kubernetes1.8 部署安装

环境说明：

我这里的部署环境是三台虚拟机

master：172.17.80.10、node01：172.17.80.11、node02：172.17.80.12

Linux系统内核为：3.10.0-327.el7.x86_64 kubernetes版本：1.8

因需要上google，download image和kubernetes软件包，我事先己经使用proxy下载好全部打包成（kubernetes-all-1.8.tar.gz）软件包，里面包含配置文件、Docker软件包、kubernetes软件包以及下面的镜像

docker_soft：docker安装所需要软件包images：镜像文件k8s_soft：k8s软件包yaml：部署时所需要的配置文件

软件包己上传至baidu云盘,下载地址：http://pan.baidu.com/s/1slOCHop 密码：cm1o

k8s所使用的镜像以及版本号：

gcr.io/google_containers/kube-apiserver-amd64v1.8.2gcr.io/google_containers/kube-controller-manager-amd64v1.8.2gcr.io/google_containers/kube-scheduler-amd64v1.8.2gcr.io/google_containers/kube-proxy-amd64v1.8.2gcr.io/google_containers/kubernetes-dashboard-init-amd64v1.0.1gcr.io/google_containers/kubernetes-dashboard-amd64v1.7.1gcr.io/google_containers/k8s-dns-sidecar-amd641.14.5gcr.io/google_containers/k8s-dns-kube-dns-amd641.14.5gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd641.14.5quay.io/coreos/flannelv0.9.0-amd64gcr.io/google_containers/heapster-influxdb-amd64v1.3.3gcr.io/google_containers/heapster-grafana-amd64v4.4.3gcr.io/google_containers/heapster-amd64v1.4.0gcr.io/google_containers/etcd-amd643.0.17gcr.io/google_containers/pause-amd643.0

下面开始部署操作

1.配置系统环境

[root@master~]#setenforce0&&iptables-F&&serviceiptablessave[root@master~]#swapoff-a[root@master~]#cat<<EOF>/etc/sysctl.d/k8s.conf[root@master~]#net.bridge.bridge-nf-call-ip6tables=1[root@master~]#net.bridge.bridge-nf-call-iptables=1[root@master~]#EOF[root@master~]#sysctl--system

2.解压软件kubernetes软件包、安装Docker

[root@master~]#tarxfkubernetes-all-1.8.tar.gz[root@master~]#cdkubernetes-all-1.8[root@masterkubernetes-all-1.8]#cddocker_soft/[root@master~]#yumlocalinstall-y*[root@master~]#systemctlenabledocker&&systemctlstartdocker

3.导入所需的镜像、查看是否正常

[root@masterimages]#cd/root/kubernetes-all-1.8/images[root@master~]#foriin`catimages.txt`;dodockerload<`echo$i|cut-d‘/‘-f3`;done[root@master~]#dockerimagesREPOSITORYTAGIMAGEIDCREATEDSIZEgcr.io/google_containers/kube-apiserver-amd64v1.8.26278a1092d0834hoursago194MBgcr.io/google_containers/kube-controller-manager-amd64v1.8.25eabb0eae58b34hoursago129.2MBgcr.io/google_containers/kube-scheduler-amd64v1.8.2b48970f8473e34hoursago54.9MBgcr.io/google_containers/kube-proxy-amd64v1.8.288e2c85d3d0234hoursago93.13MBgcr.io/google_containers/kubernetes-dashboard-init-amd64v1.0.195bfc2b3e5a39daysago250.5MBgcr.io/google_containers/kubernetes-dashboard-amd64v1.7.1294879c6444e3weeksago128.4MBgcr.io/google_containers/k8s-dns-sidecar-amd641.14.5fed89e8b42484weeksago41.81MBgcr.io/google_containers/k8s-dns-kube-dns-amd641.14.5512cd7425a734weeksago49.38MBgcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd641.14.5459944ce8cc44weeksago41.42MBquay.io/coreos/flannelv0.9.0-amd644c600a64a18a4weeksago51.31MBgcr.io/google_containers/heapster-influxdb-amd64v1.3.3577260d221db7weeksago12.55MBgcr.io/google_containers/heapster-grafana-amd64v4.4.38cb3de219af77weeksago151.5MBgcr.io/google_containers/heapster-amd64v1.4.0749531a6d2cf3monthsago73.4MBgcr.io/google_containers/etcd-amd643.0.17243830dae7dd8monthsago168.9MBgcr.io/google_containers/pause-amd643.099e59f495ffa18monthsago746.9kB

4.安装kubernetes软件包

[root@masterk8s_soft]#cd/root/kubernetes-all-1.8/k8s_soft[root@master~]#yumlocalinstall-ykubeletkubeadmkubectl[root@master~]#systemctlenablekubelet&&systemctlstartkubelet

5.kubernetes初始化

[root@master~]#kubeadminit--apiserver-advertise-address=172.17.80.10--pod-network-cidr=10.244.0.0/16[kubeadm]WARNING:kubeadmisinbeta,pleasedonotuseitforproductionclusters.[init]UsingKubernetesversion:v1.8.2[init]UsingAuthorizationmodes:[NodeRBAC][preflight]Skippingpre-flightchecks[kubeadm]WARNING:startingin1.8,tokensexpireafter24hoursbydefault(ifyourequireanon-expiringtokenuse--token-ttl0)[certificates]Usingtheexistingcacertificateandkey.[certificates]Usingtheexistingapiservercertificateandkey.[certificates]Usingtheexistingapiserver-kubelet-clientcertificateandkey.[certificates]Usingtheexistingsakey.[certificates]Usingtheexistingfront-proxy-cacertificateandkey.[certificates]Usingtheexistingfront-proxy-clientcertificateandkey.[certificates]Validcertificatesandkeysnowexistin"/etc/kubernetes/pki"[kubeconfig]Usingexistingup-to-dateKubeConfigfile:"admin.conf"[kubeconfig]Usingexistingup-to-dateKubeConfigfile:"kubelet.conf"[kubeconfig]Usingexistingup-to-dateKubeConfigfile:"controller-manager.conf"[kubeconfig]Usingexistingup-to-dateKubeConfigfile:"scheduler.conf"[controlplane]WroteStaticPodmanifestforcomponentkube-apiserverto"/etc/kubernetes/manifests/kube-apiserver.yaml"[controlplane]WroteStaticPodmanifestforcomponentkube-controller-managerto"/etc/kubernetes/manifests/kube-controller-manager.yaml"[controlplane]WroteStaticPodmanifestforcomponentkube-schedulerto"/etc/kubernetes/manifests/kube-scheduler.yaml"[etcd]WroteStaticPodmanifestforalocaletcdinstanceto"/etc/kubernetes/manifests/etcd.yaml"[init]WaitingforthekubelettobootupthecontrolplaneasStaticPodsfromdirectory"/etc/kubernetes/manifests"[init]Thisoftentakesaroundaminute;orlongerifthecontrolplaneimageshavetobepulled.[apiclient]Allcontrolplanecomponentsarehealthyafter25.003235seconds[uploadconfig]StoringtheconfigurationusedinConfigMap"kubeadm-config"inthe"kube-system"Namespace[markmaster]Willmarknodemaster.junly.comasmasterbyaddingalabelandataint[markmaster]Mastermaster.junly.comtaintedandlabelledwithkey/value:node-role.kubernetes.io/master=""[bootstraptoken]Usingtoken:916ff9.96f48b52e66d9e03[bootstraptoken]ConfiguredRBACrulestoallowNodeBootstraptokenstopostCSRsinorderfornodestogetlongtermcertificatecredentials[bootstraptoken]ConfiguredRBACrulestoallowthecsrapprovercontrollerautomaticallyapproveCSRsfromaNodeBootstrapToken[bootstraptoken]ConfiguredRBACrulestoallowcertificaterotationforallnodeclientcertificatesinthecluster[bootstraptoken]Creatingthe"cluster-info"ConfigMapinthe"kube-public"namespace[addons]Appliedessentialaddon:kube-dns[addons]Appliedessentialaddon:kube-proxyYourKubernetesmasterhasinitializedsuccessfully!Tostartusingyourcluster,youneedtorun(asaregularuser):mkdir-p$HOME/.kubesudocp-i/etc/kubernetes/admin.conf$HOME/.kube/configsudochown$(id-u):$(id-g)$HOME/.kube/configYoushouldnowdeployapodnetworktothecluster.Run"kubectlapply-f[podnetwork].yaml"withoneoftheoptionslistedat:http://kubernetes.io/docs/admin/addons/Youcannowjoinanynumberofmachinesbyrunningthefollowingoneachnodeasroot:kubeadmjoin--token916ff9.96f48b52e66d9e03172.17.80.10:6443--discovery-token-ca-cert-hashsha256:2ae7f364929e442ed04bb1e0af840a343bb1efb356c5301ae7aed566b1f30d40

6.允许远程操作集群

[root@master~]#mkdir-p$HOME/.kube[root@master~]#cp-i/etc/kubernetes/admin.conf$HOME/.kube/config[root@master~]#chown$(id-u):$(id-g)$HOME/.kube/config

7.踢除master,不允许在master上进行部署服务

[root@masterkubernetes-images-1.8]#kubectltaintnodes--allnode-role.kubernetes.io/master-node"master.junly.com"untainted

8.安装flanner网络

[root@master~]#kubectlcreate-fkube-flannel.ymlclusterrole"flannel"createdclusterrolebinding"flannel"createdserviceaccount"flannel"createdconfigmap"kube-flannel-cfg"createddaemonset"kube-flannel-ds"created

9.查看部署是否正常

[root@master~]#kubectlgetpods--all-namespacesNAMESPACENAMEREADYSTATUSRESTARTSAGEkube-systemetcd-master.junly.com1/1Running04mkube-systemkube-apiserver-master.junly.com1/1Running04mkube-systemkube-controller-manager-master.junly.com1/1Running14mkube-systemkube-dns-545bc4bfd4-nmhwl3/3Running05mkube-systemkube-flannel-ds-5mkm71/1Running052skube-systemkube-proxy-lmhzr1/1Running05mkube-systemkube-scheduler-master.junly.com1/1Running04m

10.安装部署node节点
在所有节点上按照前4步进行操作之后，加入集群

[root@node01~]#kubeadmjoin--token916ff9.96f48b52e66d9e03172.17.80.10:6443--discovery-token-ca-cert-hashsha256:2ae7f364929e442ed04bb1e0af840a343bb1efb356c5301ae7aed566b1f30d40

11.部署Dashboard

[root@masterkubernetes-images-1.8]#kubectlcreate-fkubernetes-dashboard.yamlsecret"kubernetes-dashboard-certs"createdserviceaccount"kubernetes-dashboard"createdrole"kubernetes-dashboard-minimal"createdrolebinding"kubernetes-dashboard-minimal"createddeployment"kubernetes-dashboard"createdservice"kubernetes-dashboard"created[root@master~]#kubectlgetpods-nkube-systemNAMEREADYSTATUSRESTARTSAGEetcd-master.junly.com1/1Running010mkube-apiserver-master.junly.com1/1Running010mkube-controller-manager-master.junly.com1/1Running110mkube-dns-545bc4bfd4-nmhwl3/3Running011mkube-flannel-ds-5mkm71/1Running06mkube-flannel-ds-l9xvp1/1Running01mkube-flannel-ds-v6hht1/1Running01mkube-proxy-4xgj81/1Running01mkube-proxy-b72xm1/1Running01mkube-proxy-lmhzr1/1Running011mkube-scheduler-master.junly.com1/1Running010mkubernetes-dashboard-747c4f7cf-9v9t81/1Running010s

12.将dashboard端口映射到node上

[root@master~]#kubectleditservicekubernetes-dashboard-nkube-systemservice"kubernetes-dashboard"edited#Pleaseedittheobjectbelow.Linesbeginningwitha‘#‘willbeignored,#andanemptyfilewillaborttheedit.Ifanerroroccurswhilesavingthisfilewillbe#reopenedwiththerelevantfailures.#apiVersion:v1kind:Servicemetadata:creationTimestamp:2017-10-26T03:10:16Zlabels:k8s-app:kubernetes-dashboardname:kubernetes-dashboardnamespace:kube-systemresourceVersion:"1334"selfLink:/api/v1/namespaces/kube-system/services/kubernetes-dashboarduid:31166784-b9fb-11e7-abe1-000c29c7c723spec:clusterIP:10.96.47.166externalTrafficPolicy:Clusterports:-nodePort:31334port:443protocol:TCPtargetPort:8443selector:k8s-app:kubernetes-dashboardsessionAffinity:Nonetype:NodePort#修改此处将Cluster改NodePortstatus:loadBalancer:{}

13.查看映射出来的端口

[root@masterkubernetes-images-1.8]#kubectlgetservicekubernetes-dashboard-nkube-systemNAMETYPECLUSTER-IPEXTERNAL-IPPORT(S)AGEkubernetes-dashboardNodePort10.96.47.166<none>443:31334/TCP53s

14.部署dashboard rbac

[root@master~]#cd/root/kubernetes-all-1.8/yaml[root@masteryaml]#kubectlcreate-fkubernetes-dashboard-admin.rbac.yamlserviceaccount"kubernetes-dashboard-admin"createdclusterrolebinding"kubernetes-dashboard-admin"created

15.使用浏览器访问ui,会自动跳到登录页面

https://172.17.80.11:31334

16.使用token来登录

[root@masteryaml]#kubectl-nkube-systemgetsecret|grepkubernetes-dashboard-adminkubernetes-dashboard-admin-token-2p6djkubernetes.io/service-account-token33h[root@masteryaml]#[root@masteryaml]#kubectldescribe-nkube-systemsecret/kubernetes-dashboard-admin-token-2p6djName:kubernetes-dashboard-admin-token-2p6djNamespace:kube-systemLabels:<none>Annotations:kubernetes.io/service-account.name=kubernetes-dashboard-adminkubernetes.io/service-account.uid=6e35bbd8-b9fc-11e7-abe1-000c29c7c723Type:kubernetes.io/service-account-tokenData========复制下面的token内容进行登录，不要复制token:==========token:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi10b2tlbi0ycDZkaiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjZlMzViYmQ4LWI5ZmMtMTFlNy1hYmUxLTAwMGMyOWM3YzcyMyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiJ9.Jy-hQuDL_2tgEtw1_Aaf2SHZ3-dXpH5sNqhuhqYkDnZElFO_vatJfwUM0CvTZGC0EDggKEVLwNjboMJDpDrdhshXUfYI0qK4PaFKkZWmTWZNBrL58qFDKQZ3-lDotwrMcI8xABkLuCiHLqi7mHSpvk1kIIUP4vTwx7QulOZmsHHuLUpz8nBOcGK7CiqKCQQZfWPkU_7OSC5_ECBIZXFU1T3OmqhwZPtYSo6183vsJmn6HvwT2RhFn2mkasO6YD2a-g_SzxvgW6uj0YOFzJVssGVQk0OjDPRL8ytaQiq_bZF6tDh6gh6e7UzLO6uzQhYonot2vNxRCUBUES_3DQsslgca.crt:1025bytesnamespace:11bytes

17.部署heapster

[root@master~]#cd/root/kubernetes-all-1.8/yaml[root@masteryaml]#lsgrafana.yamlheapster.yamlinfluxdb.yaml[root@masterheapster]#kubectlcreate-f.deployment"monitoring-grafana"createdservice"monitoring-grafana"createdserviceaccount"heapster"createddeployment"heapster"createdservice"heapst