安装 kubeadm

安装 kubeadm | Kubernetes (opens new window)

基础配置

## 设置 hostname
hostnamectl set-hostname k8s-master
hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2

## 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld

## 关闭 swap：
swapoff -a  
sed -ri 's/.*swap.*/#&/' /etc/fstab 

## 将 SELinux 设置为 permissive 模式（相当于将其禁用）
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

modprobe br_netfilter
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.bridge.bridge-nf-call-iptables=1

安装容器运行时

getting-started.md (opens new window)

## 下载containerd
wget https://github.com/containerd/containerd/releases/download/v1.7.8/containerd-1.7.8-linux-amd64.tar.gz
## 解压到指定目录
tar Cxzvf /usr/local containerd-1.7.8-linux-amd64.tar.gz
## 注册service
wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
mv containerd.service /etc/systemd/system/
## 启动服务
systemctl daemon-reload
systemctl enable --now containerd


## 下载runc
wget https://github.com/opencontainers/runc/releases/download/v1.1.10/runc.amd64
## 安装
install -m 755 runc.amd64 /usr/local/sbin/runc


## 下载cni
wget https://github.com/containernetworking/plugins/releases/download/v1.3.0/cni-plugins-linux-amd64-v1.3.0.tgz
## 解压到指定目录
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.3.0.tgz

安装 kubeadm、kubelet 和 kubectl

你需要在每台机器上安装以下的软件包：

• kubeadm：用来初始化集群的指令。
• kubelet：在集群中的每个节点上用来启动 Pod 和容器等。
• kubectl：用来与集群通信的命令行工具。

在 Linux 系统中安装并设置 kubectl | Kubernetes (opens new window)

curl -LO "https://dl.k8s.io/release/v1.28.3/bin/linux/amd64/kubectl"
chmod +x kubectl
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

安装 crictl（kubeadm/kubelet 容器运行时接口（CRI）所需）：

wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.28.0/crictl-v1.28.0-linux-amd64.tar.gz

tar Cxvf /usr/local/bin/ crictl-v1.28.0-linux-amd64.tar.gz

安装kubeadm、kubelet、kubectl并添加kubelet系统服务：

sudo curl -L --remote-name-all https://dl.k8s.io/release/v1.28.3/bin/linux/amd64/{kubeadm,kubelet}

sudo chmod +x {kubeadm,kubelet}

mv kubeadm /usr/local/bin/
mv kubelet /usr/local/bin/

## 注册服务
curl -sSL "https://raw.githubusercontent.com/kubernetes/release/v0.16.2/cmd/krel/templates/latest/kubelet/kubelet.service" | sed "s:/usr/bin:/usr/local/bin:g" | sudo tee /etc/systemd/system/kubelet.service

sudo mkdir -p /etc/systemd/system/kubelet.service.d

curl -sSL "https://raw.githubusercontent.com/kubernetes/release/v0.16.2/cmd/krel/templates/latest/kubeadm/10-kubeadm.conf" | sed "s:/usr/bin:/usr/local/bin:g" | sudo tee /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

启动 kubelet

systemctl enable --now kubelet

kubelet 现在每隔几秒就会重启，因为它陷入了一个等待 kubeadm 指令的死循环。

使用 kubeadm 创建集群

要在没有互联网连接的情况下运行 kubeadm，你必须提前拉取所需的控制平面镜像。 你可以使用kubeadm config images子命令列出并拉取镜像：

kubeadm config images list
kubeadm config images pull
## 如果报错删除 /etc/containerd 目录

kubeadm init | Kubernetes (opens new window)

kubeadm init \
--kubernetes-version=v1.28.3 \
--apiserver-advertise-address=172.26.227.118 \
--pod-network-cidr=192.169.0.0/16

启动成功

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.26.227.118:6443 --token jh52cx.chdhu0i0iq7cj117 \
        --discovery-token-ca-cert-hash sha256:06e54c404d50488eda55a554f0c9cf6d50c2ae9f902b98184473f38fdb6dba43 

安装 calico

Quickstart for Calico on Kubernetes | Calico Documentation (opens new window)

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

如果一直是pending状态，并且是污点的原因就清除污点

## 查看详细信息，1 node(s) had untolerated taint {node.kubernetes.io/not-ready: }
kubectl describe pod coredns-567c556887-6d8p5 -n kube-system
## 清除污点，才能创建 pod
kubectl taint nodes $(hostname) node-role.kubernetes.io/control-plane:NoSchedule-
kubectl taint nodes $(hostname) node.kubernetes.io/not-ready:NoSchedule-

设置 master 为污点，让接下来的 pod 都在 node 创建

kubectl taint nodes $(hostname) check=master:NoSchedule

加入节点

kubeadm join 172.26.227.118:6443 --token jh52cx.chdhu0i0iq7cj117 \
        --discovery-token-ca-cert-hash sha256:06e54c404d50488eda55a554f0c9cf6d50c2ae9f902b98184473f38fdb6dba43 

安装 dashboard

部署和访问 Kubernetes 仪表板（Dashboard） | Kubernetes (opens new window)

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

创建用户 creating-sample-user.md (opens new window)