瞎几把XI[U]E

XIA几把学

0%

安装部署kubernetes

发表于 更新于 分类于
本文字数: 22k 阅读时长 ≈ 20 分钟

随便记记,有空整理

requirements

节点 系统 ip地址 配置
master centos7(64bit) 192.168.1.20 2vCPU/2048MB
node0 centos7(64bit) 192.168.1.21 2vCPU/2048MB

common

# 安装 zsh oh-my-zsh vim (optional)
$ yum install vim 
$ yum install zsh git -y
$ sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"

# ## Install prerequisites.
$ yum install yum-utils device-mapper-persistent-data lvm2
# 关掉防火墙
$ systemctl stop firewalld

# 关掉缓存
$ swapoff -a

$ cat /etc/fstab

#
# /etc/fstab
# Created by anaconda on Mon Nov 19 09:58:16 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=bc3f3ebf-103e-4ba6-b24a-2ecbf2288324 /boot                   xfs     defaults        0 0
# /dev/mapper/centos-swap swap                    swap    defaults        0 0

$ yum install ipvsadm # (暂时无用) TODO
$ modprobe overlay
$ modprobe br_netfilter

# Setup required sysctl params, these persist across reboots.
$ cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

$ sysctl --system

Docker 安装

## Add docker repository.
$ yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo

## Install docker.
$ yum update && yum install docker-ce-18.06.1.ce
## Create /etc/docker directory.
$ mkdir /etc/docker
# Setup daemon.
$ cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF

$ mkdir -p /etc/systemd/system/docker.service.d

# Restart docker.
$ systemctl daemon-reload
$ systemctl restart docker
$ systemctl enable docker.service

cri-o 安装 (不用)

# Install prerequisites
$ yum-config-manager --add-repo=https://cbs.centos.org/repos/paas7-crio-311-candidate/x86_64/os/

# Install CRI-O
$ yum install --nogpgcheck cri-o
# 这是官方源,国内环境使用要翻墙
$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF

# 这是阿里云的源,这里用这个
$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF

# Set SELinux in permissive mode (effectively disabling it)
$ setenforce 0
$ sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

# 官方文档有个warning提示说,从系统更新排除,因为kubelet和kubeadm自己管理更新
$ yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

# 设置开机启动并启动kubelet
$ systemctl enable kubelet && systemctl start kubelet
# 这时 `systemctl status kubelet` 是失败的,没有关系
Warning: These instructions exclude all Kubernetes packages from any system upgrades. This is because kubeadm and Kubernetes require (special attention to upgrade)[https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-11/].

$ journalctl -xefu kubelet

master

# 设置 hostname
$ hostnamectl set-hostname master
# 初始化 master
$ kubeadm init --pod-network-cidr=192.100.0.0/16

[preflight] Some fatal errors occurred:
	[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-apiserver:v1.12.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
	[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-controller-manager:v1.12.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
	[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-scheduler:v1.12.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
	[ERROR ImagePull]: failed to pull image k8s.gcr.io/kube-proxy:v1.12.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
	[ERROR ImagePull]: failed to pull image k8s.gcr.io/pause:3.1: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
	[ERROR ImagePull]: failed to pull image k8s.gcr.io/etcd:3.2.24: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
	[ERROR ImagePull]: failed to pull image k8s.gcr.io/coredns:1.2.2: output: Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1

没有代理的情况下从阿里云手动pull

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:v1.12.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:v1.12.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:v1.12.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.12.2
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:3.2.24
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.2

docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:v1.12.2 k8s.gcr.io/kube-apiserver:v1.12.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:v1.12.2 k8s.gcr.io/kube-controller-manager:v1.12.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:v1.12.2 k8s.gcr.io/kube-scheduler:v1.12.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.12.2 k8s.gcr.io/kube-proxy:v1.12.2
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1 k8s.gcr.io/pause:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd-amd64:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.2 k8s.gcr.io/coredns:1.2.2
#再执行初始化 master
$ kubeadm init --pod-network-cidr=192.100.0.0/16

[init] using Kubernetes version: v1.12.2
[preflight] running pre-flight checks
[preflight/images] Pulling images required for setting up a Kubernetes cluster
[preflight/images] This might take a minute or two, depending on the speed of your internet connection
[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[preflight] Activating the kubelet service
[certificates] Generated ca certificate and key.
[certificates] Generated apiserver certificate and key.
[certificates] apiserver serving cert is signed for DNS names [master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.1.20]
[certificates] Generated apiserver-kubelet-client certificate and key.
[certificates] Generated etcd/ca certificate and key.
[certificates] Generated apiserver-etcd-client certificate and key.
[certificates] Generated etcd/server certificate and key.
[certificates] etcd/server serving cert is signed for DNS names [master localhost] and IPs [127.0.0.1 ::1]
[certificates] Generated etcd/peer certificate and key.
[certificates] etcd/peer serving cert is signed for DNS names [master localhost] and IPs [192.168.1.20 127.0.0.1 ::1]
[certificates] Generated etcd/healthcheck-client certificate and key.
[certificates] Generated front-proxy-ca certificate and key.
[certificates] Generated front-proxy-client certificate and key.
[certificates] valid certificates and keys now exist in "/etc/kubernetes/pki"
[certificates] Generated sa key and public key.
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
[controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
[controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
[init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests" 
[init] this might take a minute or longer if the control plane images have to be pulled
[apiclient] All control plane components are healthy after 27.507485 seconds
[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.12" in namespace kube-system with the configuration for the kubelets in the cluster
[markmaster] Marking the node master as master by adding the label "node-role.kubernetes.io/master=''"
[markmaster] Marking the node master as master by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "master" as an annotation
[bootstraptoken] using token: l2ixm1.229dwdkavjs8cek1
[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join 192.168.1.20:6443 --token l2ixm1.229dwdkavjs8cek1 --discovery-token-ca-cert-hash sha256:86348b888f0e936b8abff7415f0ef9c9f088372607b84915be1b3baa831e9198
$ mkdir -p $HOME/.kube
$ cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ chown $(id -u):$(id -g) $HOME/.kube/config
$ kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml

clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created

$ curl -O https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
$ sed -i "s/192.168.0.0/192.100.0.0/g" calico.yaml
$ kubectl apply -f calico.yaml

configmap/calico-config created
service/calico-typha created
deployment.apps/calico-typha created
poddisruptionbudget.policy/calico-typha created
daemonset.extensions/calico-node created
serviceaccount/calico-node created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created

$ kubectl get pods --all-namespaces

NAMESPACE     NAME                             READY   STATUS    RESTARTS   AGE
kube-system   calico-node-k572v                2/2     Running   0          6m58s
kube-system   coredns-576cbf47c7-2v6vf         1/1     Running   0          49m
kube-system   coredns-576cbf47c7-7hd2z         1/1     Running   0          49m
kube-system   etcd-master                      1/1     Running   0          49m
kube-system   kube-apiserver-master            1/1     Running   0          48m
kube-system   kube-controller-manager-master   1/1     Running   0          48m
kube-system   kube-proxy-pqdz2                 1/1     Running   0          49m
kube-system   kube-scheduler-master            1/1     Running   0          48m

$ kubectl get nodes -o wide
$ kubeadm token list
$ kubeadm token create
$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

安装仪表盘

曲线救国小技巧(假)

查看配置文件里有没有需要翻墙才能下载的image,如果有就根据名字去阿里云的容器hub搜索

$ curl https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml |grep image
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4582  100  4582    0     0   3850      0  0:00:01  0:00:01 --:--:--  3850
        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0

$ docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
$ docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0

¥ docker images
REPOSITORY                                                                          TAG                 IMAGE ID            CREATED             SIZE
...
# 这时有了
k8s.gcr.io/kubernetes-dashboard-amd64                                               v1.10.0             0dab2435c100        3 months ago        122MB
registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64      v1.10.0             0dab2435c100        3 months ago        122MB
...

当准备妥当,就可以正式部署仪表盘. (也可以先执行下面的语句,然后通过命令journalctl -xefu kubeletkubectl describe --namespace=kube-system pod kubernetes-dashboard 查看哪个image无法pull,通过上面的技巧去手动pull)

$ kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

一波操作之后发现kubernetes-dashboardnode0,这就很尴尬了, 曲线救国小技巧(真)

$ kubectl get pods --all-namespaces -o wide
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE     IP             NODE     NOMINATED NODE
kube-system   calico-node-fkzb8                       2/2     Running   0          4m51s   192.168.1.20   master   <none>
kube-system   calico-node-qrqvj                       2/2     Running   0          3m45s   192.168.1.21   node0    <none>
kube-system   coredns-576cbf47c7-bftvw                1/1     Running   0          10m     192.100.0.10   master   <none>
kube-system   coredns-576cbf47c7-vl749                1/1     Running   0          10m     192.100.0.11   master   <none>
kube-system   etcd-master                             1/1     Running   0          4m37s   192.168.1.20   master   <none>
kube-system   kube-apiserver-master                   1/1     Running   0          4m45s   192.168.1.20   master   <none>
kube-system   kube-controller-manager-master          1/1     Running   0          4m42s   192.168.1.20   master   <none>
kube-system   kube-proxy-jrmt5                        1/1     Running   0          10m     192.168.1.20   master   <none>
kube-system   kube-proxy-sqchm                        1/1     Running   0          3m45s   192.168.1.21   node0    <none>
kube-system   kube-scheduler-master                   1/1     Running   0          4m44s   192.168.1.20   master   <none>
kube-system   kubernetes-dashboard-77fd78f978-jxgll   0/1     ImagePullBackOff   0          10s     192.100.1.2    node0    <none>

$ kubectl describe --namespace=kube-system pod kubernetes-dashboard
...
Events:
  Type     Reason     Age                   From               Message
  ----     ------     ----                  ----               -------
  Normal   Scheduled  27m                   default-scheduler  Successfully assigned kube-system/kubernetes-dashboard-77fd78f978-6llsj to node0
  Normal   Pulling    25m (x4 over 27m)     kubelet, node0     pulling image "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0"
  Warning  Failed     25m (x4 over 27m)     kubelet, node0     Failed to pull image "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0": rpc error: code = Unknown desc = Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
  Warning  Failed     25m (x4 over 27m)     kubelet, node0     Error: ErrImagePull
  Normal   BackOff    24m (x6 over 27m)     kubelet, node0     Back-off pulling image "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0"
  Warning  Failed     2m25s (x97 over 27m)  kubelet, node0     Error: ImagePullBackOff

曲线救国小技巧(真)

所以真正快速的做法是先执行部署操作,再查看不成功的pod,根据信息去相应的node pull && tag 相应的docker。GFW造成的困扰就是木有办法。

根据两个命令 kubectl get pods --all-namespaces -o widekubectl get pods --all-namespaces -o wide 定位到具体错误和错误发生的node。

$ kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

$ kubectl get pods --all-namespaces -o wide                        
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE     IP             NODE     NOMINATED NODE
kube-system   calico-node-fkzb8                       2/2     Running   0          4m51s   192.168.1.20   master   <none>
kube-system   calico-node-qrqvj                       2/2     Running   0          3m45s   192.168.1.21   node0    <none>
kube-system   coredns-576cbf47c7-bftvw                1/1     Running   0          10m     192.100.0.10   master   <none>
kube-system   coredns-576cbf47c7-vl749                1/1     Running   0          10m     192.100.0.11   master   <none>
kube-system   etcd-master                             1/1     Running   0          4m37s   192.168.1.20   master   <none>
kube-system   kube-apiserver-master                   1/1     Running   0          4m45s   192.168.1.20   master   <none>
kube-system   kube-controller-manager-master          1/1     Running   0          4m42s   192.168.1.20   master   <none>
kube-system   kube-proxy-jrmt5                        1/1     Running   0          10m     192.168.1.20   master   <none>
kube-system   kube-proxy-sqchm                        1/1     Running   0          3m45s   192.168.1.21   node0    <none>
kube-system   kube-scheduler-master                   1/1     Running   0          4m44s   192.168.1.20   master   <none>
# 状态显示 ImagePullBackOff, 节点显示 node0
kube-system   kubernetes-dashboard-77fd78f978-jxgll   0/1     ImagePullBackOff   0          10s     192.100.1.2    node0    <none>


$ kubectl describe --namespace=kube-system pod kubernetes-dashboard-77fd78f978-jxgll
...
Events:
  Type     Reason     Age                    From               Message
  ----     ------     ----                   ----               -------
  Normal   Scheduled  53m                    default-scheduler  Successfully assigned kube-system/kubernetes-dashboard-77fd78f978-jxgll to node0
  Warning  Failed     51m (x4 over 53m)      kubelet, node0     Failed to pull image "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0": rpc error: code = Unknown desc = Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
  Warning  Failed     51m (x4 over 53m)      kubelet, node0     Error: ErrImagePull
  Normal   BackOff    50m (x6 over 53m)      kubelet, node0     Back-off pulling image "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0"
  Warning  Failed     8m32s (x182 over 53m)  kubelet, node0     Error: ImagePullBackOff
  Normal   Pulling    3m37s (x14 over 53m)   kubelet, node0     pulling image "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0"

ssh进node0,进行pull 和 tag。(从阿里云的容器hub搜索 kubernetes-dashboard-amd64:v1.10.0 得到 registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0)

$ docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
$ docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0

master节点 执行kubectl get pods --all-namespaces -o wide 检查已经部署成功

$ kubectl get pods --all-namespaces -o wide                                         
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE     IP             NODE     NOMINATED NODE
kube-system   calico-node-fkzb8                       2/2     Running   0          4m51s   192.168.1.20   master   <none>
kube-system   calico-node-qrqvj                       2/2     Running   0          3m45s   192.168.1.21   node0    <none>
kube-system   coredns-576cbf47c7-bftvw                1/1     Running   0          10m     192.100.0.10   master   <none>
kube-system   coredns-576cbf47c7-vl749                1/1     Running   0          10m     192.100.0.11   master   <none>
kube-system   etcd-master                             1/1     Running   0          4m37s   192.168.1.20   master   <none>
kube-system   kube-apiserver-master                   1/1     Running   0          4m45s   192.168.1.20   master   <none>
kube-system   kube-controller-manager-master          1/1     Running   0          4m42s   192.168.1.20   master   <none>
kube-system   kube-proxy-jrmt5                        1/1     Running   0          10m     192.168.1.20   master   <none>
kube-system   kube-proxy-sqchm                        1/1     Running   0          3m45s   192.168.1.21   node0    <none>
kube-system   kube-scheduler-master                   1/1     Running   0          4m44s   192.168.1.20   master   <none>
kube-system   kubernetes-dashboard-77fd78f978-jxgll   1/1     Running   0          10s     192.100.1.2    node0    <none>
$ kubectl proxy --address="0.0.0.0" --accept-hosts='^*$'
# 或者
$ kubectl proxy --address="0.0.0.0" --disable-filter=true

http://192.168.1.20:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

一些命令

$ kubectl cluster-info
Kubernetes master is running at https://192.168.1.20:6443
KubeDNS is running at https://192.168.1.20:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

$ kubectl logs kubernetes-dashboard-77fd78f978-jxgll -n kube-system

$ kubectl get svc --all-namespaces

node

$ hostnamectl set-hostname node0

$ kubeadm join 192.168.1.20:6443 --token 6igd00.owi6ycs7epiuzazd --discovery-token-ca-cert-hash sha256:9a329924365080644f256186c7dff2ee2ba24b5a915147b2b498b819cb28853a
[preflight] running pre-flight checks
  [WARNING RequiredIPVSKernelModulesAvailable]: the IPVS proxier will not be used, because the following required kernel modules are not loaded: [ip_vs_rr ip_vs_wrr ip_vs_sh] or no builtin kernel ipvs support: map[ip_vs:{} ip_vs_rr:{} ip_vs_wrr:{} ip_vs_sh:{} nf_conntrack_ipv4:{}]
you can solve this problem with following methods:
 1. Run 'modprobe -- ' to load missing kernel modules;
2. Provide the missing builtin kernel ipvs support

[discovery] Trying to connect to API Server "192.168.1.20:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://192.168.1.20:6443"
[discovery] Requesting info from "https://192.168.1.20:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "192.168.1.20:6443"
[discovery] Successfully established connection with API Server "192.168.1.20:6443"
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.12" ConfigMap in the kube-system namespace
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[preflight] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "node0" as an annotation

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the master to see this node join the cluster.

$ ipvsadm --save > /etc/sysconfig/ipvsadm #TODO
$ systemctl start ipvsadm.service && systemctl enable ipvsadm.service #TODO


$ docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1

$ docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1 k8s.gcr.io/pause:3.1

TODO

  • ip_vs
  • 仪表盘(认证)
  • 开启 firewalld 配置端口

欢迎关注我的其它发布渠道