kubeadm安装K8S_v1.28.x容器使用docker

一．环境部署

1.1 基础环境配置（只有1台服务器，作为masrer，也作为node使用）

[root@ecs-cf5e ~]# cat /etc/redhat-release CentOS Linux release
7.9.2009 (Core) [root@ecs-cf5e ~]# uname -a Linux ecs-cf5e 3.10.0-1160.92.1.el7.x86_64 #1 SMP Tue Jun 20 11:48:01 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux [root@ecs-cf5e ~]#

1.2 修改机器名称

#永久修改主机名
hostnamectl set-hostname  master    && bash   #在master上操作

1.3 服务器性能优化

#时间同步：
yum install epel-release  -y
yum install ntpdate -y
ntpdate time.windows.comsystemctl stop firewalld
systemctl disable firewalld
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
setenforce 0 # 临时
swapoff -a # 临时
sed -i 's/.*swap.*/#&/' /etc/fstab # 永久#修改内核参数
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOFcat >>  /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOFmodprobe br_netfilter #加载br_netfilter模块
lsmod |grep br_netfilter #验证模块是否加载成功
sysctl -p /etc/sysctl.d/k8s.conf  #使刚才修改的内核参数生效

1.4 集群添加hosts和免密登录

cat >> /etc/hosts << EOF
192.168.0.143    master
EOFssh-keygen -t rsa #一路回车，不输入密码
###把本地的ssh公钥文件安装到远程主机对应的账户
for i in master ; do ssh-copy-id -i .ssh/id_rsa.pub $i ;done

1.5 配置ipvs功能

在kubernetes中Service有两种代理模型，一种是基于iptables的，一种是基于ipvs，两者对比ipvs的性能要高，如果想要使用ipvs模型，需要手动载入ipvs模块yum -y install ipset ipvsadm
cat > /etc/sysconfig/modules/ipvs.modules << EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4  
EOF
chmod +x /etc/sysconfig/modules/ipvs.modules # 执行脚本
/etc/sysconfig/modules/ipvs.modules
# 验证ipvs模块
lsmod | grep -e ip_vs -e nf_conntrack_ipv4

二．安装Docker和安装并配置cri-dockerd插件安装

2.1 安装docker

yum -y install epel-release wget lrzsz
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
#yum list docker-ce --showduplicates | sort -r #查看yum仓库中可以安装的docker版本
#yum -y install docker-ce-18.06.1.ce-3.el7 #安装固定版本
yum -y install docker-ce  #安装docker最新版
systemctl enable docker && systemctl start docker cat > /etc/docker/daemon.json << EOF
{"registry-mirrors":["https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com", "https://rncxm540.mirror.aliyuncs.com"],"exec-opts": ["native.cgroupdriver=systemd"]
} 
EOFsystemctl daemon-reload && systemctl restart docker &&  systemctl status docker
docker --version

2.2 cri-dockerd

#安装cri-dockerd插件
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.x86_64.rpm
#备份并更新cri-docker.service文件
rpm -ivh cri-dockerd-0.3.1-3.el7.x86_64.rpm
rpm -ivh cri-dockerd-0.3.1-3.el7.x86_64.rpm --nodeps --force #centos9mv /usr/lib/systemd/system/cri-docker.service   /usr/lib/systemd/system/cri-docker.service.default#空文件复制如下信息
cat > /usr/lib/systemd/system/cri-docker.service << EOF 
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF#启动cir-dockerd
systemctl daemon-reload
systemctl start cri-docker.service 
systemctl enable cri-docker.service
systemctl status  cri-docker.servicecri-dockerd --version

三．安装Docker/kubeadm/kubelet（所有节点）

##添加yum 源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF


yum clean all && yum makecache -y
#yum makecache fast
yum list kubectl --showduplicates | sort -r #列出kubectl可用的版本

##centos系统安装命令
yum -y install kubelet-1.28.2-0  kubeadm-1.28.2-0  kubectl-1.28.2-0 
systemctl enable kubelet
kubectl version

#ubuntu系统安装命令
sudo apt install kubelet=1.28.2-00  kubeadm=1.28.2-00 kubectl=1.28.2-00 -y

四．初始化集群

#kubeadm config images list #查看集群安装需要的命令kubeadm init --kubernetes-version v1.28.2 --apiserver-advertise-address=192.168.0.143  --service-cidr=10.96.0.0/12  --pod-network-cidr=10.244.0.0/16 --image-repository registry.aliyuncs.com/google_containers   --cri-socket unix:///var/run/cri-dockerd.sock  --ignore-preflight-errors=all

#kubeadm reset --cri-socket unix:///var/run/cri-dockerd.sock #这句是集群初始化失败后需要执行的
kubeadm token create --print-join-command #重新生成token

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

五．命令补全

####Centos系统
rpm -aq |grep completion  
yum -y install bash-completion  #安装补全命令的包
kubectl completion bash
source /usr/share/bash-completion/bash_completion
kubectl completion bash >/etc/profile.d/kubectl.sh
source /etc/profile.d/kubectl.sh
cat >> /root/.bashrc <<EOF
source /etc/profile.d/kubectl.sh
EOF

六．安装网络插件

#去除污点，允许master节点部署pod
kubectl taint nodes --all node-role.kubernetes.io/control-plane- #执行这句就行，就是取消污点
kubectl taint nodes --all node-role.kubernetes.io/master-  #执行这句就行，就是取消污点

kubectl apply -f calico.yaml  #从这里下载对应版 https://docs.projectcalico.org/archive/v3.20/manifests/calico.yaml

[root@master ~]# kubectl get nodes
NAME     STATUS   ROLES           AGE     VERSION
master   Ready    control-plane   6m29s   v1.28.2
[root@master ~]# kubectl get pods -A
NAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-bdf96dff9-fdgj5   1/1     Running   0          2m19s
kube-system   calico-node-cz7nh                         1/1     Running   0          2m19s
kube-system   coredns-66f779496c-fm7wd                  1/1     Running   0          6m28s
kube-system   coredns-66f779496c-nhcpz                  1/1     Running   0          6m28s
kube-system   etcd-master                               1/1     Running   0          6m41s
kube-system   kube-apiserver-master                     1/1     Running   0          6m41s
kube-system   kube-controller-manager-master            1/1     Running   0          6m41s
kube-system   kube-proxy-nq95m                          1/1     Running   0          6m28s
kube-system   kube-scheduler-master                     1/1     Running   0          6m41s
[root@master ~]#

七. 在kubernetes群集中创建Nginx

kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pods,svc  #查看暴露端口

浏览器访问：集群任何IP:端口正常访问就OK
在这里插入图片描述

八. 部署Dashboard

kubectl apply -f recommended.yaml

[root@master ~]# kubectl get pods,svc -n kubernetes-dashboard
NAME                                             READY   STATUS    RESTARTS   AGE
pod/dashboard-metrics-scraper-5657497c4c-jwd8h   1/1     Running   0          3m50s
pod/kubernetes-dashboard-78f87ddfc-vs7hc         1/1     Running   0          3m50sNAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
service/dashboard-metrics-scraper   ClusterIP   10.107.39.99     <none>        8000/TCP        3m50s
service/kubernetes-dashboard        NodePort    10.107.196.130   <none>        443:30001/TCP   3m50s
[root@master ~]#

#创建service  account并绑定默认cluster-admin管理员群集角色
kubectl create serviceaccount dashboard-admin -n kube-system  #创建用户
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin #用户授权
kubectl -n kube-system get serviceaccounts |grep dashboard #查看sa是否创建成功
kubectl -n kube-system create token dashboard-admin  --duration=518400s #创建用户Token
#一年365*24*60*60=31536000s 第一次token登录后有报错，请再次执行一次token就好了

浏览器打开ip:30001 由于我这是华为云服务器用的是公网IP https://114.115.160.33:30001/
在这里插入图片描述

九. 部署metrics服务

kubectl apply -f metrics-server.yaml

kubectl top nodes 
kubectl top pods

[root@master ~]# kubectl top nodes 
NAME     CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
master   170m         4%     2622Mi          33%       
[root@master ~]# kubectl top pods
NAME                     CPU(cores)   MEMORY(bytes)   
nginx-7854ff8877-gzw6r   0m           3Mi             
[root@master ~]#