软件 | 版本 | 备注 |
|---|---|---|
操作系统 | Centos7.9 | |
kubernetes | 1.29.0 | |
docker | 24.0.7 | |
角色 | IP | 备注 |
k8s-master | 192.168.8.8 | master |
k8s-node01 | 192.168.8.9 | node1 |
k8s-node02 | 192.168.8.10 | node2 |
1.配置主机名(三台分别执行)
# 根据规划设置主机名【master节点上操作】
hostnamectl set-hostname k8s-master
# 根据规划设置主机名【node01节点操作】
hostnamectl set-hostname k8s-node01
# 根据规划设置主机名【node02节点操作】
hostnamectl set-hostname k8s-node02
2.hosts文件添加内容(三台)
vi /etc/hosts
192.168.20.10 k8s-master
192.168.20.11 k8s-node1
192.168.20.12 k8s-node2
3.关闭防火墙和selinux(三台)
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
4.时间同步配置(三台)
yum install chrony -y
systemctl start chronyd && systemctl enable chronyd && chronyc sources
5.配置内核路由转发及网桥过滤(三台)
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
vm.swappiness=0
EOF
sysctl --system
# 加载br_netfilter模块
modprobe br_netfilter
lsmod |grep br_netfilter
6.配置ipvs转发(三台)
yum -y install ipset ipvsadm
# 配置ipvsadm模块加载方式
# 添加需要加载的模块
mkdir -p /etc/sysconfig/ipvsadm
cat > /etc/sysconfig/ipvsadm/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
7.关闭swap分区(三台)
sed -ri 's/.*swap.*/#&/' /etc/fstab
swapoff -a
grep swap /etc/fstab
8.安装docker(三台)
为什么要安装docker和ci-dockerd?
Kubernetes v1.24移除docker-shim的支持,而Docker Engine默认又不支持CRI标准,因此二者默认无法再直接集成。为此,Mirantis和Docker联合创建了cri-dockerd项目,用于为Docker Engine提供一个能够支持到CRI规范的桥梁,从而能够让Docker作为Kubernetes容器引擎。
yum -y install wget
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
# 配置cgroup驱动及镜像下载加速器:
vi /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://rsbud4vc.mirror.aliyuncs.com",
"https://registry.docker-cn.com",
"https://docker.mirrors.ustc.edu.cn",
"https://dockerhub.azk8s.cn",
"http://hub-mirror.c.163.com"
]
}
systemctl enable docker
systemctl start docker
systemctl status docker
docker info|grep systemd
9.安装cri-dockerd(三台)
# 下载安装最新版的cri-dockerd
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.9/cri-dockerd-0.3.9.amd64.tgz
tar xf cri-dockerd-0.3.9.amd64.tgz
mv cri-dockerd/cri-dockerd /usr/bin/
rm -rf cri-dockerd cri-dockerd-0.3.9.amd64.tgz
# 配置启动项
cat > /etc/systemd/system/cri-docker.service<<EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --pod-infra-container-image=registry.k8s.io/pause:3.9 --container-runtime-endpoint fd://
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
cat > /etc/systemd/system/cri-docker.socket <<EOF
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
systemctl daemon-reload
systemctl enable cri-docker
systemctl start cri-docker
systemctl status cri-docker
10.安装k8s(三台)
# 配置k8s源
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/
enabled=1
gpgcheck=0
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/repodata/repomd.xml.key
EOF
yum install -y kubelet kubeadm kubectl
我自己做了一个文件服务器
里面有k8s的镜像和calico网络插件的镜像
直接wget 192.168.207.191/k8s-1.29.0.tar
wget 192.168.207.191/k8s-calico-3.27.0.tar
docker load -i k8s-calico-3.27.0.tar
初始化集群(只在主节点执行)
kubeadm init \
--apiserver-advertise-address 192.168.20.10 \
--kubernetes-version v1.29.0 \
--pod-network-cidr=10.244.0.0/16 \
--cri-socket=unix:///var/run/cri-dockerd.sock
执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
上图中下面勾画的是其他节点加入集群的命令
如果没保存好,可以重新生成一个命令注意,末尾需加入(--cri-socket=unix:///var/run/cri-dockerd.sock)
kubeadm token create --ttl 0 --print-join-command
其他节点加入集群
kubeadm join 192.168.20.10:6443 --token qaetu9.n6gv7rd897i9yjrn --discovery-token-ca-cert-hash sha256:7b8ec9f86189c69406a75349f61e5b6d419e643bd636f7d0e119d53121a3a41a --cri-socket=unix:///var/run/cri-dockerd.sock
11.部署容器网络(主)
wget https://github.com/projectcalico/calico/blob/v3.27.0/manifests/calico.yaml
下载完后还需要修改里面定义Pod网络(CALICO_IPV4POOL_CIDR),与前面kubeadm init的 --pod-network-cidr指定的一样
vi calico.yaml
kubectl apply -f calico.yaml
kubectl get pods -A -o wide
kubectl get nodes -o wide
