一、环境

操作系统环境：

名称	ip	主机名	操作系统
master节点	192.168.148.183	master	centos7.6
node节点	192.168.148.184	node-1	centos7.6
node节点	192.168.148.185	node-2	centos7.6
Pod网络	172.172.0.0/16	—

软件版本：

name	version
docker	18.09.3
kubelet	1.15.12
kubeadm	1.15.12
kubectl	1.15.12
dashboard	2.0.0-rc5

二、系统初始化

①、master、node节点初始化

1、关闭selinux防火墙

setenforce 0 && sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

2、关闭默认防火墙

systemctl stop firewalld
systemctl disable firewalld

3、设置hostname(管理为master、节点为node-1)

hostnamectl --static set-hostname master

4、配置hosts，实现本地主机名解析

cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF

#使内核参数配置生效
sysctl --system

5、关闭交换内存，如果不关闭，kubelet服务将无法启动

swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

6、安装docker 、建议改成国内的源，速度比较快

yum -y install yum-utils device-mapper-persistent-data lvm2
yum-config-manager -y --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum -y install docker-ce-18.09.3.ce-3.el7 docker-ce-cli-18.09.3.ce-3.el7 containerd.io
systemctl start docker
systemctl enable docker

7、优化Docker cgroup驱动、cgroup driver为systemd模式可以确保服务器节点在资源紧张时的稳定性,以及设置国内docker仓库

yum install -y systemd

cat >/etc/docker/daemon.json<<EOF
{
    "exec-opts": ["native.cgroupdriver=systemd"],
    "registry-mirrors": [
      "https://3laho3y3.mirror.aliyuncs.com"
  ]
}
EOF

systemctl restart docker

8、配置kubernetes yum源，用以安装Kubernetes基础服务及工具，此处使用阿里云镜像仓库源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

9、安装Kubernetes基础服务及工具

yum -y install kubelet-1.15.1 kubeadm-1.15.1 kubectl-1.15.1
systemctl start kubelet
systemctl enable kubelet.service

三、部署master节点

Master 节点理论上只需要接口服务、调度服务、控制管理服务、状态存储服务，但 kubeadm 以 Pod 形式部署 Master 组件，所以在 Master 节点主机上仍需要部署 kubelet 服务，kubeadm 在初始化时会自动对 kubelet 服务进行配置和管理

1、下载k8s相关镜像并打标签

kubeadm config images list  查看需要镜像

for i in `kubeadm config images list`; do 
  imageName=${i#k8s.gcr.io/}
  docker pull registry.aliyuncs.com/google_containers/$imageName
  docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
  docker rmi registry.aliyuncs.com/google_containers/$imageName
done;

2、使用kubeadm初始化Master节点

kubeadm init --kubernetes-version=v1.15.12 --pod-network-cidr=172.172.0.0/16

#Master 节点初始化成功后，会提示成功并输出 token 和 discovery-token-ca-cert-hash
用于将 Node 加入所指定 Master 的 Kubernetes 集群

3、安装网络组件 Flannel、Kubernetes 本身并没有集成网络功能，需要单独安装网络插件实现 Kubernetes 集群中 Pod 的网络功能

初始化kubectl配置
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile

4、获取网络组件Flannel的资源配置文件

wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

5、修改Pod网段IP为自定义的172.172.0.0/16

sed -i "s#10.244.0.0/16#172.172.0.0/16#g" kube-flannel.yml

# 创建应用
kubectl apply -f kube-flannel.yml

6、查看主节点运行 Pod 的状态

kubectl get pods --all-namespaces -o wide

四、部署node

建议：

下载k8s相关镜像并打标签
kubeadm config images list 查看需要镜像

for i in kubeadm config images list; do

    imageName=${i#k8s.gcr.io/}

    docker pull [registry.aliyuncs.com/google_containers/$imageName](http://registry.aliyuncs.com/googl{e}_{c}ontainers/$imageName)

    docker tag registry.aliyuncs.com/google_containers/$imageNamek8s.gcr.io/$imageName

    docker rmi [registry.aliyuncs.com/google_containers/$imageName](http://registry.aliyuncs.com/googl{e}_{c}ontainers/$imageName)

done;

1、加入集群

kubeadm join 192.168.148.183:6443 --token ci6nvr.waohhknikxljmute \
    --discovery-token-ca-cert-hash sha256:1543186491d19bc5e2a42efdadd486aafcd5397d457f30ceff0bae7e100f4892

2、在Master节点通过命令查看节点状态

kubectl get nodes

3、在Master节点通过命令查看pod状态

kubectl get pod --all-namespaces -o wide

五、master节点部署web页面

部署：kubernetes-dashboard

1、获取资源配置文件

wget  https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc5/aio/deploy/recommended.yaml

2、vim recommended.yaml

vim recommended.yaml
#定位到39行，修改其提供的service资源
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 31000
  selector:
    k8s-app: kubernetes-dashboard

3、部署pod应用

kubectl apply -f recommended.yaml 

4、Token 方式认证登录

#创建admin-user账户及授权的资源配置文件

cat>dashboard-adminuser.yml<<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
    name: admin-user
    namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
    name: admin-user
roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
EOF

# 创建资源实例
kubectl create -f dashboard-adminuser.yml

5、获取账户admin-user的Token用于登录

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

token:      
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXRkdjdjIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlYWYyMWE5Yy0yOGU1LTRiZTMtYjAzYi1mYzhiODlkMDgxYWEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Spj6pAQcesadqMgTGVa0OwQCWi165lXkVE-uRdbnprKabmfWE32II-Xj8EbC3X_vy9OebyQS-_6FdzzUZ1Rj7rC6r-jilHs7YK70nG-WAVOYKik9Nt6pnOfHCFS5eWKfQEbFNBSJzS3DAkHfawBNxa1evXai9WmAKI6fWRGSSYwcrR0IkFFAdwN6Lb2dW0elDqp_sz5L_ujLCh_RYqzdW5pMraM6nzq8w-gy4HXVBa6wZGhJDXHboTsrYtJZbwqatFcS2-bYpDe1evqN9PHy9BBALXgldptbfNPpSOcNiLzXdDTZ-XzVtCzac0DilLI4oduTPNEp8eq0zfk2qo6gIg

六、登录验证

访问：https://ip:31000

使用token登录即可