附带Dashboard的K8s集群安装（containerd）

K8s集群安装（containerd），带dashboard

安装Containerd

卸载已安装Docker（未安装忽略）

sudo apt-get remove docker\
docker-client\
docker-client-latest\
docker-latest\
docker-latest-logrotate\
docker-logrotate\
docker-engine docker-ce containerd -y

#由于本机配置时没有装上Docker所以报错

配置服务器Docker源

# 添加apt-key
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
# 添加源
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update

安装配置Containerd

sudo apt-get install containerd.io -y
# 装的时候可能出现网络问题导致报错，多试几次，不行再逐步排查

# 配置Containerd的内核

cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sudo sysctl --system

创建Containerd的配置文件

sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml

sudo sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml
sudo sed -i 's#k8s.gcr.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g'  /etc/containerd/config.toml
sudo sed -i 's#registry.gcr.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g'  /etc/containerd/config.toml
sudo sed -i 's#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g'  /etc/containerd/config.toml

启动Containerd

sudo systemctl daemon-reload
sudo systemctl enable --now containerd
sudo ctr plugin ls

#检查overlayfs状态为OK

配置阿里云apt源

# 添加apt-key
	curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
# 添加源
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

安装配置K8s集群

sudo apt-get update
sudo apt-get install -y kubelet=1.27.0-00 kubeadm=1.27.0-00 kubectl=1.27.0-00
sudo apt-mark hold kubelet kubeadm kubectl  # 锁定组件版本，可以升级系统

初始化集群

sudo swapoff -a # 关闭所有交换分区
sudo vim /etc/fstab  # 修改配置文件，注释自动挂载交换分区

# 提前拉取集群镜像
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.27.0
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.27.0
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.27.0
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.27.0
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9
sudo ctr -n k8s.io images pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.7-0

#在master节点进行init，其他节点不要进行init
sudo kubeadm init --apiserver-advertise-address 192.168.28.50   --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --cri-socket "unix:///var/run/containerd/containerd.sock" --kubernetes-version 1.27.0

# init成功后的输出内容
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.28.50:6443 --token ezuki7.z11ux1n55ygc5amt \
        --discovery-token-ca-cert-hash sha256:d9164932b3614ce8c9c4edf62064ec8f1fda85390253ab807af3a53be7628b19

初始化失败排查思路

1. kubeadm reset -f 重置集群，再初始化一次
2. 查看日志 tail -f /var/log/syslog | grep -v "not found"(或者过滤与集群有关的)

配置kube的config（相当于做了一个软链接，不需要指定kubectl的目录了）

mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
  
  # 这时我们可以通过kubectl查看工作节点了
  kubectl get node

加入工作节点

# 在node上进行，密钥为集群初始化输出内容的末尾
sudo kubeadm join 192.168.28.50:6443 --token ezuki7.z11ux1n55ygc5amt \
        --discovery-token-ca-cert-hash sha256:d9164932b3614ce8c9c4edf62064ec8f1fda85390253ab807af3a53be7628b19

失败排查思路和上面的初始化错误排查一致

安装三个Addons（k8s插件）

在master节点操作

#事先准备好的yaml文件

创建calico（CNI网络插件）

kubectl create -f calico.yaml

kubectl get po -n kube-system # 查看集群中pod状态

#刚执行完操作，插件状态还没准备好

kubectl get node

#我们等一会再看一下

#此时两个node节点的状态也变成ready了

kubectl get node

创建Metrics-server.yaml(获取度量指标插件)

# 利用scp命令把证书复制到所有的Node节点,控制节点操作
scp /etc/kubernetes/pki/front-proxy-ca.crt  node@192.168.28.51:/etc/kubernetes/pki
# ————>输入yes——>密码，一定要放到指定的位置，不然访问不了api
scp /etc/kubernetes/pki/front-proxy-ca.crt  node@192.168.28.52:/etc/kubernetes/pki

kubectl create -f comp.yaml
kubectl get po -n kube-system

报错

#用kubectl logs 命令检查 Pod 的日志，发现Metrics Server 无法启动，是因为它无法在 /etc/kubernetes/pki 目录中找到 front-proxy-ca.crt 文件

排查到原因是我没有上传证书到指定位置

#上传证书后删除pod，控制器重启pod成功！

kubectl top node

创建Dashboard（图形化界面插件）

kubectl create -f dashboard.yaml -f dashboard-user.yaml

查看pod状态

kubectl get po -n kubernetes-dashboard  

查看service状态

kubectl get svc -n kubernetes-dashboard

通过控制节点IP和端口能够查看dashboard

创建Token并进入页面

kubectl create token admin-user -n kube-system
# 生成的Token有两小时有效期，每次登录需要重新生成

至此，集群环境配置圆满结束