本总结基于雷风阳老师的教程及kubesphere开发者社区几位大佬的指导，结合多次安装尝试，特作此笔记，仅为其他同学初次安装提供一些参考。

系统及硬件配置

操作系统：Windows10专业版
CPU：CORE i5
内存：24G

安装顺序

1. VirualBox
2. Vagrant(创建三台虚拟CentOS7.0系统)
3. Docker
4. Kubeadm、Kubelet、Kubectl
5. k8s
6. Helm、Tiller、PV
7. Kubespaere

1. VirualBox

---

1> 下载 VirtualBox-6.0.10-132072-Win.exe
2> 安装

2. Vagrant

---

1> 下载 vagrant_2.2.5_x86_64.msi
2> 安装 vagrant
3> 创建三台虚拟机
创建 Vagrantfile 文件，内容如下：

Vagrant.configure("2") do |config|
   (1..3).each do |i|
        config.vm.define "k8s-node#{i}" do |node|
            node.vm.box = "centos/7"
            node.vm.hostname="k8s-node#{i}"
            node.vm.network "private_network", ip: "192.168.56.#{99+i}", netmask: "255.255.255.0"
            # node.vm.synced_folder "~/Documents/vagrant/share", "/home/vagrant/share"
            node.vm.provider "virtualbox" do |v|
                v.name = "k8s-node#{i}"
                v.memory = 4096
                v.cpus = 4
            end
        end
   end
end

地址栏中输入 cmd，进入当前文件的目录，输入 vagrant up 命令，执行下载镜像和安装

D:\TecDoc\Note-K8S\config>vagrant up
Bringing machine 'k8s-node1' up with 'virtualbox' provider...
Bringing machine 'k8s-node2' up with 'virtualbox' provider...
Bringing machine 'k8s-node3' up with 'virtualbox' provider...

开启SSH访问
进入虚拟机
D:\TecDoc\Note-K8S\config>vagrant ssh k8s-node1
切换 root 账号
[vagrant@k8s-node1 _]$ su root
Password: [此处会要求输入密码 vagrant]
配置密码访问

[root@k8s-node1 vagrant]# vi /etc/ssh/sshd_config

修改 PasswordAuthentication no 为 yes
重启服务

service sshd restart

退出

exit
exit

再将 k8s-node2、k8s-node3 进行同样配置

配置网卡
1> 打开 VirtualBox，将三台虚拟机关机，管理 → 全局设定 → 网络，添加一个 NAT网络 → OK；
2> 分别进入三台虚拟机，设置 → 网络，网卡1 连接方式选刚创建的 NAT网络，点高级 → 刷新MAC地址；
3> 重启三台虚拟机并用 Xshell连接，群发 ping www.baidu.com 命令，能够正确拼通

关闭防火墙
Xshell连接三台虚拟机，开启命令群发模式
关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

关闭selinux

sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0

禁用swap交换分区

sed -ri 's/.*swap.*/#&/' /etc/fstab

配置集群地址
Xshell 连接三台虚拟机，开启命令群发模式
vi /etc/hosts
将三台虚拟机IP对应主机名配置到三台虚拟机

10.0.2.5 k8s-node1
10.0.2.4 k8s-node2
10.0.2.15 k8s-node3

注意：有可能每个人安装的虚拟机之后的IP不一样，请注意根据自己实际地址配置

3. Docker

---

开启命令群发模式，每一步操作确保全部虚拟机执行完成

查看内核版本(uname -r)，docker 要求内核大于 3.10

设置 docker repo 的 yum 位置

sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

安装 docker

sudo yum install -y docker-ce

验证

[root@k8s-node1 docker]# docker version
Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b
 Built:             Wed Mar 11 01:27:04 2020
 OS/Arch:           linux/amd64
 Experimental:      false
 

配置镜像加速，这是个人阿里云加速地址

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://g9obgf7p.mirror.aliyuncs.com"]
}
EOF

重载配置

sudo systemctl daemon-reload

重启 docker

sudo systemctl restart docker

配置开机启动

systemctl enable docker

常见问题
Job for docker.service failed because the control process exited with error code. See “systemctl status docker.service” and “journalctl -xe” for details.
解决办法：可能的原因是 /etc/docker/daemon.json 文件中错误的配置引起的，删除即可

4. Kubeadm、Kubelet、Kubectl

---

配置 yum 源

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

检查安装源

yum list|grep kube

安装

yum install -y kubelet-1.17.3 kubeadm-1.17.3 kubectl-1.17.3

配置开机启动

systemctl enable kubelet
systemctl start kubelet

5. k8s(安装 master)

---

只在 k8s-node1 上执行

配置一个下载脚本 master_images.sh，上传到 master(k8s-node1)，内容如下：

#!/bin/bash
images=(
	kube-apiserver:v1.17.3
    kube-proxy:v1.17.3
	kube-controller-manager:v1.17.3
	kube-scheduler:v1.17.3
	coredns:1.6.5
	etcd:3.4.3-0
    pause:3.1
)

for imageName in ${images[@]} ; do
    docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
#   docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName  k8s.gcr.io/$imageName
done

增加可执行权限

chmod +x master_images.sh

执行脚本下载镜像

./master_images.sh

master 节点初始化（10.0.2.5 是 k8s-node1 地址），默认是从k8s.gcr.io拉取镜像，这里指定阿里云镜像仓库以及版本，service、pod网络地址

kubeadm init \
--apiserver-advertise-address=10.0.2.5 \
--image-repository registry.cn-hangzhou.aliyuncs.com/google_containers \
--kubernetes-version v1.17.3 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=10.244.0.0/16

操作成功，在最后几行会看到如下日志，（注意：将以下信息保存，在其它节点加入主节点时会用到这里的 token 和 sha256 的值）

[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.2.5:6443 --token 8fh3fy.wlm5532mhidj51o9 \
    --discovery-token-ca-cert-hash sha256:db7357833e141fa031b0cfdec5f43d5ef01963b479a27aa7bb9ccfac48a333bc
    

根据上述结果
执行第一步：复制配置文件

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

执行第二步：安装网络插件flannel
上传 kube-flannel.yml 到 master /mydata 目录下，内容如下

---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: psp.flannel.unprivileged
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
  privileged: false
  volumes:
    - configMap
    - secret
    - emptyDir
    - hostPath
  allowedHostPaths:
    - pathPrefix: "/etc/cni/net.d"
    - pathPrefix: "/etc/kube-flannel"
    - pathPrefix: "/run/flannel"
  readOnlyRootFilesystem: false
  runAsUser:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  allowPrivilegeEscalation: false
  defaultAllowPrivilegeEscalation: false
  allowedCapabilities: ['NET_ADMIN']
  defaultAddCapabilities: []
  requiredDropCapabilities: []
  hostPID: false
  hostIPC: false
  hostNetwork: true
  hostPorts:
  - min: 0
    max: 65535
  seLinux:
    rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: flannel
rules:
  - apiGroups: ['extensions']
    resources: ['podsecuritypolicies']
    verbs: ['use']
    resourceNames: ['psp.flannel.unprivileged']
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
  - apiGroups:
      - ""
    resources:
      - nodes
    verbs:
      - list
      - watch
 - apiGroups:
      - ""
    resources:
      - nodes/status
    verbs:
      - patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: flannel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flannel
subjects:
- kind: ServiceAccount
  name: flannel
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: flannel
  namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: kube-flannel-cfg
  namespace: kube-system
  labels:
    tier: node
    app: flannel
data:
  cni-conf.json: |
    {
      "name": "cbr0",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        {
          "type": "portmap",
          "capabilities": {
            "portMappings": true
          }
        }
      ]
    }
  net-conf.json: |
    {
      "Network": "10.244.0.0/16",
      "Backend": {
        "Type": "vxlan"
      }
    }
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds-amd64
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: beta.kubernetes.io/os
                    operator: In
                    values:
                      - linux
                  - key: beta.kubernetes.io/arch
                    operator: In
                    values:
                      - amd64
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay.io/coreos/flannel:v0.11.0-amd64
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay.io/coreos/flannel:v0.11.0-amd64
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
            add: ["NET_ADMIN"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run/flannel
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds-arm64
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: beta.kubernetes.io/os
                    operator: In
                    values:
                      - linux
                  - key: beta.kubernetes.io/arch
                    operator: In
                    values:
                      - arm64
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay.io/coreos/flannel:v0.11.0-arm64
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay.io/coreos/flannel:v0.11.0-arm64
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
             add: ["NET_ADMIN"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run/flannel
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds-arm
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: beta.kubernetes.io/os
                    operator: In
                    values:
                      - linux
                  - key: beta.kubernetes.io/arch
                    operator: In
                    values:
                      - arm
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay.io/coreos/flannel:v0.11.0-arm
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay.io/coreos/flannel:v0.11.0-arm
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
             add: ["NET_ADMIN"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run/flannel
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds-ppc64le
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: beta.kubernetes.io/os
                    operator: In
                    values:
                      - linux
                  - key: beta.kubernetes.io/arch
                    operator: In
                    values:
                      - ppc64le
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay.io/coreos/flannel:v0.11.0-ppc64le
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay.io/coreos/flannel:v0.11.0-ppc64le
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
             add: ["NET_ADMIN"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run/flannel
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds-s390x
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: beta.kubernetes.io/os
                    operator: In
                    values:
                      - linux
                  - key: beta.kubernetes.io/arch
                    operator: In
                    values:
                      - s390x
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: quay.io/coreos/flannel:v0.11.0-s390x
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay.io/coreos/flannel:v0.11.0-s390x
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
             add: ["NET_ADMIN"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
        - name: run
          hostPath:
            path: /run/flannel
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: flannel-cfg
          configMap:
            name: kube-flannel-cfg

应用配置

[root@k8s-node1 mydata]# kubectl apply -f kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created

验证(namespace、pods、nodes)
查看namespace

[root@k8s-node1 mydata]# kubectl get ns
NAME              STATUS   AGE
default           Active   9m23s
kube-node-lease   Active   9m24s
kube-public       Active   9m24s
kube-system       Active   9m24s

查看全部 pods，（注意：flannel 需要等待全部 STATUS 为 Running）

[root@k8s-node1 mydata]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                READY   STATUS    RESTARTS   AGE
kube-system   coredns-7f9c544f75-jqtj2            1/1     Running   0          9m39s
kube-system   coredns-7f9c544f75-wccn7            1/1     Running   0          9m39s
kube-system   etcd-k8s-node1                      1/1     Running   0          9m35s
kube-system   kube-apiserver-k8s-node1            1/1     Running   0          9m35s
kube-system   kube-controller-manager-k8s-node1   1/1     Running   0          9m35s
kube-system   kube-flannel-ds-amd64-xftpp         1/1     Running   0          2m9s
kube-system   kube-proxy-mjkhw                    1/1     Running   0          9m39s
kube-system   kube-scheduler-k8s-node1            1/1     Running   0          9m34s

查看 nodes

[root@k8s-node1 mydata]# kubectl get nodes
NAME        STATUS   ROLES    AGE   VERSION
k8s-node1   Ready    master   12m   v1.17.3

将节点 k8s-node2、k8s-node3 加入到集群
分别在 k8s-node2、k8s-node3 上执行如下命令

kubeadm join 10.0.2.5:6443 --token 0ppodt.z1cti482pzo1f3l9 \
    --discovery-token-ca-cert-hash sha256:e50cb03684f8cce41b40db7455292b2c82465b1783e4311a586fe3df13b19d06
说明：10.0.2.5:6443 是 master地址，token是安装master时生成的，如果生成后过期（10分钟）需要重新生成一次 token，命令如下：
kubeadm token create --ttl 0 --print-join-command

常见问题

ImagePullBackOff 或者 CrashLoopBackOff
[root@k8s-node1 mydata]# kubectl get pods --all-namespaces
kube-system   kube-flannel-ds-amd64-hpt7c         0/1     Init:ImagePullBackOff
原因：通常是因为网络故障，镜像下载失败造成
解决办法：
去 https://github.com/coreos/flannel/releases 下载 flanneld-v0.11.0-amd64.docker
上传到问题节点（k8s-node3），载入到 docker 仓库
[root@k8s-node3 k8s]# docker load < flanneld-v0.11.0-amd64.docker
验证
docker images
主节点上执行 kubectl get pod -n kube-system -o wide 命令，对应故障节点是 Running 状态

6. Helm、Tiller、PV

---

k8s-node1 上执行
参考文档：https://kubesphere.com.cn/docs/zh-CN/installation/prerequisites/
安装 Helm、Tiller
从网站 https://github.com/helm/helm/releases/tag/v2.16.3，下载 helm-v2.16.3-linux-amd64.tar.gz，我下载了其它几个版本，安装时都不太顺利，最后选择这个版本没问题。
上传到服务器，解压移动 helm、tiller 到 /usr/local/bin/

[root@k8s-node1 linux-amd64]# cp helm /usr/local/bin/
[root@k8s-node1 linux-amd64]# cp tiller /usr/local/bin/

验证

helm help

创建权限
helm_rbac.yaml，内容如下：

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

应用

[root@k8s-node1 k8s]# kubectl apply -f helm_rbac.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created

初始化

helm init --service-account=tiller --tiller-image=registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.16.3 --history-max 300

验证 helm 或 tiller

kubectl -n kube-system get pods|grep tiller

如果状态是 ImagePullBackOff，表示镜像未拉取成功，需要手动拉取

检查 tiller 是否部署到 k8s

[root@k8s-node1 local]# kubectl get pod -n kube-system -l app=helm
NAME                             READY   STATUS    RESTARTS   AGE
tiller-deploy-7b76b656b5-m4k2x   1/1     Running   0          94s

安装PV
查看是否有污点

[root@k8s-node1 local]# kubectl describe node k8s-node1|grep Taint
Taints:             node-role.kubernetes.io/master:NoSchedule

去掉污点(注意：待安装完 kubesphere 之后再添加污点)

[root@k8s-node1 local]# kubectl taint nodes k8s-node1 node-role.kubernetes.io/master:NoSchedule-
node/k8s-node1 untainted

安装OpenEBS
创建 namespace

[root@k8s-node1 local]# kubectl create ns openebs
namespace/openebs created

安装

[root@k8s-node1 local]# helm install --namespace openebs --name openebs stable/openebs --version 1.5.0

验证(等待安装完成后，有时需要很长时间，甚至一晚上，我是装了四遍)

[root@k8s-node1 local]# kubectl get pods -n openebs
NAMESPACE NAME                                         READY   STATUS    RESTARTS   AGE
openebs   openebs-admission-server-5cf6864fbf-q8spk    1/1     Running   0          6m38s
openebs   openebs-apiserver-bc55cd99b-5hw6j            1/1     Running   0          6m38s
openebs   openebs-localpv-provisioner-85ff89dd44-f289w 1/1     Running   0          6m38s
openebs   openebs-ndm-8bt9l                            1/1     Running   0          6m38s
openebs   openebs-ndm-cpkv4                            1/1     Running   0          6m38s
openebs   openebs-ndm-m85s7                            1/1     Running   0          6m38s
openebs   openebs-ndm-operator-87df44d9-plkb5          1/1     Running   1          6m38s
openebs   openebs-provisioner-7f86c6bb64-cmz7n         1/1     Running   0          6m38s
openebs   openebs-snapshot-operator-54b9c886bf-zcsjg   2/2     Running   0          6m38s

将 openebs-hostpath设置为 默认的 StorageClass

[root@k8s-node1 local]# kubectl patch storageclass openebs-hostpath -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
storageclass.storage.k8s.io/openebs-hostpath patched

验证

[root@k8s-node1 local]# kubectl get sc
NAME                         PROVISIONER                                                RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
openebs-device               openebs.io/local                                           Delete          WaitForFirstConsumer   false                  7m20s
openebs-hostpath (default)   openebs.io/local                                           Delete          WaitForFirstConsumer   false                  7m20s
openebs-jiva-default         openebs.io/provisioner-iscsi                               Delete          Immediate              false                  7m21s
openebs-snapshot-promoter    volumesnapshot.external-storage.k8s.io/snapshot-promoter   Delete          Immediate              false                  7m20s
openebs-hostpath 变为 default

7. Kubespaere

---

参考文档：
https://github.com/kubesphere/kubesphere
https://github.com/kubesphere/kubesphere/blob/master/README_zh.md
https://kubesphere.com.cn/docs/zh-CN/installation/install-on-k8s/

最小化安装
提前下载好 https://raw.githubusercontent.com/kubesphere/ks-installer/master/kubesphere-minimal.yaml 文件，上传到服务器

[root@k8s-node1 k8s]# kubectl apply -f kubesphere-minimal.yaml 
namespace/kubesphere-system created
configmap/ks-installer created
serviceaccount/ks-installer created
clusterrole.rbac.authorization.k8s.io/ks-installer created
clusterrolebinding.rbac.authorization.k8s.io/ks-installer created
deployment.apps/ks-installer created

查看实时安装日志
注意：需要等待 ks-install pod 创建并Running后，才能看到相关日志信息

kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f

最后显示如下信息表示安装完成

Start installing monitoring
**************************************************
task monitoring status is successful
total: 1     completed:1
**************************************************
#####################################################
###              Welcome to KubeSphere!           ###
#####################################################
Console: http://10.0.2.5:30880
Account: admin
Password: P@88w0rd
NOTES：
  1. After logging into the console, please check the
     monitoring status of service components in
     the "Cluster Status". If the service is not
     ready, please wait patiently. You can start
     to use when all components are ready.
  2. Please modify the default password after login.
#####################################################

查看所有 Pod 状态，必须全部为 Running，否则还没有安装完成

[root@k8s-node1 k8s]# kubectl get pods --all-namespaces

所有 Pod 状态必须为 Running，使用 IP:30880访问 KubeSphere UI 界面，默认的集群管理员账号为 admin/P@88w0rd。
查看 crd

kubectl get crd

查看 workspaces

kubectl get workspaces

最后安装成功后，添加污点

[root@k8s-node1 local]# kubectl taint nodes k8s-node1 node-role.kubernetes.io/master=:NoSchedule

安装过程中常见问题

1. pod 状态为 ImagePullBackOff、CrashLoopBackOff、Pending

表示网络原因造成镜像拉取失败，或者创建不成功，只能等待。如果一天还未完成，可能已经无法正常继续安装了，解决办法：重新安装

2. workspace failed，造成安装停止，不能继续进行

说明：此日志出现在安装 kubesphere 最后阶段，从日志上看是工作空间安装失败，类似还有系统空间、kubesphere配置等组件；
解决办法：重新安装(kubectl rollout restart deploy -n kubesphere-system ks-installer)

3. prometheus failed，导致管理平台监控信息都为0

说明：此现象是安装成功，管理平台也能登录，但监控数据为0，如果细心留意了当时的安装日志，里面可能 会发现相关安装组件失败的信息，可通过如下命令查看 prometheuses

[root@k8s-node1 ~]# kubectl get prometheuses -n kubesphere-monitoring-system
No resources found in kubesphere-monitoring-system namespace.

解决办法：重新安装