一、硬件环境准备
| 序号 | ip | 系统版本 | hostname | 节点类型 |
|---|---|---|---|---|
| 1 | 100.73.155.225 | CentOS 7.9.2009 (Core) | for-k8s | Master |
| 2 | 100.73.155.164 | CentOS 7.9.2009 (Core) | for-k8s-1 | node |
二、系统软件环境预置
1、设置所有节点的hosts
cat >>/etc/hosts<<EOF
100.73.155.225 for-k8s
100.73.155.164 for-k8s-1
EOF
2、关闭所有节点的防火墙、selinux、dnsmasq、swap
#关闭防火墙
systemctl disable --now firewalld
#关闭dnsmasq
systemctl disable --now dnsmasq
#关闭postfix
systemctl disable --now postfix
#关闭NetworkManager
systemctl disable --now NetworkManager
#关闭selinux
sed -ri 's/(^SELINUX=).*/\1disabled/' /etc/selinux/config
setenforce 0
#关闭swap
sed -ri 's@(^.*swap *swap.*0 0$)@#\1@' /etc/fstab
swapoff -a
3、配置所有节点时间同步
#安装ntpdate,需配置yum源
yum install ntpdate -y
#执行同步,可以使用自己的ntp服务器如果没有
ntpdate time2.aliyun.com
#写入定时任务
echo "*/5 * * * * ntpdate time2.aliyun.com" > /var/spool/cron/root
4、所有节点修改资源限制
cat > /etc/security/limits.conf <<EOF
* soft core unlimited
* hard core unlimited
* soft nproc 1000000
* hard nproc 1000000
* soft nofile 1000000
* hard nofile 1000000
* soft memlock 32000
* hard memlock 32000
* soft msgqueue 8192000
EOF
5、配置kubernetes的yum源
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
#测试
yum list --showduplicates | grep kubeadm
6、解决iptables导致流量无法正确路由的问题
echo """
vm.swappiness = 0
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
""" > /etc/sysctl.conf
sysctl -p
7、安装Docker
#卸载旧版本
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
#配置docker下载的yum源
yum install -y yum-utils
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
#安装docker
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
#或者通过指定版本安装docker
#查看docker版本
#yum list docker-ce --showduplicates | sort -r
#yum install docker-ce-18.06.1 docker-ce-cli-18.06.1 containerd.io docker-compose-plugin
#启动docker
systemctl enable --now docker
#验证docker安装成功
docker run hello-world
#配置docker的cgroupdriver及仓库
cat >/etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://ftoplrr2.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl restart docker
8、安装kubeadm、kubelet、kubectl
yum install kubeadm-1.23.1-0 kubelet-1.23.1-0 kubectl-1.23.1-0 -y
9、下载所需要的镜像
#下载所需要的镜像
for i in `kubeadm config images list`; do
imageName=${i#k8s.gcr.io/}
imageName=${imageName#coredns/}
docker pull registry.aliyuncs.com/google_containers/$imageName
docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
docker rmi registry.aliyuncs.com/google_containers/$imageName
done;
10、设置kubelet的cgroup-driver
#设置kubelet
cat >/etc/sysconfig/kubelet<<EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF
#重启kubelet
systemctl daemon-reload && systemctl restart kubelet && systemctl enable kubelet
三、Master节点初始化
1、kubeadm初始化
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.0 --apiserver-advertise-address=100.73.155.225
#完成之后有如下结果
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 100.73.155.225:6443 --token vt9wmi.giouwh3th16drceb \
--discovery-token-ca-cert-hash sha256:09b75750280dcbd9d0b106539f30a9dff81c814e40b84b253cfbf6d49152721b
2、拷贝kubeconfig
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
3、安装calico CNI插件
yum install -y wget && wget https://docs.projectcalico.org/manifests/calico.yaml --no-check-certificate
kubectl apply -f calico.yaml
四、Node节点加入集群
1、加入master
mkdir $HOME/.kube
# 将主节点配置文件复制到本节点
scp -r root@100.73.155.225:/$HOME/.kube/config $HOME
kubeadm join 100.73.155.225:6443 --token vt9wmi.giouwh3th16drceb \
--discovery-token-ca-cert-hash sha256:09b75750280dcbd9d0b106539f30a9dff81c814e40b84b253cfbf6d49152721b
五、查询k8s集群状态
1、查询node节点状态
[root@for-k8s ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
for-k8s Ready control-plane,master 129m v1.23.1 100.73.155.225 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.17
for-k8s-1 Ready <none> 102m v1.23.1 100.73.155.164 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.17
2、查询pod状态
[root@for-k8s ~]# kubectl get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-6b77fff45-9cl9m 1/1 Running 0 63m
kube-system calico-node-6rm5r 1/1 Running 0 63m
kube-system calico-node-7xb8l 1/1 Running 0 63m
kube-system coredns-6d8c4cb4d-sstj5 1/1 Running 0 129m
kube-system coredns-6d8c4cb4d-wdrrr 1/1 Running 0 129m
kube-system etcd-for-k8s 1/1 Running 0 129m
kube-system kube-apiserver-for-k8s 1/1 Running 0 129m
kube-system kube-controller-manager-for-k8s 1/1 Running 0 129m
kube-system kube-proxy-vqn76 1/1 Running 0 129m
kube-system kube-proxy-xmdv9 1/1 Running 0 102m
kube-system kube-scheduler-for-k8s 1/1 Running 0 129m
3、设置master节点支持调度pod
[root@for-k8s ~]# kubectl taint nodes --all node-role.kubernetes.io/master-
taint "node-role.kubernetes.io/master" not found
taint "node-role.kubernetes.io/master" not found
至此, 通过kubeadm工具就实现了Kubernetes集群的快速搭建。 如果安装失败, 则可以执行kubeadm reset命令将主机恢复原状, 重新执行kubeadm init,或者kubeadm join命令, 再次进行安装。
References:
