k8s-1.26.2 kubeadmin【傻瓜式集群搭建】
1.环境准备
1.1硬件资源准备
1.每台机器 2 GB 或更多的 RAM(如果少于这个数字将会影响你应用的运行内存)。 CPU 2 核心及以上。
1.2软件环境准备
1.更新yum源 并将yum源设置成国内镜像
1.1备份yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
1.2 下载国内yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
1.3更新yum源
yum clean all &&yum makecache && yum update -y
2.安装依赖软件包
yum install -y ipvsadm ipset sysstat conntrack libseccomp wget vim ntpdate
3.配置机器hostname互通
vim /etc/hosts
4.关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
5.禁用SELinux,让容器可以顺利地读取主机文件系统
setenforce 0
sed -i ‘s/enforcing/disabled/’ /etc/selinux/config
6.禁用swap分区
swapoff -a
sed -ri ‘s/.swap./#&/’ /etc/fstab
7.时间同步
ntpdate time.windows.com
8.转发 IPv4 并让 iptables 看到桥接流量
参考文档: https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/#%E8%BD%AC%E5%8F%91-ipv4-%E5%B9%B6%E8%AE%A9-iptables-%E7%9C%8B%E5%88%B0%E6%A1%A5%E6%8E%A5%E6%B5%81%E9%87%8F
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
应用 sysctl 参数而不重新启动
sudo sysctl --system
通过运行以下指令确认 br_netfilter 和 overlay 模块被加载:
lsmod | grep br_netfilter
lsmod | grep overlay
通过运行以下指令确认 net.bridge.bridge-nf-call-iptables、net.bridge.bridge-nf-call-ip6tables 和 net.ipv4.ip_forward 系统变量在你的 sysctl 配置中被设置为 1:
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
2.安装容器运行时
添加docker源
curl -L -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装containerd
yum install -y containerd.io
创建默认配置文件
containerd config default > /etc/containerd/config.toml
#设置aliyun地址,不设置会连接不上
sed -i “s#registry.k8s.io/pause#registry.aliyuncs.com/google_containers/pause#g” /etc/containerd/config.toml
#设置驱动为systemd
sed -i ‘s/SystemdCgroup = false/SystemdCgroup = true/g’ /etc/containerd/config.toml
#设置dicker地址为aliyun镜像地址
vi /etc/containerd/config.toml
[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“docker.io”]
endpoint = [“https://5bw6vug4.mirror.aliyuncs.com”]
#配置开机自启动
systemctl daemon-reload
systemctl enable --now containerd
systemctl restart containerd
3.安装kubectl.kubelet.kubeadm
使用国内yum源安装kubectl kubeadm kubelet
cat << EOF >> /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl
启动Kubectl
systemctl enable kubelet && systemctl start kubelet
4.开始创建集群
使用kubeadmin初始化控制平面组件
kubeadm init --apiserver-advertise-address=192.168.229.110
–image-repository registry.aliyuncs.com/google_containers
–pod-network-cidr=10.72.0.0/16
执行初始化后的提示命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown
(
i
d
−
u
)
:
(id -u):
(id−u):(id -g) $HOME/.kube/config
子节点执行token
kubeadm join 192.168.229.110:6443 --token uhf1zd.k9ypmsgfyxqod09g
–discovery-token-ca-cert-hash sha256:28b9126b4379218eaeef50104e7ba4cdd306ff1454d813608c77d674ae32821c
不要急着启动
查看节点状态
kubectl get pods -A 发现网络插件未初始化
安装calico网络插件在主节点上
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/tigera-operator.yaml
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml
watch kubectl get pods -n calico-system
将工作节点加入到集群。在work节点执行命令
kubeadm join 192.168.229.110:6443 --token uhf1zd.k9ypmsgfyxqod09g
–discovery-token-ca-cert-hash sha256:28b9126b4379218eaeef50104e7ba4cdd306ff1454d813608c77d674ae32821c
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
