kubernetes|Ubuntu 16.04下kubeadm安装Kubernetes docker|k8s

环境的准备
由于考虑网络的问题，在公有云平台上申请了一台新加坡地域的Ubuntu机器，由于看到网上kubeadm安装都是使用Ubuntu 16.04 64bit版本，所以也申请了两台Ubuntu 16.04 64bit版本
备注：
在kubeadm支持的Ubuntu 16.04+, CentOS 7 or HypriotOS v1.0.1+三种操作系统
安装Docker
(1) 更新apt-get的源

# curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add OK# echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list# apt-get update

(2) 安装Docker

# apt-get installdocker-engine# docker version Client: Version:1.11.2 API version:1.23 Go version:go1.5.4 Git commit:b9f10c9 Built:Wed Jun1 22:00:43 2016 OS/Arch:linux/amd64Server: Version:1.11.2 API version:1.23 Go version:go1.5.4 Git commit:b9f10c9 Built:Wed Jun1 22:00:43 2016 OS/Arch:linux/amd64

安装kubernetes基础组件
安装kubelet kubeadm kubectl kubernetes-cni

# apt-get install -y kubelet kubeadm kubectl kubernetes-cni

安装kubernetes Master节点

# 设置网络的分配地址段为：192.168.0.0/16，部署master组件 # kubeadm init --pod-network-cidr=192.168.0.0/16[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters. [init] Using Kubernetes version: v1.7.0 [init] Using Authorization modes: [Node RBAC] [preflight] Running pre-flight checks [preflight] WARNING: docker version is greater than the most recently validated version. Docker version: 17.06.0-ce. Max validated version: 1.12 [certificates] Generated CA certificate and key. [certificates] Generated API server certificate and key. [certificates] API Server serving cert is signed for DNS names [VM-133-17-ubuntu kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.144.133.17] [certificates] Generated API server kubelet client certificate and key. [certificates] Generated service account token signing key and public key. [certificates] Generated front-proxy CA certificate and key. [certificates] Generated front-proxy client certificate and key. [certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf" [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf" [apiclient] Created API client, waiting for the control plane to become ready [apiclient] All control plane components are healthy after 79.000826 seconds [token] Using token: 262500.83d33677d341d692 [apiconfig] Created RBAC rules [addons] Applied essential addon: kube-proxy [addons] Applied essential addon: kube-dnsYour Kubernetes master has initialized successfully!To start using your cluster, you need to run (as a regular user):mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/configYou should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: http://kubernetes.io/docs/admin/addons/You can now join any number of machines by running the following on each node as root:kubeadm join --token 262500.83d33677d341d692 10.144.133.17:6443

kubeadmin命令会自动

系统状态检查
生成token
生成自签名CA和可独断证书
生成kubeconfig用于kubelet连接API server
为Master组件生成Static Pod manifests，并放到/etc/kubernetes/manifests目录中
配置RBAC并设置Master node只运行控制平面组件
创建附加服务，比如kube-proxy和kube-dns

配置网络
在安装完Master节点后，查看节点信息会发现节点的状态为noready。查看noready的原因发现是由于cni插件没有配置。其实这是由于还没有配置网络。可以配置多种网络，这里作者选用最长远的fannel网络进行配置。

kubectl create -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel-rbac.yml kubectl create -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel.yml

至此master节点已经安装完成，master节点已经处于ready状态。

# kubectl get nodes-s https://10.144.133.17:6443--kubeconfig=/etc/kubernetes/admin.conf NAMESTATUSAGEVERSION vm-133-17-ubuntuReady3hv1.7.0

添加kubernetes slave节点
kubeadmin正常的流程是：

# kubeadm join --token 262500.83d33677d341d692 10.144.133.17:6443[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters. [preflight] Running pre-flight checks [preflight] WARNING: docker version is greater than the most recently validated version. Docker version: 17.06.0-ce. Max validated version: 1.12 [discovery] Trying to connect to API Server "10.144.133.17:6443" [discovery] Created cluster-info discovery client, requesting info from "https://10.144.133.17:6443" [discovery] Cluster info signature and contents are valid, will use API Server "https://10.144.133.17:6443" [discovery] Successfully established connection with API Server "10.144.133.17:6443" [bootstrap] Detected server version: v1.7.0 [bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1) [csr] Created API client to obtain unique certificate for this node, generating keys and certificate signing request [csr] Received signed certificate from the API server, generating KubeConfig... [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"Node join complete: * Certificate signing request sent to master and response received. * Kubelet informed of new secure connection details.Run 'kubectl get nodes' on the master to see this machine join.

但实际中在添加slave节点中，遇到了v1.7的debug。具体的issue链接kubeadmin #335。

apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults name: system:controller:bootstrap-signer namespace: kube-public rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - apiGroups: - "" resourceNames: - cluster-info resources: - configmaps verbs: - update - apiGroups: - "" resources: - events verbs: - create - patch - update --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults name: system:controller:bootstrap-signer namespace: kube-public roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: system:controller:bootstrap-signer subjects: - kind: ServiceAccount name: bootstrap-signer namespace: kube-system

自行对应的Yaml的创建操作后，添加可以成功。但是仍然无法在master上查看到对应主机的信息。
对应的修复方式为：

# scp -r ubuntu@10.144.133.17:/etc/kubernetes/admin.conf /etc/kubernetes# ln -s -f admin.conf kubelet.conf# service kubelet restart

至此slave节点也安装成功。
其他信息
(1) 指定版本创建

# kubeadm init --kubernetes-version=v1.6.1 --pod-network-cidr=10.244.0.0/16

(2) 获取加入节点的token

# kubeadm token list TOKENTTLEXPIRESUSAGESDESCRIPTION 17a2fb.ce1bd59ce494f837authentication,signingThe default bootstrap token generated by 'kubeadm init'.

(3)创建全通的网络策略

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-all spec: podSelector: ingress: - {}

参考链接：
【kubernetes|Ubuntu 16.04下kubeadm安装Kubernetes】https://kubernetes.io/docs/getting-started-guides/kubeadm/
https://kubernetes.io/docs/concepts/cluster-administration/addons/
https://kubernetes.io/docs/concepts/services-networking/network-policies/
https://kubernetes.io/docs/admin/kubeadm/#config-file