(昨天篇幅太長有點不平衡，拆成兩篇)

事不宜遲，我們就來直接裝一個 Kubernetes 起來玩。

on master node

use root account to create a non-root user account with sudoer priviledges，如果已有此帳號，可 skip 這段

$ sudo adduser student
$ sudo adduser student sudo

use student account (只是用一個 non-root user)

$ sudo apt-get update && sudo apt-get upgrade -y
$ sudo apt-get install -y docker.io
$ sudo docker version
(make sure it is supported by Kubernetes)

$ cat > /tmp/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
EOF
$ sudo cp /tmp/daemon.json /etc/docker/daemon.json
$ sudo mkdir -p /etc/systemd/system/docker.service.d
$ sudo systemctl daemon-reload && sudo systemctl restart docker
$ echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
$ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
$ sudo apt-get update
$ sudo swapoff -a
(important)

$ sudo apt-get install -y kubeadm=1.14.1-00 kubelet=1.14.1-00 kubectl=1.14.1-00

download CNI yaml

$ mkdir -p ~/manifests
$ cd ~/manifests
$ wget https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml -O rbac-kdd.yaml
$ wget https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml -O calico.yaml

需確認 CALICO_IPV4POOL_CIDR 與待會要 $ kubeadm init 所使用的 ip range 一樣

$ cat calico.yaml | grep -A 1 CALICO_IPV4POOL_CIDR
            - name: CALICO_IPV4POOL_CIDR
              value: "192.168.0.0/16"

init kubeadm

$ sudo kubeadm init --kubernetes-version 1.14.1 --pod-network-cidr 192.168.0.0/16 > kubeadm-init.out

萬一 join 指令遺失...

(for token)
$ sudo kubeadm create token

(for hash)
$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

follow the instruction

$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

test the output

$ kubectl get nodes
NAME               STATUS     ROLES    AGE     VERSION
ip-10-102-162-73   NotReady   master   4m35s   v1.14.1

$ kubectl get po --all-namespaces
NAMESPACE     NAME                                       READY   STATUS    RESTARTS   AGE
kube-system   coredns-fb8b8dccf-4qfpx                    0/1     Pending   0          5m29s
kube-system   coredns-fb8b8dccf-pjgk9                    0/1     Pending   0          5m29s
kube-system   etcd-ip-10-102-162-73                      1/1     Running   0          4m38s
kube-system   kube-apiserver-ip-10-102-162-73            1/1     Running   0          4m49s
kube-system   kube-controller-manager-ip-10-102-162-73   1/1     Running   0          4m44s
kube-system   kube-proxy-dhd47                           1/1     Running   0          5m28s
kube-system   kube-scheduler-ip-10-102-162-73            1/1     Running   0          4m46s

Container Networking Interface(CNI) - use Calico here

$ kubectl apply -f rbac-kdd.yaml
$ kubectl apply -f calico.yaml

檢查一下

$ kubectl get po --all-namespaces
NAMESPACE     NAME                                       READY   STATUS    RESTARTS   AGE
kube-system   calico-node-ghtcw                          2/2     Running   0          45s
kube-system   coredns-fb8b8dccf-4qfpx                    1/1     Running   0          9m39s
kube-system   coredns-fb8b8dccf-pjgk9                    1/1     Running   0          9m39s
kube-system   etcd-ip-10-102-162-73                      1/1     Running   0          8m48s
kube-system   kube-apiserver-ip-10-102-162-73            1/1     Running   0          8m59s
kube-system   kube-controller-manager-ip-10-102-162-73   1/1     Running   0          8m54s
kube-system   kube-proxy-dhd47                           1/1     Running   0          9m38s
kube-system   kube-scheduler-ip-10-102-162-73            1/1     Running   0          8m56s

for the seak of convenient...

$ source <(kubectl completion bash)
$ echo "source <(kubectl completion bash)" >> ~/.bashrc
$ source ~/.bashrc

on one of the worker nodes

use root account to create a non-root user account with sudoer priviledges，如果已有此帳號，可 skip 這段

use root account

$ sudo adduser student
$ sudo adduser student sudo

use student account (只是用一個 non-root user)

$ sudo apt-get update && sudo apt-get upgrade -y
$ sudo apt-get install -y docker.io
$ sudo docker version
(make sure it is supported by Kubernetes)

$ cat > /tmp/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
EOF
$ sudo cp /tmp/daemon.json /etc/docker/daemon.json
$ sudo mkdir -p /etc/systemd/system/docker.service.d
$ sudo systemctl daemon-reload && sudo systemctl restart docker
$ echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
$ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
$ sudo apt-get update
$ sudo swapoff -a
(important)

$ sudo apt-get install -y kubeadm=1.14.1-00 kubelet=1.14.1-00

join the cluster，用 master node 上 $ kubeadm init ... > kube-init.out 最後一行的結果

$ sudo kubeadm join...

back to master node

檢查一下，回到 master node 上

$ kubectl get nodes
NAME               STATUS   ROLES    AGE   VERSION
ip-10-102-162-73   Ready    master   29m   v1.14.1
ip-10-102-162-88   Ready    <none>   37s   v1.14.1

trouble shooting...

1. the core dns
2. /var/lib/etcd