K8S_VERSION=v1.12.1
ETCD_VERSION=3.2.24
DASHBOARD_VERSION=v1.8.3
FLANNEL_VERSION=v0.10.0-amd64
DNS_VERSION=1.2.2
PAUSE_VERSION=3.1

1. 環(huán)境配置

1.1關(guān)閉防火墻

systemctl stop firewalld
systemctl disable firewalld

1.2 關(guān)閉selinux

永久關(guān)閉：（推薦）

vim /etc/selinux/config

將SELINUX=enforcing 改為 SELINUX=disabled

reboot

1.3 關(guān)閉swap

swapoff -a # 臨時(shí)
vim /etc/fstab # 永久

1.4 添加主機(jī)名與IP對(duì)應(yīng)關(guān)系：

$ cat /etc/hosts
192.168.0.11 k8s-master
192.168.0.12 k8s-node1
192.168.0.13 k8s-node2

1.5 同步時(shí)間

• 已經(jīng)參照ubuntu下td-agent（fluentd）的安裝和配置配置過(guò)ntp服務(wù)的請(qǐng)忽略此步驟
• 否則，可以按照如下步驟簡(jiǎn)單安裝

yum install ntpdate -y
ntpdate ntp.api.bz

2. 安裝Docker

請(qǐng)參考Centos7下Docker的安裝

• 設(shè)置開(kāi)機(jī)自啟動(dòng)

systemctl enable docker 

3. 安裝kubeadm，kubelet和kubectl

kubeadm： 引導(dǎo)集群的命令
kubelet：集群中運(yùn)行任務(wù)的代理程序
kubectl：命令行管理工具

3.1 添加阿里云YUM軟件源

vim /etc/yum.repos.d/kubernetes.repo

內(nèi)容如下

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
       https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

3.2 安裝kubeadm，kubelet和kubectl

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet && systemctl start kubelet

4. 使用kubeadm創(chuàng)建單個(gè)Master集群

4.1 默認(rèn)下載鏡像地址在國(guó)外無(wú)法訪問(wèn)，先從準(zhǔn)備好所需鏡像

kubeadm.x86_64 0:1.12.1-0                          kubectl.x86_64 0:1.12.1-0                          kubelet.x86_64 0:1.12.1-0
vim k8s-run.sh

根據(jù)上面yum下載得到的對(duì)應(yīng)填寫(xiě)相應(yīng)的K8S_VERSION,內(nèi)容如下：

K8S_VERSION=v1.12.1
ETCD_VERSION=3.2.24
DASHBOARD_VERSION=v1.8.3
FLANNEL_VERSION=v0.10.0-amd64
DNS_VERSION=1.2.2
PAUSE_VERSION=3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:$K8S_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:$ETCD_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$DNS_VERSION
docker pull quay.io/coreos/flannel:$FLANNEL_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:$K8S_VERSION k8s.gcr.io/kube-apiserver:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:$K8S_VERSION k8s.gcr.io/kube-controller-manager:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:$K8S_VERSION k8s.gcr.io/kube-scheduler:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:$K8S_VERSION k8s.gcr.io/kube-proxy:$K8S_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:$ETCD_VERSION k8s.gcr.io/etcd:$ETCD_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION k8s.gcr.io/pause:$PAUSE_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$DNS_VERSION k8s.gcr.io/coredns:$DNS_VERSION

賦予可執(zhí)行權(quán)限并執(zhí)行

chmod u+x k8s-run.sh
./k8s-run.sh

4.2初始化Master(主節(jié)點(diǎn))

• apiserver-advertise-address是主節(jié)點(diǎn)IP地址

$ kubeadm init --kubernetes-version=1.12.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.16.1.215
...
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run (as a regular user):
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the addon options listed at:
http://kubernetes.io/docs/admin/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash
sha256:<hash>

• 注意保存上面生成的token那行，用于部署從節(jié)點(diǎn)
  單步執(zhí)行如下三條命令：

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

4.3 安裝Pod網(wǎng)絡(luò) - 插件(主節(jié)點(diǎn))

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

4.4 加入工作節(jié)點(diǎn)(從節(jié)點(diǎn))

在Node節(jié)點(diǎn)切換到root賬號(hào)：
格式：kubeadm join --token : --discovery-token-ca-cert-hash sha256:

kubeadm join 192.16.1.215:6443 --token 22s6kh.6zqaqpsil3vc57bt --discovery-token-ca-cert-hash sha256:3bcef78a33fbd55ebdb09f269707fb63acaf98aa6ea50b0ab14f9a2da831f85f

systemctl daemon-reload && systemctl restart kubelet

5. 安裝kubernetes dashboard

wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

• 修改鏡像地址：

registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboardamd64:v1.10.0

• 修改Service：

kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard

• 安裝：

kubectl apply -f kubernetes-dashboard.yaml

• 創(chuàng)建一個(gè)管理員角色文件內(nèi)容如下：

[root@weiyi-docker-master ~]# cat k8s-admin.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: dashboard-admin
subjects:
  - kind: ServiceAccount
    name: dashboard-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

kubectl apply -f k8s-admin.yaml

• 使用上述創(chuàng)建賬號(hào)的token登錄Kubernetes Dashboard：

kubectl get secret -n kube-system

找到dashboard-admin-token-*****,并執(zhí)行如下命令

kubectl describe secret dashboard-admin-token-????? -n kube-system

會(huì)生成一個(gè)登陸token，作為dashboard 的登陸令牌

• 查看dashboard所在的節(jié)點(diǎn)

kubectl get pods --all-namespaces -o wide

k8s 的dashboard 用chrome 和IE沒(méi)辦法打開(kāi)，用火狐瀏覽器就可以
根據(jù)這個(gè)https:IP:30001地址打開(kāi)，添加安全例外如圖所示

dashboard

k8s集群

獲取dashboard token執(zhí)行

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubernetes-dashboard-token|awk '{print $1}')|grep token:|awk '{print $2}'

6. 簡(jiǎn)單部署一個(gè)服務(wù)

利用Weave公司提供的服務(wù)來(lái)驗(yàn)證系統(tǒng)：

$ kubectl create namespace sock-shop
$ wget https://github.com/microservices-demo/microservices-demo/blob/master/deploy/kubernetes/complete-demo.yaml?raw=true
$ mv complete-demo.yaml?raw=true complete-demo.yaml
$ vim complete-demo.yaml

將30001改為其他其他未使用的端口號(hào)，例如改為30002

$ kubectl apply -n sock-shop -f complete-demo.yaml
$ kubectl describe svc front-end -n sock-shop
$ kubectl get pods -n sock-shop

部署例子

通過(guò)服務(wù)節(jié)點(diǎn)http://IP:30002即可看到服務(wù)的前端

訪問(wèn)服務(wù)

7. 清理已部署的集群

kubeadm會(huì)自動(dòng)檢查當(dāng)前環(huán)境是否有上次命令執(zhí)行的“殘留”。如果有，必須清理后再行執(zhí)行init。我們可以通過(guò)”kubeadm reset”來(lái)清理環(huán)境，以備重來(lái)。

$ kubeadm reset
[preflight] Running pre-flight checks
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Removing kubernetes-managed containers
[reset] Deleting contents of stateful directories: [/var/lib/kubelet /etc/cni/net.d /var/lib/etcd]
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf]
--------------------- 

8. 刪除節(jié)點(diǎn)

kubectl drain <node name> --delete-local-data --force --ignore-daemonsets
kubectl delete node <node name>

參考博客
10分鐘搭建Kubernetes容器集群平臺(tái)
Kubernetes文章專欄地址
用 kubeadm 部署 Kubernetes 集群
kubernetes集群?jiǎn)栴}排查