docker+k8s部署
8.将其他节点加入(我的token和你的不一样,请看装完的提示)4.关闭防火墙、selinux、swap分区并做内核优化。2.设置主机名、IP地址、关闭防火墙和SElinux。5.使用 kubeadm拉取集群安装所需镜像。正常需要克隆三台虚拟机,地址规划为。10.安装网络通信插件calico。1.配置k8s yum源。3.安装并配置cri-o。
·
恩师:张雨嘉
注意:从现在开始以下内容在所有节点都做
准备工作(三台都需要做)
-
正常需要克隆三台虚拟机,地址规划为
master节点(4G内存,2核CPU即可):192.168.8.20/24
node01节点(4G内存,2核CPU即可):192.168.8.21/24
node02节点(4G内存,2核CPU即可):192.168.8.22/24
2.设置主机名、IP地址、关闭防火墙和SElinux
# 设置主机名
hostnamectl set-hostname xxxx
# 设置IP地址
# 查看网络连接
nmcli connection show
# 修改连接名称为 "ens160" 的 IP 地址
nmcli connection modify "ens160" ipv4.addresses "192.168.8.x/24" ipv4.gateway "192.168.8.2" ipv4.dns "223.5.5.5" ipv4.method manual connection.autoconnect yes
# 删除网络配置文件中的UUID
vi /etc/sysconfig/network-scripts/ifcfg-ens160
# 找到UUID这行并删除
UUID=xxxxxx
# 启用连接
nmcli connection up ens160
3.升级系统
yum update -y
4.关闭防火墙、selinux、swap分区并做内核优化
# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# 关闭selinux
vi /etc/selinux/config
# 修改以下内容
SELINUX=disabled
# 禁止swap
sed -ri 's/.*swap.*/#&/' /etc/fstab
swapoff -a
# 内核优化
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
cat > /etc/sysconfig/modules/ipvs.modules << EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
modprobe -- br_netfilter
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod |grep -e ip_vs -e nf_conntrack_ipv4
cat > /etc/modules-load.d/crio.conf << EOF
overlay
br_netfilter
EOF
modprobe overlay
# 重启
reboot
5.设置hosts
vi /etc/hosts
# 在下方插入
192.168.8.20 master01
192.168.8.21 node01
192.168.8.22 node02
6.换yum源
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^# baseurl=https://repo.almalinux.org|baseurl=https://mirrors.aliyun.com|g' \
-i.bak \
/etc/yum.repos.d/almalinux*.repo
安装Docker
# 1. 安装必要软件
yum install -y yum-utils device-mapper-persistent-data lvm2 vim wget
# 2. 添加yum源
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 3. 安装docker
yum -y install docker-ce
# 4.启动docker
systemctl enable --now docker
# 5.配置阿里云镜像加速器
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["这里写你的镜像加速器地址,去阿里云里边去看"]
}
EOF
# 6.重启docker
systemctl restart docker
# 参考此文档配置:https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
安装k8s
1.配置k8s yum源
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/repomd.xml.key
EOF
# 参考此文档配置:https://developer.aliyun.com/mirror/kubernetes?spm=a2c6h.13651102.0.0.2a161b11NqpyqB
2.装k8s组件
yum install -y kubelet kubeadm kubectl
3.安装并配置cri-o
# 添加源
cat <<EOF | tee /etc/yum.repos.d/cri-o.repo
[cri-o]
name=CRI-O
baseurl=https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/rpm/repodata/repomd.xml.key
EOF
# 安装相关软件
yum install -y cri-o
# 修改kubelet参数使k8s支持docker
vi /etc/sysconfig/kubelet
# 加入(以前的要删除)
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' --runtime-request-timeout=5m"
KUBE_PROXY_MODE="ipvs"
# 编辑crio文件
vi /etc/crio/crio.conf.d/10-crio.conf
# 在此处加入
[crio.image]
......
pause_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9"
......
# 配置containerd镜像加速
vi /etc/containerd/config.toml
# 在最后插入(注意格式)
[plugins]
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
# 配置详细加速
# docker hub镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://dockerproxy.com"]
capabilities = ["pull", "resolve", "push"]
[host."https://docker.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
[host."https://reg-mirror.qiniu.com"]
capabilities = ["pull", "resolve", "push"]
[host."https://registry.docker-cn.com"]
capabilities = ["pull", "resolve", "push"]
[host."http://hub-mirror.c.163.com"]
capabilities = ["pull", "resolve", "push"]]
EOF
# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "https://registry.k8s.io"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://k8s.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# docker.elastic.co镜像加速
mkdir -p /etc/containerd/certs.d/docker.elastic.co
tee /etc/containerd/certs.d/docker.elastic.co/hosts.toml << 'EOF'
server = "https://docker.elastic.co"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://elastic.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF'
server = "https://gcr.io"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://gcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# ghcr.io镜像加速
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
mkdir -p /etc/containerd/certs.d/ghcr.io
tee /etc/containerd/certs.d/ghcr.io/hosts.toml << 'EOF'
server = "https://ghcr.io"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://ghcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# k8s.gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/k8s.gcr.io
tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << 'EOF'
server = "https://k8s.gcr.io"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://k8s-gcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# mcr.m.daocloud.io镜像加速
mkdir -p /etc/containerd/certs.d/mcr.microsoft.com
tee /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml << 'EOF'
server = "https://mcr.microsoft.com"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://mcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# nvcr.io镜像加速
mkdir -p /etc/containerd/certs.d/nvcr.io
tee /etc/containerd/certs.d/nvcr.io/hosts.toml << 'EOF'
server = "https://nvcr.io"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://nvcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF'
server = "https://quay.io"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://quay.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# registry.jujucharms.com镜像加速
mkdir -p /etc/containerd/certs.d/registry.jujucharms.com
tee /etc/containerd/certs.d/registry.jujucharms.com/hosts.toml << 'EOF'
server = "https://registry.jujucharms.com"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://jujucharms.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# rocks.canonical.com镜像加速
mkdir -p /etc/containerd/certs.d/rocks.canonical.com
tee /etc/containerd/certs.d/rocks.canonical.com/hosts.toml << 'EOF'
server = "https://rocks.canonical.com"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://rocks-canonical.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# rainbond源镜像加速
mkdir -p /etc/containerd/certs.d/rainbond.cc
tee /etc/containerd/certs.d/rainbond.cc/hosts.toml << 'EOF'
server = "https://docker.rainbond.cc/"
[host."这里写你的镜像加速器地址,去阿里云里边去看"]
capabilities = ["pull", "resolve", "push"]
[host."https://docker.rainbond.cc/"]
capabilities = ["pull", "resolve", "push"]
EOF
4.启动服务
systemctl enable --now crio
systemctl enable --now kubelet
5.使用 kubeadm拉取集群安装所需镜像
kubeadm config images pull --cri-socket unix://var/run/crio/crio.sock --image-repository=registry.aliyuncs.com/google_containers
注意:从现在开始以下内容只在master上做
6.集群初始化
# 初始化语句
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.8.20 --apiserver-cert-extra-sans=192.168.8.20 --pod-network-cidr=10.244.0.0/16 --cri-socket unix://var/run/crio/crio.sock
# 看到以下提示才算成功
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.8.20:6443 --token wrdqnp.h57ku2bcjvb0stof \
--discovery-token-ca-cert-hash sha256:77a3fc05a395898c66452bda2554803e1d70e8e4a35d7b27f90e6beec224c210
7.运行以下内容
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
注意:从现在开始以下内容在node上做
8.将其他节点加入(我的token和你的不一样,请看装完的提示)
kubeadm join 192.168.8.20:6443 --token wrdqnp.h57ku2bcjvb0stof \
--discovery-token-ca-cert-hash sha256:77a3fc05a395898c66452bda2554803e1d70e8e4a35d7b27f90e6beec224c210 --cri-socket unix://var/run/crio/crio.sock
注意:从现在开始以下内容只在master上做
9.测试是否加入
[root@master01 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 Ready control-plane 7m33s v1.30.2
node01 Ready <none> 31s v1.30.2
node02 Ready <none> 26s v1.30.2
10.安装网络通信插件calico
# 下载文件
wget --no-check-certificate https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml
# 配置
vim calico.yaml
# # 大约在4565行,在cluster-type左右加
......
# Cluster type to identify the deployment type
......
- name: IP_AUTODETECTION_METHOD
value: "interface=ens160" #ens160为你的网卡名称
......
# 大约在4604行,去掉注释并修改为
- name: CALICO_IPV4POOL_CIDR
value: 10.244.0.0/16"
# 替换calico默认源
sed -i 's/docker\.io/quay.io/g' calico.yaml
# 安装calico
cd ~
kubectl apply -f calico.yaml
# 查看calico是否安装完成
kubectl get pod -A
......
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-658d97c59c-8ww2m 1/1 Running 0 3m43s
kube-system calico-node-86787 1/1 Running 0 3m43s
kube-system calico-node-jgz7g 1/1 Running 0 3m43s
kube-system calico-node-lwxg5 1/1 Running 0 3m43s
......
11.补全
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
12.测试
# 测试
kubectl run --image=docker.rainbond.cc/library/nginx:latest pod-1
kubectl get pods
# 测试成功后需要删除
kubectl delete pod pod-1
更多推荐
已为社区贡献1条内容
所有评论(0)