Kubernetes：4.使用 Kubeadm 部署3 Mast

环境

[09:42:02 root@ceshi-01 ~ $]cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core)

[09:41:17 root@ceshi-01 ~ $]kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.2", GitCommit:"f6278300bebbb750328ac16ee6dd3aa7d3549568", GitTreeState:"clean", BuildDate:"2019-08-05T09:23:26Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.2", GitCommit:"f6278300bebbb750328ac16ee6dd3aa7d3549568", GitTreeState:"clean", BuildDate:"2019-08-05T09:15:22Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}

第零步：准备工作

需要先执行：【Kubernetes：3.安装 Keepalived + Haproxy】

第一步：Installing kubeadm, kubelet and kubectl（by all）

您将在所有节点上安装以下软件包：
    kubeadm     引导集群的命令
    kubelet     在集群中所有计算机上运行的组件，并执行诸如启动 pod 和容器之类的操作
    kubectl     用于与集群通讯的命令行

## 官方源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

## 阿里源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

## 安装并启动
## kubelet 将每隔几秒重启一次，因为他在等待 kubeadm 告诉他应该怎么做
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
systemctl status kubelet

第二步：初始化第一个节点

1.修改初始化配置文件

## 打印出默认配置，然后根据自己情况修改
kubeadm config print init-defaults > kubeadm-init.yaml

    advertiseAddress    修改为本机内网 IP
    controlPlaneEndpoint    修改为 VIP:端口（顶格写）
    imageRepository         修改为阿里国内源：registry.aliyuncs.com/google_containers
                            默认的 Google 地址无法访问会导致初始化失败
    kubernetesVersion       修改为 kubectl version 命令输出的 GitVersion
    podSubnet               跟 serviceSubnet 平级添加并指定为：：10.244.0.0/16（Flannel默认网络）

## 示例配置
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.30.111
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: ceshi-01
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
controlPlaneEndpoint: 192.168.30.110
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.15.2
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.244.0.0/16
scheduler: {}

2.初始化集群

kubeadm init --config kubeadm-init.yaml --upload-certs

    ## 初始化成功后将得到以下提示
    ## 1.初始化成功
    ## 2.输入以下命令
    ## 3.应该是集群添加 Pod 网络
    ## 3.可以使用以下命令添加任意数量的控制节点
    ## 4.上传的证书会在2小时后删除，可以使用以下命令重新上传这证书
          kubeadm init phase upload-certs --upload-certs
    ## 5.可以使用以下命令添加任意节点的 Worker 节点

    Your Kubernetes control-plane has initialized successfully!

    To start using your cluster, you need to run the following as a regular user:

      mkdir -p $HOME/.kube
      sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
      sudo chown $(id -u):$(id -g) $HOME/.kube/config

    You should now deploy a pod network to the cluster.
    Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
      https://kubernetes.io/docs/concepts/cluster-administration/addons/

    You can now join any number of the control-plane node running the following command on each as root:

      kubeadm join 192.168.30.120:8443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:b5b60a596f4e9c61595913af668edc507a19c93d2b22802f65cf8cbe752666c0 \
        --control-plane --certificate-key 616956178da7e5822b59ccb577e2d5b461ffc96f19806eca6bf65495201348e6
    
    Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
    As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use 
    "kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
    
    Then you can join any number of worker nodes by running the following on each as root:
    
    kubeadm join 192.168.30.120:8443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:b5b60a596f4e9c61595913af668edc507a19c93d2b22802f65cf8cbe752666c0

3.执行以下命令

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

4.在集群中部署pod网络

## 这里只是为了快速开始，所以部署了「Weave Net」网络（后面可以更换为其他网络）
## 更多详情请参阅：https://kubernetes.io/docs/concepts/cluster-administration/addons/#networking-and-network-policy
## kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"

## 部署 Flannel 网络
## 如果要部署 Flannel 网络，需要在初始化集群的时候添加以下参数：--pod-network-cidr=10.244.0.0/16
## 参考：https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/62e44c867a2846fefb68bd5f178daf4da3095ccb/Documentation/kube-flannel.yml

## 使用 describe 查看指定容器的更多信息
kubectl describe  -n kube-system pod kube-flannel-ds-amd64-sch5b

## 使用以下命令查看状态
kubectl get nodes
kubectl get pods --all-namespaces -o wide
kubectl get pods -n kube-system -o wide

    ## nodes 状态要处于 Ready
    ## pod 要处于 running 状态
    [root@k8s-02 ~]# kubectl get nodes
    NAME     STATUS   ROLES    AGE   VERSION
    k8s-02   Ready    master   32m   v1.15.2
    [root@k8s-02 ~]# kubectl get pods --all-namespaces
    NAMESPACE     NAME                             READY   STATUS    RESTARTS   AGE
    kube-system   coredns-bccdc95cf-2hh76          1/1     Running   0          32m
    kube-system   coredns-bccdc95cf-n68wk          1/1     Running   0          32m
    kube-system   etcd-k8s-02                      1/1     Running   0          31m
    kube-system   kube-apiserver-k8s-02            1/1     Running   0          31m
    kube-system   kube-controller-manager-k8s-02   1/1     Running   0          31m
    kube-system   kube-proxy-kqjpj                 1/1     Running   0          32m
    kube-system   kube-scheduler-k8s-02            1/1     Running   0          31m
    kube-system   weave-net-sxllx                  2/2     Running   0          10m

第三步：加入 Master 和 Worker 节点

## 使用第一个节点生成的 join 语句加入集群既是 Master 节点
  kubeadm join 192.168.30.120:8443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:b5b60a596f4e9c61595913af668edc507a19c93d2b22802f65cf8cbe752666c0 \
    --control-plane --certificate-key 616956178da7e5822b59ccb577e2d5b461ffc96f19806eca6bf65495201348e6

## 使用第一个节点生成的 join 语句加入集群既是 Worker 节点
kubeadm join 192.168.30.120:8443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:b5b60a596f4e9c61595913af668edc507a19c93d2b22802f65cf8cbe752666c0