Ubuntu系统kubeadm安装K8S_v1.25.x容器使用docker(K8S_v1.24版本以后依然使用docker容器管理)

安装所需要的全部文档请点击这里下载

系统是：

root@k8s-master:~# cat /etc/lsb-release DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04 DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION=“Ubuntu 22.04.3 LTS” root@k8s-master:~# uname -a
Linux k8s-master 5.15.0-76-generic #83-Ubuntu SMP Thu Jun 15 19:16:32
UTC 2023 x86_64 x86_64 x86_64 GNU/Linux root@k8s-master:~#

192.168.186.132 k8s-master01
192.168.186.133 k8s-node01
192.168.186.134 k8s-node02

hostnamectl set-hostname  k8s-master01 && bash
hostnamectl set-hostname  k8s-node01  && bash
hostnamectl set-hostname  k8s-node02  && bash

sudo cat >> /etc/hosts << EOF
192.168.186.132   k8s-master01
192.168.186.133   k8s-node01
192.168.186.134   k8s-node02
EOF

sudo systemctl stop ufw && sudo systemctl disable ufw

1.基础环境部署

sudo apt-get update     #更新源及/etc/apt/sources.list
sudo apt-get  -y upgrade   #更新已安装的软件包

sudo apt -y install vim lrzsz wget 
sudo swapoff -a # 临时  
sudo sed -i 's/.*swap.*/#&/' /etc/fstab # 永久

sudo timedatectl set-timezone Asia/Shanghai  &&  sudo systemctl restart rsyslog 
sudo apt install ntpdate -y && sudo ntpdate time.windows.com
sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
sudo lsmod | grep br_netfilter

sudo cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

sudo cat > /etc/sysctl.d/10-network-security.conf << EOF
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
EOFsudo sysctl --system

2.安装Docker和安装cri-dockerd插件

2.1 安装docker

sudo apt update && sudo apt-get  -y upgrade

#卸载原来安装的
sudo apt-get remove docker docker-engine docker.io containerd runc

#安装必要的一些系统工具
apt -y install apt-transport-https ca-certificates curl software-properties-common

#安装GPG证书
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

#写入软件源信息
add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

#更新软件源
apt-get -y update

#查看可安装的Docker版本
apt-cache madison docker-ce docker-ce-cli #查看可以安装的版本
apt install -y docker-ce docker-ce-cli
systemctl start docker && systemctl enable docker

#参数优化， 配置镜像加速并使用systemd
mkdir -p /etc/docker
cat > /etc/docker/daemon.json <<EOF
{"registry-mirrors":["https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com", "https://rncxm540.mirror.aliyuncs.com"],"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

#重启docker
sudo systemctl daemon-reload  && sudo systemctl restart docker 
sudo  systemctl enable  docker  && sudo systemctl status dockerdocker --version

2.2 安装cri-dockerd插件

 wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.2.6/cri-dockerd-0.2.6.amd64.tgztar xvf cri-dockerd-0.2.6.amd64.tgz
cp cri-dockerd/cri-dockerd /usr/local/bin/
#scp cri-dockerd/cri-dockerd root@k8s-node01:/usr/local/bin/
#scp cri-dockerd/cri-dockerd root@k8s-node02:/usr/local/bin/

#所有节点配置cri-dockerd.service文件
cat > /lib/systemd/system/cri-docker.service <<EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.comAfter=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPIDTimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process[Install]
WantedBy=multi-user.target
EOF

#所有节点配置cri-docker.socket文件
cat > /etc/systemd/system/cri-docker.socket <<EOF
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker[Install]
WantedBy=sockets.target
EOF

##复制到其他的节点
scp cri-dockerd/cri-dockerd  root@k8s-node01:/usr/local/bin/
scp /lib/systemd/system/cri-docker.service  root@k8s-node01:/lib/systemd/system/
scp /etc/systemd/system/cri-docker.socket  root@k8s-node01:/etc/systemd/system/scp cri-dockerd/cri-dockerd  root@k8s-node02:/usr/local/bin/
scp /lib/systemd/system/cri-docker.service  root@k8s-node02:/lib/systemd/system/
scp /etc/systemd/system/cri-docker.socket  root@k8s-node02:/etc/systemd/system/

#所有节点启动服务
systemctl restart cri-docker.socket && systemctl enable cri-docker.socket
systemctl  status  cri-docker.socketcri-dockerd  --version

3.开始安装K8S

3.1安装kubeadm kubeadm kubectl

sudo apt-get update && sudo apt-get install -y ca-certificates curl software-properties-common apt-transport-https curl

sudo curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -

sudo cat  >  /etc/apt/sources.list.d/kubernetes.list << EOF 
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF

sudo apt update && sudo apt-get  -y upgrade

sudo apt install kubelet=1.25.3-00 kubeadm=1.25.3-00 kubectl=1.25.3-00 -y #指定版本，最新版本拉去镜像有问题

sudo apt-mark hold kubelet kubeadm kubectl
sudo systemctl restart kubelet.service

3.2 初始化k8s-master01（在k8s-master01上执行）

#kubeadm config images list #查看集群安装需要的命令kubeadm config images list --kubernetes-version v1.25.3  > images-download.sh

cat  images-download.sh 
#!/bin/bash
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.25.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.25.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.25.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.25.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.8
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.4-0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.9.3
#到这里结束

chmod +x images-download.sh
bash   images-download.sh#镜像拉去成功后，再次执行sudo kubeadm init

sudo kubeadm init --kubernetes-version v1.25.3 --apiserver-advertise-address=192.168.186.132  --service-cidr=10.96.0.0/12  --pod-network-cidr=10.244.0.0/16 --image-repository registry.aliyuncs.com/google_containers   --cri-socket unix:///var/run/cri-dockerd.sock  --ignore-preflight-errors=all

kubeadm reset --cri-socket unix:///var/run/cri-dockerd.sock

root@k8s-master:~# kubectl get nodes -o wide
NAME         STATUS   ROLES           AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
k8s-master   Ready    control-plane   20m   v1.25.3   192.168.0.15   <none>        Ubuntu 22.04.3 LTS   5.15.0-76-generic   docker://24.0.5
k8s-node01   Ready     worker-01     20m   v1.25.3   192.168.0.15   <none>        Ubuntu 22.04.3 LTS   5.15.0-76-generic   docker://24.0.5
k8s-node01   Ready    worker-02      20m   v1.25.3   192.168.0.15   <none>        Ubuntu 22.04.3 LTS   5.15.0-76-generic   docker://24.0.5
root@k8s-master:~#

4.单集版的k8s安装后, 无法部署服务，因为默认k8s-master01不能部署pod,有污点, 需要去掉污点或者新增一个node，我这里是去除污点

{参考文章：https://blog.csdn.net/cd_yourheart/article/details/108766912}
##查看污点策略，显示三个k8s-master01节点都是NoSchedule

[root@k8s-master01 ~]# kubectl get no -o yaml | grep taint -A 5f:taints: {}manager: kube-controller-manageroperation: Updatetime: "2021-05-09T00:29:04Z"- apiVersion: v1fieldsType: FieldsV1
--taints:- effect: NoSchedulekey: node-role.kubernetes.io/k8s-master01status:addresses:
- address: 49.0.241.2[root@instance-rxkizktp ~]# kubectl taint nodes k8s-master01 key=value:NoExecute #给k8s-master01打上污点，这个就不能运行pod了#去除污点，允许k8s-master01节点部署pod
[root@instance-rxkizktp ~]# kubectl taint nodes --all node-role.kubernetes.io/control-plane-  #执行这句就行，就是取消污点
node/instance-rxkizktp untaintedroot@k8s-master01:/etc/kubernetes# kubectl taint nodes --all  node.kubernetes.io/not-ready:NoSchedule-    #执行这句就行，就是取消污点
node/k8s-master01 untainted
[root@instance-rxkizktp ~]#  kubectl taint nodes k8s-master01 key:NoExecute-	 #删除
node/k8s-master01 untainted#再次查看，无显示，说明污点去除成功
[root@instance-rxkizktp ~]#  kubectl get no -o yaml | grep taint -A 5  #什么都没有查询到

5.安装网络插件

kubectl apply -f calico.yaml

root@k8s-master01:~# kubectl get pods -n kube-system
NAME                                       READY   STATUS    RESTARTS      AGE
calico-kube-controllers-6744f6b6d5-p4r45   1/1     Running   0             5m23s
calico-node-tgfvq                          1/1     Running   0             5m23s
coredns-c676cc86f-5z8cp                    1/1     Running   0             13m
coredns-c676cc86f-lzc5c                    1/1     Running   0             13m
etcd-k8s-master01                          1/1     Running   0             41m
kube-apiserver-k8s-master01                1/1     Running   7             41m
kube-controller-manager-k8s-master01       1/1     Running   0             40m
kube-proxy-m66rg                           1/1     Running   0             13m
kube-scheduler-k8s-master01                1/1     Running   0             41m
root@k8s-master01:~#

6.部署httpd服务测试集群

kubectl create deployment httpd --image=httpd
kubectl expose deployment httpd --port=80 --type=NodePort
kubectl get pods,svc  #查看暴露端口

浏览器访问：集群任何IP:端口

7.补全命令

apt  install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc

8.部署Dashboard

官网网址： https://github.com/kubernetes/dashboard/releases
这里下载对应的文件，文件需要跟K8S版本对应上

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

docker pull registry.aliyuncs.com/google_containers/metrics-server:v0.6.0kubectl apply -f recommended.yaml 
kubectl get pods -n kubernetes-dashboard

[root@k8s-master01 ~]# kubectl get pods,svc -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-7b59f7d4df-znxj6   1/1     Running   0          114s
kubernetes-dashboard-5dbf55bd9d-rzkpw        1/1     Running   0          114s

#创建service  account并绑定默认cluster-admin管理员群集角色
kubectl create serviceaccount dashboard-admin -n kube-system  #创建用户
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin #用户授权
kubectl -n kube-system get serviceaccounts |grep dashboard #查看sa是否创建成功
kubectl -n kube-system create token dashboard-admin  --duration=518400s #创建用户Token
#一年365*24*60*60=31536000s 第一次token登录后有报错，请再次执行一次token就好了

9.部署metrics服务

docker pull kubernetesui/dashboard:v2.7.0
docker pull kubernetesui/metrics-scraper:v1.0.8kubectl apply -f components.yaml
kubectl top nodes 
kubectl top pods

[root@k8s-master01 ]# kubectl top nodes
NAME           CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
k8s-master01   873m         14%    1077Mi          13%       
k8s-node01     422m         7%     712Mi           12%       
k8s-node02     303m         7%     606Mi           16%       
[root@k8s-master01 ]# 
[root@k8s-master01 ]# 
[root@k8s-master01 ]# kubectl top nodes
NAME           CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
k8s-master01   873m         14%    1077Mi          13%       
k8s-node01     422m         7%     712Mi           12%       
k8s-node02     303m         7%     606Mi           16%       
[root@k8s-master0101 ]#