单机k8s实验环境安装 安装记录

2019-01-21
kubernetes v1.13.2
CentOS Linux release 7.6.1810 (Core)
Docker version 1.13.1, build 07f3374/1.13.1
Hostname op

1. 关掉 selinux

   $ setenforce 0
   $ sed -i “s/^SELINUX=enforcing/SELINUX=disabled/g” /etc/sysconfig/selinux

2. 关掉防火墙

   $ systemctl stop firewalld
   $ systemctl disable firewalld

3.关闭 swap

$ swapoff -a 
$ sed -i 's/.*swap.*/#&/' /etc/fstab

4. 配置转发参数

   $ cat < /etc/sysctl.d/k8s.conf
   net.bridge.bridge-nf-call-ip6tables = 1
   net.bridge.bridge-nf-call-iptables = 1
   EOF
   $ sysctl --system

5. 安装docker

   $ yum -y install docker

   $ vim /usr/lib/systemd/system/docker.service

   修改 --exec-opt native.cgroupdriver=systemd 中 systemd 为 cgroupfs

   $ systemctl start docker.service
   $ systemctl enable docker.service

6. 配置阿里云源

   $ cat < /etc/yum.repos.d/kubernetes.repo
   [kubernetes]
   name=Kubernetes
   baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
   enabled=1
   gpgcheck=0
   repo_gpgcheck=0
   gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
   http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
   EOF

7. 安装基础包（所有节点）

   $ yum install -y kubelet kubeadm kubectl

8. 镜像准备

   参考 国内拉去 k8s 镜像
   注意，k8s镜像版本 v1.13.2

9. 初始化
   v1.13.2 是准备 k8s 镜像的版本，10.1.6.168 是本机器ip
   cpay-cloud-registry.default.svc.cluster.local
   ,"–spring.profiles.active=test"

   [root@op ~]# kubeadm init --kubernetes-version=v1.13.2 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.1.6.168
   [init] Using Kubernetes version: v1.13.2
   [preflight] Running pre-flight checks
   [WARNING Service-Kubelet]: kubelet service is not enabled, please run ‘systemctl enable kubelet.service’
   [preflight] Pulling images required for setting up a Kubernetes cluster
   [preflight] This might take a minute or two, depending on the speed of your internet connection
   [preflight] You can also perform this action in beforehand using ‘kubeadm config images pull’
   [kubelet-start] Writing kubelet environment file with flags to file “/var/lib/kubelet/kubeadm-flags.env”
   [kubelet-start] Writing kubelet configuration to file “/var/lib/kubelet/config.yaml”
   [kubelet-start] Activating the kubelet service
   [certs] Using certificateDir folder “/etc/kubernetes/pki”
   [certs] Generating “front-proxy-ca” certificate and key
   [certs] Generating “front-proxy-client” certificate and key
   [certs] Generating “etcd/ca” certificate and key
   [certs] Generating “apiserver-etcd-client” certificate and key
   [certs] Generating “etcd/server” certificate and key
   [certs] etcd/server serving cert is signed for DNS names [op localhost] and IPs [10.1.6.168 127.0.0.1 ::1]
   [certs] Generating “etcd/peer” certificate and key
   [certs] etcd/peer serving cert is signed for DNS names [op localhost] and IPs [10.1.6.168 127.0.0.1 ::1]
   [certs] Generating “etcd/healthcheck-client” certificate and key
   [certs] Generating “ca” certificate and key
   [certs] Generating “apiserver-kubelet-client” certificate and key
   [certs] Generating “apiserver” certificate and key
   [certs] apiserver serving cert is signed for DNS names [op kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.1.6.168]
   [certs] Generating “sa” key and public key
   [kubeconfig] Using kubeconfig folder “/etc/kubernetes”
   [kubeconfig] Writing “admin.conf” kubeconfig file
   [kubeconfig] Writing “kubelet.conf” kubeconfig file
   [kubeconfig] Writing “controller-manager.conf” kubeconfig file
   [kubeconfig] Writing “scheduler.conf” kubeconfig file
   [control-plane] Using manifest folder “/etc/kubernetes/manifests”
   [control-plane] Creating static Pod manifest for “kube-apiserver”
   [control-plane] Creating static Pod manifest for “kube-controller-manager”
   [control-plane] Creating static Pod manifest for “kube-scheduler”
   [etcd] Creating static Pod manifest for local etcd in “/etc/kubernetes/manifests”
   [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory “/etc/kubernetes/manifests”. This can take up to 4m0s
   [apiclient] All control plane components are healthy after 24.003887 seconds
   [uploadconfig] storing the configuration used in ConfigMap “kubeadm-config” in the “kube-system” Namespace
   [kubelet] Creating a ConfigMap “kubelet-config-1.13” in namespace kube-system with the configuration for the kubelets in the cluster
   [patchnode] Uploading the CRI Socket information “/var/run/dockershim.sock” to the Node API object “op” as an annotation
   [mark-control-plane] Marking the node op as control-plane by adding the label “node-role.kubernetes.io/master=’’”
   [mark-control-plane] Marking the node op as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
   [bootstrap-token] Using token: 9uh8ic.4zlffjmxukja9idr
   [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
   [bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
   [bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
   [bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
   [bootstraptoken] creating the “cluster-info” ConfigMap in the “kube-public” namespace
   [addons] Applied essential addon: CoreDNS
   [addons] Applied essential addon: kube-proxy

   Your Kubernetes master has initialized successfully!

   To start using your cluster, you need to run the following as a regular user:

   mkdir -p $HOME/.kube
   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
   sudo chown $(id -u):$(id−u):(id -g) $HOME/.kube/config

   You should now deploy a pod network to the cluster.
   Run “kubectl apply -f [podnetwork].yaml” with one of the options listed at:
   https://kubernetes.io/docs/concepts/cluster-administration/addons/

   You can now join any number of machines by running the following on each node
   as root:

   kubeadm join 192.168.206.128:6443 --token um7jc2.044efo248u26sg3t --discovery-token-ca-cert-hash sha256:dcb899cbfe03b9543f9270b5e1c1f0eeca37715d3e6402cd0a1cd28181f8f985
   [root@op ~]#

10. 配置 kubectl

    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id−u):(id -g) $HOME/.kube/config

    #如果用root
    export KUBECONFIG=/etc/kubernetes/admin.conf

11. 配置网络

    sysctl net.bridge.bridge-nf-call-iptables=1
    kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml

12. 去掉 master 污点

k8s是通过污点的机制来禁止 pod 部署在master上的，去除后pod会部署到master上，就成了单机版 k8s了

$ kubectl describe node op
可以看到 
Taints:             node-role.kubernetes.io/master:NoSchedule

# 去除污点 nodes --all 这个应该也可以制定单个节点的，待实验
$ kubectl taint nodes --all node-role.kubernetes.io/master-

12. 备注

其实和就是和k8s小集群部署一样，少了个节点加入，多了个去除 master 节点的污点。

13. 参考
    https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/