关于Kubernetes（简称K8s）v1.15.1安装与简单总结

安装

首先咱们简单的介绍一下Docker三个重要的概念：
docker-machine是解决docker运行环境问题；
dcoker-compose主要是解决本地docker容器编排问题；
docker-swarm是解决多主机多个容器调度部署得问题。
那么清楚了上面的概念，就容易给K8s定位了，简单来说K8s是开源的容器集群管理系统，与Docker Swarm组成目前主流的两大开源的容器集群管理系统，他们可以实现容器集群的自动化部署、自动扩缩容、维护等功能。它既是一款容器编排工具，也是全新的基于容器技术的分布式架构领先方案。而两者的区别就在于Swarm定位于简单的管理简单集群，K8s定位于大型关系复杂的集群。
安装参考，很完善的一篇安装文章：https://www.kubernetes.org.cn/5462.html

遇到的问题总结一下：
1、安装kubernetes-dashboard Web管理面板，Google Chrome、Microsoft Edge访问时可能会出现NET::ERR_CERT_INVALID ssl证书错误问题，如果你直接使用Mozilla Firefox访问是不会出现的，原因是由于物理机的浏览器证书不可用。我们可以生成一个私有证书或者使用公有证书，下面开始配置证书：

1、首先我们需要确认生成了Dashboard的认证Token

kubectl create serviceaccount  dashboard-admin -n kube-system
kubectl create clusterrolebinding  dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

2、查看kubernetes-dashboard 容器跑在哪台node节点上，这里可以看到kubernetes-dashboard跑在node2上

[root@master ~]# kubectl get pod -n kube-system -o wide
NAME                                    READY   STATUS    RESTARTS   AGE   IP              NODE     NOMINATED NODE   READINESS GATES
coredns-bccdc95cf-9vhbr                 1/1     Running   0          19h   10.244.0.2      master              
coredns-bccdc95cf-tcrnv                 1/1     Running   0          19h   10.244.0.3      master              
etcd-master                             1/1     Running   0          19h   192.168.1.58    master              
kube-apiserver-master                   1/1     Running   0          19h   192.168.1.58    master              
kube-controller-manager-master          1/1     Running   0          19h   192.168.1.58    master              
kube-flannel-ds-amd64-4kxc9             1/1     Running   0          19h   192.168.1.24    node2               
kube-flannel-ds-amd64-6k6lh             1/1     Running   0          19h   192.168.1.177   node1               
kube-flannel-ds-amd64-78l7h             1/1     Running   0          19h   192.168.1.58    master              
kube-proxy-7nbgx                        1/1     Running   0          19h   192.168.1.58    master              
kube-proxy-gr8fz                        1/1     Running   0          19h   192.168.1.177   node1               
kube-proxy-mhmhq                        1/1     Running   0          19h   192.168.1.24    node2               
kube-scheduler-master                   1/1     Running   0          19h   192.168.1.58    master              
kubernetes-dashboard-59b5cb5c6b-hdr2h   1/1     Running   0          19h   10.244.2.2      node2               

3、在node2节点上查看kubernetes-dashboard容器ID

[root@node2 ~]# docker ps | grep dashboard
c5d9d164d6ba        loveone/kubernetes-dashboard-amd64                   "/dashboard --insecu…"   20 hours ago        Up 17 hours                             k8s_kubernetes-dashboard_kubernetes-dashboard-59b5cb5c6b-hdr2h_kube-system_b9e549c7-b2b0-4f9c-b92a-2c27570f932e_0
0d5848014352        registry.aliyuncs.com/google_containers/pause:3.1    "/pause"                 20 hours ago        Up 20 hours                             k8s_POD_kubernetes-dashboard-59b5cb5c6b-hdr2h_kube-system_b9e549c7-b2b0-4f9c-b92a-2c27570f932e_0

4、查看kubernetes-dashboard容器certs所挂载的宿主主机目录，这里我省略部分不需要的信息

[root@node2 ~]# docker inspect  c5d9d164d6ba
[
        "Mounts": [
            {
                "Type": "bind",
                "Source": "/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/volumes/kubernetes.io~secret/kubernetes-dashboard-certs",
                "Destination": "/certs",
                "Mode": "ro,Z",
                "RW": false,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Source": "/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/volumes/kubernetes.io~empty-dir/tmp-volume",
                "Destination": "/tmp",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Source": "/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/volumes/kubernetes.io~secret/kubernetes-dashboard-token-h6gpv",
                "Destination": "/var/run/secrets/kubernetes.io/serviceaccount",
                "Mode": "ro,Z",
                "RW": false,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Source": "/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/etc-hosts",
                "Destination": "/etc/hosts",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            },
            {
                "Type": "bind",
                "Source": "/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/containers/kubernetes-dashboard/e8836662",
                "Destination": "/dev/termination-log",
                "Mode": "Z",
                "RW": true,
                "Propagation": "rprivate"
            }
        ]
]

5、这里以私有证书配置，生成dashboard证书，信息随意填写即可

openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key

openssl req -new -key dashboard.key -out dashboard.csr
##生成证书申请文件 opensslreq-new -key /etc/httpd/ssl/httpd.key -days 365 -out /etc/httpd/ssl/httpd.csr
        [root@Compro private]# openssl req -new -key httpd.key -days 365 -out httpd.csr
        Country Name (2 letter code) [XX]:CN                  国家
        State or Province Name (full name) []:beijing       城市
        Locality Name (eg, city) [Default City]:haidian     地区
        Organization Name (eg, company) [Default Company Ltd]:xiaomag.com  公司
        Organizational Unit Name (eg, section) []:FBI      部门
        Common Name (eg, your name or your server's hostname) []:www.xiaomag.com  指定给谁用
        Email Address []:[email protected]           邮箱
        
openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt

6、将生成的dashboard.crt和dashboard.key放到certs对应的宿主主机的souce目录

scp dashboard.crt dashboard.key 192.168.1.58:/var/lib/kubelet/pods/b9e549c7-b2b0-4f9c-b92a-2c27570f932e/volumes/kubernetes.io~secret/kubernetes-dashboard-certs

7、重启kubernetes-dashboard容器，选择Token选项填入之前生成好的Token即可

docker restart c5d9d164d6ba

这时候可能会发现是英文界面，这是因为dashboard将以您在Chrome中配置的首选语言显示，这时我们需要改变浏览器所配置的语言顺序后刷新网页。