学习

curl -sfSLk -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && \
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF


yum list docker-ce --showduplicates | sort -r
yum list kubelet --showduplicates | sort -r



# install docker-ce
yum -y install docker-ce-18.06.3.ce-3.el7
systemctl enable docker && systemctl start docker

# install kubelet、kubeadm、kubectl
yum install -y kubelet-1.16.6-0 kubeadm-1.16.6-0 kubectl-1.16.6-0
systemctl enable kubelet
# pull images 
https://github.com/cookcodeblog/k8s-deploy/blob/master/kubeadm/04_pull_kubernetes_images_from_aliyun.sh
# kubeadm config images pull --config=init-config.yaml

TOKEN_ID=$(openssl rand -hex 3)
TOKEN_SECRET=$(openssl rand -hex 8)
token=$TOKEN_ID.$TOKEN_SECRET

#echo $token
kubeadm config print init-defaults > init-config.yaml

cat >init-config.yaml <<EOL
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
imageRepository: gcr.azk8s.cn/google_containers
kubernetesVersion: stable
etcd:
    external:
        endpoints:
        - http://192.168.22.101:2379
        - http://192.168.22.102:2379
        - http://192.168.22.103:2379
controlPlaneEndpoint: "192.168.22.100:6443" 
networking:
   serviceSubnet: 10.96.0.0/12
   podSubnet: 10.1.0.0/16
apiServer:
  certSANs:
  - master1
  - master2
  - master3
  - "192.168.22.100"
  - "192.168.22.101"
  - "192.168.22.102"
  - "192.168.22.103"
  - "127.0.0.1"
  - kubernetes
  - kubernetes.default
  - kubernetes.default.svc
  - kubernetes.default.svc.cluster
  - kubernetes.default.svc.cluster.local
apiServerExtraArgs:
   endpoint-reconciler-type=lease
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"
EOL


kubeadm init --config init-config.yaml --dry-run
kubeadm config images list --config init-config.yaml


kubeadm init --config init-config.yaml



certhash=`openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'`

echo "kubeadm join 172.17.0.27:6443 --token $token --discovery-token-ca-cert-hash sha256:$certhash"


sudo cp /etc/kubernetes/admin.conf $HOME/
sudo chown $(id -u):$(id -g) $HOME/admin.conf
export KUBECONFIG=$HOME/admin.conf


kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

brctl delbr cni0
ip link delete flannel.1
ii="kubernetes-dashboard-amd64:v1.10.1 kube-apiserver:v1.16.6 kube-controller-manager:v1.16.6 kube-scheduler:v1.16.6 kube-proxy:v1.16.6 pause:3.1 etcd:3.3.15-0 coredns:1.6.2 metrics-server-amd64:v0.3.3 echoserver:1.10 addon-resizer:2.3"
for i in $ii; do
    echo $i
    docker image pull gcr.azk8s.cn/google_containers/$i;
    docker image tag gcr.azk8s.cn/google_containers/$i k8s.gcr.io/$i;
    docker image rm gcr.azk8s.cn/google_containers/$i;
done
docker image list |grep gcr

# gcr.io/kuar-demo/kuard-amd64:blue
# gcr.io/kuar-demo/kuard-amd64:green

docker image pull gcr.azk8s.cn/kuar-demo/kuard-amd64:blue;
docker image pull gcr.azk8s.cn/kuar-demo/kuard-amd64:green;
docker image tag gcr.azk8s.cn/kuar-demo/kuard-amd64:blue gcr.io/kuar-demo/kuard-amd64:blue;
docker image tag gcr.azk8s.cn/kuar-demo/kuard-amd64:green gcr.io/kuar-demo/kuard-amd64:green;
docker image rm gcr.azk8s.cn/kuar-demo/kuard-amd64:green;
docker image rm gcr.azk8s.cn/kuar-demo/kuard-amd64:blue;

docker image pull quay.azk8s.cn/coreos/flannel:v0.11.0-amd64
docker image tag quay.azk8s.cn/coreos/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64

docker image pull dockerhub.azk8s.cn/library/nginx
docker image tag dockerhub.azk8s.cn/library/nginx nginx


# install docker

# registry.access.redhat.com/rhel7/pod-infrastructure:latest
# gcr.io/google_containers/pause:3.1
# gcr.io/google_containers/pause-amd64:3.0

# k8s.gcr.io/pause-amd64:3.1

# --pod-infra-container-image
#	The image whose network/ipc namespaces containers in each pod will use. This docker-specific flag only works when container-runtime is set to docker. (default "k8s.gcr.io/pause:3.1")

curl -s https://zhangguanzhang.github.io/bash/pull.sh | bash -s -- gcr.io/google_containers/pause:3.1
curl -s https://zhangguanzhang.github.io/bash/pull.sh | bash -s -- k8s.gcr.io/pause:3.1

# curl -sSL https://git.io/getgcr | bash -s gcr.io/google_containers/pause-amd64:3.1
# curl -sSL https://git.io/getgcr | bash -s "k8s.gcr.io/kube-{apiserver,controller-manager,proxy,scheduler}:v1.15.1"

#docker image pull registry.cn-shenzhen.aliyuncs.com/cookcodeblog/pause-amd64:3.1
#docker image tag registry.cn-shenzhen.aliyuncs.com/cookcodeblog/pause-amd64:3.1 k8s.gcr.io/pause-amd64:3.1
#docker image rmi registry.cn-shenzhen.aliyuncs.com/cookcodeblog/pause-amd64:3.1
kubeadm token create --print-join-command
##################

ref