========================================
Centos 7使用kubdeadm安装K8S前需要做的工作:
hosts
key
关闭swap
关闭selinux
关闭防火墙
集群里的每个节点的/etc/hosts都要有所有节点ip和与其对应的hostname
docker安装完毕
让系统内核开启网络转发

hosts
10.249.6.100 master
10.249.6.101 node01
10.249.6.102 node02

key
[root@master ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rTeyvAHlYyRAi0e6Rbeds7dnVR2eX1lWLJ/d2p5Vd58 root@master
The key's randomart image is:
+---[RSA 2048]----+
|  .oB.     ... .=|
| .o= +    ......+|
|  +oo . o.  o  +=|
| ..o.  =..   . oB|
|  .. ...S .   .o*|
|    . oo o    .E+|
|     o  + o    .o|
|       . = .   ..|
|        +.       |
+----[SHA256]-----+
[root@master ~]# 
[root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node01
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'node01 (10.249.6.101)' can't be established.
ECDSA key fingerprint is SHA256:xC2BJAXqUza82oXNd2saKmsGjCSkGzJ7ySlwmOsreF4.
ECDSA key fingerprint is MD5:f8:0f:08:7f:f8:7a:13:ba:b6:96:f2:6b:f5:d3:be:7d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted Now it is to install the new keys
root@node01's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node01'"
and check to make sure that only the key(s) you wanted were added.

[root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node02
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'node02 (10.249.6.102)' can't be established.
ECDSA key fingerprint is SHA256:z1uzA7zPe8gw0VRvI7JJTE7C677nWK1nqn0K8abQ/a4.
ECDSA key fingerprint is MD5:42:cb:bb:03:5c:86:bb:64:e7:2d:35:28:92:a8:7e:84.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted Now it is to install the new keys
root@node02's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node02'"
and check to make sure that only the key(s) you wanted were added.

[root@master ~]# ssh node01
Last login: Thu Feb 28 05:41:18 2019 from 10.249.100.226
[root@node01 ~]# exit
logout
Connection to node01 closed.
[root@master ~]# ssh node02
Last Failed login: Thu Feb 28 05:50:39 EST 2019 from 10.249.6.100 on ssh:notty
There was 1 Failed login attempt since the last successful login.
Last login: Thu Feb 28 05:40:36 2019 from 10.249.100.227

关闭swap
swapoff -a 
sed -i 's/.*swap.*/#&/' /etc/fstab

关闭防火墙
systemctl stop firewalld
systemctl disable firewalld

setenforce  0

vi /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted

安装容器
#!/bin/bash

CHANNEL=stable
curl -fsSL https://get.docker.com/ | sh -s -- --mirror Aliyun
mkdir -p /etc/docker
touch /etc/docker/daemon.json
cat > /etc/docker/daemon.json <<EOF
{
      "registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF
systemctl restart docker

systemctl enable docker

安装kubeadm
下载安装包k8s-mirrors-master.zip
https://github.com/Mr-Linus/k8s-mirrors
执行以下命令
./install-generic/install-kubeadm_el7.sh    所有机器都要安装

拉取镜像
如果你的机器可以翻越GFW,请忽略本步骤
如果你的机器不能翻越GFW,请看以下步骤：
如何使用
运行容器拉取指定镜像
版本V1.13.3
docker run --rm -it \
        -v /var/run/docker.sock:/var/run/docker.sock  \
        registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:k8s-1.13.3
需要注意的是,每个节点无论是工作节点还是master节点都需要拉取镜像!!    
        
主节点安装k8s
./install-generic/install-k8s-master.sh
这个时候节点join进来并不会ready,需要你安装网络组件

安装脚本附带详细注释,安装出现任何疑问可以查看

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

kubeadm join 10.249.6.100:6443 --token 8cc6gd.nsgvj2qeb2vuvyu2 --discovery-token-ca-cert-hash sha256:308c1cdfa34bba4049278012e873bd0ca21c9fcdc709e4f893c04de85381a53a

-----------------------------------------------

让系统内核开启网络转发
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables 
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptable

下面可以做什么:
部署 CNI 选择需要的集群网络方案:flannel或calico(2选1)
flannel:
运行容器实现镜像拉取（可以GFW请忽略本步骤）：

#获取镜像列表
curl -s  https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml | grep image | awk -F': ' '{ print $2  }' > $pwd/image-flannel.txt
#拉取镜像
docker run --rm -it \
        -v $pwd/image-flannel.txt:/image-pull/image.txt \
        -v /var/run/docker.sock:/var/run/docker.sock  \
        registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:latest
# 部署flannel 
./install-networks/install-flannel.sh

calico:
# 部署calico
./install-networks/install-calico.sh
本项目致力于搭建完整的 K8S 平台，如果需要其他额外镜像，您可以使用image-pull镜像实现镜像拉取。 假设需要拉取的镜像名写在文件/root/image.txt中:

quay.io/coreos/flannel:v0.11.0
quay.io/coreos/flannel:v0.12.0
运行容器实现镜像拉取：

docker run --rm -it \
        -v /root/image.txt:/image-pull/image.txt \
        -v /var/run/docker.sock:/var/run/docker.sock  \
        registry.cn-hangzhou.aliyuncs.com/geekcloud/image-pull:latest