使用kubeadm部署k8s集群
须知:正式环境不建议这种方法安装推荐二进制。
·
须知:正式环境不建议这种方法安装推荐二进制
1、环境准备
测试环境哈!资源划分按具体情况定!这里使用的龙蜥系统
master(管理主机):2CPU、4G 10.211.55.5 longxi-01
node01(计算节点):2CPU、4G 10.211.55.6 longxi-02
node02(计算节点):2CPU、4G 10.211.55.7 longxi-032、基本环境设置
所有节点需关闭swap、selinux、firewalld
[root@longxi-01 ~]# swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
[root@longxi-01 ~]# setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce: SELinux is disabled
[root@longxi-01 ~]# systemctl stop firewalld && systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@longxi-01 ~]# systemctl stop postfix.service && systemctl disable postfix.service
Failed to stop postfix.service: Unit postfix.service not loaded.所有节点设置host
[root@longxi-01 ~]# vim /etc/hosts
10.211.55.5 longxi-01
10.211.55.6 longxi-02
10.211.55.7 longxi-03调整内核
[root@longxi-01 ~]# vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1 # 开启桥设备内核监控(ipv6)
net.bridge.bridge-nf-call-iptables = 1 # 开启桥设备内核监控(ipv4)
net.ipv4.ip_forward = 1 # 开启路由转发
[root@longxi-01 ~]# modprobe br_netfilter
[root@longxi-01 ~]# sysctl --system设置时间同步
[root@longxi-01 ~]# vim /etc/chrony.conf
server 210.72.145.44 iburst
server ntp.aliyun.com iburst
#pool ntp.aliyun.com iburst //注释掉这个添加上面两行
[root@longxi-01 ~]# systemctl restart chronyd.service
[root@longxi-01 ~]# systemctl enable chronyd.service
[root@longxi-01 ~]# chronyc sources -v安装IPVS代理软件包
[root@longxi-01 ~]# yum install -y ipvsadm ipset # 使用lvs负载均衡调用集群的负载均衡
[root@longxi-01 ~]# ipvsadm -Ln #查看规则
master节点上安装docker、kubeadm、kubelet、kubectl
node节点上安装docker、kubeadm、kubelet
目前三台服务器docker已经安装了
添加k8s的yum源
[root@longxi-01 ~]#cat << EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF软件安装
[root@longxi-01 ~]# yum -y install kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0
[root@longxi-01 ~]# systemctl enable kubelet检查docker驱动是否使用systemd,如果不一致会导致镜像启动不起来
[root@longxi-01 ~]# docker info | grep "Cgroup Driver"
Cgroup Driver: cgroupfs
不一致需要更改,顺便加个源
[root@longxi-01 ~]# vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["http://f1361db2.m.daocloud.io"]
}
[root@longxi-01 ~]# systemctl daemon-reload
[root@longxi-01 ~]# systemctl restart docker设置tab键,可以时kubeadm键tab出来
[root@longxi-01 ~]# kubectl completion bash >/etc/bash_completion.d/kubectl
[root@longxi-01 ~]# kubeadm completion bash >/etc/bash_completion.d/kubeadm3、master节点初始化集群
[root@longxi-01 ~]# kubeadm config images list 查看集群k8s清单用docker pull下载下来
[root@longxi-01 ~]# kubeadm init \
--apiserver-advertise-address=10.211.55.5 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.23.0 \
--service-cidr=10.254.0.0/16 \
--pod-network-cidr=10.244.0.0/16
参数说明:
--apiserver-advertise-address 集群通告地址
--image-repository 由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址
--kubernetes-version K8s版本,与上面安装的一致
--service-cidr 集群内部虚拟网络,Pod统一访问入口
--pod-network-cidr Pod网络,与下面部署的CNI网络组件yaml中保持一致
根据提示完成集群授权
[root@longxi-01 ~]# mkdir -p $HOME/.kube
[root@longxi-01 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@longxi-01 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config检查kubectl安装
[root@longxi-01 ~]# kubectl version
[root@longxi-01 ~]# kubectl get componentstatuses
获取master的token,认证文件token存放在/etc/kubernetes/pki/ca.crt里
[root@longxi-01 ~]# cat /etc/kubernetes/pki/ca.crt
[root@longxi-01 ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
zqqd3t.veoxykcxu9wey2qx 23h 2023-11-17T08:19:32Z authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token
[root@longxi-01 ~]# kubeadm token delete zqqd3t.veoxykcxu9wey2qx 删除时间限制的token
[root@longxi-01 ~]# kubeadm token create --ttl=0 --print-join-command 创建无限制的token
kubeadm join 10.211.55.5:6443 --token nfekb8.x4z8i690yd25jhzr --discovery-token-ca-cert-hash sha256:e6d4e4080bfdab40c955114fad899d8edaffd256eb9f5c56cc3ddce54bfd42b4
[root@longxi-01 ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt |openssl rsa -pubin -outform der |openssl dgst -sha256 -hex 获取token的hash
writing RSA key
(stdin)= e6d4e4080bfdab40c955114fad899d8edaffd256eb9f5c56cc3ddce54bfd42b44、所有node节点执行
加入集群
[root@longxi-02 ~]# kubeadm join 10.211.55.5:6443 --token nfekb8.x4z8i690yd25jhzr --discovery-token-ca-cert-hash sha256:e6d4e4080bfdab40c955114fad899d8edaffd256eb9f5c56cc3ddce54bfd42b4
[root@longxi-03 ~]# kubeadm join 10.211.55.5:6443 --token nfekb8.x4z8i690yd25jhzr --discovery-token-ca-cert-hash sha256:e6d4e4080bfdab40c955114fad899d8edaffd256eb9f5c56cc3ddce54bfd42b4
格式:
kubeadm join 10.211.55.5:6443 --token <token> \--discovery-token-ca-cert-hash sha256:<token ca hash>
验证kubectl get nodes 报错
E1116 16:34:31.733156 35984 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
处理报错:
[root@longxi-03 ~]# echo "export KUBECONFIG=/etc/kubernetes/kubelet.conf" >> /etc/profile
[root@longxi-03 ~]# source /etc/profile
[root@longxi-03 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
longxi-01 NotReady control-plane,master 17m v1.23.0
longxi-02 NotReady <none> 4m40s v1.23.0
longxi-03 NotReady <none> 3m4s v1.23.05、安装flannel网络
[root@longxi-01 ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
[root@longxi-01 ~]# vim kube-flannel.yml
net-conf.json: |
{
"Network": "10.244.0.0/16", 修改网段--pod-network-cidr=10.244.0.0/16 保持一致
"Backend": {
"Type": "vxlan"
}
}
[root@longxi-01 ~]# kubectl apply -f kube-flannel.yml
[root@longxi-01 ~]# kubectl get pods -n kube-flannel
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
9
0- 0
已为社区贡献7条内容
所有评论(0)