K8S 1.13.4安裝部署

kubeadm是K8S官方提供的集羣部署工具。kubeadm將master節點上的apiserver、scheduler、controller-manager、etcd和node節點上的kube-proxy都部署爲Pod運行，因此master和node都須要安裝kubelet和docker。

一、前期準備
主機準備：
k8s1 master 192.168.4.35 CentOS7.6 4C8G
k8s2 node1 192.168.4.36 CentOS7.6 4C8G
k8s3 node2 192.168.4.37 CentOS7.6 4C8G

修改hosts文件，添加host：

vi /etc/hosts

192.168.4.35  k8s1
192.168.4.36  k8s1
192.168.4.37  k8s1

關閉防火牆：
Systemctl disable firewalld && systemctl stop firewalld

命令補全：

yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc

二、 環境準備：

設置kubernetes的yum源

vi /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

設置docker的yum源

wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
cp docker-ce.repo /etc/yum.repos.d/

安裝docker和kubeadmin kubectl kubelet
yum install -y kubelet kubeadm kubectl docker-ce

設置開機啓動並啓動服務
systemctl enable kubelet docker
systemctl start kubelet docker
查看該版本的容器鏡像版本：
kubeadm config images list
輸出以下：

~# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.13.4
k8s.gcr.io/kube-controller-manager:v1.13.4
k8s.gcr.io/kube-scheduler:v1.13.4
k8s.gcr.io/kube-proxy:v1.13.4
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.2.24
k8s.gcr.io/coredns:1.2.6

三、拉取容器鏡像

原始的kubernetes鏡像文件在gcr上，不能直接下載。下面是阿里雲上的資源，全部主機上都執行一下。參考https://www.520mwx.com/view/37277

echo ""
echo "=========================================================="
echo "Pull Kubernetes v1.13.4 Images from aliyuncs.com ......"
echo "=========================================================="
echo ""
MY_REGISTRY=registry.cn-hangzhou.aliyuncs.com/openthings
## 拉取鏡像
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-etcd:3.2.24
docker pull ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
docker pull ${MY_REGISTRY}/k8s-gcr-io-coredns:1.2.6
## 添加Tag
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.13.4 k8s.gcr.io/kube-apiserver:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.13.4 k8s.gcr.io/kube-scheduler:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.13.4 k8s.gcr.io/kube-controller-manager:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.13.4 k8s.gcr.io/kube-proxy:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag ${MY_REGISTRY}/k8s-gcr-io-pause:3.1 k8s.gcr.io/pause:3.1
docker tag ${MY_REGISTRY}/k8s-gcr-io-coredns:1.2.6 k8s.gcr.io/coredns:1.2.6
##刪除鏡像
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.13.4
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.13.4
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.13.4
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.13.4
docker rmi ${MY_REGISTRY}/k8s-gcr-io-etcd:3.2.24
docker rmi ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
docker rmi ${MY_REGISTRY}/k8s-gcr-io-coredns:1.2.6

echo ""
echo "=========================================================="
echo "Pull Kubernetes v1.13.4 Images FINISHED."
echo "into registry.cn-hangzhou.aliyuncs.com/openthings, "
echo "=========================================================="
echo ""

保存爲shell腳本，而後執行。

四、安裝Kubernetes集羣

初始化
#指定IP地址，1.13.4版本：
kubeadm init --kubernetes-version=v1.13.4 --pod-network-cidr=10.244.0.0/16
#注意，CoreDNS已經內置，再也不須要參數--feature-gates CoreDNS=true
若是失敗能夠執行 kubeadm reset進行重置再執行上面的命令。

完成後會顯示以下信息：

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

kubeadm join 192.168.4.35:6443 --token b99a00.a144ef80536d4344 --discovery-token-ca-cert-hash sha256:f79b68fb698c92b9336474eb3bf184e847f967dc58a6296911892662b98b1315

而後，配置當前用戶環境：

mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

若是不執行這一步，會提示x509錯誤

node節點註冊到master（node節點執行）：
kubeadm join 192.168.4.35:6443 --token b99a00.a144ef80536d4344 --discovery-token-ca-cert-hash sha256:f79b68fb698c92b9336474eb3bf184e847f967dc58a6296911892662b98b1315

在master節點查看節點信息，能夠看到node1和node2已經加入集羣了：
kubectl get nodes
因爲缺乏flannel組件，因此status都顯示NotReady。

安裝flannel組件

docker pull registry.cn-hangzhou.aliyuncs.com/gaven_k8s/flannel:v0.11.0-amd64
docker tag registry.cn-hangzhou.aliyuncs.com/gaven_k8s/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64
docker rmi registry.cn-hangzhou.aliyuncs.com/gaven_k8s/flannel:v0.11.0-amd64
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

就可使用 kubectl version 來查看狀態和 kubectl cluster-info 查看服務地址。

在master上檢查羣集的狀態
kubectl get nodes -o wide
查看status是否都是ready
在master上檢查容器的運行情況
kubectl get pods --all-namespaces -o wide
查看status是否都是running
若是發現有容器狀態不是running，可使用下面命令查看events：
kubectl describe pod kube-flannel-ds-amd64-XXXXX -n kube-system

五、節點查看
每一個工做節點須要拉取上面對應版本的鏡像，以及安裝kubelet的對應版本。
檢查版本：
~$ kubectl version

六、安裝dashboard 圖形化管理平臺。

部署dashboard應用資源

docker pull mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
docker tag mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
docker rmi mirrorgooglecontainers/kubernetes-dashboard-amd64:v1.10.1
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

修改成NodePort類型的service，讓集羣外部也能夠訪問dashboard：

kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system

使用token認證進行登錄

kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding cluster-dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl get secrets -n kube-system
kubectl describe secret dashboard-admin-token-rb2xh -n kube-system

dashboard-admin-token-xxxxx 安裝的設備不同，xxxxx也不同，-n kube-system是指定空間，若是沒有加上會提示錯誤。而後複製token值進行登錄便可。