準備3臺虛擬機

在自己電腦上使用virtualbox 開了3臺1核2G的Ubuntu虛擬機，你可以先安裝好一臺，安裝第一臺的時候配置臨時調高到2核4G，安裝速度會快很多，安裝完通過如下命令關閉桌面，能夠省內存占用，后面我們都是通過SSH進行連接。

1. 安裝配置第一臺虛擬機

sudo systemctl set-default multi-user.target
sudo systemctl reboot

重啟完成后，安裝SSH

sudo apt install openssh-server
# 查看啟動狀態，Active: active (running) ，不是這個狀態的，就是沒啟動
sudo systemctl status ssh
# 沒用啟動，使用如下命令啟動sudo /etc/init.d/ssh start

記錄本機的IP地址

ip addr

2. 關閉交換分區
   k8s 默認要求關閉linux的交換分區，否則會無法啟動，除非手動配置交換分區，這里我們選擇禁用

# 永久禁用交換分區，會給/etc/fstab的swap配置注釋掉，修改完要重啟生效
sudo sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab

3. 復制剩余虛擬機
   通過virtualbox的復制功能，復制另外兩臺虛擬機，網卡我們都選擇重新生成MAC地址，等待復制完成后，記錄虛擬機的IP地址
4. 測試SSH連接
   在SSH工具中配置完成，我用的工具是Termius，測試連接是否正常
5. 設置主機名
   給3臺虛擬機設置不同的主機名，確定其中一臺做為k8s-master，其余兩臺做為k8s-node1何k8s-node2

sudo hostnamectl set-hostname youhostname

安裝容器運行時

k8s 1.24 后廢棄了直接集成的dockershim，如果要繼續使用docker就需要額外安裝CRI，https://github.com/Mirantis/cri-dockerd

這里我們使用containerd，該容器運行時，也是docker 公司的，只是更核心

## 1、containerd
# 下載包
wget https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz
?
# 將下載的包解壓到/usr/local下
tar Cxzvf /usr/local containerd-1.7.22-linux-amd64.tar.gz
?
# 下載服務啟動文件
wget -O /etc/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
# 文件內容如下，下載不下來直接復制
cat /etc/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target dbus.service[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerdType=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999[Install]
WantedBy=multi-user.target# 啟動containerd
systemctl daemon-reload
systemctl enable --now containerd
?
## 2、Installing runc
wget https://github.com/opencontainers/runc/releases/download/v1.2.0-rc.3/runc.amd64
install -m 755 runc.amd64 /usr/local/sbin/runc

切換國內源

# 創建containerd目錄
mkdir /etc/containerd
?
# 恢復默認配置文件
containerd config default | sudo tee /etc/containerd/config.toml
?
# 切換為國內源
sed -i 's/registry.k8s.io/registry.aliyuncs.com\/google_containers/' /etc/containerd/config.toml
?
# 修改SystemCgroup為true
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]SystemdCgroup = true

鏡像加速

[root@master ~]# vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry]config_path = "/etc/containerd/certs.d"  #修改此處
[root@master ~]# mkdir -p /etc/containerd/certs.d/docker.io
# docker hub加速
[root@master ~]# vim /etc/containerd/certs.d/docker.io/hosts.toml
[root@master ~]# cat /etc/containerd/certs.d/docker.io/hosts.toml 
server ="https://docker.io"
[host."https://docker.m.daocloud.io"]capabilities =["pull","resolve"]
[host."https://reg-mirror.giniu.com"]capabilities =["pull","resolve"]
# registry.k8s.io鏡像加速
[root@master ~]# mkdir -p /etc/containerd/certs.d/registry.k8s.io
[root@master ~]# vim /etc/containerd/certs.d/registry.k8s.io/hosts.toml
[root@master ~]# cat /etc/containerd/certs.d/registry.k8s.io/hosts.toml
server ="https://registry.k8s.io"
[host."https://k8s.m.daocloud.io"]capabilities =["pull","resolve","push"]
# 重啟服務（更多加速文檔參考上述文檔）
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart containerd.service

安裝kubeadm、kubelet、kubectl

在3臺機器上分別安裝kubeadm、kubelet、kubectl，我安裝版本是1.31

# 配置簽名秘鑰
# 如果 `/etc/apt/keyrings` 目錄不存在，則應在 curl 命令之前創建它，請閱讀下面的注釋。
# sudo mkdir -p -m 755 /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg# 添加倉庫
# 此操作會覆蓋 /etc/apt/sources.list.d/kubernetes.list 中現存的所有配置。
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list# 更新包索引、安裝 kubelet、kubeadm 和 kubectl，并鎖定其版本
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
# 啟動
sudo systemctl enable --now kubelet

安裝kube-apiserver、kube-proxy、kube-controller-manager等

獲取鏡像，只要執行這個命名就能自己拉取需要的鏡像

kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers

初始化控制平面

# 創建初始化配置文件
kubeadm config print init-defaults | sudo tee /etc/kubernetes/init-default.yaml# 修改為國內阿里源
sed -i 's/registry.k8s.io/registry.aliyuncs.com\/google_containers/' /etc/kubernetes/init-default.yaml# 設置 apiServerIP 地址. 請自行替換192.168.123.119為自己宿主機IP
sed -i 's/1.2.3.4/192.168.123.119/' /etc/kubernetes/init-default.yaml# 文件內容
[root@master ~]# cat /etc/kubernetes/init-default.yaml
apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authentication
kind: InitConfiguration
localAPIEndpoint:advertiseAddress: 192.168.123.119bindPort: 6443
nodeRegistration:criSocket: unix:///var/run/containerd/containerd.sockimagePullPolicy: IfNotPresentimagePullSerial: truename: nodetaints: null
timeouts:controlPlaneComponentHealthCheck: 4m0sdiscovery: 5m0setcdAPICall: 2m0skubeletHealthCheck: 4m0skubernetesAPICall: 1m0stlsBootstrap: 5m0supgradeManifests: 5m0s
---
apiServer: {}
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 87600h0m0s
certificateValidityPeriod: 8760h0m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
encryptionAlgorithm: RSA-2048
etcd:local:dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.31.0
networking:dnsDomain: cluster.localserviceSubnet: 10.96.0.0/12podSubnet: 192.168.0.0/16   #加入此句
proxy: {}
scheduler: {}# 初始化主節點
kubeadm init --image-repository registry.aliyuncs.com/google_containers

部署完成后提示：

Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.123.119:6443 --token ruyc2h.0e2tbzjopd6jte33 \--discovery-token-ca-cert-hash sha256:d320cc377ffbf516d017d7ed0ccc9f416013808827d3f8ffe545a57ca5271f4f 

按照說明執行
以普通用戶身份運行以下操作：

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

如果您是root用戶，也可以運行

export KUBECONFIG=/etc/kubernetes/admin.conf

目前為止容器運行狀態：

coredns 一直是Pending狀態，需要安裝網絡一個網絡插件

安裝網絡插件

網絡插件有很多，可見https://v1-31.docs.kubernetes.io/zh-cn/docs/concepts/cluster-administration/addons/#networking-and-network-policy
我選擇Calico

wget https://calico-v3-25.netlify.app/archive/v3.25/manifests/calico.yaml
kubectl apply -f calico.yaml

在其他的虛擬機上運行如下命令，加入節點，命令來自kubeadm init 初始化后打印的：

kubeadm join 192.168.123.119:6443 --token u0zv3l.pprli0wxqm8zvx5y \--discovery-token-ca-cert-hash sha256:7f16be323774a4e2dd41639e3188ce458614bb570899c39d245bc93b9cac13d2 # 過期后，在master重新獲取
kubeadm token create --print-join-command

如果安裝完，coredns節點還是pending, 節點也是NotReady狀態，在各節點上重啟
sudo systemctl restart kubelet
sudo systemctl restart containerd

部署kubernetes-dashboard

目前官方推薦使用heml 來部署

# 下載 helm
wget https://get.helm.sh/helm-v3.16.1-linux-amd64.tar.gztar zxf helm-v3.16.1-linux-amd64.tar.gzmv linux-amd64/helm /usr/local/bin/helm && rm -rf linux-amd64# 添加 kubernetes-dashboard 倉庫
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/# 使用 kubernetes-dashboard Chart 部署名為 `kubernetes-dashboard` 的 Helm Release
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard# 修改網絡類型，type:ClusterIP --> type:NodePort
kubectl edit svc kubernetes-dashboard-kong-proxy -n kubernetes-dashboard# 查看網絡kubectl -n kubernetes-dashboard get svc

系統自動分配了31613端口，使用https://任意集群IP:端口，https://192.168.123.119:31613

創建長效token

# 創建ServiceAccount
kubectl -n kubernetes-dashboard create serviceaccount admin-user-permanent# 綁定 ClusterRole
kubectl create clusterrolebinding admin-user-permanent \--clusterrole=cluster-admin \--serviceaccount=kubernetes-dashboard:admin-user-permanent# 創建長期有效的token
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:name: admin-user-permanent-tokennamespace: kubernetes-dashboardannotations:kubernetes.io/service-account.name: admin-user-permanent
type: kubernetes.io/service-account-token
EOF# 獲取token
kubectl -n kubernetes-dashboard get secret admin-user-permanent-token -o jsonpath="{.data.token}" | base64 --decode# 讓token 失效
kubectl -n kubernetes-dashboard delete secret admin-user-permanent-token

常用命令：
– 查看pod
kubectl get pods -A
– 刪除pod
kubectl delete deployment -n kube-system coredns
– 查看pod事件
kubectl describe pod -n kube-system coredns-6b59c98dd4-r5fmt
– 查看pod日志最后50行
kubectl logs -n kube-system -l k8s-app=calico-node --tail=50
– 滾動升級，更新版本號
kubectl set image deploy/my-dep nginx=nginx:1.16.1 --record=true
– 回滾
—查看歷史記錄
kubectl rollout history deployment/my-dep
— 回滾到上次
kubectl rollout undo deploy/my-dep
— 回滾到指定版本
kubectl rollout undo deploy/my-dep --to-revision=1