Debian安装kubernetes1.23.1实战【详细步骤】

安装过程踩过的坑，请见：K8s安装过程中的坑_marlinlm的博客-CSDN博客

安装 kubeadmin 等工具（所有节点）

1、配置安装源

apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat </etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update

2、安装

sudo apt-get install kubectl kubeadm kubelet kubernetes-cni -y

swap off（所有节点）

1、使用free -h 确认没有使用swap

              total        used        free      shared  buff/cache   available
Mem:           15Gi       319Mi       8.7Gi       152Mi       6.6Gi        14Gi
Swap:            0B          0B          0B

2、如果swap部分不为0， 则使用命令swapoff -a关闭

准备镜像（所有节点）

因为等会的kubeadmin会有超时检查，可以先把镜像下载好。由于国内无法访问k8s.gcr.io仓库，所以必须增加--image-repository 指定国内的镜像仓库。

kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers

disable cgroups（所有节点）

1、修改daemon.json

sudo vim /etc/docker/daemon.json

{
"exec-opts": ["native.cgroupdriver=systemd"]
}

2、重启docker

systemctl daemon-reload
systemctl restart docker

kubeadmin init （master节点）

因为本例采用flannel作为网络插件，所以必须添加子网信息。如果已经把镜像都准备好了，可以不用管--image-repository参数。

sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository registry.aliyuncs.com/google_containers

看到以下日志说明启动成功

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.1.195:6443 --token 3ofpy6.pt91rhge0ek3q3e3 \
        --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

最后这个命令可以在node节点打，用来加入集群。

创建使用账户（master节点）

通过sudo执行以下脚本：

sudo mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

 检查集群是否创建成功。注意，此时虽然coredns已经显示Running了，但是因为还没安装网络插件，实际上pod之间还是不能进行网络传输的。

linmao@debian-1:~/kubernetes$ sudo kubectl get pods -A
NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE
kube-system   coredns-6d8c4cb4d-9f77q            1/1     Running   0          8m51s
kube-system   coredns-6d8c4cb4d-dnglh            1/1     Running   0          8m51s
kube-system   etcd-debian-1                      1/1     Running   8          8m37s
kube-system   kube-apiserver-debian-1            1/1     Running   8          9m5s
kube-system   kube-controller-manager-debian-1   1/1     Running   4          8m37s
kube-system   kube-proxy-rtzls                   1/1     Running   0          2m38s
kube-system   kube-proxy-w9q7z                   1/1     Running   0          8m52s
kube-system   kube-scheduler-debian-1            1/1     Running   8          8m37s

打开coredns会发现其实是在报错：

[INFO] plugin/reload: Running configuration MD5 = db32ca3650231d74073ff4cf814959a7
CoreDNS-1.8.6
linux/amd64, go1.17.1, 13a9191
[INFO] plugin/ready: Still waiting on: "kubernetes"
[ERROR] plugin/errors: 2 5026620799616770009.3839504530249310645. HINFO: read udp 10.244.2.3:49800->192.168.1.1:53: i/o timeout
[ERROR] plugin/errors: 2 5026620799616770009.3839504530249310645. HINFO: read udp 10.244.2.3:60273->192.168.1.1:53: i/o timeout
[ERROR] plugin/errors: 2 5026620799616770009.3839504530249310645. HINFO: read udp 10.244.2.3:40600->192.168.1.1:53: i/o timeout
[ERROR] plugin/errors: 2 5026620799616770009.3839504530249310645. HINFO: read udp 10.244.2.3:44937->192.168.1.1:53: i/o timeout

安装网络插件flannel（master节点）

sudo kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

 检查coredns是否已经正常：

linmao@debian-1:~/kubernetes$ sudo kubectl logs -f coredns-6d8c4cb4d-2vp27 -n kube-system
.:53
[INFO] plugin/reload: Running configuration MD5 = db32ca3650231d74073ff4cf814959a7
CoreDNS-1.8.6
linux/amd64, go1.17.1, 13a9191

已经不再报错了。 

加入node节点（node节点）

sudo kubeadm join 192.168.1.195:6443 --token u8lswi.j3wbf0di5qbvjnds \
>         --discovery-token-ca-cert-hash sha256:306165f7f2b70056143b052ba48065cd8e5c9fa8bc8992d00290bdd8024b8b47

检查节点是否已经加入成功：

linmao@debian-1:~/kubernetes$ sudo kubectl get nodes
NAME       STATUS   ROLES                  AGE     VERSION
debian-1   Ready    control-plane,master   7m27s   v1.23.1
debian-2   Ready                     59s     v1.23.1

使所有机器都可以使用kubectl管理集群（master节点）

执行以下脚本：

sudo kubectl create clusterrolebinding system:node:debian-1   --clusterrole=cluster-admin   --user=system:node:debian-1
sudo kubectl create clusterrolebinding system:node:debian-2   --clusterrole=cluster-admin   --user=system:node:debian-2
sudo kubectl create clusterrolebinding system:node:debian-3   --clusterrole=cluster-admin   --user=system:node:debian-3

接下来是增加用户和用户权限，请看：Kubernetes中的用户权限管理详细步骤_marlinlm的博客-CSDN博客