centos系统离线安装k8s v1.23.9最后一个版本并部署服务，docker支持的最后一个版本

注意：我这里的离线安装包是V1.23.9.

K8S v1.23.9离线安装包下载：

链接：https://download.csdn.net/download/qq_14910065/88143546

这里包括离线安装所有的镜像，kubeadm，kubelet 和kubectl，calico.yaml，Dashboard的yaml,metrics的yaml,还有nginx.yaml，还有命令补全的安装包。

说明：提前下载如上的安装包

#在所有机器上导入镜像
docker load -i k8s1239_node.tar 
docker load -i k8s1239_master.tar

1.系统性能优化

#所有机器上执行
cat >> /etc/hosts << EOF
192.168.186.128 master
192.168.186.129 node1
192.168.186.130 node2
EOF

systemctl stop firewalld
systemctl disable firewalld
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
setenforce 0 # 临时
swapoff -a # 临时
sed -i 's/.*swap.*/#&/' /etc/fstab # 永久

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 生效

#永久修改主机名
hostnamectl set-hostname master  && bash  #在master上操作
hostnamectl set-hostname node1  && bash   #在node1上操作
hostnamectl set-hostname node2  && bash   #在node1上操作

2.离线安装docker

#所有机器上执行
docker离线安装请参考博客

3.离线安装kubeadm，kubelet 和kubectl

#所有机器上执行
[root@master qq]# ls
0f2a2afd740d476ad77c508847bad1f559afc2425816c1f2ce4432a62dfe0b9d-kubernetes-cni-1.2.0-0.x86_64.rpm  libnetfilter_cthelper-1.0.0-11.el7.x86_64.rpm
356e511f8963b4b68fdf41593e64e92f03f0b58c72aae0613aeff3e770078cf7-kubelet-1.20.5-0.x86_64.rpm        libnetfilter_cttimeout-1.0.0-7.el7.x86_64.rpm
3f5ba2b53701ac9102ea7c7ab2ca6616a8cd5966591a77577585fde1c434ef74-cri-tools-1.26.0-0.x86_64.rpm      libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm
8593f28d972a6818131c1a6cd34f52b22a6acd0c4c7dcf3d7447ad53a9f24cc3-kubectl-1.20.5-0.x86_64.rpm        socat-1.7.3.2-2.el7.x86_64.rpm
c2634321e0d8ebe24ba7c6f025df171f5d1707c75a90e3bdd08199ab47aac565-kubeadm-1.20.5-0.x86_64.rpm        安装说明.txt
conntrack-tools-1.4.4-7.el7.x86_64.rpm
[root@master qq]# rpm -ivh *.rpm #直接安装

4.离线部署Kubernetes Master

#master机器上执行
kubeadm init --apiserver-advertise-address=192.168.186.128  --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.9  --service-cidr=10.96.0.0/12  --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all

#master机器上执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

#master机器上执行
[root@master mqq]# kubectl get nodes #安装后看到状态是NotReady
NAME         STATUS     ROLES                  AGE   VERSION
k8s-master   NotReady   control-plane,master   11m   v1.23.9

5.离线安装Pod 网络插件（CNI）

#master机器上执行
kubectl apply -f calico.yaml

[root@master manifests]# kubectl get nodes #现在看到状态是Ready就OK
NAME         STATUS   ROLES                  AGE   VERSION
k8s-master   Ready    control-plane,master   15m   v1.23.9
[root@master manifests]# 

[root@k8s-master manifests]# kubectl get pods -n kube-system #全部状态是Running就OK
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-6b8f6f78dc-qrw2g   1/1     Running   0          2m39s
calico-node-s5ddr                          1/1     Running   0          2m39s
coredns-7f89b7bc75-b49sr                   1/1     Running   0          17m
coredns-7f89b7bc75-gtft5                   1/1     Running   0          17m
etcd-k8s-master                            1/1     Running   0          17m
kube-apiserver-k8s-master                  1/1     Running   0          17m
kube-controller-manager-k8s-master         1/1     Running   0          17m
kube-proxy-grkw8                           1/1     Running   0          17m
kube-scheduler-k8s-master                  1/1     Running   0          17m
[root@k8s-master manifests]# 

6. node节点加入集群中

#这个命令是master第四步中执行kubeadm init后出现的结果，所有node都需要执行
kubeadm join 192.168.186.128:6443 --token evgmf9.v24ioewquq3xxz2z --discovery-token-ca-cert-hash sha256:cdf4b90eb86e557e97cf6f6dae1bb3788689f04e31c59928bd190b0259167eda

[root@node1 kubernetes]# kubeadm join 192.168.186.128:6443 --token evgmf9.v24ioewquq3xxz2z --discovery-token-ca-cert-hash sha256:cdf4b90eb86e557e97cf6f6dae1bb3788689f04e31c59928bd190b0259167eda
[preflight] Running pre-flight checks
	[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 24.0.5. Latest validated version: 20.10
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

kubeadm token create --print-join-command #重新生成token

#注意高可用结群在master上需要执行的
kubeadm join 192.168.186.128:6443 --token l9jbw7.dw8nxmw51jci3z0b \
    --discovery-token-ca-cert-hash sha256:cdf4b90eb86e557e97cf6f6dae1bb3788689f04e31c59928bd190b0259167eda \
    --control-plane 

7.部署Dashboard

kubectl apply -f recommended.yaml

[root@master manifests]# kubectl get pods -n kubernetes-dashboard #状态全部是 Running就OK
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-7b59f7d4df-5n42w   1/1     Running   0          50s
kubernetes-dashboard-74d688b6bc-rdw9r        1/1     Running   0          50s
[root@k8s-master manifests]# 

访问地址：https://192.168.186.128:30001/ #必须要用https://
创建service account并绑定默认cluster-admin管理员群集角色
使用输出的token登录Dashboard

kubectl create serviceaccount dashboard-admin -n kube-system #创建用户
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin #用户授权
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}') #获取用户Token,用于页面登录

8.部署metrics服务

kubectl apply -f components.yaml
kubectl top nodes
kubectl top pods

9.测试kubernetes是否正常

kubectl apply -f nginx.yaml 
kubectl get pods,svc

[root@master mqq]# kubectl get pods,svc
NAME                         READY   STATUS    RESTARTS   AGE
pod/nginx-7cf7d6dbc8-8lrzb   1/1     Running   0          46s

NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
service/kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP        76m
service/nginx        NodePort    10.98.34.181   <none>        80:30762/TCP   46s
[root@master mqq]# ip:30762 去页面访问，能访问就OK

10.安装k8s补全命令

#上传安装包bash-completion-2.1-8.el7.noarch.rpm
rpm -ivh bash-completion-2.1-8.el7.noarch.rpm  bash-completion-extras-2.1-11.el7.noarch.rpm
kubectl completion bash
source /usr/share/bash-completion/bash_completion
kubectl completion bash >/etc/profile.d/kubectl.sh
source /etc/profile.d/kubectl.sh

cat >> /root/.bashrc << EOF
source /etc/profile.d/kubectl.sh
EOF

大家在使用和安装中有问题，欢迎留言，看到后给大家解释！