k8s1.30安装基于kubeadm
| 主机名 | IP地址 | 服务器资源 | 服务器版本 |
|---|---|---|---|
| k8s-master | 192.168.100.11 | 2C\2G 100G | RockyLinux-8.1 |
| k8s-node1 | 192.168.100.12 | 2C\2G 100G | RockyLinux-8.1 |
| k8s-node2 | 192.168.100.13 | 2C\2G 100G | RockyLinux-8.1 |
#所有主机关闭防火墙和安全机制
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/enforcing/disabled/' /etc/selinux/config
#所有主机关闭交换分区
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
#所有修改主机名
hostnamectl set-hostname k8s-master01 && bash
hostnamectl set-hostname k8s-node01 && bash
hostnamectl set-hostname k8s-node02 && bash
#所有主机配置hosts文件
cat >> /etc/hosts << EOF
192.168.100.11 k8s-master01
192.168.100.12 k8s-node01
192.168.100.13 k8s-node02
EOF
#所有主机配置免密登录
ssh-keygen
ssh-copy-id k8s-master01
ssh-copy-id k8s-node01
ssh-copy-id k8s-node02
#所有主机更换阿里源
# 将系统自带的源地址备份并换成阿里源
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
-i.bak \
/etc/yum.repos.d/[Rr]ocky*.repo
yum clean all
yum makecache
#所有主机安装常用的安装包
yum install -y yum-utils wget vim
#所有主机开启IPv4 流量转发功能
yum install -y ipvsadm
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
# 加载 bridge
yum install -y epel-release
yum install -y bridge-utils
modprobe br_netfilter
echo 'br_netfilter' >> /etc/modules-load.d/bridge.conf
echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf
sysctl -p
#所有主机做时间同步
timedatectl set-timezone Asia/Shanghai
#所有主机同步硬件时间
hwclock --systohc
#所有主机下载dcoker源
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum makecache
#所有主机安装dcoker-ce
yum install docker-ce -y
systemctl enable --now docker
#所有主机配置docker加速
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://swr.cn-north-4.myhuaweicloud.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#所有主机重启docker
systemctl daemon-reload
systemctl restart docker.service
#安装cri-docker
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.9/cri-dockerd-0.3.9.amd64.tgz
tar -xf cri-dockerd-0.3.9.amd64.tgz
cp cri-dockerd/cri-dockerd /usr/bin/
chmod +x /usr/bin/cri-dockerd
# 配置 cri-docker 服务
cat <<"EOF" > /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
# 添加 cri-docker 套接字
cat <<"EOF" > /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
# 启动 cri-docker 对应服务
systemctl daemon-reload
systemctl enable cri-docker
systemctl start cri-docker
systemctl is-active cri-docker
k8s1.23.7以后的版本对容器运行时接口(CRI)的支持策略有所改变,所以不在支持直接使用docker作为容器的运行时,如果想要继续使用需要安装cri-docker,因为它可以支持新版CRI标准
#配置kubenetes源
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.30/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.30/rpm/repodata/repomd.xml.key
EOF
#安装kubeadm(先用 yum list --showduplicates kubelet查看有哪些版本 )
yum -y install kubelet-1.30.0-150500.1.1 kubeadm-1.30.0-150500.1.1 kubectl-1.30.0-150500.1.1
systemctl enable kubelet
#初始化集群
kubeadm init \
--apiserver-advertise-address=192.168.200.11 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.30.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--cri-socket=unix:///var/run/cri-dockerd.sock \
--ignore-preflight-errors=all
–apiserver-advertise-address:指定master节点的IP。
–image-repository:初始化拉取的镜像的地址如:kube - apiserver、kube - controller - manager等镜像 。
–service-cidr:当在集群中创建一个Service对象时,会从这个指定的CIDR(无类别域间路由)范围中分配一个虚拟 IP 地址(ClusterIP)。
–pod-network-cidr:这个参数指定了 Pod 的网络地址范围。
–cri-socket:Kubernetes :与容器运行时交互的接口,如:Containerd、CRI-O、cRI-Docker。
–ignore-preflight-errors: 忽略所有的预检查错误,一般用于测试环境(生产环境谨慎使用)。
#在master节点执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
将admin.conf文件拷贝到当前用户的家目录下的.kube/config目录中,并将属主和属组设置位当前用户,方便在自己的权限下使用配置文件来访问 Kubernetes 集群。
#在两个node上执行,将node加入集群
kubeadm join 192.168.100.11:6443 --token tpzj83.tdmf66aaa2b2jlxf \
--discovery-token-ca-cert-hash sha256:a4efdd811dc75a304d53ad9a8db3d803df0ee9fd66e4a495cccd13255d47dedb --cri-socket=unix:///var/run/cri-dockerd.sock
#在master节点查看
kubectl get node
#配置网络
wget https://docs.projectcalico.org/manifests/calico.yaml
#修改网段和拉去镜像地址
sed -i s/192.168.0.0/10.244.0.0/g calico.yaml #去掉#号
sed -i 's/docker.io/swr.cn-north-4.myhuaweicloud.com\/ddn-k8s\/docker.io/g' calico.yaml
4568 - name: IP_AUTODETECTION_METHOD
4569 value: "interface=ens32" #修改为自己的网卡名称
#运行calico.yaml文件
kubectl apply -f calico.yaml
#等待所有pod启动
kubectl get pod -A -w
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
