Kubernetes 安装指北

本文环境为 Ubuntu18.04LTS

切换 aliyun 更新源

$ vim /etc/apt/sources.list

将更新源替换为下面的内容

deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse

安装软件依赖

$ apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

自动安装 Docker

$ curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

修改 Docker 源

$ vim /etc/docker/daemon.json

添加下面的内容，这个是阿里云可以申请的私人链接

{
  "registry-mirrors": ["https://19eejyrh.mirror.aliyuncs.com"]
}

重启 Docker

$ service docker restart

安装 kubelet kubeadm kubectl

apt update && apt install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF  
apt update && apt install -y kubelet kubeadm kubectl

kubeadm init

$ kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.14.1
k8s.gcr.io/kube-controller-manager:v1.14.1
k8s.gcr.io/kube-scheduler:v1.14.1
k8s.gcr.io/kube-proxy:v1.14.1
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.10
k8s.gcr.io/coredns:1.3.1

#!/bin/bash
images=(
    k8s.gcr.io/kube-apiserver:v1.14.1
    k8s.gcr.io/kube-controller-manager:v1.14.1
    k8s.gcr.io/kube-scheduler:v1.14.1
    k8s.gcr.io/kube-proxy:v1.14.1
    k8s.gcr.io/pause:3.1
    k8s.gcr.io/etcd:3.3.10
    k8s.gcr.io/coredns:1.3.1
)

for imageFullName in ${images[@]} ; do
    imageName=${imageFullName##*/}
    docker pull registry.aliyuncs.com/google_containers/$imageName
    docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
    docker rmi registry.aliyuncs.com/google_containers/$imageName
done

确保 --pod-network-cidr 的值不要和宿主机的局域网网段冲突
$ kubeadm init --pod-network-cidr=172.16.0.0/24 --apiserver-cert-extra-sans=192.168.0.9,119.3.X.X

如果 CPU 核数小于 2 需要 --ignore-preflight-errors=NumCPU
$ kubeadm init --pod-network-cidr=172.16.0.0/24 --apiserver-cert-extra-sans=192.168.0.9,119.3.X.X --ignore-preflight-errors=NumCPU

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.0.9:6443 --token 0dural.s1tfaohw9nsetr6w \
    --discovery-token-ca-cert-hash sha256:X410c72517b4ef427d28f6b2a744f346bd3fbab23f62f5b6c566f74e8d663e0a 

按照说明执行

$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装 CoreDNS

$ kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
$ kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml

查看安装情况

$ kubectl get pods --all-namespaces
NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE
kube-system   calico-node-pz8mw                  2/2     Running   0          28s
kube-system   coredns-fb8b8dccf-wds4q            1/1     Running   0          5m36s
kube-system   coredns-fb8b8dccf-xzxdf            1/1     Running   0          5m36s
kube-system   etcd-ecs-7d53                      1/1     Running   0          4m37s
kube-system   kube-apiserver-ecs-7d53            1/1     Running   0          4m52s
kube-system   kube-controller-manager-ecs-7d53   1/1     Running   0          4m52s
kube-system   kube-proxy-2tthv                   1/1     Running   0          5m36s
kube-system   kube-scheduler-ecs-7d53            1/1     Running   0          4m48s

查看健康状态

$ kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-0               Healthy   {"health":"true"}   

问题

如果发现有些命令执行之后有问题，比如可能出现 failed 的情况，可以通过 kubectl describe pods 命令查看问题

$ kubectl get pods --all-namespaces
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE
kube-system   calico-node-d68nb                       2/2     Running   171        28h
kube-system   coredns-fb8b8dccf-b22kw                 1/1     Running   88         28h
kube-system   coredns-fb8b8dccf-kbzhx                 1/1     Running   88         28h
kube-system   etcd-k8s-node-1                         1/1     Running   4          28h
kube-system   kube-apiserver-k8s-node-1               1/1     Running   47         28h
kube-system   kube-controller-manager-k8s-node-1      1/1     Running   185        28h
kube-system   kube-proxy-2f9sd                        1/1     Running   0          28h
kube-system   kube-scheduler-k8s-node-1               1/1     Running   184        28h
kube-system   kubernetes-dashboard-78f989899d-9vvv4   1/1     Running   85         27h
$ kubectl describe pods kubernetes-dashboard-78f989899d-9vvv4 -n kube-system  
Name:               kubernetes-dashboard-78f989899d-9vvv4
Namespace:          kube-system
Priority:           0
PriorityClassName:  <none>
Node:               k8s-node-1/192.168.0.141
Start Time:         Tue, 07 May 2019 10:30:19 +0800
Labels:             k8s-app=kubernetes-dashboard
                    pod-template-hash=78f989899d
Annotations:        cni.projectcalico.org/podIP: 172.16.0.8/32
Status:             Running
IP:                 172.16.0.8
Controlled By:      ReplicaSet/kubernetes-dashboard-78f989899d
Containers:
  kubernetes-dashboard:
    Container ID:  docker://d6e5a3755e0a7252b2ab3df2fb441058facadd84b7c12a7574a9a34f5aa2a3f0
    Image:         registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
    Image ID:      docker-pullable://registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64@sha256:0ae6b69432e78069c5ce2bcde0fe409c5c4d6f0f4d9cd50a17974fea38898747
    Port:          8443/TCP
    Host Port:     0/TCP
    Args:
      --auto-generate-certificates
    State:          Running
      Started:      Wed, 08 May 2019 14:11:39 +0800
    Last State:     Terminated
      Reason:       Error
      Exit Code:    1
      Started:      Wed, 08 May 2019 14:08:42 +0800
      Finished:     Wed, 08 May 2019 14:08:56 +0800
    Ready:          True
    Restart Count:  85
    Liveness:       http-get https://:8443/ delay=30s timeout=30s period=10s #success=1 #failure=3
    Environment:    <none>
    Mounts:
      /certs from kubernetes-dashboard-certs (rw)
      /tmp from tmp-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kubernetes-dashboard-token-2dp98 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  kubernetes-dashboard-certs:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  kubernetes-dashboard-certs
    Optional:    false
  tmp-volume:
    Type:    EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:  
  kubernetes-dashboard-token-2dp98:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  kubernetes-dashboard-token-2dp98
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node-role.kubernetes.io/master:NoSchedule
                 node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason     Age                  From                 Message
  ----     ------     ----                 ----                 -------
  Normal   Pulled     78m (x69 over 19h)   kubelet, k8s-node-1  Container image "registry.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1" already present on machine
  Normal   Created    78m (x67 over 19h)   kubelet, k8s-node-1  Created container kubernetes-dashboard
  Warning  Unhealthy  66m (x281 over 19h)  kubelet, k8s-node-1  Liveness probe failed: Get https://172.16.0.8:8443/: net/http: TLS handshake timeout

Ubuntu 1804 改 hostname

$ vim /etc/cloud/cloud.cfg # 找到preserve_hostname: false修改为preserve_hostname: true
$ vim /etc/hostname # 修改主机名
$ reboot

参考文献

https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/

https://blog.51cto.com/10950710/2373669?source=drh