部署环境准备
| ip | 主机名 |
|---|---|
| 100.100.137.200 | master01 |
| 100.100.137.201 | node01 |
| 100.100.137.202 | node02 |
主机配置
所有主机都需要配置
必备软件安装
cd /etc/yum.repos.d/
mkdir bak
mv CentOS-Base.repo CentOS-CR.repo CentOS-Debuginfo.repo CentOS-fasttrack.repo CentOS-Media.repo CentOS-Sources.repo CentOS-Vault.repo bak/
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum install -y wget
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install tree nmap dos2unix lrzsz nc lsof wget tcpdump htop iftop iotop sysstat nethogs -y
yum install psmisc net-tools bash-completion vim-enhanced -y
主机名配置
hostnamectl set-hostname master01
hostnamectl set-hostname node01
hostnamectl set-hostname node02
主机名与IP地址解析
cat >> /etc/hosts << EOF
100.100.137.200 master01
100.100.137.201 node01
100.100.137.202 node02
EOF
防火墙配置
systemctl stop firewalld
systemctl disable firewalld
SELINUX配置
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#' /etc/selinux/config
时间同步配置
timedatectl set-timezone Asia/Shanghai
yum install -y ntpdate
ntpdate ntp1.aliyun.com
配置内核转发及网桥过滤
cat >> /etc/sysctl.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
modprobe br_netfilter
lsmod | grep br_netfilter
sysctl -p /etc/sysctl.conf
安装ipset及ipvsadm
yum -y install ipset ipvsadm
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack
关闭SWAP分区
swapoff -a
安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce
systemctl restart docker
systemctl enable docker
systemctl status docker
配置文件:
cat >> /etc/docker/daemon.json <<-EOF
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl restart docker
部署kubeadm,kubectl,kubelet
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install kubeadm-1.23.9-0 kubectl-1.23.9-0 kubelet-1.23.9-0 -y
systemctl enable kubelet
cat > /etc/sysconfig/kubelet << EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF
初始化集群
查看集群初始化时候的默认配置
kubeadm config print init-defaults
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
imagePullPolicy: IfNotPresent
name: node
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: 1.23.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
注意:
可以重点关注,master和node的注释信息、镜像仓库和子网信息
这条命令可以生成定制的kubeadm.conf认证文件
检查指定版本的kubeadm所依赖的镜像版本
kubeadm config images list --kubernetes-version=v1.23.9
k8s.gcr.io/kube-apiserver:v1.23.9
k8s.gcr.io/kube-controller-manager:v1.23.9
k8s.gcr.io/kube-scheduler:v1.23.9
k8s.gcr.io/kube-proxy:v1.23.9
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6
提前准备好镜像再初始化
环境初始化命令
kubeadm init --kubernetes-version=1.23.9 \
--apiserver-advertise-address=100.100.137.200 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16
设定kubernetes的认证权限
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 NotReady control-plane,master 33s v1.23.9
添加node
进行环境初始化
kubeadm join 100.100.137.200:6443 --token yfm40j.lfxd07xwjc1kkkog \
--discovery-token-ca-cert-hash sha256:db0dffefcf22998f02632fa70d2e831785ac1ce09402cb1060ef0d50c1983449
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 NotReady control-plane,master 101s v1.23.9
node01 NotReady <none> 13s v1.23.9
node02 NotReady <none> 9s v1.23.9
网络环境配置
插件环境部署
创建基本目录
mkdir /data/kubernetes/flannel -p
cd /data/kubernetes/flannel
获取配置文件
wget https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
获取相关镜像
grep image kube-flannel.yml | grep -v '#'
image: ghcr.io/flannel-io/flannel-cni-plugin:v1.6.2-flannel1
image: ghcr.io/flannel-io/flannel:v0.26.7
image: ghcr.io/flannel-io/flannel:v0.26.7
备份配置文件
cp kube-flannel.yml{,.bak}
修改pod ip段,需要和初始化时指定的pod ip 段一样
vim kube-flannel.yml
net-conf.json: |
{
"Network": "10.244.0.0/16",
"EnableNFTables": false,
"Backend": {
"Type": "vxlan"
}
}
kubectl apply -f kube-flannel.yml
kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-64897985d-v9kjz 1/1 Running 0 10m
coredns-64897985d-wdqr7 1/1 Running 0 10m
etcd-master01 1/1 Running 0 10m
kube-apiserver-master01 1/1 Running 0 10m
kube-controller-manager-master01 1/1 Running 0 10m
kube-proxy-79b87 1/1 Running 0 9m19s
kube-proxy-7l4ff 1/1 Running 0 9m23s
kube-proxy-glxrc 1/1 Running 0 10m
kube-scheduler-master01 1/1 Running 0 10m
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 Ready control-plane,master 10m v1.23.9
node01 Ready <none> 9m26s v1.23.9
node02 Ready <none> 9m22s v1.23.9
kubectl命令补全
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
echo "source <(kubeadm completion bash)" >> ~/.bashrc
source ~/.bashrc