k8s安装(基于kubeadm)
# k8s安装(基于kubeadm)
# 1、说明
当前安装以CentOS 9.1、k8s1.25.3为例,安装一台mater,两台node节点
k8s 1.24 及之后的版本使用的是 containerd,之前的版本是 docker
控制面板 | Node1 | Node2 | |
---|---|---|---|
主机名 | local101 | local103 | local104 |
IP | 192.168.19.101 | 192.168.19.103 | 192.168.19.104 |
# 2、安装(三个机器都需要执行的命令)
# 2.1、安装所需工具
sudo yum -y install vim
sudo yum -y install wget
1
2
2
# 2.2、将主机名指向本机IP
sudo vim /etc/hosts
192.168.19.101 local101
192.168.19.103 local103
192.168.19.104 local104
1
2
3
4
2
3
4
# 2.3、安装并配置 chrony,同步时间
在CentOS8中,已使用chrony替代ntp,首先安装chrony,如果机器CentOS<8,则需要安装ntpdate
yum install -y chrony
vim /etc/chrony.conf
#注释第三行,写入如下
server ntp1.aliyun.com iburst
#重启服务
systemctl restart chronyd.service
1
2
3
4
5
6
2
3
4
5
6
# 2.4、关闭防火墙
sudo systemctl stop firewalld.service
sudo systemctl disable firewalld.service
1
2
2
# 2.5、关闭交换空间
free -h
sudo swapoff -a
sudo sed -i 's/.*swap.*/#&/' /etc/fstab
free -h
1
2
3
4
2
3
4
# 2.6、关闭 selinux
getenforce
cat /etc/selinux/config
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
cat /etc/selinux/config
1
2
3
4
5
2
3
4
5
# 2.7、安装 Containerd
# https://docs.docker.com/engine/install/centos/
# 经过测试,可不安装 docker 也可使 k8s 正常运行:只需要不安装 docker-ce、docker-ce-cli、docker-compose-plugin 即可
# 卸载旧 docker
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
# 安装 docker 仓库
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 搜索 docker 版本
# yum --showduplicates list docker-ce
# 搜索 docker-ce 版本号
# yum --showduplicates list docker-ce
# 搜索 docker-ce-cli 版本号
# yum --showduplicates list docker-ce-cli
# 安装 docker
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# 启动 docker 时,会启动 containerd
# sudo systemctl status containerd.service --no-pager
sudo systemctl stop containerd.service
# 初始化containerd配置
sudo cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
sudo containerd config default > $HOME/config.toml
sudo cp $HOME/config.toml /etc/containerd/config.toml
# 修改 /etc/containerd/config.toml 文件后,要将 docker、containerd 停止后,再启动
sudo sed -i "s#registry.k8s.io/pause#registry.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
# https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/#containerd-systemd
# 确保 /etc/containerd/config.toml 中的 disabled_plugins 内不存在 cri
sudo sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml
# containerd 忽略证书验证的配置
# [plugins."io.containerd.grpc.v1.cri".registry.configs]
# [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.0.12:8001".tls]
# insecure_skip_verify = true
sudo systemctl enable --now containerd.service
# sudo systemctl status containerd.service --no-pager
# sudo systemctl status docker.service --no-pager
sudo systemctl start docker.service
# sudo systemctl status docker.service --no-pager
sudo systemctl enable docker.service
sudo systemctl enable docker.socket
sudo systemctl list-unit-files | grep docker
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://hnkfbj7x.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo docker info
sudo systemctl status docker.service --no-pager
sudo systemctl status containerd.service --no-pager
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# 开启 crictl 配置
# 安装完 k8s 后,才有 crictl 命令
cat <<EOF > /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: true
EOF
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
# 2.8、添加阿里云 k8s 镜像仓库
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
# 是否开启本仓库
enabled=1
# 是否检查 gpg 签名文件
gpgcheck=0
# 是否检查 gpg 签名文件
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
# 2.9、安装 k8s 1.25.3 所需依赖
# https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用 sysctl 参数而不重新启动
sudo sysctl --system
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/
# 通过运行以下指令确认 br_netfilter 和 overlay 模块被加载:
lsmod | grep br_netfilter
lsmod | grep overlay
1
2
3
4
2
3
4
# https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/
# 通过运行以下指令确认 net.bridge.bridge-nf-call-iptables、net.bridge.bridge-nf-call-ip6tables 和 net.ipv4.ip_forward 系统变量在你的 sysctl 配置中被设置为 1:
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
1
2
3
2
3
# 安装1.25.3版本
yum install -y kubelet-1.25.3-0 kubeadm-1.25.3-0 kubectl-1.25.3-0 --disableexcludes=kubernetes --nogpgcheck
systemctl daemon-reload
sudo systemctl restart kubelet
sudo systemctl enable kubelet
1
2
3
4
5
6
2
3
4
5
6
# 3、初始化(只有控制面板需要执行)
# 3.1、初始化
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.19.101 --kubernetes-version=v1.25.3 --pod-network-cidr=10.244.0.0/16
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
# 执行成功后,会出现类似下列内容:
# kubeadm join 192.168.19.101:6443 --token docxs0.m9z5xpwsutab766x \
--discovery-token-ca-cert-hash sha256:222e65e750405f6fc56cf00159ee9dc257f96e7c1f7bd7f91cf77734ca493280
# node节点就可以执行上述join命令加入集群
# 如果初始化出错,可以重新进行初始化
# kubeadm reset
# 如果加入集群失败,可以重新加入集群
# kubeadm reset
# 如果是token过期。则需要重新生成
# kubeadm token create --print-join-command
#解决启动失败问题
#sudo swapoff -a
#To make it permanent go to /etc/fstab
#sudo -i
#swapoff -a
#exit
#strace -eopenat kubectl version
#sudo systemctl restart kubelet.service
#查看集群信息
kubectl cluster-info
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# 3.2、初始化网络(Calico)
# 下载
wget --no-check-certificate https://jihulab.com/mirrors-github/projectcalico/calico/-/raw/v3.26.3/manifests/calico.yaml
1
2
2
# 修改 calico.yaml 文件
vim calico.yaml
# 在 - name: CLUSTER_TYPE 下方添加如下内容
- name: CLUSTER_TYPE
value: "k8s,bgp"
# 下方为新增内容
# 如果集群服务器中存在不同的网卡名称,需要在这里将每台服务器所使用的网卡名称全部填写(使用英文逗号分隔),否则网络无法使用,一直报错
# 例如:集群一共存在10台机器,其中有些机器的网卡名称是 ens33,有些是 eth0,有些是 enp9s0f0,则网卡配置为 interface=ens33,eth0,enp9s0f0
- name: IP_AUTODETECTION_METHOD
value: "interface=网卡名称"
# 下面是使用命令修改 calico.yaml 文件
# INTERFACE_NAME=ens33
# sed -i '/k8s,bgp/a \ - name: IP_AUTODETECTION_METHOD\n value: "interface=INTERFACE_NAME"' calico.yaml
# sed -i "s#INTERFACE_NAME#$INTERFACE_NAME#g" calico.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 配置网络
kubectl apply -f calico.yaml
1
2
2
至此,k8s安装与配置已完成!
上次更新: 2023/12/04, 16:11:28