安装 kubeadm、kubelet 和 kubectl

0. 禁用swap，否则将导致kubelet无法启动（如果需要swap，也可以自行创建swap文件并启用，见《为kubernetes提供swap》）

       sudo swapoff -all #临时禁用swap，如需永久禁用，请将/etc/fstab中的swap条目删除

1. 更新 apt 包索引并安装使用 Kubernetes apt 仓库所需要的包：

sudo apt-get update
# apt-transport-https 可能是一个虚拟包（dummy package）；如果是的话，你可以跳过安装这个包
sudo apt-get install -y apt-transport-https ca-certificates curl gpg git

2. 下载用于 Kubernetes 软件包仓库的公共签名密钥。所有仓库都使用相同的签名密钥，因此你可以忽略URL中的版本：

# 如果 `/etc/apt/keyrings` 目录不存在，则应在 curl 命令之前创建它，请阅读下面的注释。
# sudo mkdir -p -m 755 /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

3. 添加 Kubernetes apt 仓库。

# 此操作会覆盖 /etc/apt/sources.list.d/kubernetes.list 中现存的所有配置。
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

4. 更新 apt 包索引，安装 kubelet、kubeadm 和 kubectl，并锁定其版本：

sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

kubelet 现在每隔几秒就会重启，因为它陷入了一个等待 kubeadm 指令的死循环。

配置内核参数和内核模块

1. 启用 IPv4 数据包转发以及网络桥接时iptables包过滤功能

# 设置所需的 sysctl 参数，参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

# 应用 sysctl 参数而不重新启动
sudo sysctl --system

使用以下命令验证 net.ipv4.ip_forward 是否设置为 1：

sysctl net.ipv4.ip_forward

2. 安装内核模块（如果不进行配置，可能会出现网络的相关问题）

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter

安装Runtime – Containerd（二选一）

1. 安装containerd

   sudo apt-get update 
   sudo apt-get install -y containerd

2. 创建配置文件

   # 生成默认配置文件
   sudo bash -c "containerd config default > /etc/containerd/config.toml"
   # 修改cgroup为Systemd
   sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
   # 设置为国内镜像源
   sudo sed -i 's/registry.k8s.io\/pause:3.6/registry.aliyuncs.com\/google_containers\/pause:3.9/g' /etc/containerd/config.toml
   sudo systemctl restart containerd

安装Runtime – Containerd + Docker（二选一）

此方法可以让Containerd和Docker共存

1. 导入官方镜像源（此方法安装的版本是最新版）

curl -sS https://download.docker.com/linux/debian/gpg | gpg --dearmor > /usr/share/keyrings/docker-ce.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-ce.gpg] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/debian $(lsb_release -sc) stable" > /etc/apt/sources.list.d/docker.list

2. 安装docker

apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

3. 创建配置文件

   # 生成默认配置文件
   sudo bash -c "containerd config default > /etc/containerd/config.toml"
   # 修改cgroup为Systemd
   sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
   # 设置为国内镜像源，这个地方pause后面的数值可能不一样，需要手动修改
   sudo sed -i 's/registry.k8s.io\/pause:3.6/registry.aliyuncs.com\/google_containers\/pause:3.9/g' /etc/containerd/config.toml
   sudo systemctl restart containerd

初始化kubeadm

1. 如果使用的是云服务器，且打算通过公网构建集群，那么需要为网卡添加一个云服务器的公网IP（非云服务器或者服务器网卡IP与公网IP一样的不用执行）

       comment="ip addr add <master的公网ip>/32 dev eth0"
       sudo bash -c "echo $comment >> /etc/profile"
       sudo bash -c "$comment"

1. 初始化

kubeadm init --apiserver-advertise-address=<master的公网IP> --pod-network-cidr=10.244.0.0/16

3. 初始化好后会得到，请做好保存。

  Your Kubernetes control-plane has initialized successfully!

  To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

  Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

  You should now deploy a pod network to the cluster.
  Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

  Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.56.10:6443 --token 0pdoeh.wrqchegv3xm3k1ow \
  --discovery-token-ca-cert-hash sha256:f4e693bde148f5c0ff03b66fb24c51f948e295775763e8c5c4e60d24ff57fe82

4. 配置.kube
   对应上面输出

mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

5. 安装 pod 网络附加组件 flannel

wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
sed -i "s/ docker.io\/flannel/ swr.cn-north-4.myhuaweicloud.com\/ddn-k8s\/docker.io\/flannel/g" kube-flannel.yml
kubectl apply -f kube-flannel.yml

添加节点

1. 按照前面配置master进行配置，直到初始化前，然后执行master初始化时生成的最后一行的kubeadm join ...，就可以成功加入集群。
   注意，注意，如果是云服务器，需要加上--node-ip=<云服务器的公网IP>

让集群能够在控制平面调度Pod

执行

kubectl taint nodes --all node-role.kubernetes.io/control-plane-

若要移除此特性

kubectl label nodes --all node.kubernetes.io/exclude-from-external-load-balancers-

安装kubernetes官方的包管理工具helm

安装helm

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

安装kubernetes-dashboard

安装kubernetes-dashboard

# 添加 kubernetes-dashboard 仓库
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# 使用 kubernetes-dashboard Chart 部署名为 `kubernetes-dashboard` 的 Helm Release
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard

开启端口转发

kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443

创建admin-user账户

cat <<EOF | tee admin-user.yaml
# admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: admin-user
    namespace: kubernetes-dashboard
EOF

kubectl apply -f admin-user.yaml

生成admin-user的token，并记下token

kubectl -n kubernetes-dashboard create token admin-user

接着将token填入kubernetes-dashboard的登陆界面token框里即可

安装Kuboard v4.0

前提是安装了Docker

mkdir ~/.kuboard
cd ~/.kuboard
cat <<EOF | tee docker-compose.yaml
configs:
  create_db_sql:
    content: |
      CREATE DATABASE kuboard DEFAULT CHARACTER SET = 'utf8mb4' DEFAULT COLLATE = 'utf8mb4_unicode_ci';
      create user 'kuboard'@'%' identified by 'kuboardpwd';
      grant all privileges on kuboard.* to 'kuboard'@'%';
      FLUSH PRIVILEGES;

services:
  db:
    image: swr.cn-east-2.myhuaweicloud.com/kuboard/mariadb:11.3.2-jammy
    # image: mariadb:11.3.2-jammy  
    # swr.cn-east-2.myhuaweicloud.com/kuboard/mariadb:11.3.2-jammy 与 mariadb:11.3.2-jammy 镜像完全一致
    restart: always
    environment:
      MARIADB_ROOT_PASSWORD: kuboardpwd
      MYSQL_ROOT_PASSWORD: kuboardpwd
      TZ: Asia/Shanghai
    volumes:
      - ./kuboard-mariadb-data:/var/lib/mysql:Z
    configs:
      - source: create_db_sql
        target: /docker-entrypoint-initdb.d/create_db.sql
        mode: 0777
    networks:
      kuboard_v4_dev:
        aliases:
          - db
  kuboard:
    image: swr.cn-east-2.myhuaweicloud.com/kuboard/kuboard:v4
    # image: eipwork/kuboard:v4
    restart: always
    environment:
      - DB_DRIVER=org.mariadb.jdbc.Driver
      - DB_URL=jdbc:mariadb://db:3306/kuboard?serverTimezone=Asia/Shanghai
      - DB_USERNAME=kuboard
      - DB_PASSWORD=kuboardpwd
    ports:
      - '8000:80'
    depends_on:
      - db
    networks:
      kuboard_v4_dev:
        aliases:
          - kuboard

networks:
  kuboard_v4_dev:
    driver: bridge
EOF
docker compose up -d