安装k8s前要先安装docker——K8s 本身不直接管容器得靠一个 “容器运行时” 来干活以前最主流的就是 Docker所以大家习惯了先装 Docker 再搭 K8s。yum install -y yum-utilsyum-utils提供了yum-config-manager命令用于添加、管理 YUM 软件源-y参数表示安装时自动确认所有交互。sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo添加阿里云提供的 Docker 官方 YUM 镜像源后续安装 Docker 时会从这个源下载比国外源速度更快、更稳定。yum install -y docker-ce-20.10.7 docker-ce-cli-20.10.7 containerd.io-1.4.6安装指定版本 Dockersystemctl enable docker --now开机自启sudo mkdir -p /etc/dockersudo tee /etc/docker/daemon.json -EOF{registry-mirrors: [https://docker.m.daocloud.io,https://ccr.ccs.tencentyun.com,https://hub.xdark.top,https://dhub.kubesre.xyz,https://docker.kejilion.pro,https://docker.xuanyuan.me,https://docker.hlmirror.com,https://run-docker.cn,https://docker.sunzishaokao.com,https://image.cloudlayer.icu,https://docker.tbedu.top,https://hub.crdz.gq,https://docker.melikeme.cn,https://xuanyuan.cloud],exec-opts: [native.cgroupdriversystemd],log-driver: json-file,log-opts: {max-size: 100m},storage-driver: overlay2}EOFsudo systemctl daemon-reloadsudo systemctl restart docker以上的镜像源是为了docker拉取nginxmysqlredis等配置的镜像源关闭防火墙systemctl stop firewalldsystemctl disable firewalld关闭selinuxsudo setenforce 0 sudo sed -i s/^SELINUXenforcing$/SELINUXpermissive/ /etc/selinux/config关闭swap分区swapoff -ased -ri s/.*swap.*/#/ /etc/fstabhostnamectl set-hostname k8s-masterhostnamectl set-hostname k8s-node设置主机名cat /etc/hosts EOF192.168.255.210 k8s-master192.168.255.201 k8s-node1EOF加载 br_netfilter 内核模块——br_netfilter是 Linux 内核中负责桥接流量过滤的模块它能让iptables/ip6tables对网桥bridge设备上的数据包进行过滤和转发是 K8s 网络插件如 Calico、Flannel正常工作的基础。cat EOF | sudo tee /etc/modules-load.d/k8s.confbr_netfilterEOF配置桥接流量的 iptables 规则——如果不开启这些参数桥接的流量会绕过 iptables导致网络策略、服务转发失效集群内部无法正常通信。cat EOF | sudo tee /etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables 1net.bridge.bridge-nf-call-iptables 1net.ipv4.ip_forward 1EOF应用sysctl配置sudo sysctl --system安装kubelet kubeadm kubectl配置k8s源地址cat EOF | sudo tee /etc/yum.repos.d/kubernetes.repo[kubernetes]nameKubernetesbaseurlhttp://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64enabled1gpgcheck0repo_gpgcheck0gpgkeyhttp://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttp://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF安装yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9开机自启sudo systemctl enable --now kubelet检测kubelet是否成功运行systemctl status kubelet不成功因为缺少了文件执行下面命令初始化后就行了master节点创建并写入 images.sh 脚本——把镜像拉取下来sudo tee ./images.sh -EOF#!/bin/bashimages(kube-apiserver:v1.20.9kube-proxy:v1.20.9kube-controller-manager:v1.20.9kube-scheduler:v1.20.9coredns:1.7.0etcd:3.4.13-0pause:3.2)for imageName in ${images[]} ; dodocker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageNamedoneEOF给脚本添加执行权限并运行chmod x ./images.sh ./images.shkubeadm init \--apiserver-advertise-address192.168.255.210 \#注意改成自己的ip--control-plane-endpointk8s-master \#改成自己的主机名--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \--kubernetes-version v1.20.9 \--service-cidr10.96.0.0/16 \--pod-network-cidr10.244.0.0/16# 如果初始化失败重置kubeadmkubeadm reset# 清理相关配置文件rm -rf /etc/cni/net.d $HOME/.kube/config# 清理 iptables 规则iptables -Fiptables -Xiptables -t nat -Fiptables -t nat -Xiptables -t mangle -Fiptables -t mangle -X# 恢复 iptables 默认策略iptables -P INPUT ACCEPTiptables -P FORWARD ACCEPTiptables -P OUTPUT ACCEPT检查有没有该环境变量[rootmaster yum.repos.d]# echo $KUBECONFIG没有则输入以下命令执行export KUBECONFIG/etc/kubernetes/admin.conf查看加入master命令kubeadm token create --print-join-command安装网络插件calico——多半错误要么是下载的文件不全缺失了要么版本不对1.curl -LO https://docs.projectcalico.org/v3.19/manifests/calico.yaml2.curl -C - -LO --retry 20 --retry-delay 2 --connect-timeout 10 https://docs.projectcalico.org/v3.19/manifests/calico.yaml3.curl -C - -LO https://docs.projectcalico.org/v3.19/manifests/calico.yamlkubectl apply -f calico.yamlnode节点加入集群然后在master节点上输入kubectl get node得到图片结果ready即为成功#图形化界面dashboardkubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yamlkubectl get pod -A#查看是否两个都runnningkubectl delete pod ***#如果没启动成功试着重启kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard#修改nodeport通过浏览器访问kubectl get svc -n kubernetes-dashboard#查看端口用来浏览器访问#用https://ip:端口号 访问访问不了的话点空白处输thisisunsafe即可登陆方式token1. kubectl -n kubernetes-dashboard describe sa kubernetes-dashboard | grep Tokens2. kubectl -n kubernetes-dashboard describe secretkubernetes-dashboard-token-cfxbm加租部分是1查出来的token3.再把查出来的token输入就可以登录k8s了#但这个没有权限接下来设置新用户token登录vi sa-dashboard-admin.yamlapiVersion: v1kind: ServiceAccountmetadata:labels:k8s-app: kubernetes-dashboardname: ljhnamespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:labels:k8s-app: kubernetes-dashboardname: kubernetes-dashboard-oldboyeduroleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-adminsubjects:- kind: ServiceAccountname: ljhnamespace: kubernetes-dashboard#applykubectl -n kubernetes-dashboard describe sa ljh | grep Tokens#都是kubernetes-dashboard的namespacekubectl secret describe ljh-token-wglw6#再用新的token登录即可