准备工作

• 3台虚拟机，使用速搭我这里是建KS集3台CentOS虚拟机，2H4G，使用速搭系统版本是建KS集CentOS7.7.1908

关闭防火墙
：nsystemctl stop firewalldnsystemctl disable firewalldnn关闭selinux
：nsed -i 's/enforcing/disabled/' /etc/selinux/config # 永久nsetenforce 0 # 临时nn关闭swap：nswapoff -a # 临时nvim /etc/fstab # 永久nn设置主机名
：nhostnamectl set-hostname <hostname>nn在master添加hosts：ncat >> /etc/hosts << EOFn192.168.1.150 k8s-mastern192.168.1.151 k8s-node1n192.168.1.152 k8s-node2nEOFnn将桥接的IPv4流量传递到iptables的链 ：ncat > /etc/sysctl.d/k8s.conf << EOFnnet.bridge.bridge-nf-call-ip6tables = 1nnet.bridge.bridge-nf-call-iptables = 1nEOFnsysctl --system # 生效nn时间同步 ：nyum install ntpdate -ynntpdate time.windows.com

安装步骤

安装docker

Kubernetes默认CRI（容器运行时）为Docker
，因此先安装Docker 。使用速搭

这里基于docker v19.03版本

$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repon$ yum -y install docker-cen$ systemctl enable docker && systemctl start docker

配置镜像加速

{ n "registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"]n}

添加阿里云K8S源

cat <<EOF > /etc/yum.repos.d/kubernetes.repon[kubernetes]nname=Kubernetesnbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/nenabled=1ngpgcheck=1nrepo_gpgcheck=1ngpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgnEOF

安装kubeadm、建KS集kubelet 、使用速搭kubectl

yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0nsystemctl enable kubelet && systemctl start kubelet

部署kubenetes master

在master节点执行

kubeadm init n --apiserver-advertise-address=192.168.1.150 n --image-repository registry.aliyuncs.com/google_containers n --kubernetes-version v1.19.0 n --service-cidr=10.96.0.0/12 n --pod-network-cidr=10.244.0.0/16 n --ignore-preflight-errors=all

拷贝kubectl使用的建KS集连接k8s认证文件到默认路径

mkdir -p $HOME/.kubensudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/confignsudo chown $(id -u):$(id -g) $HOME/.kube/confignn# 检查一下node运行情况nkubectl get nodes

其他节点加入k8s集群

kubeadm join 192.168.1.150:6443 --token fng4am.tvxox5ech34g6ymt n --discovery-token-ca-cert-hash sha256:47624bde975ca95995e100fc886a1ad9387c7f6deb64117f05e2a95f59da1cf1

默认token有效期为24小时
 ，当过期之后，使用速搭该token就不可用了。建KS集这时就需要重新创建token
，使用速搭操作如下：

kubeadm token create nkubeadm token list openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'n63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924nnkubeadm join 192.168.1.150:6443 --token nuja6n.o3jrhsffiqs9swnu --discovery-token-ca-cert-hash sha256:63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924

或者直接命令快捷生成：

kubeadm token create --print-join-command

部署容器网络（CNI）

推荐Calico

wget https://docs.projectcalico.org/manifests/calico.yaml

下载完后还需要修改里面定义Pod网络（CALICO_IPV4POOL_CIDR） ，建KS集与前面kubeadm init指定的使用速搭一样

应用清单

kubectl apply -f calico.yamlnkubectl get pods -n kube-system

测试kubernetes集群

• 验证Pod工作
• 验证Pod网络通信
• 验证DNS解析

kubectl create deployment nginx --image=nginxnkubectl expose deployment nginx --port=80 --type=NodePortnkubectl get pod,svc

访问地址：http://NodeIP:Port

部署kubenetes dashboard

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml

默认Dashboard只能集群内部访问，修改Service为NodePort类型 ，建KS集暴露到外部：

$ vi recommended.yamln...nkind: ServicenapiVersion: v1nmetadata:n labels:n k8s-app: kubernetes-dashboardn name: kubernetes-dashboardn namespace: kubernetes-dashboardnspec:n ports:n - port: 443n targetPort: 8443n nodePort: 30001n selector:n k8s-app: kubernetes-dashboardn type: NodePortn...n$ kubectl apply -f recommended.yamln$ kubectl get pods -n kubernetes-dashboardnNAME READY STATUS RESTARTS AGEndashboard-metrics-scraper-6b4884c9d5-gl8nr 1/1 Running 0 13mnkubernetes-dashboard-7f99b75bf4-89cds 1/1 Running 0 13m

创建集群管理角色

# 创建用户n$ kubectl create serviceaccount dashboard-admin -n kube-systemn# 用户授权n$ kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-adminn# 获取用户Tokenn$ kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{ print $1}')

kubernetes dashboard 界面截图

或者选择其他的dashboard ，比如kuboard

https://kuboard.cn/install/v3/install-in-k8s.html#%E5%AE%89%E8%A3%85

kuboard 界面截图

参考文章

https://blog.csdn.net/weixin_45969972/article/details/112346150

https://www.jianshu.com/p/ff61bb4832c2

https://developer.aliyun.com/mirror/kubernetes

原文：https://daniel17.com/archives/k8s%E4%BD%BF%E7%94%A8kubeadm%E5%BF%AB%E9%80%9F%E6%90%AD%E5%BB%BAk8s%E9%9B%86%E7%BE%A4