本次 Kubernetes 集群是基于 kubeadm 进行部署的，操作系统采用的 Anolis OS 8.9。

主机	IP	配置
k8s	192.168.211.11	2核，4G，20G硬盘
k8s2	192.168.211.12	2核，2G，20G硬盘
k8s3	192.168.211.13	2核，2G，20G硬盘

1、环境准备

# 关闭防火墙
sudo systemctl disable firewalld --now

# 关闭 selinux
setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

# 关闭 swap
sudo swapoff -a
sudo sed -ri 's/.*swap.*/#&/' /etc/fstab

# 配置内核参数
sudo tee /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

#配置k8s的yum源
sudo tee /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF

# 添加主机域名映射
sudo vi /etc/hosts
192.168.211.11 k8s-endpoint
192.168.211.11 k8s
192.168.211.12 k8s2
192.168.211.13 k8s3

2、Docker 容器安装

# 添加 Docker CE 源
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo

# 安装 Docker
sudo yum -y install docker-ce-20.10.9 docker-ce-cli-20.10.9 containerd.io docker-compose-plugin

# 配置 Docker
sudo mkdir /etc/docker
sudo tee /etc/docker/daemon.json << EOF
{
    "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"],
    "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

# 加载 Docker 配置
sudo systemctl daemon-reload

# Docker 服务开机启动
sudo systemctl enable docker --now

3、安装kubectl、kubelet、kubeadm（所有节点）

# 安装kubectl、kubelet、kubeadm
sudo yum install -y kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17

# 设置 kubelet 开机启动
sudo systemctl enable kubelet --now

4、初始化主节点

kubeadm init \
--apiserver-advertise-address=192.168.211.11 \
--control-plane-endpoint=k8s-endpoint \
--image-repository  registry.cn-hangzhou.aliyuncs.com/google_containers \
--kubernetes-version v1.23.17 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=172.20.0.0/16

# 初始化完成后会看到如下信息
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:

  kubeadm join k8s-endpoint:6443 --token arxcdy.lqyembnym7n866db \
        --discovery-token-ca-cert-hash sha256:0c2e1bb61d0e8ce0369fc3ca5c6e645ac4ccfbf437c91f857d3272c3a9a2ce67 \
        --control-plane

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join k8s-endpoint:6443 --token arxcdy.lqyembnym7n866db \
        --discovery-token-ca-cert-hash sha256:0c2e1bb61d0e8ce0369fc3ca5c6e645ac4ccfbf437c91f857d3272c3a9a2ce67

初始报错可以使用以下命令进行重置

kubeadm reset -f

5、添加 kubernetes 配置

# 以下内容在初始化主节点中完成信息中
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

6、将工作节点加入到集群中（工作节点）

# 以下内容在初始化主节点中完成信息中需要根据实际情况进行替换
kubeadm join k8s-endpoint:6443 --token arxcdy.lqyembnym7n866db \
        --discovery-token-ca-cert-hash sha256:0c2e1bb61d0e8ce0369fc3ca5c6e645ac4ccfbf437c91f857d3272c3a9a2ce67

7、安装 calico 网络（主节点）

# 下载配置文件
curl https://docs.projectcalico.org/v3.15/manifests/calico.yaml -O
# 调整为自己的网络配置
vi calico.yaml

找到如下位置

将 192.168.0.0 改为 172.20.0.0，调整后如下所示

应用部署

kubectl apply -f calico.yaml

8、安装 dashboard（主节点）

# 下载配置文件
curl https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc7/aio/deploy/recommended.yaml -O

# 调整配置
vi recommended.yaml

找到如下位置

调整为

应用配置

kubectl apply -f recommended.yaml

9、创建 dashboard 用户

vi dashboard-user.yaml

# 将以下内容写入文件
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

# 应用配置
kubectl apply -f dashboard-user.yaml

10、登录 dashboard

在浏览其中输入https://192.168.211.11:30000/

获取登录 token

kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

输入token，登录