k8s-集群搭建1.28.2【傻瓜式搭建】
1.每台机器 2 GB 或更多的 RAM(如果少于这个数字将会影响你应用的运行内存)。CPU 2 核心及以上。
k8s-1.26.2 kubeadmin【傻瓜式集群搭建】
1.环境准备
1.1硬件资源准备
1.每台机器 2 GB 或更多的 RAM(如果少于这个数字将会影响你应用的运行内存)。 CPU 2 核心及以上。
1.2软件环境准备
1.配置域名
cat >> /etc/hosts <<EOF
192.168.229.201 k8s-m1
192.168.229.202 k8s-m2
192.168.229.203 k8s-m3
192.168.229.151 k8s-n1
192.168.229.152 k8s-n2
192.168.229.153 k8s-n3
EOF
1.使用ssh-keygen 在跳板机(m1)上生成密钥对
ssh-keygen -t rsa
2.将公钥复制到远程机器上也就是m2 m3
ssh-copy-id root@k8s-m2
3.在m2 m3机器上设置权限
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
可以在m1上远程其它机器了
1.更新yum源 并将yum源设置成国内镜像
1.1备份yum源
cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
1.2 下载国内yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
1.3更新yum源
yum clean all &&yum makecache && yum update -y
#升级内核
导入 ELRepo 公钥:
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
安装 ELRepo 仓库:
yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
启用内核
yum --enablerepo=elrepo-kernel install kernel-ml
安装最新的主线版内核:
yum --enablerepo=elrepo-kernel install kernel-ml-devel
更新 GRUB 配置并设置为默认启动项
egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d ’
grub2-set-default 0
grub2-mkconfig -o /boot/grub2/grub.cfg
重启系统:
reboot
###升级指定内核
yum --enablerepo=elrepo-kernel-6.9.3 install kernel-ml-6.9.3
2.安装依赖软件包
yum install -y ipvsadm ipset sysstat conntrack libseccomp wget vim
2.1 配置时间同步
yum install chrony
systemctl start chronyd && systemctl enable chronyd
vi /etc/chrony.conf
#释掉或删除任何现有的NTP服务器配置行,并添加以下行来使用阿里云的NTP服务器 并且添加阿里云 server ntp.aliyun.com iburst
systemctl restart chronyd
chronyc sources -v 验证
4.关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
5.禁用SELinux,让容器可以顺利地读取主机文件系统
setenforce 0
sed -i ‘s/enforcing/disabled/’ /etc/selinux/config
6.禁用swap分区
swapoff -a
sed -ri ‘s/.swap./#&/’ /etc/fstab
#7. 配置linux资源限制
ulimit -SHn 65535
cat >> /etc/security/limits.conf <<EOF
- soft nofile 655360
- hard nofile 131072
- soft nproc 655350
- hard nproc 655350
- seft memlock unlimited
- hard memlock unlimitedd
EOF
#8.安装ipvsadm
yum install ipvsadm ipset sysstat conntrack libseccomp -y
cat >> /etc/modules-load.d/ipvs.conf <<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
systemctl restart systemd-modules-load.service
lsmod | grep -e ip_vs -e nf_conntrack
参考地址https://www.python100.com/html/101161.html
8.转发 IPv4 并让 iptables 看到桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
应用 sysctl 参数而不重新启动
sudo sysctl --system
通过运行以下指令确认 br_netfilter 和 overlay 模块被加载:
lsmod | grep br_netfilter
lsmod | grep overlay
通过运行以下指令确认 net.bridge.bridge-nf-call-iptables、net.bridge.bridge-nf-call-ip6tables 和 net.ipv4.ip_forward 系统变量在你的 sysctl 配置中被设置为 1:
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
2.安装容器运行时
添加docker源
curl -L -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装containerd
yum install -y containerd.io
创建默认配置文件
containerd config default > /etc/containerd/config.toml
#设置aliyun地址,不设置会连接不上
sed -i “s#registry.k8s.io/pause#registry.aliyuncs.com/google_containers/pause#g” /etc/containerd/config.toml
#设置驱动为systemd
sed -i ‘s/SystemdCgroup = false/SystemdCgroup = true/g’ /etc/containerd/config.toml
#设置dicker地址为aliyun镜像地址
vi /etc/containerd/config.toml
[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“docker.io”]
endpoint = [“https://5bw6vug4.mirror.aliyuncs.com”]
#二进制安装
官网下载 containerd-1.7.16-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-1.7.16-linux-amd64.tar.gz
创建配置文件目录
下载需要的启动文件
wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
mkdir -p /usr/local/lib/systemd/system/
mv containerd.service /usr/local/lib/systemd/system/
下载runc
https://github.com/opencontainers/runc/releases
install -m 755 runc.amd64 /usr/local/sbin/runc
下载cni插件
wget https://github.com/containernetworking/plugins/releases/download/v1.4.1/cni-plugins-linux-amd64-v1.4.1.tgz
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.4.1.tgz
由于网络原因,我们无法直接访问k8s.gcr.io网站。因此我们修改containerd的配置文件config.toml配置一下containerd的镜像源
mkdir /etc/containerd/
containerd config default > /etc/containerd/config.toml
#设置aliyun地址,不设置会连接不上
sed -i ‘s#registry.k8s.io/pause#registry.aliyuncs.com/google_containers/pause#g’ /etc/containerd/config.toml
#设置驱动为systemd
sed -i ‘s/SystemdCgroup = false/SystemdCgroup = true/g’ /etc/containerd/config.toml
#设置docker地址为aliyun镜像地址
vi /etc/containerd/config.toml
[plugins.“io.containerd.grpc.v1.cri”.registry]
[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors]
[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“docker.io”]
endpoint = [“https://5bw6vug4.mirror.aliyuncs.com”]
#配置crictl工具配置文件
vim /etc/crictl.yaml
runtime-endpoint: “unix:///run/containerd/containerd.sock”
image-endpoint: “unix:///run/containerd/containerd.sock”
#配置开机自启动
systemctl daemon-reload
systemctl enable --now containerd
systemctl restart containerd
3.安装kubectl.kubelet.kubeadm
使用国内yum源安装kubectl kubeadm kubelet
cat << EOF >> /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
#查看可用版本
yum list kubeadm --showduplicates | sort -r
yum install -y kubelet-1.28.2 kubeadm-1.28.2 kubectl-1.28.2
启动Kubectl
systemctl enable kubelet && systemctl start kubelet
4.开始创建集群
使用kubeadmin初始化控制平面组件
kubeadm init --apiserver-advertise-address=192.168.229.110
–image-repository registry.aliyuncs.com/google_containers
–pod-network-cidr=10.72.0.0/16
执行初始化后的提示命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown
(
i
d
−
u
)
:
(id -u):
(id−u):(id -g) $HOME/.kube/config
子节点执行token
kubeadm join 192.168.229.110:6443 --token uhf1zd.k9ypmsgfyxqod09g
–discovery-token-ca-cert-hash sha256:28b9126b4379218eaeef50104e7ba4cdd306ff1454d813608c77d674ae32821c
不要急着启动
查看节点状态
kubectl get pods -A 发现网络插件未初始化
安装calico网络插件在主节点上
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/tigera-operator.yaml
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml
watch kubectl get pods -n calico-system
注意:calico,同样在master节点上操作
01 可以先手动pull一下
【可能拉取较慢】
curl https://docs.projectcalico.org/v3.9/manifests/calico.yaml | grep image 【版本会变化,需要根据实际情况拉取镜像】
=======================================================================================
image: calico/cni:v3.9.3
image: calico/pod2daemon-flexvol:v3.9.3
image: calico/node:v3.9.3
image: calico/kube-controllers:v3.9.3
=======================================================================================
docker pull calico/cni:v3.9.3
docker pull calico/pod2daemon-flexvol:v3.9.3
docker pull calico/node:v3.9.3
docker pull calico/kube-controllers:v3.9.3
`官方镜像拉取太慢,用Jack老师的`
docker pull registry.cn-hangzhou.aliyuncs.com/itcrazy2016/kube-controllers:v3.9.3
docker pull registry.cn-hangzhou.aliyuncs.com/itcrazy2016/cni:v3.9.3
docker pull registry.cn-hangzhou.aliyuncs.com/itcrazy2016/pod2daemon-flexvol:v3.9.3
docker pull registry.cn-hangzhou.aliyuncs.com/itcrazy2016/node:v3.9.3
`打tag`
docker tag registry.cn-hangzhou.aliyuncs.com/itcrazy2016/kube-controllers:v3.9.3 \
calico/kube-controllers:v3.9.3
docker tag registry.cn-hangzhou.aliyuncs.com/itcrazy2016/cni:v3.9.3 \
calico/cni:v3.9.3
docker tag registry.cn-hangzhou.aliyuncs.com/itcrazy2016/pod2daemon-flexvol:v3.9.3 \
calico/pod2daemon-flexvol:v3.9.3
docker tag registry.cn-hangzhou.aliyuncs.com/itcrazy2016/node:v3.9.3 \
calico/node:v3.9.3
`删除registry.cn-hangzhou.aliyuncs.com/itcrazy2016/格式的镜像`
注意:打tag不会改变imageId,会删除calico的镜像
docker rmi -f $(docker images registry.cn-hangzhou.aliyuncs.com/itcrazy2016/* -aq)
02 在k8s中安装calico
yum install -y wget
wget https://docs.projectcalico.org/v3.9/manifests/calico.yaml
kubectl apply -f calico.yaml
03 确认一下calico是否安装成功
kubectl get pods --all-namespaces -w 【实时查看所有的Pods】
将工作节点加入到集群。在work节点执行命令
kubeadm join 192.168.229.110:6443 --token uhf1zd.k9ypmsgfyxqod09g
–discovery-token-ca-cert-hash sha256:28b9126b4379218eaeef50104e7ba4cdd306ff1454d813608c77d674ae32821c
安装ingress controller
参考网址 https://gitee.com/spypxf/ingress-nginx-gw
##安装kubernets官网插件ingress-nginx
wget https://github.com/kubernetes/ingress-nginx/blob/main/deploy/static/provider/baremetal/deploy.yaml
1.找到service资源ingress-nginx-controller
替换镜像 cat deployment |grep image #去公网仓库找对应的版本 hub.docker.com
kubectl apply -f deployment.yaml
kubectl apply -f https://raw.githubuserco
ntent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml
下载deploy文件先 修改镜像
vim deploy.ayml
由于k8s.io需要科学上网
将镜像替换成国内源 hub.docker.com
registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.8.2
kennethlongshaw/ingress-nginx_kube-webhook-certgen
更多推荐
所有评论(0)