kubeadm

https://kubernetes.io/zh/docs/setup/independent/create-cluster-kubeadm/

kubeadm是k8s自带的部署集群的工具.

Install

在每台机器上安装 kubeadm, kubelet, kubectl:

1
2
3
4
$ echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
$ sudo apt-get update
$ sudo apt-get --yes --allow-unauthenticated install kubeadm kubelet kubectl
$ apt-mark hold kubelet kubeadm kubect

Kubeadm

init:

1
2
3
4
5
6
$ kubeadm init 
--config <config>
--apiserver-advertise-address <master> // 多网卡指定网卡
--image-repository <registry> // default k8s.gcr.io
--kubernetes-version <version>
--pod-network-cidr <cidr> // 指定pod的cidr

join:

1
$ kubeadm join [apiserver-advertise-address] --token <token> --discovery-token-ca-cert-hash <hash>

reset:

1
$ kubeadm reset -f/--force

token:

1
$ kubeadm token create/delete/generate/list

Cluster

需要先在所有node上部署image

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
#!/usr/bin/env bash
IMAGES="
kube-apiserver:v1.17.0
kube-controller-manager:v1.17.0
kube-scheduler:v1.17.0
kube-proxy:v1.17.0
pause:3.1
etcd:3.4.3-0
coredns:1.6.5
metrics-server-amd64:v0.3.6
"
for IMAGE in ${IMAGES}
do
    echo "Processing ${IMAGE}"
    docker pull "gcr.azk8s.cn/google_containers/${IMAGE}"
    docker tag  gcr.azk8s.cn/google_containers/${IMAGE} k8s.gcr.io/${IMAGE}
    docker rmi gcr.azk8s.cn/google_containers/${IMAGE}
done

然后在所有node上部署cni-plugin:

https://github.com/containernetworking/plugins/releases

1
2
$ sudo mkdir -p /opt/cni/bin
// 下载并解压所有插件命令到该目录.

master:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
$ sudo swapoff -a

$ sudo kubeadm init \
--config=/var/lib/kubelet/config.yaml \
--pod-network-cidr=10.244.0.0/16 \
--apiserver-advertise-address=192.168.1.1 \
--kubernetes-version=v1.17.0 \
--image-repository=registry.aliyuncs.com/google_containers 
-v=6
// --config 一般使用默认即可.
// --pod-network-cidr=10.244.0.0/16 是固定用法,表示选择flannel为网络插件。

// 此时状态是notReady, 需要网络插件
$ kubectl get nodes (notReady)

network-addon(master上操作即可):

1
$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

node:

1
2
3
4
5
$ sudo swapoff -a

$ sudo kubeadm join 192.168.1.1:6443 \
--token 8po0v5.m1qlbc7w0btq15of \
--discovery-token-ca-cert-hash sha256:21d8365e336d5218637ddf26e2ec5d91c7dd2de518dbe47973e089837b13265b

reset:

1
2
// 重新init/join之前先reset
$ sudo kubeadm reset

允许将pod部署在master节点(默认不会):

1
$ kubectl taint nodes --all node-role.kubernetes.io/master-

veryfy:

1
2
$ kubectl get nodes
$ kubectl get pod --all-namespaces

ingress-nginx

https://github.com/kubernetes/ingress-nginx

1
2
3
4
5
6
// 部署
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml

// 验证部署
$ kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch

dashboard

https://github.com/kubernetes/dashboard

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
// https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml 修改服务类型为NodePort
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  # use nodeport
  type: NodePort
  ports:
    - port: 443
    targetPort: 8443
    # specify nodeport
    nodePort: 30001
selector:
  k8s-app: kubernetes-dashboard
// 部署dashboard
$ kubectl apply -f dashboard.yaml

// ServiceAccount 和 ClusterRoleBinding
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: admin-user
    namespace: kubernetes-dashboard
// 创建admin账号
$ kubectl apply -f auth.yaml

// 获取token
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

// 使用admin帐号的token登录
> https://<IP>:30001

// 删除已安装的dashboard
$ kubectl delete ns kubernetes-dashboard

metrics-server

https://github.com/kubernetes-sigs/metrics-server

1
2
3
4
5
6
7
8
9
$ git clone https://github.com/kubernetes-sigs/metrics-server.git
$ cd metrics-server/deploy

// 修改imagePullPolicy
$ vim ./1.8+/metrics-server-deployment.yaml
> imagePullPolicy: IfNotPresent

// 部署
$ kubectl create -f ./1.8+/