1. 准备工作(所有节点执行)
1.1. 准备虚拟机
当地摆设,仅供参考。
三个节点:名字为k8s-node1、k8s-node2、k8s-master
设置体系主机名及Host 文件
- sudo cat << EOF >> /etc/hosts
- 192.168.255.141 k8s-node1
- 192.168.255.142 k8s-node2
- 192.168.255.140 k8s-master
- EOF
- # 对应的节点执行
- sudo hostnamectl set-hostname k8s-node1
- sudo hostnamectl set-hostname k8s-node2
- sudo hostnamectl set-hostname k8s-master
- # 需要更新很久
- sudo yum update -y
- #设置存储库
- sudo yum install -y yum-utils
- sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
1.3.1 禁用iptables和firewalld服务
- systemctl stop firewalld
- systemctl disable firewalld
- systemctl stop iptables
- systemctl disable iptables
- # 永久关闭
- sed -i 's/enforcing/disabled/' /etc/selinux/config
- # 临时关闭
- setenforce 0
- # 临时关闭
- swapoff -a
- # 永久关闭
- vim /etc/fstab
- 将行
- /dev/mapper/xxx swap xxx
- 注释
1.3.4 调解内核参数,对于 K8S
- cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
- net.bridge.bridge-nf-call-iptables = 1
- net.bridge.bridge-nf-call-ip6tables = 1
- net.ipv4.ip_forward = 1
- EOF
- # 依次执行下面命令
- sysctl -p
- modprobe br_netfilter
- lsmod | grep br_netfilter
1.3.5 设置 ipvs 功能
- # 安装ipset和ipvsadm
- yum install ipset ipvsadmin -y
- # 添加需要加载的模块写入脚本文件
- cat <<EOF > /etc/sysconfig/modules/ipvs.modules
- #!/bin/bash
- modprobe -- ip_vs
- modprobe -- ip_vs_rr
- modprobe -- ip_vs_wrr
- modprobe -- ip_vs_sh
- modprobe -- nf_conntrack_ipv4
- EOF
- # 为脚本文件添加执行权限
- chmod +x /etc/sysconfig/modules/ipvs.modules
- # 执行脚本文件
- /bin/bash /etc/sysconfig/modules/ipvs.modules
- # 查看对应的模块是否加载成功
- lsmod | grep -e ip_vs -e nf_conntrack_ipv4
重启
2. 安装docker和cri-dockerd(所有节点执行)
2.1 安装docker
2.1.1 移除旧版docker(新安装虚拟机则不需执行)
- sudo yum remove docker \
- docker-client \
- docker-client-latest \
- docker-common \
- docker-latest \
- docker-latest-logrotate \
- docker-logrotate \
- docker-engine
- sudo yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- # 启动docker
- sudo systemctl start docker
- # 设置docker开机启动
- sudo systemctl enable docker
- # 验证
- sudo systemctl status docker
2.2 安装cri-dockerd
k8s 1.24版本后需要使用cri-dockerd和docker通信
2.2.1 下载cri-dockerd
- # 若没有wget,则执行
- sudo yum install -y wget
- # 下载
- sudo wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.4/cri-dockerd-0.3.4-3.el7.x86_64.rpm
- # 安装
- sudo rpm -ivh cri-dockerd-0.3.4-3.el7.x86_64.rpm
- # 重载系统守护进程
- sudo systemctl daemon-reload
- sudo tee /etc/docker/daemon.json <<-'EOF'
- {
- "registry-mirrors": ["https://c12xt3od.mirror.aliyuncs.com"]
- }
- EOF
- 修改第10行 ExecStart=
- 改为 ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
- vi /usr/lib/systemd/system/cri-docker.service
- # 重载系统守护进程
- sudo systemctl daemon-reload
- # 设置cri-dockerd自启动
- sudo systemctl enable cri-docker.socket cri-docker
- # 启动cri-dockerd
- sudo systemctl start cri-docker.socket cri-docker
- # 检查Docker组件状态
- sudo systemctl status docker cir-docker.socket cri-docker
3. 安装Kubernetes
3.1 安装kubectl(所有节点执行)
- # 当前使用的是最新版本 v1.28.2
- # 下载
- curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
- # 检验
- curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"
- echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
- # 安装
- sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
- # 测试
- kubectl version --client
- # 改国内源
- cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
- [kubernetes]
- name=Kubernetes
- baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
- enabled=1
- gpgcheck=0
- repo_gpgcheck=1
- gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
- http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
- exclude=kubelet kubeadm kubectl
- EOF
- # 安装
- sudo yum install -y install kubeadm-1.28.2-0 kubelet-1.28.2-0 kubectl-1.28.2-0 --disableexcludes=kubernetes
- # 设置自启动
- sudo systemctl enable --now kubelet
- # 下载 runc.amd64
- sudo wget https://github.com/opencontainers/runc/releases/download/v1.1.9/runc.amd64
- # 安装
- sudo install -m 755 runc.amd64 /usr/local/bin/runc
- # 验证
- runc -v
3.4.1 初始化集群(master节点执行)
- # 执行 kubeadm init 命令
- kubeadm init --node-name=k8s-master --image-repository=registry.aliyuncs.com/google_containers --cri-socket=unix:///var/run/cri-dockerd.sock --apiserver-advertise-address=192.168.255.140 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
- # 需要修改的参数
- --apiserver-advertise-address # 指定 API 服务器的广告地址、我设置为master节点的ip
-
- # 初始化成功后运行下面的命令
- mkdir -p $HOME/.kube
- sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
- sudo chown $(id -u):$(id -g) $HOME/.kube/config
- # master节点执行 配置文件的复制(为了在node节点可以使用kubectl相关命令)
- scp /etc/kubernetes/admin.conf 192.168.255.141:/etc/kubernetes/
- scp /etc/kubernetes/admin.conf 192.168.255.142:/etc/kubernetes/
3.4.2 node节点加入(node节点执行)
- # 到node节点检查admin.conf文件是否传输完成
- ls /etc/kubernetes/
- admin.conf manifests
- # 将admin.conf加入环境变量,直接使用永久生效
- echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
- # 加载
- source ~/.bash_profile
-
- # ---------------------------------加入集群-------------------------------------
- # 1.在master节点执行 kubeadm init成功后,会出现 kubeadm join xxx xxx的命令,直接复制到node节点执行就好。
- # 2.下面是若没有复制到kubeadm join的命令或者是想要在集群中加入新节点,
- # 则先在master执行,获取token 和 discovery-token-ca-cert-hash。
- # 获取 token 参数
- kubeadm token list # 查看已有 token
- kubeadm token create # 没有token则执行,创建新的 TOKEN
- # 获取 discovery-token-ca-cert-hash 参数
- openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
- # 3.node节点执行 kubeadm join
- # 修改获取的 token 和 discovery-token-ca-cert-hash 后,再执行
- kubeadm join 192.168.255.140:6443 --token y8v2nc.ie2ovh1kxqtgppbo --discovery-token-ca-cert-hash sha256:1fa593d1bc58653afaafc9ca492bde5b8e40e9adef055e8e939d4eb34fb436bf --cri-socket unix:///var/run/cri-dockerd.sock
3.4.3 重新加入集群(node节点执行)
- # 先执行
- kubeadm reset --cri-socket unix:///var/run/cri-dockerd.sock
- # 再获取TOKEN、discovery-token-ca-cert-hash 参数后,最后执行
- kubeadm join 192.168.255.140:6443 --token y8v2nc.ie2ovh1kxqtgppbo --discovery-token-ca-cert-hash sha256:1fa593d1bc58653afaafc9ca492bde5b8e40e9adef055e8e939d4eb34fb436bf --cri-socket unix:///var/run/cri-dockerd.sock
- # 下载,若网络抽风~~,则复制下面的kube-flannel.yml
- sudo wget https://github.com/flannel-io/flannel/releases/download/v0.22.3/kube-flannel.yml
- # 执行
- kubectl apply -f kube-flannel.yml
3.5 测试kubernetes 集群
- # 下面一般在master节点执行,若node节点可以使用kubectl命令,也可以在node节点上操作
- kubectl get nodes
- kubectl get pod -A
3.5.1 使用nginx测试
- vi nginx-deployment.yaml
- kubectl apply -f nginx-deployment.yaml
- # nginx-deployment.yaml
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: nginx-deployment
- spec:
- replicas: 3
- selector:
- matchLabels:
- app: nginx
- template:
- metadata:
- labels:
- app: nginx
- spec:
- containers:
- - name: nginx
- image: nginx:latest
- ports:
- - containerPort: 80
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: nginx-service
- spec:
- selector:
- app: nginx
- ports:
- - name: http
- port: 80
- targetPort: 80
- nodePort: 30080
- type: NodePort
- [root@k8s-master k8s]# kubectl get pod,svc |grep nginx
- pod/nginx-deployment-7c79c4bf97-4xzc9 1/1 Running 0 83s
- pod/nginx-deployment-7c79c4bf97-lp4fn 1/1 Running 0 83s
- pod/nginx-deployment-7c79c4bf97-vt8wh 1/1 Running 0 83s
- service/nginx-service NodePort 10.97.154.241 <none> 80:30080/TCP 83s
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
