安装VM Ware

参考：http://www.taodudu.cc/news/show-2034573.html?action=onClick

安装Docker

参考：https://www.yuque.com/leifengyang/oncloud/mbvigg#2ASxH
移除Docker相关包：

sudo yum remove docker \docker-client \docker-client-latest \docker-common \docker-latest \docker-latest-logrotate \docker-logrotate \docker-engine

配置yum源

sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

安装Docker

yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7  containerd.io-1.4.6

启动Docker

systemctl enable docker --now

配置加速

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{"registry-mirrors": ["https://82m9ar63.mirror.aliyuncs.com"],"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "100m"},"storage-driver": "overlay2"
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

安装K8S集群

安装kubeadm

每台虚拟机分别设置主机名，需要不一样，比如master，node1，node2。

hostnamectl set-hostname xxxx

将 SELinux 设置为 permissive 模式（相当于将其禁用）

sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

关闭swap

swapoff -a  
sed -ri 's/.*swap.*/#&/' /etc/fstab

允许 iptables 检查桥接流量

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOFcat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

安装kubeadm

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttp://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOFsudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetessudo systemctl enable --now kubelet

使用kubeadm引导集群

下载需要镜像

sudo tee ./images.sh <<-'EOF'
#!/bin/bash
images=(
kube-apiserver:v1.20.9
kube-proxy:v1.20.9
kube-controller-manager:v1.20.9
kube-scheduler:v1.20.9
coredns:1.7.0
etcd:3.4.13-0
pause:3.2
)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName
done
EOFchmod +x ./images.sh && ./images.sh

初始化主节点，注意ip地址一定不能和service，pod重叠，否则后面报错很麻烦，这里踩坑最后把网络修改，卸载后重新连接才可以。

#所有机器添加master域名映射，以下需要修改为自己的
echo "172.31.0.3  cluster-endpoint" >> /etc/hosts#主节点初始化
kubeadm init \
--apiserver-advertise-address=172.31.0.3 \
--control-plane-endpoint=cluster-endpoint \
--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
--kubernetes-version v1.20.9 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=192.168.0.0/16#所有网络范围不重叠

结果如下：

根据提示操作：

export KUBECONFIG=/etc/kubernetes/admin.conf

查看集群所有节点

kubectl get nodes

查看集群部署了哪些应用？

docker ps   ===   kubectl get pods -A

运行中的应用在docker里面叫容器，在k8s里面叫Pod

kubectl get pods -A

安装网络组件calico

curl https://docs.projectcalico.org/v3.20/manifests/calico.yaml -Okubectl apply -f calico.yaml

master产生令牌

kubeadm token create --print-join-command

从节点执行产生的令牌：

kubeadm join cluster-endpoint:6443 --token t5mmdl.33emuumfpvvwhzns     --discovery-token-ca-cert-hash sha256:6d7802252ce7ebd96e5520b331b77879aad5be92d463c1e712ffbe6ed519f410

如果碰到从节点加入超时，可以把主节点防火墙先关闭，加入后再开启：

systemctl disable firewalld --now
加入...
systemctl enable firewalld --now

查看节点：

kubectl get nodes

部署dashboard，如果下载不了，可以先windows下载，然后编辑recommended.yaml复制内容并拷贝到虚拟机中执行。

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

设置访问端口，文件中ClusterIP 改为 type: NodePort

kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

查看

kubectl get svc -A |grep kubernetes-dashboard，可以看到30612端口，云服务器需要设置端口放行

可以在任意集群ip+端口号（图中的30612，这个每个人会变）访问到dashboard，如果发现问题，可以查看日志，根据日志分析，我碰到的问题是从节点防火墙没有关闭：

kubectl get pod -A，获得名字name
kubectl logs -f -n kubernetes-dashboard (dashboard名字)

创建yaml文件

vi dash.yaml

粘贴内容：

#创建访问账号，准备一个yaml文件； vi dash.yaml
apiVersion: v1
kind: ServiceAccount
metadata:name: admin-usernamespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: admin-user
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: admin-usernamespace: kubernetes-dashboard

运行yaml

kubectl apply -f dash.yaml

令牌访问，获取访问令牌

kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

令牌类似：

eyJhbGciOiJSUzI1NiIsImtpZCI6IkpiMUc0YmpuTzJUbGZIYk9sQmlkaDRpNFg3SDFEcnV1ZjdTYno5dW9KN28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTg1Y2dyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyMTExYjNjMy03ZGY1LTQ4ODEtYjEzNy05MjFjMmY2NmZhNjAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Q3FYvZivviL8-s7G5X2s-6P0cfcZ_7s5QLs-77N04Yre801auf-nmzOs158J0mOno7zP45bSYJM9KxgZxQSBrly6tkIxA9b1lIPAtw0tgE9MpXDje9E0dbgDwqjEIMJU87Uts71S3vdJwvbrXCLLZkrHVZhizpI__wJCHUEpVQsH4uBnZQBD2UQ2vs3vanj9mP6XtXSoWO3NeFTEfRUGUwEYafu_DjpJ_-9s17pfM3-zm5LBZfzBhaAJJB3qCCIXizOAEXkNhQHp1XiHY7_yad6BQRrKWn88h_j_cB6RekBOc9eYCgIBjSuCAeJIZvsZFb23R5B5xJX-rFqmuJ077A

成功！