master节点
初始化系统配置
cat << EOF >>/etc/hosts
172.21.0.11 test-master k8s-endpoint
172.21.0.6 test-worker-1
172.21.0.10 test-worker-2
EOF
设置主机名
hostnamectl set-hostname test-master
添加模块配置
cat << EOF > /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
修改内核配置
cat << EOF > /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
user.max_user_namespaces=28633
EOF
sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf
开启ipvs
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack_ipv4
cat > /etc/modules-load.d/ipvs.conf <<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
EOF
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
lsmod | grep -e ip_vs -e nf_conntrack
安装相关依赖工具
yum install -y ipset ipvsadm
wget https://github.com/containerd/containerd/releases/download/v1.7.9/containerd-1.7.9-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-1.7.9-linux-amd64.tar.gz
wget https://github.com/opencontainers/runc/releases/download/v1.1.9/runc.amd64
install -m 755 runc.amd64 /usr/local/sbin/runc
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
sed -i 's/ SystemdCgroup = false/ SystemdCgroup = true/' /etc/containerd/config.toml
sed -i 's/ sandbox_image = \"registry.k8s.io\/pause\:3.8\"/ sandbox_image = "registry.aliyuncs.com\/google_containers\/pause:3.9\"/' /etc/containerd/config.toml
修改container通过systemd启动文件
cat << EOF > /etc/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
#uncomment to enable the experimental sbservice (sandboxed) version of containerd/cri integration
#Environment="ENABLE_CRI_SANDBOXES=sandboxed"
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
加载文件
systemctl daemon-reload
systemctl enable containerd --now
systemctl status containerd
下载crictl工具
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.28.0/crictl-v1.28.0-linux-amd64.tar.gz
tar -zxvf crictl-v1.28.0-linux-amd64.tar.gz
install -m 755 crictl /usr/local/bin/crictl
crictl --runtime-endpoint=unix:///run/containerd/containerd.sock version
安装kubeadm依赖工具
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum makecache
yum list kubelet --showduplicates | sort -r |grep 1.28
yum install -y kubectl kubelet kubeadm
systemctl enable kubelet
systemctl status kubelet
生成kubeadm配置文件
cat << EOF >kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 172.21.0.11 #master节点IP
bindPort: 6443
nodeRegistration:
criSocket: unix:///run/containerd/containerd.sock
taints:
- effect: PreferNoSchedule
key: node-role.kubernetes.io/master
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: 1.28.9 #计划部署的k8s版本
imageRepository: registry.aliyuncs.com/google_containers #修改国内镜像源
networking:
podSubnet: 10.244.0.0/16 #规划的pod地址
serviceSubnet: 192.168.0.0/22 #规划的svc地址
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
failSwapOn: false
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs #定义ipvs模式
EOF
预先下载镜像
kubeadm config images pull --config kubeadm.yaml
初始化k8s集群
kubeadm init --config kubeadm.yaml
如果显示下面的信息表示初始化完成
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
kubeadm join 172.21.0.11:6443 --token qv1t80.9kwe0zqxc1zc1yvj \
--discovery-token-ca-cert-hash sha256:8f95ae62ab16038ecc4286abea2e573e0d4ccf7a1c7b32b691db40da49da9163 \
--control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.21.0.11:6443 --token qv1t80.9kwe0zqxc1zc1yvj \
--discovery-token-ca-cert-hash sha256:8f95ae62ab16038ecc4286abea2e573e0d4ccf7a1c7b32b691db40da49da9163
验证集群状态
# 初始化后需要等几分钟待核心组件启动完成后再执行下面命令
kubectl get nodes
kubectl get cs
kubectl status containerd
node节点加入集群
kubeadm join 172.21.0.11:6443 --token qv1t80.9kwe0zqxc1zc1yvj \
--discovery-token-ca-cert-hash sha256:8f95ae62ab16038ecc4286abea2e573e0d4ccf7a1c7b32b691db40da49da9163
安装helm工具
wget https://get.helm.sh/helm-v3.12.3-linux-amd64.tar.gz
tar -zxvf helm-v3.12.3-linux-amd64.tar.gz
install -m 755 linux-amd64/helm /usr/local/bin/helm
安装metrics-server
wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
编辑components.yaml
# 编辑对应配置
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=10250
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls #添加此行内容
image: registry.aliyuncs.com/google_containers/metrics-server:v0.7.1 #修改为国内镜像仓库地址
部署metrics-server
kubectl apply -f components.yaml
验证
kubectl top node
kubectl top pod
下载 k8s dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
修改配置recommended.yaml
---
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001 #定义端口
type: NodePort #定义类型
selector:
k8s-app: kubernetes-dashboard
部署并验证
kubectl apply -f recommended.yaml
kubectl get pods,svc -n kubernetes-dashboard
创建用户
wget https://raw.githubusercontent.com/cby-chen/Kubernetes/main/yaml/dashboard-user.yaml
kubectl apply -f dashboard-user.yaml
kubectl -n kubernetes-dashboard create token admin-user
网友评论