记一次ubuntu云服务器部署单节点kubernetes

# 准备工作：安装kubelet kubeadm kubeclt工具

下载谷歌秘钥（需要翻墙）
https://packages.cloud.google.com/apt/doc/apt-key.gpg 
下载好以后执行: sudo apt-key add apt-key.gpg

添加国内软件源（root用户）

cat </etc/apt/sources.list.d/kubernetes.list

deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main

EOF

apt-get update

安装

apt-get install -y kubelet kubeadm kubectl

设置工具不随系统更新

apt-mark hold kubelet kubeadm kubectl

安装docker

安装依赖包

sudo apt-get install 
    apt-transport-https 
    ca-certificates 
    curl 
    gnupg-agent 
    software-properties-common

添加秘钥

curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

验证秘钥

sudo apt-key fingerprint 0EBFCD88

设置稳定版仓库

sudo add-apt-repository 
   "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/ 
  $(lsb_release -cs) 
  stable"

安装docker

 sudo apt-get update
 sudo apt-get install docker-ce docker-ce-cli containerd.io

docker以非root的身份运行

sudo groupadd docker
sudo gpasswd -a username(比如:ubuntu) docker
newgrp docker

关闭swap 分区：

​​​​​​​sudo swapoff -a

# 修改kubelet启动参数

sudo vim /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS --node-ip=xxx.xxx.xxx.xxx # 云服务ip

重启kubelet使配置生效

sudo systemctl daemon-reload

sudo systemctl enable kubelet

sudo systemctl start kubelet

查看服务状态
systemctl status kubelet.service

#  使用kubeadm 初始化主节点

需要的镜像：(因为这些镜像需要翻墙才能下载，所以采用导入的方式)

查看kubernetes版本需要的镜像版本
# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.23.1
k8s.gcr.io/kube-controller-manager:v1.23.1
k8s.gcr.io/kube-scheduler:v1.23.1
k8s.gcr.io/kube-proxy:v1.23.1
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6

打包镜像
docker save -o image.tar k8s.gcr.io/kube-apiserver:v1.23.1 k8s.gcr.io/kube-controller-manager:v1.23.1 k8s.gcr.io/kube-scheduler:v1.23.1 k8s.gcr.io/kube-proxy:v1.23.1 k8s.gcr.io/pause:3.6 k8s.gcr.io/etcd:3.5.1-0 k8s.gcr.io/coredns/coredns:v1.8.6

导入镜像
docker load -i image.tar

kubeadm init --control-plane-endpoint=xxx.xxx.xxx.xxx --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --apiserver-advertise-address=xxx.xxx.xxx.xxx   # 填写云服务ip

初始化成功以后执行:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

如果不执行会出现
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes") 的错误。

# 配置pod之间的网络

https://github.com/flannel-io/flannel#deploying-flannel-manually

配置文件需要的修改
 args:
 - --public-ip=$(PUBLIC_IP) # 公网ip
 - --iface=eth0             # 网卡名 

 env:
 - name: PUBLIC_IP     #添加环境变量
   valueFrom:          
     fieldRef:          
       fieldPath: status.podIP 


kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/documentation/kube-flannel.yml

如果raw.githubusercontent.com无法访问。在`https://www.ipaddress.com/ip-lookup`找到域名对应的ip。然后在本地的/etc/hosts配置dns。

# 验证

kubectl get node -o wide
显示的 INTERNAL-IP 字段就是云服务的ip。如果没有或者 STATUS 不是Ready。
执行 kubectl describe node kubernetes-master 查看原因。

# 允许master节点部署pod

kubectl taint nodes --all node-role.kubernetes.io/master-

# 配置 NGINX Ingress Controller

需要像前面那样，打包镜像
k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
k8s.gcr.io/ingress-nginx/controller:v1.1.0

执行
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/cloud/deploy.yaml

参考 `https://kubernetes.github.io/ingress-nginx/deploy/`

执行 kubectl get service ingress-nginx-controller --namespace=ingress-nginx
会出现 EXTERNAL-IP 是 。

执行
kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec": {"type": "LoadBalancer", "externalIPs":["xxx.xxx.xxx.xxx"]}}'  服务器ip

参考
`https://stackoverflow.com/questions/44110876/kubernetes-service-external-ip-pending`

配置大致已经，试着运行一个实例。

参考

在 Minikube 环境中使用 NGINX Ingress 控制器配置 Ingress | Kubernetes