Kubeadm單機部署kubernetes:v1.23

寫在最前：本文隻是以kubeadm部署kubernetes單機版本的學習環境，版本：1.23 如果要是部署更新的版本請留意小編後續的文章,因為kubernetes在1.24後的版本部署方法略有不同。如果想把kubernetes整個元件了解透徹，還是得以二進制的方法部署，請留意小編後續的文章。

一、系統準備

檢視系統版本

~]# cat /etc/centos-release

CentOS Linux release 7.9.2009 (Core)           

配置網絡

~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="dhcp"
DEFROUTE="yes"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"           

添加國内源

~]# rm -rfv /etc/yum.repos.d/*

~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
~]#            

配置主機名

~]# cat /etc/hosts

127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4

::1     localhost localhost.localdomain localhost6 localhost6.localdomain6

10.4.7.142 k8s-master           

關閉swap，注釋swap分區

~]# swapoff -a

~]# cat /etc/fstab

#
# /etc/fstab
# Created by anaconda on Wed Nov 10 16:59:28 2021
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#

dev/mapper/centos-root /            xfs   defaults    0 0
UUID=092d352e-0991-4e6f-921f-42cc4862134c /boot          xfs   defaults    0 0
#/dev/mapper/centos-swap swap          swap  defaults    0 0           

配置核心參數，将橋接的IPv4流量傳遞到iptables的鍊

~]# cat > /etc/sysctl.d/k8s.conf <<EOF

 net.bridge.bridge-nf-call-ip6tables = 1

 net.bridge.bridge-nf-call-iptables = 1

 EOF
~]# sysctl --system           

二、安裝常用包

~]# yum install vim bash-completion net-tools gcc -y           

三、docker-ce安裝

請檢視小編之前的文章之Docker-ce安裝

四、安裝kubectl、kubelet、kubeadm

添加國内的kubernetes源，如阿裡源、清華源等。

~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo \
[kubernetes] \
name=Kubernetes \
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ \
enabled=1 \
gpgcheck=1 \
repo_gpgcheck=1 \
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg \
EOF           

安裝

~]# yum install kubectl kubelet kubeadm -y

~]# systemctl start kubelet && systemctl enable kubelet           

五、初始化k8s叢集

~]# kubeadm init --kubernetes-version=1.23.4 --apiserver-advertise-address=10.4.7.142 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16
POD的網段為: 10.122.0.0/16， api server位址就是master本機IP。
這一步很關鍵，由于kubeadm 預設從官網k8s.grc.io下載下傳所需鏡像，國内無法通路，是以需要通過–image-repository指定阿裡雲鏡像倉庫位址。
叢集初始化成功後傳回如下資訊：
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.4.7.142:6443 --token 7zjwdp.w13re4uslonfrv5z \
    --discovery-token-ca-cert-hash sha256:17d6e33d0bfcedf09835a34557f937113084eb67c56aeb682c790ce6ee02e9f1

記錄生成的最後部分内容，此内容需要在其它節點加入Kubernetes叢集時執行。
根據提示建立kubectl

如果報kubelet啟動失敗
sudo mkdir /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
EOF

~]# mkdir -p $HOME/.kube
~]#  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
~]#  sudo chown $(id -u):$(id -g) $HOME/.kube/config

執行下面指令，使kubectl可以自動補充
~]# source <(kubectl completion bash)           

檢視節點，pod

~]# kubectl get nodes
NAME  STATUS  ROLES         AGE  VERSION
k8s-master  Ready  control-plane,master  6m  v1.23.4
~]# kubectl get pods --all-namespaces           

node節點為NotReady，因為corednspod沒有啟動，缺少網絡pod

六、安裝flannel或Calico網絡

我這裡以flannel為例，在安裝前請注意flannel與kubernetes對應的版本。

~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml           

檢視pod和node此時叢集狀态正常

七、dashboard 這裡用NodePort暴露端口

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml

#修改service
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort #新增
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001 #新增，根據自己的改
  selector:
    k8s-app: kubernetes-dashboard
    
#kubectl apply -f dashboard.yaml           

建立admin

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
  name: kubernetes-dashboard-admin
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-admin
  namespace: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
    addonmanager.kubernetes.io/mode: Reconcile
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard-admin
  namespace: kubernetes-dashboard