文章

安装k8s集群

安装k8s集群

简介

image.png

配置密钥免密登录

生成秘钥对

1
ssh-keygen -t rsa

复制公钥到子节点服务器

1
ssh-copy-id root@10.0.0.201

可以使用sshpass工具以非交互式方式配置,省去了每次都要输入密码的烦恼。

1
dnf install sshpass -y

然后使用:

1
sshpass -p "123123" ssh-copy-id root@10.0.0.201

主子节点互通

规划主机名

序号 主机IP 主机名规划
1 10.0.0.200 master
2 10.0.0.201 node1
3 10.0.0.202 node2
4 10.0.0.203 node3
5 10.0.0.210 register
1
hostnamectl set-hostname master

配置主机名

先看一下原来的:

QQ_1733319583914

使用hostnamectl set-hostname修改主节点和子节点

修改后的:

QQ_1733319766780

配置host解析

1
2
3
4
5
6
7
8
9
for i in {1..3}                                          
do                                 
ssh root@10.1.1.20$i 'cat <<EOF >> /etc/hosts
10.1.1.200 master  
10.1.1.201 node1
10.1.1.202 node2  
10.1.1.203 node3  
EOF'           
done

QQ_1733320554968

然后使用子节点ping主节点:

QQ_1733320608536

1
yum install -y yum-utils device-mapper-persistent-data lvm2

系统配置

永久关闭selinux

1
sed -i 's/.*SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

关闭swap(所有主机操作)

临时禁用使用:swapoff -a

1
sed -i 's/.*swap.*/#&/' /etc/fstab

开放防火墙

主节点机器

1
2
3
4
5
6
7
8
sudo firewall-cmd --permanent --add-port=6443/tcp
sudo firewall-cmd --permanent --add-port=2379-2380/tcp
sudo firewall-cmd --permanent --add-port=10250/tcp
sudo firewall-cmd --permanent --add-port=10251/tcp
sudo firewall-cmd --permanent --add-port=10259/tcp
sudo firewall-cmd --permanent --add-port=10257/tcp
sudo firewall-cmd --permanent --add-port=179/tcp
sudo firewall-cmd --permanent --add-port=4789/udp
1
sudo firewall-cmd --reload

子节点

1
2
3
4
sudo firewall-cmd --permanent --add-port=179/tcp
sudo firewall-cmd --permanent --add-port=10250/tcp
sudo firewall-cmd --permanent --add-port=30000-32767/tcp
sudo firewall-cmd --permanent --add-port=4789/udp
1
sudo firewall-cmd --reload

网络参数调整

image.png

配置 iptables 参数,使得流经网桥的流量也经过 iptables/netfilter 防火墙:

1
2
3
4
5
cat >> /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

执行以下命令使配置生效:

1
2
3
modprobe br_netfilter
modprobe overlay
sysctl -p /etc/sysctl.d/k8s.conf

安装CRI环境(所有主机操作)

CRI-O

1
2
3
4
5
6
7
8
cat <<EOF | sudo tee /etc/yum.repos.d/cri-o.repo  
[cri-o]  
name=CRI-O  
baseurl=https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/rpm/  
enabled=1  
gpgcheck=1  
gpgkey=https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/rpm/repodata/repomd.xml.key  
EOF
1
sudo dnf install cri-o -y

安装kubernetes(all)

1
2
3
4
5
6
7
8
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/repodata/repomd.xml.key
EOF
1
2
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet

初始化集群

主节点初始化

1
2
3
4
5
6
kubeadm init --kubernetes-version=1.28.15 \
--apiserver-advertise-address=10.1.1.200 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=Swap \
--cri-socket=unix:///var/run/crio/crio.sock  

子节点加入

1
2
3
kubeadm join 10.1.1.200:6443 --token k20g6d.xopyi08bg9ysgb09 \
        --discovery-token-ca-cert-hash sha256:8ef65a50cc9b5ad13f7c900fa70d0f95228a5b9c2f5e187bbf2137e72472d197 \
        --cri-socket=unix:///var/run/cri-dockerd.sock

配置kubectl(master)

1
2
3
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

配置网络插件(master)

1
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml && kubectl apply -f kube-flannel.yml

QQ_1733404257138

验证是否启动成功:

1
2
3
4
5
6
/opt/etcd/bin/etcdctl \
--cacert=ca.pem \
--cert=server.pem \
--key=server-key.pem \
--endpoints="https://192.168.146.130:2379,https://192.168.146.142:2379,https://192.168.146.139:2379" \
put /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'  

节点安装docker

1
yum install docker-ce -y

修改docker的启动配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=/run/flannel/subnet.env
ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

开启:modprobe br_netfilter

然后启动flannel后重启docker

api-server组件

证书

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
[root@master1 k8s]# cat ca-csr.json
{
  "CN": "Kubernetes",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "US",
      "L": "Portland",
      "O": "Kubernetes",
      "OU": "CA",
      "ST": "Oregon"
    }
  ]
}
[root@master1 k8s]# cat ca-csr.json 
{
  "CN": "Kubernetes",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "US",
      "L": "Portland",
      "O": "Kubernetes",
      "OU": "CA",
      "ST": "Oregon"
    }
  ]
}
[root@master1 k8s]# cat server-csr.json 
{
  "CN": "kubernetes",
  "hosts": [
    "10.0.0.1",
    "127.0.0.1",
    "192.168.146.130",
    "192.168.146.142",
    "192.168.146.139",
    "kubernetes",
    "kubernetes.default",
    "kubernetes.default.svc",
    "kubernetes.default.svc.cluster",
    "kubernetes.default.svc.cluster.local"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "US",
      "L": "Portland",
      "O": "Kubernetes",
      "OU": "Kubernetes The Hard Way",
      "ST": "Oregon"
    }
  ]
}
本文由作者按照 CC BY 4.0 进行授权