k8s 1.23.17 安装

k8s 集群环境

安装步骤

master, worker 均需要做的操作

1. 禁用 iptables, firewalld

systemctl disable firewalld --now
systemctl disable iptables --now

2. IP - hostname 解析写入 /etc/hosts 或 DNS server

192.168.63.31 zijian-k8s-01
192.168.63.32 zijian-k8s-02
192.168.63.33 zijian-k8s-03

3. 配置网络模块（暂不理解）

[root@zijian-k8s-01 ~]# cat /etc/modules-load.d/containerd.conf
overlay
br_netfilter
ip_conntrack
[root@zijian-k8s-01 ~]#
[root@zijian-k8s-01 ~]# cat /etc/sysctl.d/k8s.conf
net.ipv4.tcp_keepalive_time=600
net.ipv4.tcp_keepalive_intvl=30
net.ipv4.tcp_keepalive_probes=10
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
net.ipv4.ip_local_port_range= 45001 65000
net.ipv4.ip_forward=1
net.ipv4.tcp_max_tw_buckets=6000
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_synack_retries=2
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.netfilter.nf_conntrack_max=2310720
net.ipv6.neigh.default.gc_thresh1=8192
net.ipv6.neigh.default.gc_thresh2=32768
net.ipv6.neigh.default.gc_thresh3=65536
net.core.netdev_max_backlog=16384
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_max_syn_backlog = 8096
net.core.somaxconn = 32768
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=524288
fs.file-max=52706963
fs.nr_open=52706963
kernel.pid_max = 4194303
net.bridge.bridge-nf-call-arptables=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
vm.max_map_count = 262144
[root@zijian-k8s-01 ~]#

4. 关闭 swap

swapoff -a # 立刻关闭，但是重启后会再次开启 swap
sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab # fstab 中将 swap 分区注释，重启后就不会再自动挂载

5. 安装 docker （在 k8s 1.24 版本，已经不再使用 docker 改为使用 containerd，此处仅为学习搭建）
   CentOS 安装指定版本 docker engine

6. 安装 k8s

[root@zijian-k8s-01 ~]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[root@zijian-k8s-01 ~]# yum -y install kubeadm-1.23.17-0 kubelet-1.23.17-0 kubectl-1.23.17-0
[root@zijian-k8s-01 ~]# systemctl enable --now kubelet

7. 初始化 k8s

kubeadm init --apiserver-advertise-address=192.168.63.31 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.17 --service-cidr=10.10.0.0/16 --pod-network-cidr=10.244.0.0/16

若初始化失败，可以用 kubeadm reset 重置

初始化成功会输出以下信息，按照输出执行

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.63.31:6443 --token cst2q7.mlgtuaok1ji5h3oq \
        --discovery-token-ca-cert-hash sha256:0336fa56ddcc93be52144e12fd8fb33c62e54a954fb4ab6743413983c897a0d9

此时查看 node 状态应为 NotReady

[root@zijian-k8s-01 ~]# kubectl get node
NAME            STATUS     ROLES                  AGE   VERSION
zijian-k8s-01   NotReady   control-plane,master   24m   v1.23.17
[root@zijian-k8s-01 ~]# 

8. 配置 k8s 的 pod 网络

这里使用 Flannel （暂不理解）

[root@zijian-k8s-01 ~]# kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
namespace/kube-flannel created
serviceaccount/flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
[root@zijian-k8s-01 ~]# 

等待一会儿后（这里约8分钟），node 状态会变为 Ready

[root@zijian-k8s-01 ~]# kubectl get node
NAME            STATUS     ROLES                  AGE   VERSION
zijian-k8s-01   NotReady   control-plane,master   24m   v1.23.17
[root@zijian-k8s-01 ~]# kubectl get node
NAME            STATUS   ROLES                  AGE   VERSION
zijian-k8s-01   Ready    control-plane,master   32m   v1.23.17
[root@zijian-k8s-01 ~]# 

9. worker 节点加入集群
   执行前面初始化中输出的命令

• zijian-k8s-02

[root@zijian-k8s-02 ~]# kubeadm join 192.168.63.31:6443 --token cst2q7.mlgtuaok1ji5h3oq \
>         --discovery-token-ca-cert-hash sha256:0336fa56ddcc93be52144e12fd8fb33c62e54a954fb4ab6743413983c897a0d9
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 24.0.2. Latest validated version: 20.10
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@zijian-k8s-02 ~]#

• zijian-k8s-03

[root@zijian-k8s-03 ~]# kubeadm join 192.168.63.31:6443 --token cst2q7.mlgtuaok1ji5h3oq \
>         --discovery-token-ca-cert-hash sha256:0336fa56ddcc93be52144e12fd8fb33c62e54a954fb4ab6743413983c897a0d9
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 24.0.2. Latest validated version: 20.10
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@zijian-k8s-03 ~]#

等待一会儿之后，可以看到 worker 节点均加入集群

[root@zijian-k8s-01 ~]# kubectl get node
NAME            STATUS   ROLES                  AGE   VERSION
zijian-k8s-01   Ready    control-plane,master   52m   v1.23.17
zijian-k8s-02   Ready    <none>                 17m   v1.23.17
zijian-k8s-03   Ready    <none>                 15m   v1.23.17
[root@zijian-k8s-01 ~]#

本栏目推荐文章
• Python教程(23)——Python类中常用的特殊成员
• k8s核心组件介绍
• AT_cf17_final_j 题解
• 多态和虚函数 [补档-2022-10-23]
• k8s安装
• Ubuntu 20.04版本安装k8s控制节点
• 代码随想录 day17 平衡二叉树 二叉树的所有路径 左叶子之和
• DBEAVER 23.0.2 调整SQL编辑器字体大小 ver:20240112
• k8s 将 cri 从 docker 切换到 containerd
• 十分钟教你在 k8s 中部署一个前后端应用

k8s k8 8s 23 17ingress 1.23 k8s k8 traefik 1.23 9.10 k8s 镜像harbor 1.23 k8s k8s k8 8s 23 k8s k8s k8 8s centos7 centos k8s 8s ingress k8s k8 8s k8s pvc k8 8s docker k8s 8s k8