Kubeadm部署Kubernetes
1、环境准备
主机名
IP
说明
宿主机系统
k8s-master
10.0.0.101
Kubernetes集群的master节点
Ubuntu2004
k8s-node1
10.0.0.102
Kubernetes集群的node节点
Ubuntu2004
1-1、关闭防火墙、iptables、centos系列需要关闭selinux
#所有节点执行:
[root@ubuntu2004 ~]#systemctl stop ufw
[root@ubuntu2004 ~]#iptables -nvL1-2、各节点主机名相互解析
#所有节点执行:
[root@ubuntu2004 ~]#hostnamectl set-hostname k8s-master
[root@ubuntu2004 ~]#vim /etc/hosts
10.0.0.101 master
10.0.0.102 node
1-3、时间同步
#所有节点执行:
[root@master ~]#apt install -y chrony
[root@master ~]#vim /etc/chrony/chrony.conf
server ntp.aliyun.com iburst
[root@master ~]#systemctl enable --now chrony
[root@master ~]#chronyc sources1-4、禁用swap
#所有节点执行:
[root@master ~]#swapoff -a
[root@master ~]#vim /etc/fstab
#/swap.img none swap sw 0 01-5、修改网桥内核参数
#所有节点执行:
#允许 iptables 检查桥接流量
[root@master ~]#apt install -y bridge-utils #默认没有该模块,需要安装
[root@master ~]#cat <<EOF | tee /etc/modules-load.d/modules.conf
br_netfilter
EOF
[root@master ~]#modprobe br_netfilter
[root@master ~]#lsmod | grep br_netfilter
[root@master ~]#cat > /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
user.max_user_namespaces=28633
EOF
[root@master ~]#sysctl -p /etc/sysctl.d/kubernetes.conf2、安装docker
#所有节点执行:
[root@master ~]#apt install docker.io -y
#ubuntu默认自动启动并开机启动,如果未设置请手动设置
#配置加速器,使用 systemd 来管理容器的 cgroup
[root@master ~]#mkdir -p /etc/docker
[root@master ~]#vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"experimental": false,
"debug": false,
"max-concurrent-downloads": 10,
"registry-mirrors": ["https://pgavrk5n.mirror.aliyuncs.com"]
}
[root@master ~]#systemctl daemon-reload
[root@master ~]#systemctl restart docker
3、部署k8sMaster节点
# 所有节点执行:
# 可参考阿里云官网:https://developer.aliyun.com/mirror/kubernetes
# 使apt支持ssl传输 并安装kubelet kubeadm kubectl
[root@master ~]#apt-get install -y ca-certificates curl software-properties-common apt-transport-https curl
[root@master ~]#apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet=1.23.1-00 kubeadm=1.23.1-00 kubectl=1.23.1-00
# 阻止自动更新(apt upgrade时忽略)。所以更新的时候先unhold,更新完再hold。
apt-mark hold kubelet kubeadm kubectl
# 先不要启动,如果启动会报错
#master上执行(10.0.0.101):
[root@master ~]#vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.0.0.101 #当前机器的局域网地址
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
imagePullPolicy: IfNotPresent
name: master
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.23.1
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
---
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
#cgroupDriver: systemd
cgroupDriver: cgroupfs
#master上执行(10.0.0.101):
# 在运行 kubeadm init 之前先执行 kubeadm config images pull 来测试与 gcr.io 的连接,kubeadm config images pull尝试是否可以拉取镜像,如果你的服务器再国内,由于某些原因,是无法访问"k8s.gcr.io", "gcr.io", "quay.io"
[root@k8s-master ~]#kubeadm config images list #查看kubeadm config 依赖的images有哪些
#执行结果如下
k8s.gcr.io/kube-apiserver:v1.23.8
k8s.gcr.io/kube-controller-manager:v1.23.8
k8s.gcr.io/kube-scheduler:v1.23.8
k8s.gcr.io/kube-proxy:v1.23.8
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6
#从国内镜像拉取
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.1-0
[root@master ~]#docker pull coredns/coredns:1.8.6
#或者拉取最新版,一条命令如下:
[root@k8s-master ~]#kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers #拉取镜像
#master上执行(10.0.0.101):
#将拉取下来的images重命名为kubeadm config所需的镜像名字
#注意版本号有的是带v的,有的不带的v
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.23.8 k8s.gcr.io/kube-apiserver:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.23.8 k8s.gcr.io/kube-controller-manager:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.23.8 k8s.gcr.io/kube-scheduler:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.23.8 k8s.gcr.io/kube-proxy:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6 k8s.gcr.io/pause:3.6
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.1-0 k8s.gcr.io/etcd:3.5.1-0
[root@master ~]#docker tag coredns/coredns:1.8.6 k8s.gcr.io/coredns/coredns:v1.8.6
#master上执行(10.0.0.101):
#初始化
[root@master ~]#kubeadm init --config kubeadm-config.yaml
#如果提示以下信息,安装成功,如果安装失败,请卸载kubectl、kubeadm、kubelet 然后再重新执行
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.0.101:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:415922bb8c4fd6768756559cdabc18bacc8661c86ebd411be9e6cd1036041c09
#记住上边的node加入集群的命令,如果忘记,可以使用如下命令获取:
kubeadm token create --print-join-command
4、部署node节点
#所有node节点执行:
#请确保基础环境已经部署好(时间同步,防火墙,解析,swap,内核参数)
[root@node ~]#apt-get install -y ca-certificates curl software-properties-common apt-transport-https curl
[root@node ~]#apt-get update && apt-get install -y apt-transport-https
[root@node ~]#curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
[root@node ~]# cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
[root@node ~]#apt update
[root@node ~]#apt install -y kubelet=1.23.1-00 kubeadm=1.23.1-00 kubectl=1.23.1-00
[root@node2 ~]#apt-mark hold kubelet kubeadm kubectl
# 所有node节点执行:
# 加入集群(master节点安装完成后的提示命令)
[root@node ~]#kubeadm join 10.0.0.101:6443 --token abcdef.0123456789abcdef \
> --discovery-token-ca-cert-hash sha256:415922bb8c4fd6768756559cdabc18bacc8661c86ebd411be9e6cd1036041c09
#提示以下信息,表示加入集群成功
......
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
# 如果此处报错,则需要执行kubeadm reset重启
5、部署 Calico
#master上执行(10.0.0.101):
[root@master ~]#kubectl apply -f https://docs.projectcalico.org/v3.21/manifests/calico.yaml
#安装完成后需要等待k8s重新拉起节点
[root@master ~]#kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 53m v1.23.1
node Ready <none> 8m26s v1.23.1
手机扫一扫
移动阅读更方便
你可能感兴趣的文章