使用kubeadm安装Kubernetes 1.12

1. 系统配置

• 准备三台机器

cat /etc/hosts

master 172.16.0.5
node1 172.16.0.6
node1 172.16.0.4

在三台机器上同样操作

• 在各个节点禁用防火墙

systemctl stop firewalld
systemctl disable firewalld

• 操作iptables

vi /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

• 禁用SELINUX：

setenforce 0

vi /etc/selinux/config
SELINUX=disabled

modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf

• 禁用 Swap

Swapoff -a

2. 在master上安装docker，kubectl

• 使用阿里云的镜像

vim /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
enabled=1

• 导入key

wget https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
rpm --import rpm-package-key.gpg

• 安装 docker kubelet kubeadm kubectl

yum install docker-ce-18.03.1.ce-1.el7.centos kubelet kubeadm kubectl

• 给dockder设置阿里云的加速器， 这里也可以选用其他的加速器，感觉阿里云非常快
• 设置docker代理和非代理

vim /usr/lib/systemd/system/docker.service,在[Service]下添加

[Service]
Environment="NO_PROXY=127.0.0.0/8,106.12.206.63/12"

• 设置开机自启动

systemctl start docker
systemctl start docker kubectl

3. 提前下载k8s需要的docker镜像

vim pull_kube_images.sh

#!/bin/bash
images=(k8s-gcr-io-kube-apiserver:12.2.0 kube-controller-manager:12.2.0 kube-scheduler:12.2.0 kube-proxy:1.12.0 etcd:3.2.24 coredns:1.2.2 pause:3.1)

for imageName in ${images[@]};do
    docker pull mrright/$imageName
done

# kubeadm init --kubernetes-version=v1.12.2 --pod-network-cidr=10.244.0.0/16 service- cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
# [使用kubeadm安装Kubernetes 1.12](https://www.kubernetes.org.cn/4619.html)

docker pull jmgao1983/flannel:v0.10.0-amd64

docker tag jmgao1983/flannel:v0.10.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64
docker tag mrright/k8s-gcr-io-kube-apiserver:12.2.0 k8s.gcr.io/k8s-gcr-io-kube-apiserver:v1.12.0
docker tag mrright/kube-controller-manager:12.2.0 k8s.gcr.io/kube-controller-manager:v1.12.0
docker tag mrright/kube-scheduler:12.2.0 k8s.gcr.io/kube-scheduler:v1.12.0
docker tag mrright/kube-proxy:1.12.0 k8s.gcr.io/kube-proxy:v1.12.0
docker tag mrright/coredns:1.2.2 k8s.gcr.io/coredns:1.2.2
docker tag mrright/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mrright/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24

执行 pull_kube_images.sh。 执行

sh pull_kube_images.sh

4.初始化master节点

kubeadm init   --kubernetes-version=v1.12.0   --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap

一定要记录下安装成功的日志

[root@instance-ayp8yd7t ~]# kubeadm init   --kubernetes-version=v1.12.0   --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
[init] using Kubernetes version: v1.12.0
[preflight] running pre-flight checks
    [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 18.03.1-ce. Latest validated version: 18.06
[preflight/images] Pulling images required for setting up a Kubernetes cluster
[preflight/images] This might take a minute or two, depending on the speed of your internet connection
[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[preflight] Activating the kubelet service
[certificates] Generated ca certificate and key.
[certificates] Generated apiserver certificate and key.
[certificates] apiserver serving cert is signed for DNS names [instance-ayp8yd7t kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.16.0.5]
[certificates] Generated apiserver-kubelet-client certificate and key.
[certificates] Generated front-proxy-ca certificate and key.
[certificates] Generated front-proxy-client certificate and key.
[certificates] Generated etcd/ca certificate and key.
[certificates] Generated etcd/healthcheck-client certificate and key.
[certificates] Generated etcd/server certificate and key.
[certificates] etcd/server serving cert is signed for DNS names [instance-ayp8yd7t localhost] and IPs [127.0.0.1 ::1]
[certificates] Generated etcd/peer certificate and key.
[certificates] etcd/peer serving cert is signed for DNS names [instance-ayp8yd7t localhost] and IPs [172.16.0.5 127.0.0.1 ::1]
[certificates] Generated apiserver-etcd-client certificate and key.
[certificates] valid certificates and keys now exist in "/etc/kubernetes/pki"
[certificates] Generated sa key and public key.
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
[controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
[controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
[init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests"
[init] this might take a minute or longer if the control plane images have to be pulled
[apiclient] All control plane components are healthy after 23.002799 seconds
[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.12" in namespace kube-system with the configuration for the kubelets in the cluster
[markmaster] Marking the node instance-ayp8yd7t as master by adding the label "node-role.kubernetes.io/master=''"
[markmaster] Marking the node instance-ayp8yd7t as master by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "instance-ayp8yd7t" as an annotation
[bootstraptoken] using token: t1gns8.718fr2w4v63qirkx
[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join 172.16.0.5:6443 --token t1gns8.718fr2w4v63qirkx --discovery-token-ca-cert-hash sha256:485ad8654b8b6933b845df60d4d1315ecc060dffb0e1e2d61c9bef11c843ca0f

• 按照提示继续完成以下

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

到这里mster节点就部署完成了, 后面将node加入集群

• 在master上依次执行

scp /usr/lib/systemd/system/docker.service node1:/usr/lib/systemd/system/docker.service
scp /etc/sysconfig/kubelet node1:/etc/sysconfig/
scp /etc/docker/daemon.json node1:/etc/docker/daemon.json

scp pull_kube_images.sh node1:/root/
scp rpm-package-key.gpg node1:/root/


scp /usr/lib/systemd/system/docker.service node2:/usr/lib/systemd/system/docker.service
scp /etc/sysconfig/kubelet node2:/etc/sysconfig/
scp /etc/docker/daemon.json node2:/etc/docker/daemon.json

scp pull_kube_images.sh node2:/root/
scp rpm-package-key.gpg node2:/root/

在node1，node2上

• 导入key

rpm --import rpm-package-key.gpg

• 安装 docker kubelet kubeadm kubectl

yum install docker-ce-18.03.1.ce-1.el7.centos kubelet kubeadm kubectl

• 给dockder设置阿里云的加速器

systemctl start docker
systemctl enable docker kubelet

• 下载镜像

sh pull_kube_images.sh

• 加入集群

就是在maste初始化好时记录的最后的日志，复制出来执行一下

kubeadm join 172.16.0.5:6443 --token t1gns8.718fr2w4v63qirkx --discovery-token-ca-cert-hash sha256:485ad8654b8b6933b845df60d4d1315ecc060dffb0e1e2d61c9bef11c843ca0f

ok，集群搭建成功 ，使用kubectl get nodes 查看集群节点状况