Kubeadm部署Kubernetes
阅读原文时间:2023年07月08日阅读:4

1、环境准备

主机名

IP

说明

宿主机系统

k8s-master

10.0.0.101

Kubernetes集群的master节点

Ubuntu2004

k8s-node1

10.0.0.102

Kubernetes集群的node节点

Ubuntu2004

1-1、关闭防火墙、iptables、centos系列需要关闭selinux
 #所有节点执行:
 [root@ubuntu2004 ~]#systemctl stop ufw
 [root@ubuntu2004 ~]#iptables -nvL
1-2、各节点主机名相互解析
 #所有节点执行:
 [root@ubuntu2004 ~]#hostnamectl set-hostname k8s-master
 [root@ubuntu2004 ~]#vim /etc/hosts
 10.0.0.101 master
 10.0.0.102 node
 ​
1-3、时间同步
 #所有节点执行:
 [root@master ~]#apt install -y chrony
 [root@master ~]#vim /etc/chrony/chrony.conf
 server ntp.aliyun.com iburst
 [root@master ~]#systemctl enable --now chrony
 [root@master ~]#chronyc sources
1-4、禁用swap
 #所有节点执行:
 [root@master ~]#swapoff -a
 [root@master ~]#vim /etc/fstab
 #/swap.img  none    swap    sw  0   0
1-5、修改网桥内核参数
 #所有节点执行:
 #允许 iptables 检查桥接流量
 [root@master ~]#apt install -y bridge-utils    #默认没有该模块,需要安装
&nbsp;[root@master ~]#cat <<EOF | tee /etc/modules-load.d/modules.conf
&nbsp;br_netfilter
&nbsp;EOF
&nbsp;[root@master ~]#modprobe br_netfilter
&nbsp;[root@master ~]#lsmod | grep br_netfilter
&nbsp;​
&nbsp;[root@master ~]#cat > /etc/sysctl.d/kubernetes.conf <<EOF
&nbsp;net.bridge.bridge-nf-call-arptables = 1
&nbsp;net.bridge.bridge-nf-call-ip6tables = 1
&nbsp;net.ipv4.ip_forward = 1
&nbsp;user.max_user_namespaces=28633
&nbsp;EOF
&nbsp;​
&nbsp;[root@master ~]#sysctl -p /etc/sysctl.d/kubernetes.conf

2、安装docker

&nbsp;#所有节点执行:
&nbsp;[root@master ~]#apt install docker.io -y
&nbsp;#ubuntu默认自动启动并开机启动,如果未设置请手动设置 &nbsp; &nbsp;
&nbsp;​
&nbsp;#配置加速器,使用 systemd 来管理容器的 cgroup
&nbsp;[root@master ~]#mkdir -p /etc/docker
&nbsp;[root@master ~]#vim /etc/docker/daemon.json
&nbsp;{
&nbsp; &nbsp; &nbsp;"exec-opts": ["native.cgroupdriver=systemd"],
&nbsp; &nbsp; &nbsp;"log-driver": "json-file",
&nbsp; &nbsp; &nbsp;"log-opts": {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;"max-size": "100m"
&nbsp; &nbsp;  },
&nbsp; &nbsp; &nbsp;"storage-driver": "overlay2",
&nbsp; &nbsp; &nbsp;"storage-opts": [
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;"overlay2.override_kernel_check=true"
&nbsp; &nbsp;  ],
&nbsp; &nbsp; &nbsp;"experimental": false,
&nbsp; &nbsp; &nbsp;"debug": false,
&nbsp; &nbsp; &nbsp;"max-concurrent-downloads": 10,
&nbsp; &nbsp; &nbsp;"registry-mirrors": ["https://pgavrk5n.mirror.aliyuncs.com"]
&nbsp;}
&nbsp;[root@master ~]#systemctl daemon-reload
&nbsp;[root@master ~]#systemctl restart docker
&nbsp;​

3、部署k8sMaster节点

&nbsp;# 所有节点执行:
&nbsp;# 可参考阿里云官网:https://developer.aliyun.com/mirror/kubernetes
&nbsp;# 使apt支持ssl传输 并安装kubelet kubeadm kubectl
&nbsp;[root@master ~]#apt-get install -y ca-certificates curl software-properties-common apt-transport-https curl
&nbsp;[root@master ~]#apt-get update && apt-get install -y apt-transport-https
&nbsp;curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
&nbsp;cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
&nbsp;deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
&nbsp;EOF
&nbsp;apt-get update
&nbsp;apt-get install -y kubelet=1.23.1-00 kubeadm=1.23.1-00 kubectl=1.23.1-00
&nbsp;​
&nbsp;# 阻止自动更新(apt upgrade时忽略)。所以更新的时候先unhold,更新完再hold。
&nbsp;apt-mark hold kubelet kubeadm kubectl
&nbsp;# 先不要启动,如果启动会报错

&nbsp;#master上执行(10.0.0.101):
&nbsp;[root@master ~]#vim kubeadm-config.yaml
&nbsp;apiVersion: kubeadm.k8s.io/v1beta3
&nbsp;bootstrapTokens:
&nbsp;- groups:
&nbsp; &nbsp;- system:bootstrappers:kubeadm:default-node-token
&nbsp;  token: abcdef.0123456789abcdef
&nbsp;  ttl: 24h0m0s
&nbsp;  usages:
&nbsp; &nbsp;- signing
&nbsp; &nbsp;- authentication
&nbsp;kind: InitConfiguration
&nbsp;localAPIEndpoint:
&nbsp;  advertiseAddress: 10.0.0.101 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;#当前机器的局域网地址
&nbsp;  bindPort: 6443
&nbsp;nodeRegistration:
&nbsp;  criSocket: /var/run/dockershim.sock
&nbsp;  imagePullPolicy: IfNotPresent
&nbsp;  name: master
&nbsp;  taints: null
&nbsp;---
&nbsp;apiServer:
&nbsp;  timeoutForControlPlane: 4m0s
&nbsp;apiVersion: kubeadm.k8s.io/v1beta3
&nbsp;certificatesDir: /etc/kubernetes/pki
&nbsp;clusterName: kubernetes
&nbsp;controllerManager: {}
&nbsp;dns: {}
&nbsp;etcd:
&nbsp;  local:
&nbsp; &nbsp;  dataDir: /var/lib/etcd
&nbsp;imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
&nbsp;kind: ClusterConfiguration
&nbsp;kubernetesVersion: 1.23.1
&nbsp;networking:
&nbsp;  dnsDomain: cluster.local
&nbsp;  serviceSubnet: 10.96.0.0/12
&nbsp;scheduler: {}
&nbsp;---
&nbsp;kind: KubeletConfiguration
&nbsp;apiVersion: kubelet.config.k8s.io/v1beta1
&nbsp;#cgroupDriver: systemd
&nbsp;cgroupDriver: cgroupfs
&nbsp;​

#master上执行(10.0.0.101):

# 在运行 kubeadm init 之前先执行 kubeadm config images pull 来测试与 gcr.io 的连接,kubeadm config images pull尝试是否可以拉取镜像,如果你的服务器再国内,由于某些原因,是无法访问"k8s.gcr.io", "gcr.io", "quay.io"
[root@k8s-master ~]#kubeadm config images list        #查看kubeadm config 依赖的images有哪些
#执行结果如下
k8s.gcr.io/kube-apiserver:v1.23.8
k8s.gcr.io/kube-controller-manager:v1.23.8
k8s.gcr.io/kube-scheduler:v1.23.8
k8s.gcr.io/kube-proxy:v1.23.8
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6

#从国内镜像拉取
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.1-0
[root@master ~]#docker pull coredns/coredns:1.8.6

#或者拉取最新版,一条命令如下:
[root@k8s-master ~]#kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers   #拉取镜像

#master上执行(10.0.0.101):

#将拉取下来的images重命名为kubeadm config所需的镜像名字
#注意版本号有的是带v的,有的不带的v

[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.23.8 k8s.gcr.io/kube-apiserver:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.23.8 k8s.gcr.io/kube-controller-manager:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.23.8 k8s.gcr.io/kube-scheduler:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.23.8 k8s.gcr.io/kube-proxy:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6 k8s.gcr.io/pause:3.6
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.1-0 k8s.gcr.io/etcd:3.5.1-0
[root@master ~]#docker tag coredns/coredns:1.8.6 k8s.gcr.io/coredns/coredns:v1.8.6

#master上执行(10.0.0.101):

#初始化
[root@master ~]#kubeadm init --config kubeadm-config.yaml

#如果提示以下信息,安装成功,如果安装失败,请卸载kubectl、kubeadm、kubelet 然后再重新执行

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.0.0.101:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:415922bb8c4fd6768756559cdabc18bacc8661c86ebd411be9e6cd1036041c09 

#记住上边的node加入集群的命令,如果忘记,可以使用如下命令获取:
kubeadm token create --print-join-command

4、部署node节点

#所有node节点执行:

#请确保基础环境已经部署好(时间同步,防火墙,解析,swap,内核参数)

[root@node ~]#apt-get install -y ca-certificates curl software-properties-common apt-transport-https curl
[root@node ~]#apt-get update && apt-get install -y apt-transport-https
[root@node ~]#curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
[root@node ~]# cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
[root@node ~]#apt update
[root@node ~]#apt install -y kubelet=1.23.1-00 kubeadm=1.23.1-00 kubectl=1.23.1-00

[root@node2 ~]#apt-mark hold kubelet kubeadm kubectl

# 所有node节点执行:

# 加入集群(master节点安装完成后的提示命令)
[root@node ~]#kubeadm join 10.0.0.101:6443 --token abcdef.0123456789abcdef \
> --discovery-token-ca-cert-hash sha256:415922bb8c4fd6768756559cdabc18bacc8661c86ebd411be9e6cd1036041c09

#提示以下信息,表示加入集群成功
......
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

# 如果此处报错,则需要执行kubeadm reset重启

5、部署 Calico

#master上执行(10.0.0.101):

[root@master ~]#kubectl apply -f https://docs.projectcalico.org/v3.21/manifests/calico.yaml

#安装完成后需要等待k8s重新拉起节点

[root@master ~]#kubectl get nodes
NAME     STATUS   ROLES                  AGE     VERSION
master   Ready    control-plane,master   53m     v1.23.1
node     Ready    <none>                 8m26s   v1.23.1