kubeadm安装使用k8s1.13版本

安装环境

操作系统：centos7(内存2G+，2核CPU+)
系统可以联网

准备环境

关闭防火墙，不然后期的apiserver的restful通信会refused
1
systemctl stop firewalld && systemctl disable firewalld

关闭selinux

1	sed -i 's/enforcing/disabled/' /etc/selinux/config

关闭swap，不然后面init master时会提示这个错误
1
swapoff -a

添加主机名与IP对应关系

vi /etc/hosts
内容为：
192.168.110.155 master
192.168.110.156 node01

同步时间

1
2
3

先查看一下集群时间是否同步，在每台服务器上执行：date，看返回结果，若不一致执行一下命令：
yum install ntpdate -y
ntpdate ntp.api.bz

安装docker和kubeadm kubectl kubelet

设置docker的yum源

1 2	cd /etc/yum.repos.d/ wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

设置kubernetes的yum源

vi /etc/yum.repos.d/kubernetes.repo
输入以下内容：
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

执行安装

1	yum install -y kubelet kubeadm kubectl docker-ce

设置开机启动并启动服务

1 2	systemctl enable kubelet docker systemctl start kubelet docker

注以上操作，需要每台服务器都执行，以下操作，如无说明则都是在master上操作

初始化Master

由于上面安装kubeadm时安装的是最新版，所以我们最好查看该版本所需对应的容器镜像版本，这样我们可以拉取对应的镜像

kubeadm config images list
输出如下：
k8s.gcr.io/kube-apiserver:v1.13.4
k8s.gcr.io/kube-controller-manager:v1.13.4
k8s.gcr.io/kube-scheduler:v1.13.4
k8s.gcr.io/kube-proxy:v1.13.4
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.2.24
k8s.gcr.io/coredns:1.2.6 
由此我们可知：当前k8s版本为1.13.4

拉取容器镜像：

由于原始k8s.gcr.io无法拉取镜像（某种不可描述的原因），我们从阿里云上拉取，我们新建一个k8s.sh文件，写入以下内容：

echo "start pull image"
MY_REGISTRY=registry.cn-hangzhou.aliyuncs.com/openthings
## 拉取镜像
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.13.4
docker pull ${MY_REGISTRY}/k8s-gcr-io-etcd:3.2.24
docker pull ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
docker pull ${MY_REGISTRY}/k8s-gcr-io-coredns:1.2.6
## 添加Tag
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.13.4 k8s.gcr.io/kube-apiserver:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.13.4 k8s.gcr.io/kube-scheduler:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.13.4 k8s.gcr.io/kube-controller-manager:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.13.4 k8s.gcr.io/kube-proxy:v1.13.4
docker tag ${MY_REGISTRY}/k8s-gcr-io-etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag ${MY_REGISTRY}/k8s-gcr-io-pause:3.1 k8s.gcr.io/pause:3.1
docker tag ${MY_REGISTRY}/k8s-gcr-io-coredns:1.2.6 k8s.gcr.io/coredns:1.2.6
##删除镜像
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.13.4
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.13.4
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.13.4
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.13.4
docker rmi ${MY_REGISTRY}/k8s-gcr-io-etcd:3.2.24
docker rmi ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
docker rmi ${MY_REGISTRY}/k8s-gcr-io-coredns:1.2.6
echo "success"

执行脚本：

1	bash k8s.sh

开始初始化master

1	kubeadm init --kubernetes-version=v1.13.4 --pod-network-cidr=10.244.0.0/16

观看输出内容，可以看到在/etc/kubernets文件夹下生成很多加密文件，完成后会显示如下信息：

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

kubeadm join 192.168.110.155:6443 --token b99a00.a144ef80536d4344 --discovery-token-ca-cert-hash sha256:f79b68fb698c92b9336474eb3bf184e847f967dc58a6296911892662b98b1315

然后，执行：

1
2
3

mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装pod网络插件（flannel）

1	kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.11.0/Documentation/kube-flannel.yml

我们到node节点，如果telnet masterip 6443通的话，我们执行：(kubeadm join 都在上面输出了，一定要使用自己的)

1	kubeadm join 192.168.110.155:6443 --token b99a00.a144ef80536d4344 --discovery-token-ca-cert-hash sha256:f79b68fb698c92b9336474eb3bf184e847f967dc58a6296911892662b98b1315

我们执行以下命令，若所有服务都是running，则安装成功
1
kubectl get pods --all-namespaces -o wide

配置k8s的dashboard

获取dashboard的yml文件

1	wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

获取前请先在浏览器看看是否能打开这个链接，如果打不开那我们自己新建一个kubernetes-dashboard.yml，写入以下内容：

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque

---
# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system

---
# ------------------- Dashboard Role & Role Binding ------------------- #

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
rules:
  # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create"]
  # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["create"]
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  verbs: ["get", "update", "delete"]
  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["kubernetes-dashboard-settings"]
  verbs: ["get", "update"]
  # Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
  resources: ["services"]
  resourceNames: ["heapster"]
  verbs: ["proxy"]
- apiGroups: [""]
  resources: ["services/proxy"]
  resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
  verbs: ["get"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: kubernetes-dashboard-minimal
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard-minimal
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system

---
# ------------------- Dashboard Deployment ------------------- #

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
      - name: kubernetes-dashboard
        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          - --auto-generate-certificates
          # Uncomment the following line to manually specify Kubernetes API server Host
          # If not specified, Dashboard will attempt to auto discover the API server and connect
          # to it. Uncomment only if the default does not work.
          # - --apiserver-host=http://my-address:port
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
          # Create on-disk volume to store exec logs
        - mountPath: /tmp
          name: tmp-volume
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule

---
# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard

修改第一步的文件内容：

找到image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1，替换成：

1	image: registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1

找到文件最后的Dashboard Service下面的配置删除掉，替换为：

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard

运行这个文件：

1	kubectl apply -f kubernetes-dashboard.yaml

此时我们执行：kubectl get pods -n kube-system，应该看到会多一个kubernetes-dashboard-xxxxxxx的status为running。(kube-system为k8s默认的命名空间)

接下来，我们创建一个管理员角色，用来登录dashboard页面，新建k8s-admin.yaml文件，写入以下内容：

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

执行刚建的文件：
1
kubectl apply -f k8s-admin.yaml
然后我们执行以下命令，找到NAME为：dashboard-admin-token-xxxx后复制它：
1
kubectl get secret -n kube-system

最后我们执行以下命令来获取token：

1 2	kubectl describe secret dashboard-admin-token-wkpxk -n kube-system 改命令会打印出生成的token，请复制这个token

打开火狐浏览器（我用谷歌浏览器，打开后会提示该链接为私密链接，可恶的是点击高级，没有继续前往的选项），输入：https://192.168.110.155:30001，提示不安全，我们点击高级，再点击添加例外，即可访问。然后我们选择令牌按钮，输入刚刚复制的token，点击登录即可。

至此，我们已经成功的完成安装与仪表板页面的使用了。

其它操作教程，请移步：https://xiekun.top/k8s%E5%9F%BA%E7%A1%80%E6%95%99%E7%A8%8B.html#more