1、部署环境

操作系统：CentOS7

docker：20-ce

k8s：1.23

操作系统最小硬件配置（在vmmare安装时需要选择）：2核CPU、2G内存、20G硬盘

master：10.0.0.66
node1：10.0.0.77
node2：10.0.0.88

2、初始化配置

2.1、先安装一台CentOS7，作为master和node节点的公共配置

#关闭防火墙

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld

#关闭selinux

[root@localhost ~]# setenforce 0
[root@localhost ~]# vi /etc/sysconfig/selinux
 
SELINUX=disabled    //将selinux修改为disabled

#也可以用一条命令解决（这是第二种方法）

sed -i 's/enforcing/disabled/' /etc/selinux/config

#关闭swap

[root@localhost ~]# sed -ri 's/.*swap.*/#&/' /etc/fstab

# 开启网桥模式,关闭ipv6协议

vi  /etc/sysctl.d/kubernetes.conf

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv6.conf.all.disable_ipv6=1

sysctl --system   //生效

modprobe  br_netfilter       #加载模块

#时间同步

[root@localhost ~]# yum -y install ntpdate
[root@localhost ~]# ntpdate time.windows.com
25 Dec 11:21:23 ntpdate[10495]: adjust time server 52.231.114.183 offset -0.002107 sec

2.2、安装 Docker、kubeadm、kubelet

[root@localhost yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
[root@localhost ~]# yum -y install docker-ce
[root@localhost ~]# systemctl enable docker && systemctl start docker

配置镜像加速

[root@localhost ~]# vi /etc/docker/daemon.json
{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],   //镜像仓库
  "exec-opts": ["native.cgroupdriver=systemd"]
}
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# docker info     //查看docker信息，进行确认

安装kubeadm、kubelet、kubectl

[root@localhost ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF

#使用yum命令进行安装,安装指定的版本

[root@localhost ~]# yum -y install kubeadm-1.23.0 kubelet-1.23.0 kubectl-1.23.0
[root@localhost ~]# systemctl enable kubelet

以上步骤完成之后，克隆两台

#给每个主机修改名字
[root@localhost ~]# hostnamectl set-hostname master
[root@localhost ~]# hostnamectl set-hostname node1
[root@localhost ~]# hostnamectl set-hostname node2

#编辑三台hosts文件，做域名解析

[root@master ~]# vi /etc/hosts
10.0.0.66  master
10.0.0.77  node1
10.0.0.88  node2

4、部署k8s-master节点

初始化master节点

[root@master ~]# kubeadm init \
>   --apiserver-advertise-address=10.0.0.66 \
>   --image-repository registry.aliyuncs.com/google_containers \
>   --kubernetes-version v1.23.0 \
>   --service-cidr=10.96.0.0/12 \
>   --pod-network-cidr=10.244.0.0/16 \
>   --ignore-preflight-errors=all

其他地方不用动，apiserver-advertise-address更改为master的ip地址

apiserver-advertise-address 集群通告地址
image-repository 由于默认拉取镜像地址k8s.gcr.io国内无法访问，这里指定阿里云镜像仓库地址
kubernetes-version K8s版本，与上面安装的一致
service-cidr 集群内部虚拟网络，Pod统一访问入口
pod-network-cidr Pod网络，与下面部署的CNI网络组件yaml中保持一致

注意！！！，在这个期间稍微有点慢，因为要拉取一些组件

拉取完成之后是下面这个样子

[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.0.0.66:6443 --token 2jjloe.wjst0vd9qcbfwbu5 \
	--discovery-token-ca-cert-hash sha256:3d693e0258c73bb56c8fb9cdf0068472d3088282b05b63fa136ced5691fb1313 
[root@master ~]# 

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

以上这三个在master节点上输入就可以

在加入node节点的时候出现一下问题重启docker即可

初始化报错问题解决：The HTTP call equal to ‘curl -sSL http://localhost:10248/healthz‘ failed with error: Get “http://loc-CSDN博客

[root@node2 ~]# kubeadm join 10.0.0.66:6443 --token drgx7s.4vg60dgbux5i9kth --discovery-token-ca-cert-hash sha256:09da833ba8edad95656c639be2fa0b3656c9930914dbd6498961fbbdbbddc297 
[preflight] Running pre-flight checks
	[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 24.0.7. Latest validated version: 20.10
error execution phase preflight: [preflight] Some fatal errors occurred:
	[ERROR FileContent--proc-sys-net-ipv4-ip_forward]: /proc/sys/net/ipv4/ip_forward contents are not set to 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

中途如果出现问题，想要重新加入，先执行（kubeadm reset）

默认token有效期为24小时，当过期之后，该token就不可用了。这时就需要重新创建token，在master可以直接使用命令快捷生成：

kubeadm token create --print-join-command

6、部署容器的网络

[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml


此时查看状态就变成了Ready
[root@master ~]# kubectl get nodes
NAME     STATUS   ROLES                  AGE    VERSION
master   Ready    control-plane,master   153m   v1.23.0
node1    Ready    <none>                 121m   v1.23.0
node2    Ready    <none>                 120m   v1.23.0

7、部署一个集群应用，用于测试

#创建一个nginx服务
kubectl create deployment nginx  --image=nginx:1.14-alpine

#暴露端口
kubectl expose deploy nginx  --port=80 --target-port=80  --type=NodePort

#查看服务
kubectl get pod,svc

[root@master ~]# kubectl get pod,svc
NAME                         READY   STATUS    RESTARTS   AGE
pod/nginx-7cbb8cd5d8-4txs8   1/1     Running   0          26m

NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP        3h3m
service/nginx        NodePort    10.104.162.212   <none>        80:32049/TCP   25m   
//这里指的是内部的80端口映射到了32049端口上面，32049端口是在flannel网络配置文件里面写好的

在浏览器当中用各个节点的IP加上32049端口访问，http://10.0.0.66:32049、http://10.0.0.77:32049、http://10.0.0.88:32049

8、部署可视化工具

https://pan.baidu.com/s/1-tEablkFTrMC-N9-8T7rrA 提取码：8888

#安装
kubectl apply -f kubernetes-dashboard.yaml

#查看服务被分配到哪个节点上
kubectl get pods -n kube-system -o wide

[root@master ~]# kubectl get pods -n kube-system -o wide
NAME                                    READY   STATUS    RESTARTS   AGE     IP           NODE     NOMINATED NODE   READINESS GATES
coredns-6d8c4cb4d-fxjx7                 1/1     Running   0          3h51m   10.244.2.3   node2    <none>           <none>
coredns-6d8c4cb4d-z2zmg                 1/1     Running   0          3h51m   10.244.2.2   node2    <none>           <none>
etcd-master                             1/1     Running   0          3h51m   10.0.0.66    master   <none>           <none>
kube-apiserver-master                   1/1     Running   0          3h51m   10.0.0.66    master   <none>           <none>
kube-controller-manager-master          1/1     Running   0          3h51m   10.0.0.66    master   <none>           <none>
kube-proxy-jk62s                        1/1     Running   0          3h51m   10.0.0.66    master   <none>           <none>
kube-proxy-kr2dr                        1/1     Running   0          3h19m   10.0.0.77    node1    <none>           <none>
kube-proxy-tthjw                        1/1     Running   0          3h19m   10.0.0.88    node2    <none>           <none>
kube-scheduler-master                   1/1     Running   0          3h51m   10.0.0.66    master   <none>           <none>
kubernetes-dashboard-7b4f79c84d-462fv   1/1     Running   0          59s     10.244.1.4   node1    <none>           <none>

#此时你可以看见服务被分配到了node1上面

然后在浏览器中访问 https://10.0.0.77:31080 ，进入web页面

然后我们选择令牌登入，一下是获取密钥的步骤 

[root@master ~]# kubectl get secret -n kube-system | grep kubernetes-dashboard-token
kubernetes-dashboard-token-ll87x                 kubernetes.io/service-account-token   3      5m42s

[root@master ~]# kubectl describe secret kubernetes-dashboard-token-ll87x -n kube-system
Name:         kubernetes-dashboard-token-ll87x
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: e62d1793-84aa-412e-a26d-22ad838a50fe

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InBxM21BZ1A3OFRTb1gtX1pKTl9KMHJGaWhDbWo3aVVwUXU0TkIxbHdPRU0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1sbDg3eCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImU2MmQxNzkzLTg0YWEtNDEyZS1hMjZkLTIyYWQ4MzhhNTBmZSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.QNTFoQXEAyu6LBhtsPqk2eESCQWMNvJUnn7brAz9Ne-DsrJd7npaE6ZFYPjuvYUczcj914oiuAcsfYLW1l3GCYAy3YhLzl-0XU3_dVfvg5vjR4hMQY-Mr7DjOgNzpmniVu0D8v7RpWjlooASfnQ_t24UwNyjvRwuWKPLjaMtT65rpd8VL9s3MIWpC0go0u6aL35YYPRIolejvl9zP2-EBixur3Ias4zU3xCoBBM1qdjDnN_0Xw6cq2uOBL64hDBcUnKeMhUbPSy0waCkPGih04IlSST1N2mXCUYrTSH1ObTfxxMGgoEtMrsZm9dKKzMyOC3Th3DDWjiATpSV3p98bw


把这个token复制下来，粘贴到浏览器的token栏当中就可以登录进去了