本文章僅作為個人筆記

k8s官方安裝文檔

• 關閉selinux swap 防火墻等，不安全，有自我見解者可略過

    setenforce 0
    sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
    iptables -F
    iptables -X
    systemctl stop firewalld
    swapoff -a
    sed -i "s/\/dev\/mapper\/centos-swap/\#\/dev\/mapper\/centos-swap/g" /etc/fstab
    cat <<EOF >  /etc/sysctl.d/k8s.conf
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    EOF
    sysctl --system
  

• docker 安裝(已安裝可不處理)

    yum install -y yum-utils dnf
    yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    dnf install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.13-3.1.el7.x86_64.rpm
    yum install docker-ce -y
    service docker start
    # 修改國內倉庫，不需要可略過
    vim /etc/docker/daemon.json
    
        {
            "registry-mirrors": [
                "https://registry.docker-cn.com"
            ],
            "exec-opts":["native.cgroupdriver=systemd"]
        }
    
    systemctl daemon-reload
    service docker restart
  

• kubernetes 安裝(主從節點都運行)

    cat <<EOF > /etc/yum.repos.d/kubernetes.repo
    [kubernetes]
    name=Kubernetes
    baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
    enabled=1
    gpgcheck=1
    repo_gpgcheck=1
    gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
    EOF
    yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
    systemctl enable --now kubelet
    service kubelet start
    modprobe br_netfilter
    lsmod | grep br_netfilter
    # 測試環境是否ok
    kubeadm config images pull
    # 查看kubernetes版本
    kubeadm version
    # 配置安裝插件版本 例如( kubeadm config images list --kubernetes-version v1.19.0 )
    kubeadm config images list --kubernetes-version <kubeadm_git_version>
    # 如果是國內服務器構建請務必操作曲線救國，否則請無視
    ## 曲線救國--------------------start
    # 曲線救國，創建國內鏡像 [參考](https://blog.csdn.net/sjyu_ustc/article/details/79990858)
    # 查看需要的鏡像及版本(這里是個人安裝時的版本，因時而異,自行判斷。)
    kubeadm config images list
  
        k8s.gcr.io/kube-apiserver:v1.19.0
        k8s.gcr.io/kube-controller-manager:v1.19.0
        k8s.gcr.io/kube-scheduler:v1.19.0
        k8s.gcr.io/kube-proxy:v1.19.0
        k8s.gcr.io/pause:3.2
        k8s.gcr.io/etcd:3.4.9-1
        k8s.gcr.io/coredns:1.7.0
  
    # 下載對應版本鏡像(這里的 makai554892700 可更改為自己的賬號鏡像,latest可改為對應版本，但是目前本人并未能獲取到最新版本，請酌情處理,其中各版本請自行修改)
    docker pull makai554892700/kube-apiserver:latest
    docker pull makai554892700/kube-controller-manager:latest
    docker pull makai554892700/kube-scheduler:latest
    docker pull makai554892700/kube-proxy:latest
    docker pull makai554892700/etcd:latest
    docker pull makai554892700/coredns:latest
    docker pull makai554892700/pause:latest
    # 改名下載的鏡像為線上的鏡像(欺騙鏡像下載器以曲線救國,其中各版本請自行修改)
    docker tag makai554892700/kube-apiserver:latest k8s.gcr.io/kube-apiserver:v1.19.0
    docker tag makai554892700/kube-controller-manager:latest k8s.gcr.io/kube-controller-manager:v1.19.0
    docker tag makai554892700/kube-scheduler:latest k8s.gcr.io/kube-scheduler:v1.19.0
    docker tag makai554892700/kube-proxy:latest k8s.gcr.io/kube-proxy:v1.19.0
    docker tag makai554892700/etcd:latest k8s.gcr.io/etcd:3.4.9-1
    docker tag makai554892700/coredns:latest k8s.gcr.io/coredns:1.7.0
    docker tag makai554892700/pause:latest k8s.gcr.io/pause:3.2
    ## 曲線救國--------------------end
  

• 主節點運行

    # 在初始化的過程中可能會卡住（特別是公網，如果出現則修改/etc/kubernetes/manifests/etcd.yaml文件，未出現請無視下面一句 ）
    vim /etc/kubernetes/manifests/etcd.yaml
        - --listen-client-urls=https://127.0.0.1:2379
        - --listen-peer-urls=https://127.0.0.1:2380
    # 初始化 kubeadm
    kubeadm init --apiserver-advertise-address 0.0.0.0 --pod-network-cidr=10.244.0.0/16
    # 例如( kubeadm init --apiserver-advertise-address 0.0.0.0 --pod-network-cidr=10.244.0.0/16 )
    # 如果有可用鏡像可使用下面的命令處理，否則請無視
    # kubeadm init --kubernetes-version=<kubernetes_version> --image-repository registry.aliyuncs.com/google_containers --apiserver-advertise-address <host_ip> --pod-network-cidr=10.244.0.0/16
    # 根據提示創建kubectl
    rm -rf $HOME/.kube
    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config
    # 獲取token,復制token備用
    kubeadm token list
    # 若輸出的token創建時間超過24小時可運行下面的命令重新創建，否則請無視
    kubeadm token create
    # 獲取token sha256，復制備用
    openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
    # 安裝網絡插件 flannel [遇坑參考1](https://blog.csdn.net/qq_23146469/article/details/102486500)
    # 遇坑 [參考2](https://blog.csdn.net/sinat_35534641/article/details/83833797)
    wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
    kubectl apply -f kube-flannel.yml
    # 查看 flannel 是否正常運行
    kubectl get pod -n kube-system
    # 查看日志(根據實際情況修改 kube-flannel-ds-amd64-q8kvb )
    kubectl describe pod kube-flannel-ds-amd64-q8kvb -n kube-system
    # 如果安裝未出現問題到此便結束了，如果flannel安裝不成功繼續曲線救國
    kubeadm reset
    kubeadm init --apiserver-advertise-address 0.0.0.0 --pod-network-cidr=10.244.0.0/16
    rm -rf $HOME/.kube
    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config
    docker pull makai554892700/flannel:latest
    docker tag makai554892700/flannel:latest quay.io/coreos/flannel:v0.12.0-amd64
    kubectl apply -f kube-flannel.yml
  

• 節點加入 官方文檔

• 子節點運行

    # 將主節點的 /run/systemd/resolve/resolv.conf 文件復制到子節點同目錄 /run/systemd/resolve/resolv.conf
    # 加入主節點 例如 ( kubeadm join 192.168.169.128:6443 --token j0xuqn.u9fge2i8uo7dpxsj --discovery-token-ca-cert-hash sha256:93628f27ce0f5738fe1e1b63b1610c60d82a3d55669a025be841c94d547fdf85 )
    kubeadm join --token <token> <control-plane-host>:<control-plane-port> --discovery-token-ca-cert-hash sha256:<hash>
  

• 主節點運行

        # 查看節點
        kubectl get nodes
  

• 刪除節點

  • 子節點運行

      # 重置 kubeadm 狀態
      kubeadm reset
    

  • 主節點運行，例如( kubectl drain 192.168.169.134 --delete-local-data --force --ignore-daemonsets )

      kubectl delete pod kube-proxy-fbp57 -n kube-system
      kubectl drain <node name> --delete-local-data --force --ignore-daemonsets
    

• k8s 安裝ui界面 dashboard

    # 下載官方源
    wget  https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc7/aio/deploy/recommended.yaml
    # 編輯文檔
    vim recommended.yaml
    
            kind: Service
            apiVersion: v1
            metadata:
              labels:
                k8s-app: kubernetes-dashboard
              name: kubernetes-dashboard
              namespace: kubernetes-dashboard
            spec:
              type: NodePort
              ports:
                - port: 443
                  targetPort: 8443
                  nodePort: 30000
              selector:
                k8s-app: kubernetes-dashboard
    # 創建使用
    kubectl create -f recommended.yaml
    # 查看運行的服務
    kubectl get svc -n kubernetes-dashboard
    # 開啟代理用于外界訪問例
    kubectl proxy --address=0.0.0.0 --disable-filter=true
    # 查看權限問題 kubectl logs -f -n kubernetes-dashboard
    # 解決方法 kubectl create clusterrolebinding serviceaccount-cluster-admin --clusterrole=cluster-admin --group=system:serviceaccount
    # 訪問 https://<host_ip>:30000 訪問dashboard 例如(https://192.168.169.128:30000/)
    # 查看token
    kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token