使用kubeadm部署一个单节点Kubernetes集群

kubeadm 是一个工具，通过提供 kubeadm init 和 kubeadm join 来作为创建 Kubernetes 集群的最佳实践“快速路径”。 kubeadm 执行必要的操作来启动并运行一个最小可行集群。按照设计，它只关心引导，而不关心配置机器。使用 kubeadm 作为所有部署的基础，可以更容易地创建一致的集群。

服务器信息

• CPU: 2核 Intel(R) Xeon(R) Platinum 8255C CPU @ 2.50GHz
• 内存: 4GB
• 操作系统: Ubuntu 18.04.1 LTS
• IP地址: 10.206.0.4

确保集群中每台机器 2 GB 以上的内存，内存不足时应用会受限制
主节点至少需要2核CPU

安装Docker

• 安装依赖工具

  sudo apt-get update
  sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
  

• 安装GPG证书

  curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
  

• 写入软件源信息

  sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
  

• 安装Docker

  sudo apt-get update
  sudo apt-get -y install docker-ce
  

• 启动Docker

  sudo systemctl start docker
  

• 设置开机自启

  sudo systemctl enable docker
  

安装 kubeadm kubelet 和 kubectl

kubeadm是一个快速创建Kubernetes集群的工具,能大大简化Kubernetes集群的部署。有关kubeadm的更多信息，请参阅这里。

• kubeadm : 用于初始化集群。
• kubelet : 用于在集群中的每个节点上用来启动 pod 和 container 等。
• kubectl : 用来与集群通信的命令行工具。

• 安装GPG证书

  curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
  

• 写入软件源信息

  sudo echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list
  

• 安装kubelet kubeadm kubectl

  sudo apt-get update
  sudo apt-get install -y kubelet kubeadm kubectl
  

• 启动kubelet

  sudo systemctl start kubelet
  

• 设置kubelet开机自启

  sudo systemctl enbale kubelet
  

初始化Kubernetes集群

• 禁用swap

  sudo swapoff -a
  

• 拉取gcr镜像

  由于Kubernetes所使用的Docker镜像在gcr.io上,国内无法直接访问gcr.io，可通过执行sudo kubeadm config images pull来测试与gcr.io的连通性。不出意外你会得到如下所示的错误:

  failed to pull image "k8s.gcr.io/kube-apiserver:v1.17.1": output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
  , error: exit status 1
  To see the stack trace of this error execute with --v=5 or higher
  

  大意就是连接超时,无法访问。我们可以通过在国内源下载到这些镜像，然后再打上gcr的tag。这里我写了个脚本,从阿里云镜像仓库下载对应的镜像,然后打上gcr的tag,只需要执行:

  curl -sSL https://get.k8s.devzhou.cn/gcr | sudo sh
  

  查看本地镜像:

  sudo docker images
  

  输出如下:

  REPOSITORY                           TAG                 IMAGE ID            CREATED             SIZE
  k8s.gcr.io/kube-controller-manager   v1.17.1             5dd8f24429b4        3 days ago          161MB
  k8s.gcr.io/kube-apiserver            v1.17.1             628f0e52ae53        3 days ago          171MB
  k8s.gcr.io/kube-scheduler            v1.17.1             8d2e2e5a92ac        3 days ago          94.4MB
  k8s.gcr.io/kube-proxy                v1.17.1             87a399dffea6        3 days ago          116MB
  k8s.gcr.io/coredns                   1.6.5               70f311871ae1        2 months ago        41.6MB
  k8s.gcr.io/etcd                      3.4.3-0             303ce5db0e90        2 months ago        288MB
  k8s.gcr.io/pause                     3.1                 da86e6ba6ca1        2 years ago         742kB
  

• 初始化集群

  sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.206.0.4
  

  由于后面要安装flannel网络插件，所以需要在集群初始化时指定--pod-network-cidr=10.244.0.0/16
  --apiserver-advertise-address 参数是 API server 用来告知集群中其它成员的地址，这也是在 init 流程的时候用来构建 kubeadm join 命令行的地址。如果不设置（或者设置为 0.0.0.0）那么将使用默认接口的ip地址。这里我设置为服务器的ip地址。

  集群初始化成功会输出如下的信息:

  Your Kubernetes control-plane has initialized successfully!
  
  To start using your cluster, you need to run the following as a regular user:
  
    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config
  
  You should now deploy a pod network to the cluster.
  Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
    https://kubernetes.io/docs/concepts/cluster-administration/addons/
  
  Then you can join any number of worker nodes by running the following on each as root:
  
  kubeadm join 10.206.0.4:6443 --token 7xh44c.qktgi7gufu0tk4x7 \
      --discovery-token-ca-cert-hash sha256:e718166f485fb8f6b56a3fcdc886b9e67fb4d384f9b425a599f458c6a8e5b8bd
  

• 查看集群信息

  sudo kubectl get nodes
  

  如果出现The connection to the server localhost:8080 was refused - did you specify the right host or port?则需要进行如下的设置:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
  

  再次执行sudo kubectl get nodes，输出如下:

  NAME            STATUS     ROLES    AGE     VERSION
  vm-0-4-ubuntu   NotReady   master   6m34s   v1.17.1
  

  可以看到集群的状态是NotReady，执行下面的命令查看Pod状态:

  sudo kubectl get pods -n kube-system -o wide
  

  输出如下,可以看到coredns一直处在Pending状态,这一行为是预期之中的，因为系统就是这么设计的。必须完成Pod的网络配置，然后才能完全部署CoreDNS。在网络被配置好之前，DNS 组件会一直处于 Pending 状态。

  NAME                                    READY   STATUS    RESTARTS   AGE     IP           NODE            NOMINATED NODE   READINESS GATES
  coredns-6955765f44-bsqmw                0/1     Pending   0          9m49s   <none>       <none>          <none>           <none>
  coredns-6955765f44-sdgws                0/1     Pending   0          9m49s   <none>       <none>          <none>           <none>
  etcd-vm-0-4-ubuntu                      1/1     Running   0          9m44s   10.206.0.4   vm-0-4-ubuntu   <none>           <none>
  kube-apiserver-vm-0-4-ubuntu            1/1     Running   0          9m44s   10.206.0.4   vm-0-4-ubuntu   <none>           <none>
  kube-controller-manager-vm-0-4-ubuntu   1/1     Running   0          9m44s   10.206.0.4   vm-0-4-ubuntu   <none>           <none>
  kube-proxy-lfrq6                        1/1     Running   0          9m49s   10.206.0.4   vm-0-4-ubuntu   <none>           <none>
  kube-scheduler-vm-0-4-ubuntu            1/1     Running   0          9m44s   10.206.0.4   vm-0-4-ubuntu   <none>           <none>
  

• 安装Pod网络插件

  以flannel为例:

  sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
  

  关于flannel的更多信息请参阅这里

  输出如下:

  podsecuritypolicy.policy/psp.flannel.unprivileged created
  clusterrole.rbac.authorization.k8s.io/flannel created
  clusterrolebinding.rbac.authorization.k8s.io/flannel created
  serviceaccount/flannel created
  configmap/kube-flannel-cfg created
  daemonset.apps/kube-flannel-ds-amd64 created
  daemonset.apps/kube-flannel-ds-arm64 created
  daemonset.apps/kube-flannel-ds-arm created
  daemonset.apps/kube-flannel-ds-ppc64le created
  daemonset.apps/kube-flannel-ds-s390x created
  

  再次执行sudo kubectl get pods -n kube-system -o wide确保所有Pod都处于Running状态:

  AMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE   IP           NODE            NOMINATED NODE   READINESS GATES
  kube-system   coredns-6955765f44-bsqmw                1/1     Running   0          21m   10.244.0.2   vm-0-4-ubuntu   <none>           <none>
  kube-system   coredns-6955765f44-sdgws                1/1     Running   0          21m   10.244.0.3   vm-0-4-ubuntu   <none>           <none>
  kube-system   etcd-vm-0-4-ubuntu                      1/1     Running   0          21m   10.206.0.4   vm-0-4-ubuntu   <none>           <none>
  kube-system   kube-apiserver-vm-0-4-ubuntu            1/1     Running   0          21m   10.206.0.4   vm-0-4-ubuntu   <none>           <none>
  kube-system   kube-controller-manager-vm-0-4-ubuntu   1/1     Running   0          21m   10.206.0.4   vm-0-4-ubuntu   <none>           <none>
  kube-system   kube-flannel-ds-amd64-vm742             1/1     Running   0          81s   10.206.0.4   vm-0-4-ubuntu   <none>           <none>
  kube-system   kube-proxy-lfrq6                        1/1     Running   0          21m   10.206.0.4   vm-0-4-ubuntu   <none>           <none>
  kube-system   kube-scheduler-vm-0-4-ubuntu            1/1     Running   0          21m   10.206.0.4   vm-0-4-ubuntu   <none>           <none>
  

  再次执行sudo kubectl get nodes，查看集群信息

  NAME            STATUS   ROLES    AGE   VERSION
  vm-0-4-ubuntu   Ready    master   24m   v1.17.1
  

  可以看到集群状态变为Ready，并且角色是master,至此单节点集群搭建成功。