The deployment script is available at github.com/usualheart/…

install_k8s_official

In the domestic environment, using Ali mirror source, follow the official instructions, using scripts step by step install Kubernetes.

Refer to the tutorial

Install Docker on Ubuntu

Docs.docker.com/engine/inst…

Install kubeadm

Kubernetes. IO/useful/docs/set…

Create a cluster with a single control panel using kubeadm

Kubernetes. IO/docs/setup /…

Release notes

K8s and Docker installed by default are the latest stable versions (the current K8s is about V1.18).

If you need to install older versions, you need to make sure that K8S is compatible with Docker and specify the version when installing

For details, see How Do I Install the Specified VERSION K8S

The preparatory work

Download the repository code locally
git clone https://github.com/usualheart/install_k8s_official.git
# Open folder
cd install_k8s_official
# Configure Ali Ubuntu source optional
./ali_ubuntu_sources/set_ali_sources.sh
/etc/fstab to close swap temporarily
sudo swapoff -a 
Copy the code

Install and configure Docker

  • install_docker_for_ubuntu1604.sh

    Follow the Official Docker instructions to install Docker for Ubuntu

Configuration docker

Note: docker installed after the completion of the need to configure the cgroup drive for systemd to enhance stability Specify the reference: kubernetes. IO/useful/docs/set…

# Set up the Docker daemon
cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"]."log-driver": "json-file"."log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
EOF
Copy the code
mkdir -p /etc/systemd/system/docker.service.d
Copy the code
# Restart Docker
systemctl daemon-reload
systemctl restart docker
Copy the code

Install kubeadm kubelet kubectl

  • kubeadm_install.sh

    Install kubeadm, Kubelet, kubectl according to k8S official instructions

  • kubeadm_install_from_ali.sh

    Install kubeadm, kubelet, kubectl at the same time.

Example Initialize the K8S cluster master

Initializing a master using kubeadm can be done by modifying kubernetes-version to specify the Kubernetes version or by writing a YAML configuration file for more complex customizations

Sudo kubeadm init --apiserver-advertise-address 192.168.56.101 --image-repository=registry.aliyuncs.com/google_containersCopy the code
  • The image-repository option specifies a custom image repository instead of gcr. IO to avoid domestic download problems

For more details, please refer to the official k8S documentation for kubeadm Init

Some configuration

Execute on the primary node:

# To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
Copy the code

Install the POD network plug-in

The Calico plug-in is installed here

kubectl apply -f https://docs.projectcalico.org/v3.14/manifests/calico.yaml
Copy the code

In this step, it is easy to fail to pull the calico image.

Docker pull the calico/the cni: v3.14.1Copy the code

Enable scheduling on the primary node

kubectl taint nodes --all node-role.kubernetes.io/master-
Copy the code

When enabled, pod will be scheduled to run on the master node, which is equivalent to having a single-node Kubernetes

Join nodes to build a multi-node K8S cluster

After installing the corresponding Docker kubeadm on other virtual machines, perform the following steps to join the master node to realize the multi-node K8S cluster.

kubeadm join --token <token> <control-plane-host>:<control-plane-port> --discovery-token-ca-cert-hash sha256:<hash>
Copy the code

Parameter 1:<token>

If you do not have the token, you can get it by running the following command on the primary node:

kubeadm token list
Copy the code

The output looks something like this:

TOKEN                    TTL  EXPIRES              USAGES           DESCRIPTION            EXTRA GROUPS
8ewj1p.9r9hcjoqgajrj4gi  23h  2018-06-12T02:51:28Z authentication,  The default bootstrap  system:
                                                   signing          token generated by     bootstrappers:
                                                                    'kubeadm init'.        kubeadm:
                                                                                           default-node-token
Copy the code

Default token expires in 24 hours. If you join a cluster after the token has expired, you can create a new token by running the following command on the primary node:

kubeadm token create
Copy the code

The output is similar to:

5didvk.d09sbcov8ph2amjw
Copy the code

Argument 2:<control-plane-host>:<control-plane-port>


  • fill in the IP address of the master node, or the hostname of the master node (if you fill in hostname, ensure that the master node can be accessed through hostname)

  • Control-plane-port normally defaults to 6443

Parameter 3:--discovery-token-ca-cert-hash

If you don’t know the –discovery-token-ca-cert-hash value, you can get it on the master node by running the following command:

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
   openssl dgst -sha256 -hex | sed 's/^.* //'
Copy the code

The resulting output looks like this:

8cb2de97839780a412b93877f8507ad6c94f73add17d5d7058e91741c9d5ec78
Copy the code

Ipv6 related notes

Note: To specify an IPv6 tuple for :, IPv6 address must be enclosed in square brackets, for example: [fd00::101]:2073.

To join the

An example of filling in parameters:

Kubeadm join --token dj7ard.mtehsr9qts4mwgkg 192.168.0.102:6443 --discovery-token-ca-cert-hash sha256:be2258c8445d1eeeac88576b0a62a86bd2575fb991675853c97ef0df79666f38Copy the code

The result of the kubeadm join command should be as follows:

[preflight] Running pre-flight checks

... (log output of join workflow) ...

Node join complete:
* Certificate signing request sent to control-plane and response
  received.
* Kubelet informed of new secure connection details.

Run 'kubectl get nodes' on control-plane to see this machine join.
Copy the code

After a few seconds, you should be able to see that the new node has joined by running Kubectl get Nodes on the primary node.

Auxiliary Tools

If kubeadm has been specified in the init – image-repository=registry.aliyuncs.com/google_containers will no longer need to manually pull k8s mirror and manual tagging

  • pull_k8s_gcr_io_from_ali.sh

    Use to pull the gCR. IO image required for k8S installation from Ali GCR. IO image and change the image label to GCR. IO. The result is as if the image needed to install Kubernetes was pulled directly from gCR. IO.

  • pull_gcr_io_from_ali.sh

    IO image from Ali gcr. IO image and change the image label to gCR. IO. The image name is specified by script parameters.

  • calico_image.txt

    Pod network plug-in Calico depends on the image, in the installation of Kubernetes need to configure pod network plug-in, if this link fails, you can manually pull calico image to solve the problem.

  • ali_ubuntu_sources

    The ubuntu16.04 ali source was configured.