本机：CPU 4核，8G内存，系统Ubuntu 18.04.3 LTS。

关闭swap

swap打开的情况下，kubelet无法正常运行，journalctl -xefu kubelet可查看日志；
关闭swap主要是为了性能考虑，kubernetes的想法是将实例紧密包装到尽可能接近100％。 所有的部署应该与CPU /内存限制固定在一起。 所以如果调度程序发送一个pod到一台机器，它不应该使用交换。 设计者不想交换，因为它会减慢速度。
关于swap的讨论1，2

$sudo swapoff -a
$ free -h
              total        used        free      shared  buff/cache   available
Mem:           7.7G        2.3G        3.3G        633M        2.0G        4.5G
Swap:            0B          0B          0B

安装kubeadm

$ sudo apt update && sudo apt install -y apt-transport-https
$ curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add - 

/etc/apt/sources.list.d/kubernetes.list中添加aliyun的镜像地址
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main

sudo apt update
sudo apt install -y kubelet kubeadm kubectl

安装之后查看版本

$ kubelet --version
Kubernetes v1.16.2

其他组件安装

Kubernetes主要由以下几个核心组件组成：
etcd保存了整个集群的状态；
apiserver提供了资源操作的唯一入口，并提供认证、授权、访问控制、API注册和发现等机制；
controller manager负责维护集群的状态，比如故障检测、自动扩展、滚动更新等；
scheduler负责资源的调度，按照预定的调度策略将Pod调度到相应的机器上；
kubelet负责维护容器的生命周期，同时也负责Volume（CVI）和网络（CNI）的管理；
Container runtime负责镜像管理以及Pod和容器的真正运行（CRI）；
kube-proxy负责为Service提供cluster内部的服务发现和负载均衡；
kubeadm init这个命令帮助你启动跟Master相关的组件APIServer、Etcd、Scheduler、Controller-Manager等。由于官方镜像地址被墙，所以我们需要首先获取所需镜像以及它们的版本。然后从国内镜像站获取。
手动拉取镜像的方法如下（不推荐该方法，推荐使用--image-repository参数）：

$ kubeadm config images list
W1021 16:18:10.509898   18535 version.go:101] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W1021 16:18:10.509999   18535 version.go:102] falling back to the local client version: v1.16.2
k8s.gcr.io/kube-apiserver:v1.16.2
k8s.gcr.io/kube-controller-manager:v1.16.2
k8s.gcr.io/kube-scheduler:v1.16.2
k8s.gcr.io/kube-proxy:v1.16.2
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.15-0
k8s.gcr.io/coredns:1.6.2

新建脚本从azure 镜像仓库拉取镜像，脚本内容如下：

images=(  # 下面的镜像应该去除"k8s.gcr.io/"的前缀
    kube-apiserver:v1.16.2
    kube-controller-manager:v1.16.2
    kube-scheduler:v1.16.2
    kube-proxy:v1.16.2
    pause:3.1
    etcd:3.3.15-0
    coredns:1.6.2
)

for imageName in ${images[@]} ; do
    docker pull gcr.azk8s.cn/google_containers/$imageName
    docker tag gcr.azk8s.cn/google_containers/$imageName k8s.gcr.io/$imageName
    docker rmi gcr.azk8s.cn/google_containers/$imageName
done    

以上方法比较繁琐，如果想直接从国内镜像仓库拉取镜像，可以增加参数--image-repository registry.aliyuncs.com/google_containers。
镜像拉取之后，执行kubeadm init，需要指明pod网络可以使用的IP地址段，即‘--pod-network-cidr’，如果安装flannel，参数为--pod-network-cidr=10.244.0.0/16，安装calico，参数为‘--pod-network-cidr=192.168.0.0/16’。

$ sudo kubeadm init  --pod-network-cidr=192.168.0.0/16 --image-repository registry.aliyuncs.com/google_containers
W1021 16:48:34.519499     697 version.go:101] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W1021 16:48:34.519580     697 version.go:102] falling back to the local client version: v1.16.2
[init] Using Kubernetes version: v1.16.2
[preflight] Running pre-flight checks
    [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
    [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 19.03.3. Latest validated version: 18.09
error execution phase preflight: [preflight] Some fatal errors occurred:
    [ERROR DirAvailable--var-lib-etcd]: /var/lib/etcd is not empty
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`

以上错误应该是之前通过rancher安装过k8s，运行过kubeadm init导致无法通过前置检查，可以运行kubeadm reset，也可以选择忽略此前置检查错误--ignore-preflight-errors=DirAvailable--var-lib-etcd，或者忽略所有的检查错误--ignore-preflight-errors=all。

$ sudo kubeadm reset
$ systemctl restart kubelet
$ sudo kubeadm init --pod-network-cidr=192.168.0.0/16
<.skip..>
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.0.4.138:6443 --token wy0tyv.ayarzeeykfv2xfdd \
    --discovery-token-ca-cert-hash sha256:8f621f384379c430340ef58ca1ea6c1fad1d1ebbec567a78de5f0b4572549b7e 

按照提示设置普通账户权限

 $ mkdir -p $HOME/.kube
 $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 $ sudo chown $(id -u):$(id -g) $HOME/.kube/config

查看安装情况

$ kubectl get pods --all-namespaces
NAMESPACE     NAME                          READY   STATUS    RESTARTS   AGE
kube-system   coredns-5644d7b6d9-4zzqj      0/1     Pending   0          67m
kube-system   coredns-5644d7b6d9-xvr58      0/1     Pending   0          67m
kube-system   etcd-zml                      1/1     Running   0          66m
kube-system   kube-apiserver-zml            1/1     Running   0          66m
kube-system   kube-controller-manager-zml   1/1     Running   0          66m
kube-system   kube-proxy-fl79f              1/1     Running   0          67m
kube-system   kube-scheduler-zml            1/1     Running   0          66m

发现所有的coredns pod都处于Pending状态，我们还需要安装Pod Network插件， kubeadm only supports Container Network Interface (CNI) based networks (and does not support kubenet).
这里使用calico网络

$ kubectl apply -f https://docs.projectcalico.org/v3.10/manifests/calico.yaml
$ kubectl get pods --all-namespaces
NAMESPACE     NAME                                       READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-6d85fdfbd8-l6pfw   1/1     Running   0          6m55s
kube-system   calico-node-ql7gs                          1/1     Running   0          6m55s
kube-system   coredns-5644d7b6d9-4pwb2                   1/1     Running   0          17m
kube-system   coredns-5644d7b6d9-l69wv                   1/1     Running   0          17m
kube-system   etcd-zml                                   1/1     Running   0          17m
kube-system   kube-apiserver-zml                         1/1     Running   0          16m
kube-system   kube-controller-manager-zml                1/1     Running   0          17m
kube-system   kube-proxy-8nl2b                           1/1     Running   0          17m
kube-system   kube-scheduler-zml                         1/1     Running   0          17m

所有的pod状态都变为Running
设置master节点也可以运行pod

$ kubectl taint nodes --all node-role.kubernetes.io/master-
node/zml untainted
$ kubectl get nodes -o wide
NAME   STATUS   ROLES    AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
zml    Ready    master   32m   v1.16.2   192.0.4.138   <none>        Ubuntu 18.04.3 LTS   4.15.0-65-generic   docker://19.3.3

到此，说明kubernetes安装完成啦。

部署Dashboard UI

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml

Creating sample user，

$ kubectl apply -f dashboard-admin.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

dashboad-admin.yaml内容如下：

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

获取登录TOKEN

$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-gxt7q
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: c91be2ce-9bf8-4952-baa0-02502b88514f

Type:  kubernetes.io/service-account-token

Data
====
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6ImZLWlBRenZRSkREbjhBU3FOcTJjeEhwbFEzcGFhNGJ5Vlg4RU9uOVVtRG8ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWd4dDdxIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjOTFiZTJjZS05YmY4LTQ5NTItYmFhMC0wMjUwMmI4ODUxNGYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.HciWSZUhHpwVDjegxYvUsglOId6ooyn83PuyvwTQnnuI8_J_G7bwkC1XDU6WGJim7P1LoL2BtVSVV-Lgl16eZxhKg9LlLsdUwG5g6EUZTBoqbhogBpA7-OVkhehrftRodHun9qRvFSND470DSSfpJEj-5pu35Cw1HeLGwj7FCLaJ_Tuxgx-txhM160N7f59Zmt9Dj_FGLPKFMm-6HN4aUsl-dqigL53jXVgeIsEk3AJtTD9OaWRRRDYqViwGRlRg1pg5gePm_XWSH0RdlIExV0GaO6TLISYGBhKLmnDO9xNEnvHcdeANWlifBD5S4Risy1hi05vx43DHVbHJcx4X1A
ca.crt:     1025 bytes

访问http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/， 输入以上token即可登录；

查看占用资源

参考

Creating a single control-plane cluster with kubeadm
Goto Kubernetes
azure 镜像仓库
Kubernetes网络插件对比分析（Flannel、Calico、Weave）
Quickstart for Calico on Kubernetes
Web UI (Dashboard)