ubuntu18.04 kubeadm 安装kubernetes v1.18.3

机器：Ubuntu 18.04.2 LTS

关闭swap

先关闭swap!，不关也可以，安装kubernetes初始时会有提示关闭swap .

sudo swapoff -a
free -h
              total        used        free      shared  buff/cache   available
Mem:           7.8G        1.8G        2.6G         11M        3.5G        5.9G
Swap:            0B          0B          0B

安装kubeadm

利用Kubernets国内镜像进行安装kubelet、kubeadm、kubectl：
配置aliyun镜像加速，参考docker镜像加速

可以直接如下：

$ sudo apt update && sudo apt install -y apt-transport-https
$ curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -

或是创建 /etc/apt/sources.list.d/kubernetes.list文件加入deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main

root@iZwz9:~# cat /etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main

运行

sudo apt update
sudo apt install -y kubelet kubeadm kubectl

查看版本

root@iZwz9:~# kubelet --version
Kubernetes v1.18.3

其他镜像安装

root@iZwz9:~# kubeadm config images list
W0527 16:00:08.494089   28000 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
k8s.gcr.io/kube-apiserver:v1.18.3
k8s.gcr.io/kube-controller-manager:v1.18.3
k8s.gcr.io/kube-scheduler:v1.18.3
k8s.gcr.io/kube-proxy:v1.18.3
k8s.gcr.io/pause:3.2
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.7

新建脚本从hub镜像仓库拉取镜像，脚本内容如下

images=(  # 下面的镜像应该去除"k8s.gcr.io/"的前缀
    kube-apiserver:v1.18.3
    kube-controller-manager:v1.18.3
    kube-scheduler:v1.18.3
    kube-proxy:v1.18.3
    pause:3.2
    etcd:3.4.3-0
    coredns:1.6.7
)

for imageName in ${images[@]} ; do
    docker pull mirrorgcrio/$imageName
    docker tag mirrorgcrio/$imageName k8s.gcr.io/$imageName
    docker rmi mirrorgcrio/$imageName
done  

或是直接运行如下手动拉取

docker pull mirrorgcrio/kube-apiserver:v1.18.3
docker pull mirrorgcrio/kube-controller-manager:v1.18.3
docker pull mirrorgcrio/kube-scheduler:v1.18.3
docker pull mirrorgcrio/kube-proxy:v1.18.3
docker pull mirrorgcrio/pause:3.2
docker pull mirrorgcrio/etcd:3.4.3-0
docker pull mirrorgcrio/coredns:1.6.7


docker tag mirrorgcrio/kube-apiserver:v1.18.3 k8s.gcr.io/kube-apiserver:v1.18.3
docker tag mirrorgcrio/kube-controller-manager:v1.18.3 k8s.gcr.io/kube-controller-manager:v1.18.3
docker tag mirrorgcrio/kube-scheduler:v1.18.3 k8s.gcr.io/kube-scheduler:v1.18.3
docker tag mirrorgcrio/kube-proxy:v1.18.3 k8s.gcr.io/kube-proxy:v1.18.3
docker tag mirrorgcrio/pause:3.2 k8s.gcr.io/pause:3.2
docker tag mirrorgcrio/etcd:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0
docker tag mirrorgcrio/coredns:1.6.7 k8s.gcr.io/coredns:1.6.7


docker image rm mirrorgcrio/kube-apiserver:v1.18.3
docker image rm mirrorgcrio/kube-controller-manager:v1.18.3
docker image rm mirrorgcrio/kube-scheduler:v1.18.3
docker image rm mirrorgcrio/kube-proxy:v1.18.3
docker image rm mirrorgcrio/pause:3.2
docker image rm mirrorgcrio/etcd:3.4.3-0
docker image rm mirrorgcrio/coredns:1.6.7

镜像拉取之后，执行kubeadm init，需要指明pod网络可以使用的IP地址段，即‘--pod-network-cidr’，如果安装flannel，参数为--pod-network-cidr=10.244.0.0/16，安装calico，参数为‘--pod-network-cidr=192.168.0.0/16’

我用的是calico网络所用用的是后面的

root@iZwz99w6o2tqabl1qt0pcsZ:~# sudo kubeadm init  --pod-network-cidr=192.168.0.0/16
W0527 09:08:38.957909   20937 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.18.3

[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

看到successfully，恭喜你成功一半了！

如果初始化错了执行如下，彻底清除 。因为有的初始化文件清不掉，再次init会报错

kubeadm reset
rm -rf $HOME/.kube /etc/kubernetes
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
ifconfig cni0 down
ip link delete cni0
ifconfig flannel.1 down
ip link delete flannel.1
rm -rf /var/lib/cni/

按照提示设置普通账户权限

 $ mkdir -p $HOME/.kube
 $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 $ sudo chown $(id -u):$(id -g) $HOME/.kube/config

查看安装情况

root@iZwz9:~# kubectl get pods --all-namespaces
NAMESPACE     NAME                                              READY   STATUS              RESTARTS   AGE
kube-system   coredns-66bff467f8-9s565                          0/1     ContainerCreating   0          31s
kube-system   coredns-66bff467f8-rfz2v                          0/1     ContainerCreating   0          31s
kube-system   etcd-izwz99w6o2tqabl1qt0pcsz                      1/1     Running             0          40s
kube-system   kube-apiserver-izwz99w6o2tqabl1qt0pcsz            1/1     Running             0          40s
kube-system   kube-controller-manager-izwz99w6o2tqabl1qt0pcsz   1/1     Running             0          40s
kube-system   kube-proxy-mtc4f                                  1/1     Running             0          32s
kube-system   kube-scheduler-izwz99w6o2tqabl1qt0pcsz            1/1     Running             0          40s

发现所有的coredns pod不是Running状态，我们还需要安装Pod Network插件， kubeadm only supports Container Network Interface (CNI) based networks (and does not support kubenet).
这里使用calico网络

root@iZwz9:~# kubectl apply -f https://docs.projectcalico.org/v3.10/manifests/calico.yaml
root@iZwz9:~# kubectl get pods --all-namespaces
NAMESPACE     NAME                                              READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-dc4469c7f-bf46j           1/1     Running   0          18s
kube-system   calico-node-w54kq                                 1/1     Running   0          18s
kube-system   coredns-66bff467f8-9s565                          1/1     Running   0          86s
kube-system   coredns-66bff467f8-rfz2v                          0/1     Running   0          86s
kube-system   etcd-izwz99w6o2tqabl1qt0pcsz                      1/1     Running   0          95s
kube-system   kube-apiserver-izwz99w6o2tqabl1qt0pcsz            1/1     Running   0          95s
kube-system   kube-controller-manager-izwz99w6o2tqabl1qt0pcsz   1/1     Running   0          95s
kube-system   kube-proxy-mtc4f                                  1/1     Running   0          87s
kube-system   kube-scheduler-izwz99w6o2tqabl1qt0pcsz            1/1     Running   0          95s

所有的pod状态都变为Running
设置master节点也可以运行pod

root@iZwz9:~# kubectl taint nodes --all node-role.kubernetes.io/master-
node/izwz9 untainted

到此已kubernate已安装完成！

部署Dashboard UI （v2.0.1）

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml
kubectl apply -f recommended.yaml

部署好后需要增加访问权限可参考官网：https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

root@iZwz9:~# cat admin-user.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
root@iZwz9:~# kubectl apply -f admin-user.yaml 
serviceaccount/admin-user created

Creating a ClusterRoleBinding

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

获取token 

root@iZwz9:~# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-dzwb8
Namespace:    kubernetes-dashboard
Labels:       
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: 76ba5ba7-f243-4fbc-a8b0-c37b8d8f3b45

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ii1jc3dyWFNTYzJUZTJXUDBYMjR1Z1dSY2NXU1U2QnF5aUFPSU9CVEVTUkUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWR6d2I4Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3NmJhNWJhNy1mMjQzLTRmYmMtYThiMC1jMzdiOGQ4ZjNiNDUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.V96IXZTrJMD7UTmP1y1y0RGLlOeYRXyODb_Ass_Q31JFhHEgGXroK_U4DGWhi3W7QHxSkvn984EhbkR4F-oK2KwztdB17HW37ylJC-UygowY-46BSFYWweDWIPT8JiLzqY01MLcHyczyK1t5ay3QI_yduKXoPFO2JQAJ72p1Bpw15X5gaaRZU1pMcC6hCOkjXULWG8KID_1dJPi7unNiyIu34ufnTsqneXGGMCz-znY7r8pwu4sfnLhf-x0EtEk4kIRdAcq5lfWoFBuZV_3WgfvBirAuYHDCeXYaGWgE_xAakYcCZuuPD0dZAnyBAJEPM5_44zwNY4hz67dbTez4fw

执行

kubectl proxy

就可以本机访问！（这种方式只能本机访问）

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

想要远程访问可参考Dashboard git 网站https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md#login-not-available

以nodeport类型

如下将type: ClusterIP 改成type: NodePort

$ kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
root@iZwz9:~# kubectl -n kubernetes-dashboard get service kubernetes-dashboard
NAME                   TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.102.90.61           443:31242/TCP   24m

访问为：https://:31707

我的在120.xx.xx.130（外网）所以访问地址是：https://120.xx.xx.130:31242