使用kubeadm部署高可用Kubernetes 1.17.0

由於Kubernetes集羣1.16升級1.17後崩潰，計劃從新部署。之前是手工建立的高可用集羣，如今使用kubeadm來部署高可用Kubernetes，由於1.17.0已經增長了不少新的功能，正好來體驗一下。

• 參考：
  • 建立高可用集羣：Creating Highly Available clusters with kubeadm
  • 獲取新的鏡像：Kubernetes 1.17.0 已發佈
  • 本地存儲提供者：Kubernetes的Local Path Provisioner
  • 獲取Kubeadm更新：kubernetes for china

建立集羣：

sudo kubeadm init --kubernetes-version=v1.17.0 \
--apiserver-advertise-address=192.168.199.173 \
--control-plane-endpoint=192.168.199.173:6443 \
--pod-network-cidr=10.244.0.0/16 \
--upload-certs

注意：

• 增長--control-plane-endpoint參數，是用於多Master的部署使用，必須加上。
• 使用多個Master節點的kubeadm init方法後，輸出有所不一樣。以下：

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join 192.168.199.173:6443 --token rlxvkn.2ine1loolri50tzt \
    --discovery-token-ca-cert-hash sha256:86e68de8febb844ab8f015f6af4526d78a980d9cdcf7863eebb05b17c24b9383 \
    --control-plane --certificate-key 440a880086e7e9cbbcebbd7924e6a9562d77ee8de7e0ec63511436f2467f7dde

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.199.173:6443 --token rlxvkn.2ine1loolri50tzt \
    --discovery-token-ca-cert-hash sha256:86e68de8febb844ab8f015f6af4526d78a980d9cdcf7863eebb05b17c24b9383

運行下面的命令，以使kubectl在當前用戶帳號下可用：

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

• 注意：
  • 上面帶--control-plane參數的命令用於部署一個新的Master節點。
  • 不帶--control-plane參數的命令用於部署worker節點。

增長Master節點：

kubeadm join 192.168.199.173:6443 --token rlxvkn.2ine1loolri50tzt \
    --discovery-token-ca-cert-hash sha256:86e68de8febb844ab8f015f6af4526d78a980d9cdcf7863eebb05b17c24b9383 \
    --control-plane --certificate-key 440a880086e7e9cbbcebbd7924e6a9562d77ee8de7e0ec63511436f2467f7dde

After Add master node:

sudo kubeadm init phase upload-certs --upload-certs
### Got:
# [upload-certs] Using certificate key:
# 2ffe5bbf7d2e670d5bcfb03dac194e2f21eb9715f2099c5f8574e4ba7679ff78

# Add certificate-key for Multi Master Node.
kubeadm token create --print-join-command --certificate-key 2ffe5bbf7d2e670d5bcfb03dac194e2f21eb9715f2099c5f8574e4ba7679ff78

增長Worker節點：

kubeadm join 192.168.199.173:6443 --token rlxvkn.2ine1loolri50tzt \
    --discovery-token-ca-cert-hash sha256:86e68de8febb844ab8f015f6af4526d78a980d9cdcf7863eebb05b17c24b9383

而後部署Network CNI驅動，以下：

docker pull quay.io/coreos/flannel:v0.11.0-amd64

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

查看一下節點狀態：

kubectl get node -o wide

將顯示節點列表，若是部署了多個Master，也將顯示多個節點的role爲master。

• 部署管理界面：Dashboard 2 on Kubernetes 1.17.0