搭建基於Ubuntu的k8s單主節點

不指定版本默認安裝最新版，一個主節點和一個從節點
以下是官方搭建環境要求，大概意思需要2核2G配置，相關端口不要被佔用

Installing kubeadm
One or more machines running one of:
Ubuntu 16.04+
Debian 9
CentOS 7
RHEL 7
Fedora 25/26 (best-effort)
HypriotOS v1.0.1+
Container Linux (tested with 1800.6.0)
2 GB or more of RAM per machine (any less will leave little room for your apps)
2 CPUs or more
Full network connectivity between all machines in the cluster (public or private network is fine)
Unique hostname, MAC address, and product_uuid for every node. See here for more details.
Certain ports are open on your machines. See here for more details.
Swap disabled. You MUST disable swap in order for the kubelet to work properly
Verify the MAC address and product_uuid are unique for every node
Check required ports
Master node(s)
Protocol Direction Port Range Purpose Used By
TCP Inbound 6443* Kubernetes API server All
TCP Inbound 2379-2380 etcd server client API kube-apiserver, etcd
TCP Inbound 10250 Kubelet API Self, Control plane
TCP Inbound 10251 kube-scheduler Self
TCP Inbound 10252 kube-controller-manager Self
Worker node(s)
Protocol Direction Port Range Purpose Used By
TCP Inbound 10250 Kubelet API Self, Control plane
TCP Inbound 30000-32767 NodePort Services** All

搭建步驟

• 安裝docker（兩個節點都安裝）

apt-get update
apt-get install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") $(lsb_release -cs) stable"
apt-get update && apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}')

• 安裝kubeadm, kubelet and kubectl組件（都安裝）

  組件作用：
  kubeadm: the command to bootstrap the cluster.
  kubelet: the component that runs on all of the machines in your cluster and does things like starting pods and containers.
  kubectl: the command line util to talk to your cluster,connect to master,run on master

apt-get update && apt-get install -y apt-transport-https 
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 
cat > /etc/apt/sources.list.d/kubernetes.list <<EOF
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubele kubeadm kubectl

• 拉取相關鏡像（主節點都拉取，從節點拉取kube-proxy-amd64、pause:3.1即可）

拉取鏡像之前查看相關組件版本

kubeadm config images list

根據獲取的版本拉取相應鏡像，由於拉取鏡像在國外，我們可以把國內的鏡像拉取到本地，將鏡像倉庫中的docker鏡像並重新打標籤，以下是pull鏡像的腳本，大家根據自己情況替換相應參數

#! /bin/bash
images=(
"kube-proxy:v1.13.3"
"kube-controller-manager:v1.13.3"
"kube-scheduler:v1.13.3"
"kube-apiserver:v1.13.3"
"kubernetes-dashboard-amd64:v1.8.3"
"coredns:1.2.6"
"etcd:3.2.24"
"pause:3.1"
)
mirror=registry.aliyuncs.com
ns=google_containers
echo "[[mirror=$mirror, namespace=$ns"
for image in ${images[@]}
do
    echo "[[pull image - $image"
    docker pull $mirror/$ns/$image
    docker tag $mirror/$ns/$image k8s.gcr.io/$image
    docker rmi $mirror/$ns/$image
done

• 初始化kubeadm

kubeadm默認會向服務器查詢版本號，而查詢接口無法訪問，指定相應版本

kubeadm init --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --kubernetes-version=v1.11.1

• 啓動集羣

  （1）# 在主節點可以使用特定用戶啓動，這裏使用root
  mkdir -p $HOME/.kube
  # admin.conf是kubeadm幫我們初始化好的可以讓kubectl拿來做配置文件指定連接至k8s的apiServer並完成認證的文件，裏面包含了一些配置信息
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
  # 用root還有一種方法
  export KUBECONFIG=/etc/kubernetes/admin.conf
  
  # 查看集羣狀態
  kubectl get cs
  NAME                 STATUS    MESSAGE              ERROR
  scheduler            Healthy   ok                   
  controller-manager   Healthy   ok                   
  etcd-0               Healthy   {"health": "true"}
  # 查看node狀態，狀態爲NotReady，是因爲沒有網絡組件
  kubectl get nodes
  NAME      STATUS     ROLES     AGE       VERSION
  bogon     NotReady   master    16m       v1.11.1

• 安裝flannel網絡（master安裝）

sysctl net.bridge.bridge-nf-call-iptables=1
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 再次運行查看node狀態，爲Ready
kubectl get nodes

查看網絡組件

# flannel狀態爲Running即可
kubectl get pods --all-namespaces

• Troubleshooting

可能出現的問題
（1）To run kubeadm init again, you must first tear down the cluster.  
Tear down
方法（簡單粗暴）：
kubectl drain <node name> --delete-local-data --force --ignore-daemonsets
kubectl delete node <node name>
kubeadm reset
（2）節點主機名不要相同
（3）Failed to setup network for pod \"my-nginx-1948696469-7p4nn_default(a40fe652-cc14-11e6-8c42-00163e1001d7)\" using network plugins \"cni\": \"cni0\" already has an IP address different from 10.244.1.1/24
在node上執行：kubeadm reset後，之前flannel創建的bridge device cni0和網口設備flannel.1依然健在。
爲了保證環境徹底恢復到初始狀態，我們可以通過下面命令刪除這兩個設備：

# ifconfig  cni0 down
# brctl delbr cni0
# ip link delete flannel.1