUICK START 2 | 3 | ## STEP 1 4 | 5 | ```shell 6 | $ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - 7 | $ cat < /etc/apt/sources.list.d/kubernetes.list 8 | deb http://apt.kubernetes.io/ kubernetes-xenial main 9 | EOF 10 | $ apt-get update 11 | $ apt-get install -y docker.io kubeadm 12 | ``` 13 | 14 | ## STEP 2 15 | 16 | ```shell 17 | $ git clone https://github.com/ConserveLee/quick-kubernetes-deploy.git quick-k8s 18 | $ cd quick-k8s/kubernetes 19 | $ vim dashboard.yaml 20 | # change and Correctly 21 | $ kubeadm init --config kubeadm.yaml 22 | ``` 23 | 24 | ## STEP 3 25 | 26 | ```shell 27 | $ mkdir -p $HOME/.kube 28 | $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config 29 | $ sudo chown $(id -u):$(id -g) $HOME/.kube/config 30 | ``` 31 | 32 | ## STEP 4 33 | 34 | ```shell 35 | $ kubectl apply -f weave-daemonset.yaml 36 | $ kubectl get pods -n kube-system 37 | ``` 38 | 39 | ## STEP 5 40 | 41 | ```shell 42 | $ kubeadm join :6443 --token 5n9s47.cmo7gunvt95ingh2 --discovery-token-ca-cert-hash sha256:d3321b231e55706a9283fffcb99e8c9491f1cda0e8a8bc8893f03731c95952db 43 | ``` 44 | 45 | ## STEP 6 46 | 47 | Taint/Toleration 48 | 49 | ```shell 50 | $ kubectl taint node foo=bar:NoSchedule 51 | ``` 52 | 53 | or delete Taint/Toleration 54 | 55 | ```shell 56 | $ kubectl taint nodes --all node-role.kubernetes.io/master- 57 | ``` 58 | 59 | ## STEP 7 60 | 61 | ```shell 62 | $ kubectl apply -f dashboard.yaml 63 | # check admin-user token 64 | $ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') 65 | ``` 66 | 67 | - ### [blog](http://http://www.lizhongyuan.net) 68 | 69 | - ### If this helps you, please star or fork 70 | -------------------------------------------------------------------------------- /frist-app/README.md: -------------------------------------------------------------------------------- 1 | # QUICKSTART 2 | 3 | ```shell 4 | $ mkdir -p /var/www/wwwroot 5 | $ cd /var/www/wwwroot 6 | $ cat << EOF > index.html 7 | > First App 8 | > EOF 9 | $ mkdir conf 10 | $ cat << EOF > default.conf 11 | > server { 12 | 13 | listen 80 default_server; 14 | listen [::]:80 default_server ipv6only=on; 15 | 16 | server_name localhost; 17 | root /var/www; 18 | index index.html index.htm; 19 | 20 | location / { 21 | try_files $uri $uri/ /index.php$is_args$args; 22 | } 23 | 24 | location ~ /\.ht { 25 | deny all; 26 | } 27 | } 28 | > EOF 29 | $ git clone https://github.com/ConserveLee/quick-kubernetes-deploy.git quick-k8s 30 | $ cd quick-k8s/pv 31 | $ kubectl apply -f pv.yaml 32 | $ kubectl apply -f app.yaml 33 | ``` 34 | 35 | 36 | 37 | 38 | 39 | - ### [blog](http://http://www.lizhongyuan.net) 40 | 41 | -------------------------------------------------------------------------------- /frist-app/app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: frist-app 5 | spec: 6 | containers: 7 | - image: nginx 8 | name: frist-app 9 | ports: 10 | - containerPort: 80 11 | protocol: TCP 12 | volumeMounts: 13 | - name: www-root 14 | mountPath: /var/www 15 | - name: nginx-conf 16 | mountPath: /etc/nginx/conf.d 17 | volumes: 18 | - name: www-root 19 | persistentVolumeClaim: 20 | claimName: www-root-c 21 | - name: nginx-conf 22 | persistentVolumeClaim: 23 | claimName: nginx-conf-c -------------------------------------------------------------------------------- /frist-app/pv-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: www-root 5 | spec: 6 | capacity: 7 | storage: 10Gi 8 | accessModes: 9 | - ReadWriteOnce 10 | persistentVolumeReclaimPolicy: Recycle 11 | hostPath: 12 | path: /var/www/wwwroot 13 | --- 14 | apiVersion: v1 15 | kind: PersistentVolume 16 | metadata: 17 | name: nginx-conf 18 | spec: 19 | capacity: 20 | storage: 2Gi 21 | accessModes: 22 | - ReadWriteOnce 23 | persistentVolumeReclaimPolicy: Recycle 24 | hostPath: 25 | path: /var/www/wwwroot/conf 26 | --- 27 | apiVersion: v1 28 | kind: PersistentVolumeClaim 29 | metadata: 30 | name: www-root-c 31 | spec: 32 | accessModes: 33 | - ReadWriteOnce 34 | dataSource: null 35 | resources: 36 | requests: 37 | storage: 5Gi 38 | volumeMode: Filesystem 39 | volumeName: nginx 40 | status: 41 | accessModes: 42 | - ReadWriteOnce 43 | capacity: 44 | storage: 10Gi 45 | phase: Bound 46 | --- 47 | apiVersion: v1 48 | kind: PersistentVolumeClaim 49 | metadata: 50 | name: nginx-conf-c 51 | spec: 52 | accessModes: 53 | - ReadWriteOnce 54 | dataSource: null 55 | resources: 56 | requests: 57 | storage: 1Gi 58 | volumeMode: Filesystem 59 | volumeName: nginx-conf 60 | status: 61 | accessModes: 62 | - ReadWriteOnce 63 | capacity: 64 | storage: 2Gi 65 | phase: Bound -------------------------------------------------------------------------------- /kubernetes/dashboard.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2017 The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # ------------------- Dashboard Secret ------------------- # 16 | 17 | apiVersion: v1 18 | kind: Secret 19 | metadata: 20 | labels: 21 | k8s-app: kubernetes-dashboard 22 | name: kubernetes-dashboard-certs 23 | namespace: kube-system 24 | type: Opaque 25 | 26 | --- 27 | # ------------------- Dashboard Service Account ------------------- # 28 | 29 | apiVersion: v1 30 | kind: ServiceAccount 31 | metadata: 32 | labels: 33 | k8s-app: kubernetes-dashboard 34 | name: kubernetes-dashboard 35 | namespace: kube-system 36 | 37 | --- 38 | # ------------------- Dashboard Role & Role Binding ------------------- # 39 | 40 | kind: Role 41 | apiVersion: rbac.authorization.k8s.io/v1 42 | metadata: 43 | name: kubernetes-dashboard-minimal 44 | namespace: kube-system 45 | rules: 46 | # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret. 47 | - apiGroups: [""] 48 | resources: ["secrets"] 49 | verbs: ["create"] 50 | # Allow Dashboard to create 'kubernetes-dashboard-settings' config map. 51 | - apiGroups: [""] 52 | resources: ["configmaps"] 53 | verbs: ["create"] 54 | # Allow Dashboard to get, update and delete Dashboard exclusive secrets. 55 | - apiGroups: [""] 56 | resources: ["secrets"] 57 | resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] 58 | verbs: ["get", "update", "delete"] 59 | # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. 60 | - apiGroups: [""] 61 | resources: ["configmaps"] 62 | resourceNames: ["kubernetes-dashboard-settings"] 63 | verbs: ["get", "update"] 64 | # Allow Dashboard to get metrics from heapster. 65 | - apiGroups: [""] 66 | resources: ["services"] 67 | resourceNames: ["heapster"] 68 | verbs: ["proxy"] 69 | - apiGroups: [""] 70 | resources: ["services/proxy"] 71 | resourceNames: ["heapster", "http:heapster:", "https:heapster:"] 72 | verbs: ["get"] 73 | 74 | --- 75 | apiVersion: rbac.authorization.k8s.io/v1 76 | kind: RoleBinding 77 | metadata: 78 | name: kubernetes-dashboard-minimal 79 | namespace: kube-system 80 | roleRef: 81 | apiGroup: rbac.authorization.k8s.io 82 | kind: Role 83 | name: kubernetes-dashboard-minimal 84 | subjects: 85 | - kind: ServiceAccount 86 | name: kubernetes-dashboard 87 | namespace: kube-system 88 | 89 | --- 90 | # ------------------- Dashboard Deployment ------------------- # 91 | 92 | kind: Deployment 93 | apiVersion: apps/v1 94 | metadata: 95 | labels: 96 | k8s-app: kubernetes-dashboard 97 | name: kubernetes-dashboard 98 | namespace: kube-system 99 | spec: 100 | replicas: 1 101 | revisionHistoryLimit: 10 102 | selector: 103 | matchLabels: 104 | k8s-app: kubernetes-dashboard 105 | template: 106 | metadata: 107 | labels: 108 | k8s-app: kubernetes-dashboard 109 | spec: 110 | containers: 111 | - name: kubernetes-dashboard 112 | image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1 113 | ports: 114 | - containerPort: 8443 115 | protocol: TCP 116 | args: 117 | - --auto-generate-certificates 118 | # Uncomment the following line to manually specify Kubernetes API server Host 119 | # If not specified, Dashboard will attempt to auto discover the API server and connect 120 | # to it. Uncomment only if the default does not work. 121 | # - --apiserver-host=http://my-address:port 122 | volumeMounts: 123 | - name: kubernetes-dashboard-certs 124 | mountPath: /certs 125 | # Create on-disk volume to store exec logs 126 | - mountPath: /tmp 127 | name: tmp-volume 128 | livenessProbe: 129 | httpGet: 130 | scheme: HTTPS 131 | path: / 132 | port: 8443 133 | initialDelaySeconds: 30 134 | timeoutSeconds: 30 135 | volumes: 136 | - name: kubernetes-dashboard-certs 137 | secret: 138 | secretName: kubernetes-dashboard-certs 139 | - name: tmp-volume 140 | emptyDir: {} 141 | serviceAccountName: kubernetes-dashboard 142 | # Comment the following tolerations if Dashboard must not be deployed on master 143 | tolerations: 144 | - key: node-role.kubernetes.io/master 145 | effect: NoSchedule 146 | 147 | --- 148 | # ------------------- Dashboard Service ------------------- # 149 | 150 | kind: Service 151 | apiVersion: v1 152 | metadata: 153 | labels: 154 | k8s-app: kubernetes-dashboard 155 | name: kubernetes-dashboard 156 | namespace: kube-system 157 | spec: 158 | type: NodePort 159 | ports: 160 | - port: 443 161 | targetPort: 8443 162 | nodePort: 30000 163 | selector: 164 | k8s-app: kubernetes-dashboard 165 | 166 | --- 167 | apiVersion: v1 168 | kind: ServiceAccount 169 | metadata: 170 | name: admin-user 171 | namespace: kube-system 172 | 173 | --- 174 | apiVersion: rbac.authorization.k8s.io/v1beta1 175 | kind: ClusterRoleBinding 176 | metadata: 177 | name: admin-user 178 | roleRef: 179 | apiGroup: rbac.authorization.k8s.io 180 | kind: ClusterRole 181 | name: cluster-admin 182 | subjects: 183 | - kind: ServiceAccount 184 | name: admin-user 185 | namespace: kube-system 186 | -------------------------------------------------------------------------------- /kubernetes/kubeadm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubeadm.k8s.io/v1beta1 2 | bootstrapTokens: 3 | - groups: 4 | - system:bootstrappers:kubeadm:default-node-token 5 | token: 5n9s47.cmo7gunvt95ingh2 6 | ttl: 24h0m0s 7 | usages: 8 | - signing 9 | - authentication 10 | kind: InitConfiguration 11 | localAPIEndpoint: 12 | advertiseAddress: 13 | bindPort: 6443 14 | nodeRegistration: 15 | criSocket: /var/run/dockershim.sock 16 | name: 17 | taints: 18 | - effect: NoSchedule 19 | key: node-role.kubernetes.io/master 20 | --- 21 | apiServer: 22 | timeoutForControlPlane: 4m0s 23 | apiVersion: kubeadm.k8s.io/v1beta1 24 | certificatesDir: /etc/kubernetes/pki 25 | clusterName: kubernetes 26 | controlPlaneEndpoint: "" 27 | controllerManager: {} 28 | dns: 29 | type: CoreDNS 30 | etcd: 31 | local: 32 | dataDir: /var/lib/etcd 33 | imageRepository: k8s.gcr.io 34 | kind: ClusterConfiguration 35 | kubernetesVersion: v1.13.3 36 | networking: 37 | dnsDomain: cluster.local 38 | podSubnet: "" 39 | serviceSubnet: 10.96.0.0/12 40 | scheduler: {} 41 | -------------------------------------------------------------------------------- /kubernetes/weave-daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: List 3 | items: 4 | - apiVersion: v1 5 | kind: ServiceAccount 6 | metadata: 7 | name: weave-net 8 | labels: 9 | name: weave-net 10 | namespace: kube-system 11 | - apiVersion: rbac.authorization.k8s.io/v1beta1 12 | kind: ClusterRole 13 | metadata: 14 | name: weave-net 15 | labels: 16 | name: weave-net 17 | rules: 18 | - apiGroups: 19 | - '' 20 | resources: 21 | - pods 22 | - namespaces 23 | - nodes 24 | verbs: 25 | - get 26 | - list 27 | - watch 28 | - apiGroups: 29 | - extensions 30 | resources: 31 | - networkpolicies 32 | verbs: 33 | - get 34 | - list 35 | - watch 36 | - apiGroups: 37 | - 'networking.k8s.io' 38 | resources: 39 | - networkpolicies 40 | verbs: 41 | - get 42 | - list 43 | - watch 44 | - apiGroups: 45 | - '' 46 | resources: 47 | - nodes/status 48 | verbs: 49 | - patch 50 | - update 51 | - apiVersion: rbac.authorization.k8s.io/v1beta1 52 | kind: ClusterRoleBinding 53 | metadata: 54 | name: weave-net 55 | labels: 56 | name: weave-net 57 | roleRef: 58 | kind: ClusterRole 59 | name: weave-net 60 | apiGroup: rbac.authorization.k8s.io 61 | subjects: 62 | - kind: ServiceAccount 63 | name: weave-net 64 | namespace: kube-system 65 | - apiVersion: rbac.authorization.k8s.io/v1beta1 66 | kind: Role 67 | metadata: 68 | name: weave-net 69 | namespace: kube-system 70 | labels: 71 | name: weave-net 72 | rules: 73 | - apiGroups: 74 | - '' 75 | resources: 76 | - configmaps 77 | resourceNames: 78 | - weave-net 79 | verbs: 80 | - get 81 | - update 82 | - apiGroups: 83 | - '' 84 | resources: 85 | - configmaps 86 | verbs: 87 | - create 88 | - apiVersion: rbac.authorization.k8s.io/v1beta1 89 | kind: RoleBinding 90 | metadata: 91 | name: weave-net 92 | namespace: kube-system 93 | labels: 94 | name: weave-net 95 | roleRef: 96 | kind: Role 97 | name: weave-net 98 | apiGroup: rbac.authorization.k8s.io 99 | subjects: 100 | - kind: ServiceAccount 101 | name: weave-net 102 | namespace: kube-system 103 | - apiVersion: extensions/v1beta1 104 | kind: DaemonSet 105 | metadata: 106 | name: weave-net 107 | labels: 108 | name: weave-net 109 | namespace: kube-system 110 | spec: 111 | # Wait 5 seconds to let pod connect before rolling next pod 112 | minReadySeconds: 5 113 | template: 114 | metadata: 115 | labels: 116 | name: weave-net 117 | spec: 118 | containers: 119 | - name: weave 120 | command: 121 | - /home/weave/launch.sh 122 | env: 123 | - name: HOSTNAME 124 | valueFrom: 125 | fieldRef: 126 | apiVersion: v1 127 | fieldPath: spec.nodeName 128 | image: 'weaveworks/weave-kube:latest' 129 | imagePullPolicy: Always 130 | readinessProbe: 131 | httpGet: 132 | host: 127.0.0.1 133 | path: /status 134 | port: 6784 135 | resources: 136 | requests: 137 | cpu: 10m 138 | securityContext: 139 | privileged: true 140 | volumeMounts: 141 | - name: weavedb 142 | mountPath: /weavedb 143 | - name: cni-bin 144 | mountPath: /host/opt 145 | - name: cni-bin2 146 | mountPath: /host/home 147 | - name: cni-conf 148 | mountPath: /host/etc 149 | - name: dbus 150 | mountPath: /host/var/lib/dbus 151 | - name: lib-modules 152 | mountPath: /lib/modules 153 | - name: xtables-lock 154 | mountPath: /run/xtables.lock 155 | readOnly: false 156 | - name: weave-npc 157 | env: 158 | - name: HOSTNAME 159 | valueFrom: 160 | fieldRef: 161 | apiVersion: v1 162 | fieldPath: spec.nodeName 163 | image: 'weaveworks/weave-npc:latest' 164 | imagePullPolicy: Always 165 | #npc-args 166 | resources: 167 | requests: 168 | cpu: 10m 169 | securityContext: 170 | privileged: true 171 | volumeMounts: 172 | - name: xtables-lock 173 | mountPath: /run/xtables.lock 174 | readOnly: false 175 | hostNetwork: true 176 | hostPID: true 177 | restartPolicy: Always 178 | securityContext: 179 | seLinuxOptions: {} 180 | serviceAccountName: weave-net 181 | tolerations: 182 | - effect: NoSchedule 183 | operator: Exists 184 | volumes: 185 | - name: weavedb 186 | hostPath: 187 | path: /var/lib/weave 188 | - name: cni-bin 189 | hostPath: 190 | path: /opt 191 | - name: cni-bin2 192 | hostPath: 193 | path: /home 194 | - name: cni-conf 195 | hostPath: 196 | path: /etc 197 | - name: dbus 198 | hostPath: 199 | path: /var/lib/dbus 200 | - name: lib-modules 201 | hostPath: 202 | path: /lib/modules 203 | - name: xtables-lock 204 | hostPath: 205 | path: /run/xtables.lock 206 | type: FileOrCreate 207 | updateStrategy: 208 | type: RollingUpdate --------------------------------------------------------------------------------