使用kubeadm手动安装Kubernetes(附带Dashboard)

一、环境准备

此处说明：由于初衷是为搭建kubernetes之后再深入学习各组件，所以没有采用高可用集群的方式。

在VMware workstations或者virtualbox上新建两台vm，过程省略，信息如下：

主机IP	主机名	配置	系统及版本
192.168.56.101	k8s-master	2C2G	CentOS 7.5
192.168.56.102	k8s-node01	2C2G	CentOS 7.5

二、初始化（master和node节点）

1.修改主机名：

echo k8s-master > /etc/hostname
hostname k8s-master
echo k8s-node01 > /etc/hostname
hostname k8s-node01

2.互相解析：

cat >> /etc/hosts << EOF
192.168.56.101  k8s-master
192.168.56.102  k8s-node01
EOF

3.关闭firewalld和selinux服务并禁止自启动：

systemctl stop firewalld && systemctl disable firewalld
yum -y install wget vim net-tools ntpdate
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
查看是否生效：
getenforce

systemctl stop NetworkManager
systemctl disable NetworkManager

4.时间同步：

ntpdate ntp.api.bz

5.关闭交换分区：

swapoff -a

验证：
free -m

注释swap那行
vim /etc/fstab 
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=1a8d8bb7-ec38-4eb5-aa30-82fdaa372cb8 /boot                   xfs     defaults        0 0
#/dev/mapper/centos-swap swap                    swap    defaults        0 0

6.修改内核参数

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system

二、搭建kubernetes(master+node节点)

1.配置阿里yum源

配置阿里docker源：
cat >> /etc/yum.repos.d/docker.repo <<EOF
[docker-repo]
name=Docker Repository
baseurl=http://mirrors.aliyun.com/docker-engine/yum/repo/main/centos/7
enabled=1
gpgcheck=0
EOF

配置阿里kubernetes源：
cat >> /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF

可以清理yum缓存并重制：
yum clean all && yum makecache

2.安装kubeadm并相关工具

yum install -y docker --disableexcludes=docker-repo
systemctl enable docker && systemctl start docker

检查docker服务是否正常开启：
systemctl status docker

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet && systemctl start kubelet

检查kubelet服务是否正常开启(正常情况下是没有启动的)：
systemctl status kubelet

3.初始化kubeadm集群环(master节点上执行)

获取真实版本：
kubectl version

kubeadm init --image-repository=registry.aliyuncs.com/google_containers --service-cidr=10.1.0.0/16 
--pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.18.0

注意：--kubernetes-version 使用机器上安装的真实版本


安装完成后记录一下，总之看到successfully表示ok了

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.0.2.11:6443 --token 2y8c3v.97pxftrwzva9kui1 
    --discovery-token-ca-cert-hash sha256:5bd046ec3aa9c04b5f73cdcf4ca5b6e6e76e7c5a2de9306755159ff95ee87961


配置kube的环境变量：
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config


获取节点状态
kubectl get nodes
AME         STATUS     ROLES    AGE    VERSION
k8s-master   NotReady   master   110m   v1.18.0
#状态是Notready，在等待网络的加入


kubectl get pod -n kube-system      #看到有2个pod处于pending
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-7ff77c879f-5rtkq             0/1     Pending   0          110m
coredns-7ff77c879f-p8xls             0/1     Pending   0          110m
etcd-k8s-master                      1/1     Running   0          111m
kube-apiserver-k8s-master            1/1     Running   0          111m
kube-controller-manager-k8s-master   1/1     Running   0          111m
kube-proxy-zblcv                     1/1     Running   0          110m
kube-scheduler-k8s-master            1/1     Running   0          111m

4.在master节点安装flannel网络

网络能翻墙：
kubectl apply -f https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml

反之则：
wget https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml

执行成功：
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created


kubectl get pod -n kube-system
#看到所有的pod都处于running状态，可能因为机器配置不同，有快有慢。
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-7ff77c879f-5rtkq             1/1     Running   0          3h2m
coredns-7ff77c879f-p8xls             1/1     Running   0          3h2m
etcd-k8s-master                      1/1     Running   0          3h2m
kube-apiserver-k8s-master            1/1     Running   0          3h2m
kube-controller-manager-k8s-master   1/1     Running   0          3h2m
kube-flannel-ds-amd64-vsbjl          1/1     Running   0          3m13s
kube-proxy-zblcv                     1/1     Running   0          3h2m
kube-scheduler-k8s-master            1/1     Running   0          3h2m

5.将node节点加入到集群

kubeadm join 172.0.2.11:6443 --token 2y8c3v.97pxftrwzva9kui1 --discovery-token-ca-cert-hash sha256:
5bd046ec3aa9c04b5f73cdcf4ca5b6e6e76e7c5a2de9306755159ff95ee87961

加入成功的提示：
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

三、安装Dashboard(master节点)

1.下载Dashboard并安装

kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml

执行结果：
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/kubernetes-metrics-scraper created


kubectl get pods --namespace=kubernetes-dashboard  #查看创建的namespace
NAME                                          READY   STATUS              RESTARTS   AGE
kubernetes-dashboard-84b6b4578b-bljwt         1/1     Running   0          64s
kubernetes-metrics-scraper-86f6785867-pkc9k   1/1     Running   0          64s


kubectl get service --namespace=kubernetes-dashboard  #查看端口映射关系
NAME                        TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
dashboard-metrics-scraper   ClusterIP   10.1.82.253    <none>        8000/TCP   68s
kubernetes-dashboard        ClusterIP   10.1.203.153   <none>        443/TCP    68s

2.修改service配置文件

kubectl edit service kubernetes-dashboard --namespace=kubernetes-dashboard

spec:
  clusterIP: 10.1.203.153
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 32591
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

重点注意：
- 添加 type: nodePort
- 修改 nodePort: 32591(你想映射的端口)

3.在master节点上创建dashboard admin-token

创建配置文件：
cat >/root/admin-token.yaml<<EOF
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
EOF


创建admin-token用户：
kubectl apply -f admin-token.yaml

结果提示：
clusterrolebinding.rbac.authorization.k8s.io/admin created
serviceaccount/admin created

3.获取token字符串

kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system

记录下：
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Im9NX2dSMDFIOWVFMXpnZ0FMNGVpMmYtclFmNlBZd2RCUTZFa1l0dG5mZWcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1ubGtrNSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjcwM2RiMDhiLTRiNWQtNDFmOS1hZjI4LTMzYjI2M2ZhYTE5OSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.rh_9-Oj4fxGdSDbpNSgHJBXW54UGGunaa3FED43wV4ozL67xwUes_r1W6wPzz4LEqwm5aK4gpj5gQU8gb_NMamQ0Ft7c0mWZvitx6KwFboQeeEbKGjPT_1rMNvB3gt2_dCoISriCNAgi9bVu3S_wQJIavjvBM4MDRuz3CfTNkj-Ce0AOUeBFxBAwB5oKnfcxbzd6qzckMkG_lx7BdDHxcwfImwsYLE4Bw5BFiTFwogvMIb9uM4mu46fRS3K5QHSOiVYk21aX_blIxta5DZNSrEUrE5iothF0Jn2_NQ5J5Nih02l0gSCAgerFxGo7Spvp743NIgb4NvRpcG6yuRFafA

4.登陆dashboard并使用token方式

注意：最后一坑，由于Google chrome安全认证问题，所以首次只能用firefox并添加例外

效果图：