# 安装/更新 yum-utilsyum install -y yum-utils# 配置 yum源yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo# 安装 docker 20.10.7 版本yum -y install docker-ce-20.10.7 docker-ce-cli-20.10.7 containerd.io# 查看 docker 版本docker -v# 启动 dockersystemctl start docker# 设置开机自启systemctl enable docker# 查看 docker 是否成功, 有 Client 和 Server 即成功docker version

sudo mkdir -p /etc/dockersudo tee /etc/docker/daemon.json <<-'EOF'{  "registry-mirrors": ["https://82m9ar63.mirror.aliyuncs.com"],  "exec-opts": ["native.cgroupdriver=systemd"],  "log-driver": "json-file",  "log-opts": {    "max-size": "100m"  },  "storage-driver": "overlay2"}EOF# 重启docker的后台线程sudo systemctl daemon-reload# 重启docker服务sudo systemctl restart docker# 查看是否配置成功docker info

systemctl stop firewalld NetworkManagersystemctl disable firewalld NetworkManager

# 查看主机名hostname# 设置主机名hostnamectl set-hostname k8s-masterhostnamectl set-hostname k8s-node1hostnamectl set-hostname k8s-node2# 更新bash

# 查看 交换分区free -m# 将 SELinux 设置为 permissive 模式（相当于将其禁用）  第一行是临时禁用，第二行是永久禁用setenforce 0sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config# 关闭swap；第一行是临时禁用，第二行是永久禁用swapoff -a  sed -ri 's/.*swap.*/#&/' /etc/fstab# 允许 iptables 检查桥接流量 （K8s 官方要求）cat <<EOF | sudo tee /etc/modules-load.d/k8s.confbr_netfilterEOFcat <<EOF | sudo tee /etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1EOF# 让配置生效sysctl --system

# 配置 k8s 的 yum 源地址cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg   http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF

# 安装 kubelet、kubeadm、kubectlyum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes# 启动kubeletsystemctl enable --now kubelet# 查看 kubelet 状态：一会停止 一会运行。 这个状态是对的，kubelet 等待 kubeadm 发号指令。systemctl status kubelet

# 配置镜像，生成 images.shsudo tee ./images.sh <<-'EOF'#!/bin/bashimages=(kube-apiserver:v1.20.9kube-proxy:v1.20.9kube-controller-manager:v1.20.9kube-scheduler:v1.20.9coredns:1.7.0etcd:3.4.13-0pause:3.2)for imageName in ${images[@]} ; dodocker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageNamedoneEOF# 拉取镜像chmod +x ./images.sh && ./images.sh

# 所有机器添加 master 域名映射，以下 IP 为 master 的 IP；# 访问 k8s-master 即 访问 192.168.1.135echo "192.168.1.135  k8s-master" >> /etc/hosts

# 主节点初始化 （只在 master 服务器执行， 其他 node 不用）# --apiserver-advertise-address: master 的 IP# --control-plane-endpoint: master 的域名# --service-cidr 和 --pod-network-cidr 是网络范围，雷神 建议不要改。要改的话 2 个cidr 和 vps（192.168.x.x） 的，3 个网络互相不能重叠；还要修改 calico.yaml的 IP（下图有写）。kubeadm init \--apiserver-advertise-address=192.168.1.135 \--control-plane-endpoint=k8s-master \--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \--kubernetes-version v1.20.9 \--service-cidr=10.96.0.0/16 \--pod-network-cidr=192.168.0.0/16

Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:  mkdir -p $HOME/.kube  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config  sudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:  export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:  https://kubernetes.io/docs/concepts/cluster-administration/addons/You can now join any number of control-plane nodes by copying certificate authoritiesand service account keys on each node and then running the following as root:  kubeadm join k8s-master:6443 --token is7ewi.nznlk1wdhsaocmp1 \    --discovery-token-ca-cert-hash sha256:b2795fca75bab316c566e98a619a3ce9b18c418e978c7b8fa9c48ff4143fd3c5 \    --control-planeThen you can join any number of worker nodes by running the following on each as root:kubeadm join k8s-master:6443 --token is7ewi.nznlk1wdhsaocmp1 \    --discovery-token-ca-cert-hash sha256:b2795fca75bab316c566e98a619a3ce9b18c418e978c7b8fa9c48ff4143fd3c5

mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config

# 下载 calico.yamlcurl https://docs.projectcalico.org/manifests/calico.yaml -O# 加载配置kubectl apply -f calico.yaml

kubectl apply -f https://docs.projectcalico.org/v3.18/manifests/calico.yaml

kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

如果修改了 初始化主节点中的--pod-network-cidr=192.168.0.0/16将 calico.yaml 的配置， # 去掉，IP 写 改的 IP。

kubeadm join k8s-master:6443 --token is7ewi.nznlk1wdhsaocmp1 \    --discovery-token-ca-cert-hash sha256:b2795fca75bab316c566e98a619a3ce9b18c418e978c7b8fa9c48ff4143fd3c5

# 重新获取令牌kubeadm token create --print-join-command

# 根据 在线配置文件 创建资源kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

# 本地配置kubectl apply -f recommended.yaml

# 修改配置文件 找到 type，将 ClusterIP 改成 NodePortkubectl edit svc kubernetes-dashboard -n kubernetes-dashboard# 找到端口，在安全组放行kubectl get svc -A |grep kubernetes-dashboard

kubectl delete service kubernetes-dashboard --namespace=kubernetes-dashboard

kubectl delete -f recommended.yaml 

kubectl apply -f recommended.yaml

# 查看日志kubectl logs -f -n kubernetes-dashboard kubernetes-dashboard-658485d5c7-f89v7

1、将 dashboard 部署到 master上，因为 master 刚安装了网络组件2、让 工作节点 也能访问 apiServer

# 无法访问，查看 部署到 哪个 node 上了， 将 dashboard 部署到 master 上kubectl get pods -A -o wide

# 修改 recommended.yaml，添加下面

# 重新安装 dashboard# 修改配置文件 找到 type，将 ClusterIP 改成 NodePortkubectl edit svc kubernetes-dashboard -n kubernetes-dashboard# 找到端口，在安全组放行kubectl get svc -A |grep kubernetes-dashboard

#创建访问账号，准备一个yaml文件vim dash-usr.yaml

apiVersion: v1kind: ServiceAccountmetadata:  name: admin-user  namespace: kubernetes-dashboard---apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  name: admin-userroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: cluster-adminsubjects:- kind: ServiceAccount  name: admin-user  namespace: kubernetes-dashboard

kubectl apply -f dash-usr.yaml

#获取访问令牌kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

eyJhbGciOiJSUzI1NiIsImtpZCI6IkZkbV91WkVqTnp3clZLd29JS1FYUWxURzZyd0FLcnpVQzBtRlRMTmpya0UifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTVrbGtrIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiNWVhYjQ2MS0xNjE1LTQ5ZTQtYTAzNC0wY2MxYWM1YTI5ODkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.eum4COcUzn6wt_vOpCUUEiNENzeGUTC_ZlKeB8d0IplFlZWrAav3RbqV5LMDRRIyyZ-7csJb3COhFEiCRtlkc9MM60od4IRMscNxv_tm11A32pmGn9eFERyaYjKUFBHZfF34jPcsjYqU50TDn6wykI_B6r9ZzvpJemR-wqF2y-GBvmz8q19D9q5zlhaE9gmmvksEx-D0ZyOeZo4tMdbD757OdTjgzlYhmTpfTs-Z8-sdKWnHGFCYbAPzrEgMgChcIjlyDle9-JaE1WCosGCA73xsBzXNnkvYC7YB_tagX4BhGDZEu4eyRNbgCAqO6of6QnvDXvlesd59IU-WMVE-7Q