526互联

k8s之集群部署(kubeadm)

发布时间 2023-10-05 23:02:39作者: X-Wolf

 

[master&node]

1.修改主机名

hostnamectl set-hostname master-01

cat >> /etc/hosts << EOF
172.28.32.1   master-01
172.28.32.2   worker-01
EOF

 

2.配置阿里云官方源

mkdir -p /etc/yum.repos.d/back
find /etc/yum.repos.d/ -type f -exec mv {} /etc/yum.repos.d/back/ \;
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo

 

3.关闭防火墙

systemctl stop firewalld.service
systemctl disable firewalld.service

 

4.关闭交换分区和selinux

sed -i.bak '/swap/s/^/#/' /etc/fstab
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

 

5.配置内核转发等相关参数

modprobe br_netfilter

cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

cat << EOF >> /etc/sysctl.conf
net.ipv4.ip_forward=1
EOF

chmod a+x /etc/rc.local
echo "source /etc/profile" >> /etc/rc.local
echo "modprobe br_netfilter" >> /etc/rc.local
echo "sysctl -p /etc/sysctl.d/k8s.conf" >> /etc/rc.local
echo "sysctl -p" >> //etc/rc.local

reboot    # 重启时因为需要重新检测selinux 的策略

 

6.安装Docker

yum -y install wget yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo

yum list docker-ce --showduplicates | sort -r
yum remove docker-ce docker-ce-cli containerd.io
yum install -y docker-ce-20.10.8 docker-ce-cli-20.10.8 containerd.io

systemctl enable docker --now


# 这里设置cgroup 的类型为 systemd
cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://2ywfua5b.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

systemctl daemon-reload
systemctl restart docker

 

7.安装kubelet, kubeadm, kubectl

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum remove kubeadm kubectl kubelet kubernetes-cni cri-tools socat
yum --showduplicates list kubeadm
yum -y install kubeadm-1.23.8 kubectl-1.23.8 kubelet-1.23.8
systemctl enable kubelet

 

[Master]

仅仅master上执行

kubeadm init --kubernetes-version=1.23.8 --apiserver-advertise-address=172.28.32.1 --pod-network-cidr=10.244.0.0/16 --image-repository registry.aliyuncs.com/google_containers

 

对集群做config认证

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

 

[Worker]

kubeadm join 172.28.32.1:6443 --token i2meul.73ipaykm3jc2k6vs --discovery-token-ca-cert-hash sha256:9e6d95ffc5ba78a5c71352ffcc9bca2330b17264ebc44facf6359b1ac153f33f