一:系统环境初始化(所有节点都需要操作)
1.配置服务器时间保持一致
yum -y install ntpdate
ntpdate ntp1.aliyun.com
添加定时同步 每天凌晨0点自动同步时间
echo "0 0 * * * ntpdate ntp1.aliyun.com" >> /var/spool/cron/root
2.关闭交换空间、关闭防火墙、禁用selinux、修改hosts文件
#关闭交换空间
sudo swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
#关闭防火墙和禁用selinux
systemctl stop firewalld && systemctl disable firewalld
systemctl stop NetworkManager && systemctl disable NetworkManager
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
#修改hosts文件(/etc/hosts) 插入内容分别是你的主机IP和主机名
# 修改主机名命令:hostnamectl set-hostname xxx 修改 hostname
cat >> /etc/hosts << EOF
192.168.220.150 k8s-master
192.168.220.151 k8s-node01
EOF
hostnamectl set-hostname k8s-master && bash
hostnamectl set-hostname k8s-node01 && bash
3.修改Linux内核参数,添加网桥过滤器和地址转发功能
cat >> /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl -p /etc/sysctl.d/kubernetes.conf
加载网桥过滤器模块
modprobe br_netfilter
lsmod | grep br_netfilter # 验证是否生效
4.配置ipvs功能
在kubernetes中Service有两种代理模型,一种是基于iptables的,一种是基于ipvs,两者对比ipvs的性能要高,如果想要使用ipvs模型,需要手动载入ipvs模块
yum -y install ipset ipvsadm
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod +x /etc/sysconfig/modules/ipvs.modules
# 执行脚本
/etc/sysconfig/modules/ipvs.modules
# 验证ipvs模块
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
5.安装Docker容器组件
更换yum源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum makecache
# yum-utils软件用于提供yum-config-manager程序
yum install -y yum-utils
# 使用yum-config-manager创建docker阿里存储库
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce-20.10.6 docker-ce-cli-20.10.6 -y
Docker配置加速源:
mkdir /etc/docker
cat <<EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://aoewjvel.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# 启动docker并设置开机自启
systemctl enable docker --now
systemctl status docker
6.安装并配置cri-dockerd插件
安装cri-dockerd插件
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.x86_64.rpm
rpm -ivh cri-dockerd-0.3.1-3.el7.x86_64.rpm
备份并更新cri-docker.service文件
mv /usr/lib/systemd/system/cri-docker.service{,.default}
cat >> /usr/lib/systemd/system/cri-docker.service << EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
启动cir-dockerd
systemctl daemon-reload
systemctl start cri-docker.service
systemctl enable cri-docker.service
二:安装kubeadm、kubelet、kubectl (所有节点都需要操作)
1.配置国内yum源,一键安装 kubeadm、kubelet、kubectl
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
yum安装kubelet-1.26.4版本
yum install -y kubelet-1.26.4 kubeadm-1.26.4 kubectl-1.26.4
2.kubeadm将使用kubelet服务以容器方式部署kubernetes的主要服务,所以需要先启动kubelet服务
systemctl enable kubelet.service --now
三:初始化集群(仅在master节点上操作)
1、生成初始化默认配置文件
我们根据自己需求进行修改默认配置文件,我主要更改了一下配置如下:
advertiseAddress:更改为master的IP地址
criSocket:指定容器运行时
imageRepository:配置国内加速源地址
podSubnet:pod网段地址
serviceSubnet:services网段地址
末尾添加了指定使用ipvs,开启systemd
nodeRegistration.name:改为当前主机名称
我的配置如下
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.220.150
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/cri-dockerd.sock
imagePullPolicy: IfNotPresent
name: k8s-master
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.27.0
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
初始化成功后输出如下内容:
四:node节点加入到集群(仅在node节点上执行)
1.Node节点添加到集群
kubeadm join 192.168.220.150:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:8ccc6d4c5748f16580372f55f2a7f3b52f83cf71a30dc3cac53546c0d5f28e2c --cri-socket=unix:///var/run/cri-dockerd.sock
加入成功输出如下
在master上执行kubectl get nodes如下
五:安装网络组件Calico
Calico在线文档地址:https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml
1.上传calico.yaml文件到服务器中,执行完kubectl apply -f calico.yaml,可使用kubectl get pods -n kube-system -o wide查看组件状态
wget https://945me.top/update/calico.yaml
kubectl apply -f calico.yaml
kubectl get pods -n kube-system -o wide
如图所示这样就完全运行成功了
