安装k8s集群
安装k8s集群
简介
配置密钥免密登录
生成秘钥对
1
ssh-keygen -t rsa
复制公钥到子节点服务器
1
ssh-copy-id root@10.0.0.201
可以使用sshpass工具以非交互式方式配置,省去了每次都要输入密码的烦恼。
1
dnf install sshpass -y
然后使用:
1
sshpass -p "123123" ssh-copy-id root@10.0.0.201
主子节点互通
规划主机名
| 序号 | 主机IP | 主机名规划 |
|---|---|---|
| 1 | 10.0.0.200 | master |
| 2 | 10.0.0.201 | node1 |
| 3 | 10.0.0.202 | node2 |
| 4 | 10.0.0.203 | node3 |
| 5 | 10.0.0.210 | register |
1
hostnamectl set-hostname master
配置主机名
先看一下原来的:
使用hostnamectl set-hostname修改主节点和子节点
修改后的:
配置host解析
1
2
3
4
5
6
7
8
9
for i in {1..3}
do
ssh root@10.1.1.20$i 'cat <<EOF >> /etc/hosts
10.1.1.200 master
10.1.1.201 node1
10.1.1.202 node2
10.1.1.203 node3
EOF'
done
然后使用子节点ping主节点:
1
yum install -y yum-utils device-mapper-persistent-data lvm2
系统配置
永久关闭selinux
1
sed -i 's/.*SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
关闭swap(所有主机操作)
临时禁用使用:
swapoff -a
1
sed -i 's/.*swap.*/#&/' /etc/fstab
开放防火墙
主节点机器
1
2
3
4
5
6
7
8
sudo firewall-cmd --permanent --add-port=6443/tcp
sudo firewall-cmd --permanent --add-port=2379-2380/tcp
sudo firewall-cmd --permanent --add-port=10250/tcp
sudo firewall-cmd --permanent --add-port=10251/tcp
sudo firewall-cmd --permanent --add-port=10259/tcp
sudo firewall-cmd --permanent --add-port=10257/tcp
sudo firewall-cmd --permanent --add-port=179/tcp
sudo firewall-cmd --permanent --add-port=4789/udp
1
sudo firewall-cmd --reload
子节点
1
2
3
4
sudo firewall-cmd --permanent --add-port=179/tcp
sudo firewall-cmd --permanent --add-port=10250/tcp
sudo firewall-cmd --permanent --add-port=30000-32767/tcp
sudo firewall-cmd --permanent --add-port=4789/udp
1
sudo firewall-cmd --reload
网络参数调整
配置 iptables 参数,使得流经网桥的流量也经过 iptables/netfilter 防火墙:
1
2
3
4
5
cat >> /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
执行以下命令使配置生效:
1
2
3
modprobe br_netfilter
modprobe overlay
sysctl -p /etc/sysctl.d/k8s.conf
安装CRI环境(所有主机操作)
CRI-O
1
2
3
4
5
6
7
8
cat <<EOF | sudo tee /etc/yum.repos.d/cri-o.repo
[cri-o]
name=CRI-O
baseurl=https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/rpm/repodata/repomd.xml.key
EOF
1
sudo dnf install cri-o -y
安装kubernetes(all)
1
2
3
4
5
6
7
8
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/repodata/repomd.xml.key
EOF
1
2
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
初始化集群
主节点初始化
1
2
3
4
5
6
kubeadm init --kubernetes-version=1.28.15 \
--apiserver-advertise-address=10.1.1.200 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=Swap \
--cri-socket=unix:///var/run/crio/crio.sock
子节点加入
1
2
3
kubeadm join 10.1.1.200:6443 --token k20g6d.xopyi08bg9ysgb09 \
--discovery-token-ca-cert-hash sha256:8ef65a50cc9b5ad13f7c900fa70d0f95228a5b9c2f5e187bbf2137e72472d197 \
--cri-socket=unix:///var/run/cri-dockerd.sock
配置kubectl(master)
1
2
3
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
配置网络插件(master)
1
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml && kubectl apply -f kube-flannel.yml
验证是否启动成功:
1
2
3
4
5
6
/opt/etcd/bin/etcdctl \
--cacert=ca.pem \
--cert=server.pem \
--key=server-key.pem \
--endpoints="https://192.168.146.130:2379,https://192.168.146.142:2379,https://192.168.146.139:2379" \
put /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'
节点安装docker
1
yum install docker-ce -y
修改docker的启动配置:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=/run/flannel/subnet.env
ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
开启:modprobe br_netfilter
然后启动flannel后重启docker
api-server组件
证书
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
[root@master1 k8s]# cat ca-csr.json
{
"CN": "Kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Portland",
"O": "Kubernetes",
"OU": "CA",
"ST": "Oregon"
}
]
}
[root@master1 k8s]# cat ca-csr.json
{
"CN": "Kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Portland",
"O": "Kubernetes",
"OU": "CA",
"ST": "Oregon"
}
]
}
[root@master1 k8s]# cat server-csr.json
{
"CN": "kubernetes",
"hosts": [
"10.0.0.1",
"127.0.0.1",
"192.168.146.130",
"192.168.146.142",
"192.168.146.139",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Portland",
"O": "Kubernetes",
"OU": "Kubernetes The Hard Way",
"ST": "Oregon"
}
]
}
本文由作者按照
CC BY 4.0
进行授权