从零开始搭建部署K8S集群
debian11从零开始搭建部署安装kubernetes集群
·
1、机器环境准备
| 主机名 | IP地址 | 操作系统 | 配置 |
|---|---|---|---|
| k8s-master | 192.168.3.160 | debian11 | 2核4G |
| k8s-node01 | 192.168.3.161 | debian11 | 2核4G |
| k8s-node02 | 192.168.3.162 | debian11 | 2核4G |
1.1、配置服务器静态IP
nano /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens33
iface ens33 inet static
address 192.168.3.160
netmask 255.255.255.0
gateway 192.168.3.2
systemctl restart networking
systemctl enable networking
1.2、服务器初始化脚本(所有节点都要执行)
#!/bin/bash
# 设置主机名
while true; do
read -p "请输入您想设定的主机名:" name
if [ -z "$name" ]; then
echo "您没有输入内容,请重新输入"
else
read -p "您确认使用该主机名吗?[y/n]: " var
if [ "$var" == 'y' ] || [ "$var" == 'yes' ]; then
hostnamectl set-hostname "$name"
current_ip=$(hostname -I | cut -d ' ' -f1)
echo "$current_ip $name" | tee -a /etc/hosts
break
else
echo "您输入的不是 'y' 或 'yes',请重新确认"
fi
fi
done
# 设置时区为中国/上海
timedatectl set-timezone Asia/Shanghai
# 关闭防火墙
if command -v ufw &>/dev/null; then
ufw disable
fi
# 禁用 swap
if grep -q 'swap' /etc/fstab; then
swapoff -a
sed -i '/.*swap.*/s/^/#/' /etc/fstab
fi
# 解决 SSH 远程连接慢的问题
sed -ri '/^GSSAPIAuthentication/ s/yes/no/' /etc/ssh/sshd_config
sed -ri '/^#UseDNS/ {s/^#//;s/yes/no/}' /etc/ssh/sshd_config
systemctl restart ssh
# 加载所需的内核模块
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 添加网桥过滤和地址转发功能
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
user.max_user_namespaces=28633
EOF
sudo sysctl --system
# 检测是否能上外网
if ! ping -c2 www.baidu.com &>/dev/null && ! ping -c2 www.google.com &>/dev/null; then
echo "您无法上外网,无法安装chrony服务"
exit 1
fi
# 安装 chrony 服务
if ! dpkg -l | grep chrony &>/dev/null; then
apt-get update && apt-get install -y chrony
systemctl start chrony && systemctl enable chrony
echo "当前时间:$(date)"
fi
2、安装docker、containerd、k8s(所有节点都要执行)
2.1、安装docker
#!/bin/bash
set -e
check_system_version() {
if [ ! -f "/etc/os-release" ]; then
echo "Error: /etc/os-release file not found."
echo "The currently running system is not yet supported"
exit 1
fi
name=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F'=' '{print $2}' | tr -d '"')
os=$(grep "^ID=" /etc/os-release | awk -F'=' '{print $2}' | tr -d '"')
version=$(grep "VERSION_ID" /etc/os-release | awk -F'=' '{print $2}' | tr -d '"')
release_version=$(echo $version | cut -d'.' -f1)
major_version=$(echo $version | cut -d'.' -f1)
if [ -z "$os" ] || [ -z "$version" ] || [ -z "$release_version" ] || [ -z "$major_version" ]; then
echo "Error: Unable to determine system information."
exit 1
fi
echo "System Name: $name"
echo "Release Version: $release_version"
echo "Major Version: $major_version"
}
install_docker_on_debian() {
apt-get update && apt-get install -y ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update && apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
systemctl enable docker && systemctl start docker
}
install_docker_on_centos() {
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
systemctl enable docker && systemctl start docker
}
check_system_version
if [ "$os" = "debian" ]; then
install_docker_on_debian
elif [ "$os" = "centos" ]; then
install_docker_on_centos
else
echo "Error: Unsupported OS."
exit 1
fi
2.2、安装containerd
# 安装runc
wget https://github.com/opencontainers/runc/releases/download/v1.1.7/runc.amd64
install -m 755 runc.amd64 /usr/local/sbin/runc
# 下载安装containerd
wget https://github.com/containerd/containerd/releases/download/v1.7.13/containerd-1.7.13-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-1.7.13-linux-amd64.tar.gz
rm containerd-1.7.13-linux-amd64.tar.gz
# 配置containerd
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
sed -i 's|sandbox_image = "registry.k8s.io/pause:3.8"|sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"|' /etc/containerd/config.toml
# 下载containerd systemd文件
sudo curl -o /lib/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
systemctl daemon-reload
systemctl enable containerd --now
systemctl restart containerd
2.3、使用官方教程安装K8S
-
安装依赖包:
sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl -
配置安装K8S版本号
export k8s_version="v1.26" -
下载存储库签名密钥和添加
apt存储库curl -fsSL https://pkgs.k8s.io/core:/stable:/${k8s_version}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/${k8s_version}/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list -
安装 kubelet、kubeadm 和 kubectl
sudo apt-get update sudo apt-get install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl # 锁定版本,标记软件包不被自动更新 sudo systemctl enable kubelet sudo systemctl restart kubelet sudo systemctl status kubelet # 查询k8s各组件的版本号 kubeadm config images list
3、初始化master节点
master节点执行
sudo kubeadm init \
--kubernetes-version v1.26.14 \
--image-repository registry.aliyuncs.com/google_containers \
--apiserver-advertise-address 192.168.3.160 \
--service-cidr 10.96.0.0/12 \
--pod-network-cidr 10.244.0.0/16
# 参数介绍
kubernetes-version:集群版本号
image-repository:镜像地址
apiserver-advertise-address:master节点的ip地址
service-cidr:service 地址段
pod-network-cidr:pod IP地址段
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
4、添加node节点
在所有node节点执行
kubeadm join 192.168.3.160:6443 --token vd8wdw.yntvr7wyb71npc87 \
--discovery-token-ca-cert-hash sha256:d17dd4442de9025c6e92389088ca4c97941717575b7410fcfe364106102da6d4
5、安装网络插件flannel
在master节点执行安装flannel
edit kube-flannel.yml
---
kind: Namespace
apiVersion: v1
metadata:
name: kube-flannel
labels:
k8s-app: flannel
pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: flannel
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- networking.k8s.io
resources:
- clustercidrs
verbs:
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
k8s-app: flannel
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: flannel
name: flannel
namespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-flannel
labels:
tier: node
k8s-app: flannel
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-flannel
labels:
tier: node
app: flannel
k8s-app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni-plugin
image: docker.io/flannel/flannel-cni-plugin:v1.4.0-flannel1
command:
- cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
volumeMounts:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni
image: docker.io/flannel/flannel:v0.24.2
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: docker.io/flannel/flannel:v0.24.2
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: EVENT_QUEUE_DEPTH
value: "5000"
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: xtables-lock
mountPath: /run/xtables.lock
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni-plugin
hostPath:
path: /opt/cni/bin
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
kubectl apply -f kube-flannel.yml
6、验证集群状态
kubectl get nodes -o wide
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
56
0- 0
已为社区贡献2条内容
所有评论(0)