kubeadm快速部署k8s集群

原文链接:https://blog.csdn.net/tiny_du/article/details/123823093

1.环境准备：

3台linux主机：
IP：192.168.122.31 k8s-master
IP：192.168.122.32 k8s-node1
IP：192.168.122.33 k8s-node2

2、初始化IP配置脚本（master和node）

#!/bin/bash
IP=192.168.122.31
NAME=K8s-master
nmcli con modify ens33 ipv4.add $IP/24 ipv4.gateway  192.168.122.2 ipv4.dns 223.5.5.5 ipv4.method manual connection.autoconnect yes
hostnamectl set-hostname $NAME >> /dev/null

if [ $? -eq 0 ]; then
                echo "=============ip修改成功============="
                nmcli con up ens33 >> /dev/null
else
                echo "=============docker成功失败============="
                exit 1
fi

3、初始化配置脚本（master，node）

#!/bin/bash
echo "程序正在运行中"
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
# 关闭swap
sed -ri 's/.*swap.*/#&/' /etc/fstab
# 在master添加hosts
cat >> /etc/hosts << EOF
192.168.122.31 k8s-master
192.168.122.32 k8s-node1
192.168.122.33 k8s-node2
EOF
# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# 时间同步
yum install ntpdate -y >> /dev/null
ntpdate time.nist.gov >> /dev/null
echo 删除旧docker：
yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine
yum install -y yum-utils >> /dev/null
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo >> /dev/null
yum list docker-ce --showduplicates |sort -r >> /dev/null
yum -y install docker-ce-20.10.18 >> /dev/null
systemctl enable docker && systemctl start docker --now

if [ $? -eq 0 ]; then
                echo "=============docker成功启动============="
else
                echo "=============docker启动失败============="
                exit 1
fi
cat >> /etc/docker/daemon.json << "EOF"

{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl restart docker
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#安装 Docker、kubeadm、kubelet【所有节点】
echo " 正在安装kubeadm、kubelet、kubectl，等待中=========="
yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0 >> /dev/null
systemctl enable kubelet && systemctl start kubelet --now
if [ $? -eq 0 ]; then
                echo "=============kubeadm、kubelet、kubectl安装成功============="
else
                echo "=============kubeadm、kubelet、kubectl安装失败============="
                exit 1
fi


cat >> /etc/docker/daemon.json << "EOF"

{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl restart docker
  echo "正在配置镜像下载加速器："
docker info |grep https://b9pmyelo.mirror.aliyuncs.com/
if [ $? -eq 0 ]; then
                echo "=============配置镜像下载加速器：成功============="
else
                echo "=============配置镜像下载加速器：失败============="
                exit 1
fi
echo "正在添加阿里云软件源："
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
 echo "正在安装kubeadm、kubelet、kubectl："
yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0
systemctl enable kubelet --now
if [ $? -eq 0 ]; then
                echo "=============安装kubeadm、kubelet、kubectl：成功============="
else
                echo "=============安装kubeadm、kubelet、kubectl：失败============="
                exit 1
fi

注：如果下面配置错误，#kubeadm reset主节点重置

#配置K8S出现以下错误“/proc/sys/net/ipv4/ip_forward contents are not set to 1”
【master，node执行】
/proc/sys/net/ipv4/ip_forward这个文件表示是否打开IP转发。
0代表禁止
1代表转发

echo "1" > /proc/sys/net/ipv4/ip_forward
service network restart
reboot

检查：
[root@k8s-note2 ~]# cat /proc/sys/net/ipv4/ip_forward
1

4.kubeadm部署（master）

kubeadm init \
  --apiserver-advertise-address=192.168.122.31 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.23.0 \
  --service-cidr=10.96.0.0/12 \
  --pod-network-cidr=10.244.0.0/16 \
  --ignore-preflight-errors=all

#脚本生成（master执行）

mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

#看到NotReady就可以配置node（master执行）

[root@k8s-master ~]# `kubectl get nodes`
NAME         STATUS     ROLES                  AGE   VERSION
k8s-master   NotReady   control-plane,master   58s   v1.23.0

#k8s-master生成jion，随机生成 （node执行）*****

kubeadm join 192.168.122.31:6443 --token vy2d8x.h268nqqmasetvk7z \
        --discovery-token-ca-cert-hash sha256:f26987a1d53e2214146722252e9e222521a652968667a79d51e76f854d96f393

5.部署容器网络 【master执行】

sudo systemctl daemon-reload
sudo systemctl restart docker

5.1配置NetworkManager

cat > /etc/NetworkManager/conf.d/calico.conf <<EOF
[keyfile]
unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:wireguard.cali
EOF

5.2下载calico.yaml

wget https://docs.projectcalico.org/v3.23/manifests/calico.yaml --no-check-certificate

5.3、修改calico.yaml
由于默认的Calico清单文件中所使用的镜像来源于docker.io国外镜像源，
上面我们配置了Docker镜像加速，应删除docker.io前缀以使镜像从国内镜像加速站点下载

cat calico.yaml |grep 'image:'
sed -i 's#docker.io/##g' calico.yaml
cat calico.yaml |grep 'image:'
		  
kubectl apply -f calico.yaml
kubectl get pods -n kube-system   

#安装目录：/etc/kubernetes/
#组件配置文件目录：/etc/kubernetes/manifests/

6.部署Dashboard（master执行）

Dashboard是官方提供的一个UI，可用于基本管理K8s资源。
YAML下载地址：不添加hosts，yaml下载不了

cat >> /etc/hosts << EOF
185.199.108.133  raw.Githubusercontent.com
185.199.109.133  raw.Githubusercontent.com
185.199.110.133  raw.Githubusercontent.com
185.199.111.133  raw.Githubusercontent.com
EOF
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

6.1修改recommended.yaml，开放30001端口

...
kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort

6.2验证

kubectl apply -f calico.yaml
kubectl -n kubernetes-dashboard get service
kubectl get svc,pods  -n kubernetes-dashboard

7.创建service account并绑定默认cluster-admin管理员集群角色：（master执行）

获得token秘钥

 #创建用户
kubectl create serviceaccount dashboard-admin -n kube-system
#用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
 #获取用户Token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

8.访问地址：https://NodeIP:30001 （推荐火狐浏览器）输入token秘钥

#问题：k8s界面出现报错，master、node丢失
匿名用户被禁止访问configmaps is forbidden: User “system:anonymous” cannot list resource “configmaps” in API g
给匿名用户授权即可解决，测试环境可用此快速解决：

 kubectl create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:anonymous