- 安装 docker
yum -y install yum-utils device-mapper-persistent-data lvm2
yum-config-manager -y --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce-cli-23.0.6 docker-ce-23.0.6
systemctl enable docker && systemctl start docker
- 配置 docker
cat > /etc/docker/daemon.json << EOF
{
"data-root": "/data/docker",
"registry-mirrors": ["https://xkyq8nkl.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
systemctl daemon-reload && systemctl restart docker
- 安装cri-dockerd
blkid # 查看硬盘的 uuid 信息
#下载cri-dockerd安装包
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.x86_64.rpm
#安装cri-dockerd
rpm -ivh cri-dockerd-0.3.1-3.el7.x86_64.rpm
#修改镜像地址为国内,否则kubelet拉取不了镜像导致启动失败
vi /usr/lib/systemd/system/cri-docker.service
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
#启动cri-dockerd
systemctl daemon-reload
systemctl enable cri-docker && systemctl start cri-docker
- 基础环境配置
#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
#关闭selinux
#永久关闭
sed -i 's/enforcing/disabled/' /etc/selinux/config
#临时关闭
setenforce 0
#关闭swap
#临时关闭
swapoff -a
#永久关闭
sed -ri 's/.*swap.*/#&/' /etc/fstab
# 设置各个机器的主机名
hostnamectl set-hostname k8s-master1 && bash
# 修改 hosts
cat >> /etc/hosts << EOF
192.168.1.200 k8s-master1
192.168.1.201 k8s-work1
192.168.1.202 k8s-work2
EOF
# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# 生效sysctl
sysctl --system
# 时间同步
yum install ntpdate -y
ntpdate time.windows.com
- 安装 k8s
# 添加yum k8s软件源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all && yum makecache
yum list kubelet --showduplicates | sort -r
yum install -y kubelet-1.26.8 kubeadm-1.26.8 kubectl-1.26.8
systemctl enable kubelet
- 主节点初始化,遇到的坑最多了
# 查看要下载的镜像 这个版本号和 kubeadm init 将要下载的镜像版本号好像不一样,还是不要提前准备好镜像,而是在命令中指定镜像 --image-repository dockerproxy.com/dyrnq 将会从这里下载需要的镜像
$ kubeadm config images list
I0928 13:06:47.855318 10265 version.go:256] remote version is much newer: v1.28.2; falling back to: stable-1.26
registry.k8s.io/kube-apiserver:v1.26.9
registry.k8s.io/kube-controller-manager:v1.26.9
registry.k8s.io/kube-scheduler:v1.26.9
registry.k8s.io/kube-proxy:v1.26.9
registry.k8s.io/pause:3.9
registry.k8s.io/etcd:3.5.6-0
registry.k8s.io/coredns/coredns:v1.9.3
镜像会下载失败,使用脚本,提前下载好~,但是提前下载的版本号不一定会正确,使用 kubeadm config images list 可能会给一个错误的版本号
$ vim pull_image.sh
set -o errexit
set -o nounset
set -o pipefail
##这里定义版本,按照上面得到的列表自己改一下版本号
KUBE_VERSION=v1.26.9
KUBE_PAUSE_VERSION=3.9
ETCD_VERSION=3.5.6-0
# DNS_VERSION=1.8.4 # coredns需要特殊处理
##这是原始仓库名,最后需要改名成这个
GCR_URL=registry.k8s.io
##这里就是写你要使用的仓库
DOCKERHUB_URL=dyrnq
##这里是镜像列表,新版本要把coredns需要特殊处理
images=(
kube-proxy:${KUBE_VERSION}
kube-scheduler:${KUBE_VERSION}
kube-controller-manager:${KUBE_VERSION}
kube-apiserver:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd:${ETCD_VERSION}
# coredns:${DNS_VERSION} # coredns需要特殊处理
)
##这里是拉取和改名的循环语句
for imageName in ${images[@]} ; do
docker pull $DOCKERHUB_URL/$imageName
docker tag $DOCKERHUB_URL/$imageName $GCR_URL/$imageName
docker rmi $DOCKERHUB_URL/$imageName
done
手动下载 registry.k8s.io/coredns/coredns:v1.9.3 镜像,并 docker tag 为需要的镜像名称
# 将会输出
$ kubeadm config images list --image-repository registry.aliyuncs.com/google_containers
registry.aliyuncs.com/google_containers/kube-apiserver:v1.26.9
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.26.9
registry.aliyuncs.com/google_containers/kube-scheduler:v1.26.9
registry.aliyuncs.com/google_containers/kube-proxy:v1.26.9
registry.aliyuncs.com/google_containers/pause:3.9
registry.aliyuncs.com/google_containers/etcd:3.5.6-0
registry.aliyuncs.com/google_containers/coredns:v1.9.3
# 由于已经准备好了镜像
kubeadm init \
--apiserver-advertise-address=192.168.1.200 \
--kubernetes-version v1.26.8 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--cri-socket=unix:///var/run/cri-dockerd.sock \
--ignore-preflight-errors=all \
--image-repository dockerproxy.com/dyrnq
# --image-repository registry.aliyuncs.com/google_containers 将会从这里拉取镜像
# –apiserver-advertise-address:集群通告地址
# –image-repository:由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址
# –kubernetes-version:K8s版本,与上面安装的一致
# –service-cidr:集群内部虚拟网络,Pod统一访问入口
# –pod-network-cidr:Pod网络,与下面部署的CNI网络组件yaml中保持一致
# –cri-socket:指定cri-dockerd接口,如果是containerd则使用unix:///run/containerd/containerd.sock
这是需要的镜像,需要将这些镜像备份
dockerproxy.com/dyrnq/kube-apiserver v1.26.8 7613da0dee16 5 weeks ago 136MB dockerproxy.com/dyrnq/kube-controller-manager v1.26.8 24a828ec3f12 5 weeks ago 125MB dockerproxy.com/dyrnq/kube-scheduler v1.26.8 1a423d535e1e 5 weeks ago 57.5MB dockerproxy.com/dyrnq/kube-proxy v1.26.8 f4a367358e70 5 weeks ago 66.4MB dockerproxy.com/dyrnq/etcd 3.5.6-0 fce326961ae2 10 months ago 299MB dockerproxy.com/dyrnq/pause 3.9 e6f181688397 11 months ago 744kB dockerproxy.com/dyrnq/coredns v1.9.3 5185b96f0bec 16 months ago 48.8MB
初始化完成之后执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
- 添加工作节点
# 如果没有指定 cri-socket 将会抛出错误
$ kubeadm join 192.168.1.200:6443 --token fpprom.b1s6pmb0zsmegoak \
--discovery-token-ca-cert-hash sha256:483261e61e7bf1b2513d77305ca579901fd863e910b8b140b75a54b1aa99ca25
Found multiple CRI endpoints on the host. Please define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration file: unix:///var/run/containerd/containerd.sock, unix:///var/run/cri-dockerd.sock
To see the stack trace of this error execute with --v=5 or higher
# 指定 cri-socket
$ kubeadm join 192.168.1.200:6443 --token fpprom.b1s6pmb0zsmegoak \
--cri-socket=unix:///var/run/cri-dockerd.sock \
--discovery-token-ca-cert-hash sha256:483261e61e7bf1b2513d77305ca579901fd863e910b8b140b75a54b1aa99ca25
# 使用工作节点也能使用 kubectl 命令
$ mkdir ~/.kube
$ scp k8s-master1:/root/.kube/config ~/.kube/
- 添加网络插件CNI
wget https://docs.projectcalico.org/manifests/calico.yaml
kubectl apply -f calico.yaml
kubectl get pods -n kube-system
将会下载两个镜像
calico/cni v3.26.1 9dee260ef7f5 3 months ago 210MB calico/node v3.26.1 8065b798a4d6 3 months ago 246MB
- 收尾总结
集群搭建起来之后,安装好 calico 网络插件之后,工作节点将会下载几个镜像
| ImageName | Version | ImageID | CREATED | SIZE | 说明(猜测) |
|---|---|---|---|---|---|
| dockerproxy.com/dyrnq/kube-proxy | v1.26.8 | f4a367358e70 | 5 weeks ago | 66.4MB | proxy |
| calico/cni | v3.26.1 | 9dee260ef7f5 | 3 months ago | 210MB | 安装网络时下载 |
| calico/node | v3.26.1 | 8065b798a4d6 | 3 months ago | 246MB | 同上 |
| registry.aliyuncs.com/google_containers/pause | 3.7 | 221177c6082a | 18 months ago | 711kB | 安装cri-dockerd配置的参数,与cri-dockerd有关 |
- 安装一个 nginx 测试
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc
将会在目标机器上下载镜像.
- 安装 dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
kubectl apply -f recommended.yaml
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
kubectl create token dashboard-admin -n kubernetes-dashboard