快速部署 k8s 集群

部署3个节点的k8s 集群，三个虚机的信息如下所示：

主机名	ip地址	角色	系统os
k8s-master	192.168.1.38	worker	Ubuntu 18.04.2 LTS
k8s-node1	192.168.1.39	node	Ubuntu 18.04.2 LTS
k8s-node2	192.168.1.40	node	Ubuntu 18.04.2 LTS

1.2 设置hosts

设置三个节点的hosts文件，映射主机名和ip地址：

root@k8s-master:~# cat /etc/hosts
127.0.0.1 localhost
​
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
​
192.168.1.38 k8s-master
192.168.1.39 k8s-node1
192.168.1.40 k8s-node2

1.3 配置apt源

配置apt源为阿里的源，替换sources.list内容为：

deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse

root@k8s-master:~# apt-get update

2. 安装docker

2.1 安装docker

在三个节点上都需要安装docker，执行如下命令来安装docker：

apt-get update && apt-get install apt-transport-https ca-certificates curl software-properties-common
​
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
​
add-apt-repository \
  "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) \
  stable"
  
apt-get update && apt-get install docker-ce
​
cat > /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
EOF
​
mkdir -p /etc/systemd/system/docker.service.d
systemctl daemon-reload
systemctl restart docker

2.2 查看版本

root@k8s-master:~# docker version
Client: Docker Engine - Community
 Version:           19.03.5
 API version:       1.40
 Go version:        go1.12.12
 Git commit:        633a0ea838
 Built:             Wed Nov 13 07:29:52 2019
 OS/Arch:           linux/amd64
 Experimental:      false
​
Server: Docker Engine - Community
 Engine:
  Version:          19.03.5
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.12
  Git commit:       633a0ea838
  Built:            Wed Nov 13 07:28:22 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

3. 安装k8s

3.1 安装kubeadm, kubelet and kubectl

在三个节点上执行如下命令来安装：

curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
​
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
​
apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl

3.2 查看版本

root@k8s-master:~# kubectl version --short
Client Version: v1.16.3
Server Version: v1.16.3

4. 初始化k8s集群

4.1 初始化

在master节点执行如下命令来初始化一个集群：

kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --apiserver-advertise-address 192.168.1.38

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

4.2 安装pod网络

k8s支持多种网络插件，这里选用calico网络插件：

kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml

5. 添加node节点

5.1 生成hash值

在master节点执行如下命令来生成ca cert的hash值：

root@k8s-master:~# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null |    openssl dgst -sha256 -hex | sed 's/^.* //'
2e8e6c9991a0f90623593458dc1fe8ac04c6f636d60d33ca1917ed69755f3675

5.2 添加node节点

分别在node1和node2两个节点上执行如下的join命令来将它们添加到集群中：

kubeadm join --token cw6ahy.p8qkc7grox56kf2l 192.168.1.38:6443 --discovery-token-ca-cert-hash sha256:2e8e6c9991a0f90623593458dc1fe8ac04c6f636d60d33ca1917ed69755f3675

其中，token可以通过如下命令来获取到：

root@k8s-master:~# kubeadm token list
TOKEN                     TTL       EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
cw6ahy.p8qkc7grox56kf2l   5h        2019-11-16T11:11:08Z   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

如果过期了，可以重新建一个：kubeadm token create。

6.创建完成

6.1 查看集群

至此，一个简单的k8s集群已经创建完成：

root@k8s-master:~# kubectl get node
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   Ready    master   18h     v1.16.3
k8s-node1    Ready    <none>   17h     v1.16.3
k8s-node2    Ready    <none>   3h46m   v1.16.3
root@k8s-master:~#
root@k8s-master:~#
root@k8s-master:~# kubectl get pod -A -o wide
NAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGE     IP                NODE         NOMINATED NODE   READINESS GATES
kube-system   calico-kube-controllers-55754f75c-64lrg   1/1     Running   0          18h     192.168.235.195   k8s-master   <none>           <none>
kube-system   calico-node-d9qjv                         1/1     Running   0          17h     192.168.1.39      k8s-node1    <none>           <none>
kube-system   calico-node-h6nfh                         1/1     Running   0          18h     192.168.1.38      k8s-master   <none>           <none>
kube-system   calico-node-pgjhf                         1/1     Running   0          3h46m   192.168.1.40      k8s-node2    <none>           <none>
kube-system   coredns-67c766df46-ltz7b                  1/1     Running   0          18h     192.168.235.193   k8s-master   <none>           <none>
kube-system   coredns-67c766df46-zprgv                  1/1     Running   0          18h     192.168.235.194   k8s-master   <none>           <none>
kube-system   etcd-k8s-master                           1/1     Running   0          18h     192.168.1.38      k8s-master   <none>           <none>
kube-system   kube-apiserver-k8s-master                 1/1     Running   0          18h     192.168.1.38      k8s-master   <none>           <none>
kube-system   kube-controller-manager-k8s-master        1/1     Running   0          18h     192.168.1.38      k8s-master   <none>           <none>
kube-system   kube-proxy-9wjqk                          1/1     Running   0          3h46m   192.168.1.40      k8s-node2    <none>           <none>
kube-system   kube-proxy-ckzw5                          1/1     Running   0          18h     192.168.1.38      k8s-master   <none>           <none>
kube-system   kube-proxy-xp82s                          1/1     Running   0          17h     192.168.1.39      k8s-node1    <none>           <none>
kube-system   kube-scheduler-k8s-master                 1/1     Running   0          18h     192.168.1.38      k8s-master   <none>           <none>