kubernetes（一）kubeadm安装

系统信息

角色	系统	CPU Core	memory
master	18.04.1-Ubuntu	4	8G
slave	18.04.1-Ubuntu	4	4G

安装前准备（主节点和从节点都需要执行）

1. 关闭swap

   sudo swapoff -a  
   sudo  sed -i '/ swap / s/^(.*)$/#1/g' /etc/fstab
   

2. 配置系统安装源和kubernetes安装源
   在/etc/apt/sources.list.d/ 追加以下两个文件

   cat > /etc/apt/sources.list.d/kubernetes.list << EOF
   deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main
   EOF  
   
   cat > /etc/apt/sources.list.d/system.list << EOF
   deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted  
   deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted  
   deb http://mirrors.aliyun.com/ubuntu/ bionic universe  
   deb http://mirrors.aliyun.com/ubuntu/ bionic-updates universe  
   deb http://mirrors.aliyun.com/ubuntu/ bionic multiverse  
   deb http://mirrors.aliyun.com/ubuntu/ bionic-updates multiverse  
   deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse 
   EOF
   
   

   执行

   sudo apt-get update
   
   

3. 安装依赖工具包

   apt install -y curl jq
   
   

4. 安装kubernetes源的安全key

   suod curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -  
   
   

5. 安装docker

   1. 下载安装包
      containerd.io_1.2.6-3_amd64.deb
      docker-ce-cli_19.03.5_3-0_ubuntu-bionic_amd64.deb
      docker-ce_19.03.5_3-0_ubuntu-bionic_amd64.deb

   2. 使用 sudo dpkg -i 依次安装上面的三个包

   3. 追加docker用户组

      sudo groupadd docker
      
      

   4. 将当前用户追加到docker用户组

      sudo usermod -aG docker $USER 
      
      

   5. 使用户组生效

      newgrp docker 
      
      

   6. 设置docker开机启动

      sudo systemctl enable docker 
      
      

安装主节点 （在master节点上执行）

1. 安装kubelet组件

   1. 获取可安装的kubernetes版本号

      apt-cache madison kubeadm 
      apt-cache madison kubelet 
      apt-cache madison kubectl 
      
      

      从返回列表中找一个自己要安装的版本号，我们以1.16.3-00为例

   2. 执行如下命令，开始安装

      sudo apt install -y kubelet=1.16.3-00 kubeadm=1.16.3-00 kubectl=1.16.3-00  
      
      

2. 下载相关镜像
   使用如下命令获取需要的镜像

   chengf@chengf:~$ kubeadm config images list  
   W1126 21:01:07.767448   20606 version.go:101] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)  
   W1126 21:01:07.767516   20606 version.go:102] falling back to the local client version: v1.16.3  
   k8s.gcr.io/kube-apiserver:v1.16.3  
   k8s.gcr.io/kube-controller-manager:v1.16.3  
   k8s.gcr.io/kube-scheduler:v1.16.3  
   k8s.gcr.io/kube-proxy:v1.16.3  
   k8s.gcr.io/pause:3.1  
   k8s.gcr.io/etcd:3.3.15-0  
   k8s.gcr.io/coredns:1.6.2  
   
   

   因为k8s.gcr.io在国内无法访问，所以我们需要提前将这些镜像下载好，并tag成kubernetes需要的镜像名称

   chengf@chengf:~$ docker images  
   REPOSITORY                                TAG                 IMAGE ID            CREATED             SIZE  
   kubeimage/kube-proxy-amd64                v1.16.3             9b65a0f78b09        13 days ago         86.1MB  
   k8s.gcr.io/kube-proxy                     v1.16.3             9b65a0f78b09        13 days ago         86.1MB  
   kubeimage/kube-apiserver-amd64            v1.16.3             df60c7526a3d        13 days ago         217MB  
   k8s.gcr.io/kube-apiserver                 v1.16.3             df60c7526a3d        13 days ago         217MB  
   kubeimage/kube-controller-manager-amd64   v1.16.3             bb16442bcd94        13 days ago         163MB  
   k8s.gcr.io/kube-controller-manager        v1.16.3             bb16442bcd94        13 days ago         163MB  
   kubeimage/kube-scheduler-amd64            v1.16.3             98fecf43a54f        13 days ago         87.3MB  
   k8s.gcr.io/kube-scheduler                 v1.16.3             98fecf43a54f        13 days ago         87.3MB  
   coredns/coredns                           1.6.5               70f311871ae1        2 weeks ago         41.6MB  
   gcr.azk8s.cn/google_containers/etcd       3.3.15-0            b2756210eeab        2 months ago        247MB  
   k8s.gcr.io/etcd                           3.3.15-0            b2756210eeab        2 months ago        247MB  
   coredns/coredns                           1.6.2               bf261d157914        3 months ago        44.1MB  
   k8s.gcr.io/coredns                        1.6.2               bf261d157914        3 months ago        44.1MB  
   kubeimage/pause                           3.1                 da86e6ba6ca1        23 months ago       742kB  
   k8s.gcr.io/pause                          3.1                 da86e6ba6ca1        23 months ago       742kB  
   
   

3. 获取默认pod的network范围

   chengf@chengf:~$ kubeadm config print init-defaults  
   apiVersion: kubeadm.k8s.io/v1beta2  
   bootstrapTokens:  
   - groups:  
     - system:bootstrappers:kubeadm:default-node-token  
     token: abcdef.0123456789abcdef  
     ttl: 24h0m0s  
     usages:  
     - signing  
     - authentication  
   kind: InitConfiguration  
   localAPIEndpoint:  
     advertiseAddress: 1.2.3.4  
     bindPort: 6443  
   nodeRegistration:  
     criSocket: /var/run/dockershim.sock  
     name: chengf  
     taints:  
     - effect: NoSchedule  
       key: node-role.kubernetes.io/master  
   ---  
   apiServer:  
     timeoutForControlPlane: 4m0s  
   apiVersion: kubeadm.k8s.io/v1beta2  
   certificatesDir: /etc/kubernetes/pki  
   clusterName: kubernetes  
   controllerManager: {}  
   dns:  
     type: CoreDNS  
   etcd:  
     local:  
       dataDir: /var/lib/etcd  
   imageRepository: k8s.gcr.io  
   kind: ClusterConfiguration  
   kubernetesVersion: v1.16.0  
   networking:  
     dnsDomain: cluster.local  
     serviceSubnet: 10.96.0.0/12  
   scheduler: {}  
   
   

4. 通过kubeadm init安装master

   root@chengf:/etc/kubernetes# kubeadm init --kubernetes-version=v1.16.3 --pod-network-cidr=10.96.0.0/12 --apiserver-advertise-address=192.168.0.107 --node-name=chengf --ignore-preflight-errors=ImagePull  
   [init] Using Kubernetes version: v1.16.3  
   [preflight] Running pre-flight checks  
       [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/  
       [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.5. Latest validated version: 18.09  
   [preflight] Pulling images required for setting up a Kubernetes cluster  
   [preflight] This might take a minute or two, depending on the speed of your internet connection  
   [preflight] You can also perform this action in beforehand using 'kubeadm config images pull'  
   [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"  
   [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"  
   [kubelet-start] Activating the kubelet service  
   [certs] Using certificateDir folder "/etc/kubernetes/pki"  
   [certs] Generating "ca" certificate and key  
   [certs] Generating "apiserver" certificate and key  
   [certs] apiserver serving cert is signed for DNS names [chengf kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.0.107]  
   [certs] Generating "apiserver-kubelet-client" certificate and key  
   [certs] Generating "front-proxy-ca" certificate and key  
   [certs] Generating "front-proxy-client" certificate and key  
   [certs] Generating "etcd/ca" certificate and key  
   [certs] Generating "etcd/server" certificate and key  
   [certs] etcd/server serving cert is signed for DNS names [chengf localhost] and IPs [192.168.0.107 127.0.0.1 ::1]  
   [certs] Generating "etcd/peer" certificate and key  
   [certs] etcd/peer serving cert is signed for DNS names [chengf localhost] and IPs [192.168.0.107 127.0.0.1 ::1]  
   [certs] Generating "etcd/healthcheck-client" certificate and key  
   [certs] Generating "apiserver-etcd-client" certificate and key  
   [certs] Generating "sa" key and public key  
   [kubeconfig] Using kubeconfig folder "/etc/kubernetes"  
   [kubeconfig] Writing "admin.conf" kubeconfig file  
   [kubeconfig] Writing "kubelet.conf" kubeconfig file  
   [kubeconfig] Writing "controller-manager.conf" kubeconfig file  
   [kubeconfig] Writing "scheduler.conf" kubeconfig file  
   [control-plane] Using manifest folder "/etc/kubernetes/manifests"  
   [control-plane] Creating static Pod manifest for "kube-apiserver"  
   [control-plane] Creating static Pod manifest for "kube-controller-manager"  
   [control-plane] Creating static Pod manifest for "kube-scheduler"  
   [etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"  
   [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s  
   [apiclient] All control plane components are healthy after 17.505256 seconds  
   [upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace  
   [kubelet] Creating a ConfigMap "kubelet-config-1.16" in namespace kube-system with the configuration for the kubelets in the cluster  
   [upload-certs] Skipping phase. Please see --upload-certs  
   [mark-control-plane] Marking the node chengf as control-plane by adding the label "node-role.kubernetes.io/master=''"  
   [mark-control-plane] Marking the node chengf as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]  
   [bootstrap-token] Using token: 7zi6wy.j3mm4fzdyxc0m3bx  
   [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles  
   [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials  
   [bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token  
   [bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster  
   [bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace  
   [addons] Applied essential addon: CoreDNS  
   [addons] Applied essential addon: kube-proxy  
     
   Your Kubernetes control-plane has initialized successfully!  
     
   To start using your cluster, you need to run the following as a regular user:  
     
     mkdir -p $HOME/.kube  
     sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config  
     sudo chown $(id -u):$(id -g) $HOME/.kube/config  
     
   You should now deploy a pod network to the cluster.  
   Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:  
     https://kubernetes.io/docs/concepts/cluster-administration/addons/  
     
   Then you can join any number of worker nodes by running the following on each as root:  
     
   kubeadm join 192.168.0.107:6443 --token 7zi6wy.j3mm4fzdyxc0m3bx   
       --discovery-token-ca-cert-hash sha256:27e0d9fd7e5e309249cf3a515514e370c230b2115cea5170ec9e5be61c18b2c1  
   
   

   • kubernetes-version 版本号
   • pod-network-cidr 设置上一步骤中获取的IP范围
   • apiserver-advertise-address 设置成主机IP
   • node-name 主机名称
   • ignore-preflight-errors 忽略拉不到镜像的错误

   安装过程会有如下警告：

   [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
   [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.5. Latest validated version: 18.09

5. 按照输出，执行如下命令，使当前普通用户可以执行kubectl命令

   mkdir -p $HOME/.kube  
   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config  
   sudo chown $(id -u):$(id -g) $HOME/.kube/config  
   
   

安装node(在slave节点上执行）

1. 安装kubelet kubeadm

   sudo apt install -y kubelet=1.16.3-00 kubeadm=1.16.3-00  
   sudo systemctl enable kubelet && systemctl start kubelet  
   
   

2. 将从节点加入集群，执行主节点安装完成后生成的加入命令

   sudo kubeadm join 192.168.0.107:6443 --token 7zi6wy.j3mm4fzdyxc0m3bx --discovery-token-ca-cert-hash sha256:27e0d9fd7e5e309249cf3a515514e370c230b2115cea5170ec9e5be61c18b2c1  
   
   

如果加入过程出错了，可以在命令行后面加上 --5来看具体的错误信息
看到如下信息证明加入成功

```
This node has joined the cluster: 
* Certificate signing request was sent to apiserver and a response was received. 
* The Kubelet was informed of the new secure connection details. 

Run 'kubectl get nodes' on the control-plane to see this node join the cluster. 

```

1. 在master节点上执行

   chengf@chengf:~$ kubectl get nodes 
   NAME     STATUS     ROLES    AGE     VERSION 
   chengf   NotReady   master   3d23h   v1.16.3 
   slave    NotReady   <none>   2m43s   v1.16.3 
   
   

   节点状态为NotReady，这是因为还没有安装CNI网络插件，现在安装下，具体CNI可参考
   CNI,本例选择weave

2. 在主节点执行

   kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version| base64 | tr -d  '
   ')" 
   
   

   如果执行出现如下错误，

   chengf@chengf:~$ kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version| base64 | tr -d  '
   ')" 
   Unable to connect to the server: net/http: TLS handshake timeout 
   
   

   分成三步做

   1. 获取version

      chengf@chengf:~$ kubectl version | base64 | tr -d '
      '  
      Q2xpZW50IFZlcnNpb246IHZlcnNpb24uSW5mb3tNYWpvcjoiMSIsIE1pbm9yOiIxNiIsIEdpdFZlcnNpb246InYxLjE2LjMiLCBHaXRDb21taXQ6ImIzY2JiYWUwOGVjNTJhN2ZjNzNkMzM0ODM4ZTE4ZDE3ZTg1MTI3NDkiLCBHaXRUcmVlU3RhdGU6ImNsZWFuIiwgQnVpbGREYXRlOiIyMDE5LTExLTEzVDExOjIzOjExWiIsIEdvVmVyc2lvbjoiZ28xLjEyLjEyIiwgQ29tcGlsZXI6ImdjIiwgUGxhdGZvcm06ImxpbnV4L2FtZDY0In0KU2VydmVyIFZlcnNpb246IHZlcnNpb24uSW5mb3tNYWpvcjoiMSIsIE1pbm9yOiIxNiIsIEdpdFZlcnNpb246InYxLjE2LjMiLCBHaXRDb21taXQ6ImIzY2JiYWUwOGVjNTJhN2ZjNzNkMzM0ODM4ZTE4ZDE3ZTg1MTI3NDkiLCBHaXRUcmVlU3RhdGU6ImNsZWFuIiwgQnVpbGREYXRlOiIyMDE5LTExLTEzVDExOjEzOjQ5WiIsIEdvVmVyc2lvbjoiZ28xLjEyLjEyIiwgQ29tcGlsZXI6ImdjIiwgUGxhdGZvcm06ImxpbnV4L2FtZDY0In0K  
      
      

   2. 从浏览器执行

      https://cloud.weave.works/k8s/net?k8s-version=Q2xpZW50IFZlcnNpb246IHZlcnNpb24uSW5mb3tNYWpvcjoiMSIsIE1pbm9yOiIxNiIsIEdpdFZlcnNpb246InYxLjE2LjMiLCBHaXRDb21taXQ6ImIzY2JiYWUwOGVjNTJhN2ZjNzNkMzM0ODM4ZTE4ZDE3ZTg1MTI3NDkiLCBHaXRUcmVlU3RhdGU6ImNsZWFuIiwgQnVpbGREYXRlOiIyMDE5LTExLTEzVDExOjIzOjExWiIsIEdvVmVyc2lvbjoiZ28xLjEyLjEyIiwgQ29tcGlsZXI6ImdjIiwgUGxhdGZvcm06ImxpbnV4L2FtZDY0In0KU2VydmVyIFZlcnNpb246IHZlcnNpb24uSW5mb3tNYWpvcjoiMSIsIE1pbm9yOiIxNiIsIEdpdFZlcnNpb246InYxLjE2LjMiLCBHaXRDb21taXQ6ImIzY2JiYWUwOGVjNTJhN2ZjNzNkMzM0ODM4ZTE4ZDE3ZTg1MTI3NDkiLCBHaXRUcmVlU3RhdGU6ImNsZWFuIiwgQnVpbGREYXRlOiIyMDE5LTExLTEzVDExOjEzOjQ5WiIsIEdvVmVyc2lvbjoiZ28xLjEyLjEyIiwgQ29tcGlsZXI6ImdjIiwgUGxhdGZvcm06ImxpbnV4L2FtZDY0In0K  
      

      执行完会下载下来一个net.yaml,传到服务器上

   3. 执行

      chengf@chengf:~/soft$ kubectl apply -f net.yaml   
      serviceaccount/weave-net created  
      clusterrole.rbac.authorization.k8s.io/weave-net created  
      clusterrolebinding.rbac.authorization.k8s.io/weave-net created  
      role.rbac.authorization.k8s.io/weave-net created  
      rolebinding.rbac.authorization.k8s.io/weave-net created  
      daemonset.apps/weave-net created  
      
      

3. 再次确认节点状态

   chengf@chengf:~/soft$ kubectl get nodes  
   NAME     STATUS     ROLES    AGE     VERSION  
   chengf   Ready      master   3d23h   v1.16.3  
   slave    NotReady   <none>   40m     v1.16.3  
    
   chengf@chengf:~/soft$ kubectl get pods --all-namespaces  
   NAMESPACE     NAME                             READY   STATUS              RESTARTS   AGE  
   kube-system   coredns-5644d7b6d9-gdjwp         1/1     Running             0          3d23h  
   kube-system   coredns-5644d7b6d9-s9l76         1/1     Running             0          3d23h  
   kube-system   etcd-chengf                      1/1     Running             0          3d23h  
   kube-system   kube-apiserver-chengf            1/1     Running             6          3d23h  
   kube-system   kube-controller-manager-chengf   1/1     Running             6          3d23h  
   kube-system   kube-proxy-g7f6j                 1/1     Running             0          3d23h  
   kube-system   kube-proxy-nljf6                 0/1     ContainerCreating   0          42m  
   kube-system   kube-scheduler-chengf            1/1     Running             7          3d23h  
   kube-system   weave-net-7zbps                  2/2     Running             0          7m31s  
   kube-system   weave-net-kt2rz                  0/2     ContainerCreating   0          7m31s  
   
   

   发现weave-net-kt2rz没有启动起来，查看原因

   kubectl --namespace=kube-system describe pod weave-net-kt2rz 
   
   
   Failed create pod sandbox: rpc error: code = Unknown desc = failed pulling image "k8s.gcr.io/pause:3.1": Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) 
   
   

   是下不下来镜像k8s.gcr.io/pause:3.1，解决方法

   chengf@slave:~/soft$ docker pull kubeimage/pause:3.1 
   Pulling from kubeimage/pause  
   Image docker.io/kubeimage/pause:3.1 uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at https://docs.docker.com/registry/spec/deprecated-schema-v1/  
   7675586df687: Pull complete   
   Digest: sha256:c780ae1f699e27c67bb6f1ac38f9b0a576a9d22c862aaae0d3549b6000569958  
   Status: Downloaded newer image for kubeimage/pause:3.1  
   docker.io/kubeimage/pause:3.1  
   chengf@slave:~/soft$ docker tag kubeimage/pause:3.1 k8s.gcr.io/pause:3.1  
   
   

   如果还有错误，可以一一排查，直到问题解决 ,最终结果

   chengf@chengf:~/soft$ kubectl get pods --all-namespaces  
   NAMESPACE     NAME                             READY   STATUS    RESTARTS   AGE  
   kube-system   coredns-5644d7b6d9-gdjwp         1/1     Running   0          3d23h  
   kube-system   coredns-5644d7b6d9-s9l76         1/1     Running   0          3d23h  
   kube-system   etcd-chengf                      1/1     Running   0          3d23h  
   kube-system   kube-apiserver-chengf            1/1     Running   6          3d23h  
   kube-system   kube-controller-manager-chengf   1/1     Running   6          3d23h  
   kube-system   kube-proxy-g7f6j                 1/1     Running   0          3d23h  
   kube-system   kube-proxy-nljf6                 1/1     Running   0          56m  
   kube-system   kube-scheduler-chengf            1/1     Running   7          3d23h  
   kube-system   weave-net-7zbps                  2/2     Running   0          21m  
   kube-system   weave-net-kt2rz                  2/2     Running   6          21m  
   
   

这样通过kubeadm工具就实现了kubernetes集群的搭建，如果集群安装失败，可以通过kubeadm reset命令恢复主机，之后再重新安装