系统环境设置
# 安装docker所需的工具yum install -y yum-utils device-mapper-persistent-data lvm2 # 配置阿里云的docker源yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # 查看docker 版本╰─# yum list docker-ce showduplicates | sort -r * updates: mirrors.aliyun.com Loading mirror speeds from cached hostfile Loaded plugins: fastestmirror Installed Packages * extras: mirrors.aliyun.com docker-ce.x86_64 3:20.10.17-3.el7 @docker-ce-stable * base: mirrors.aliyun.com # 指定安装这个版本的docker-ceyum install -y docker-ce-3:20.10.17-3.el7 # 修改drivervim /etc/docker/daemon.json #添加以下信息{ "exec-opts":["native.cgroupdriver=systemd"] } # 启动dockersystemctl enable docker && systemctl start docker
k8s环境准备
# 关闭防火墙systemctl disable firewalld systemctl stop firewalld # 关闭selinux# 临时禁用selinuxsetenforce 0# 永久关闭 修改/etc/sysconfig/selinux文件设置sed-i's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux sed-i"s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config # 禁用交换分区swapoff -a# 永久禁用,打开/etc/fstab注释掉swap那一行。sed-i's/.*swap.*/#&/' /etc/fstab # 修改内核参数cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables =1net.bridge.bridge-nf-call-iptables =1EOF sysctl --system
安装kubeadm、kubelet、kubectl
# 执行配置k8s阿里云源cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1gpgcheck=1repo_gpgcheck=0gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # 安装kubeadm、kubectl、kubeletyum install -y kubectl-1.21.5 kubeadm-1.21.5 kubelet-1.21.5 # 启动kubelet服务systemctl enable kubelet && systemctl start kubelet
初始化k8s
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.21.5 --pod-network-cidr=10.10.0.0/16 --service-cidr=10.20.0.0/16 --apiserver-advertise-address=192.168.10.201
--apiserver-advertise-address:虚机的ip地址
初始化成功,获得一下命令:
mkdir-p$HOME/.kube sudocp-i /etc/kubernetes/admin.conf $HOME/.kube/config sudochown$(id -u):$(id -g)$HOME/.kube/config Alternatively, if you are the root user, you can run: exportKUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.10.201:6443 --token 19s3o7.xzel3wisb53r6jsc \ --discovery-token-ca-cert-hash sha256:9adeb71478f04d25c470daef8a53f9ca4021e5f990388360f02445f495629f3b
执行一下命令:
mkdir-p$HOME/.kube sudocp-i /etc/kubernetes/admin.conf $HOME/.kube/config sudochown$(id -u):$(id -g)$HOME/.kube/config exportKUBECONFIG=/etc/kubernetes/admin.conf
安装fannel网络插件
下载 网络插件 kube-flannel.yml
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
打开网络插件kube-flannel.yml文件,修改网络:
} net-conf.json: | { "Network": "10.10.0.0/16", # 文件找到这一行,将默认的10.244.0.0/16 修改为10.10.0.0/16 "Backend": { "Type": "vxlan" } }
这里的"Network": "10.10.0.0/16" 地址 一定要和 k8s初始化时指定的 --pod-network-cidr=10.10.0.0/16 地址保持一致。
重启kubelet
systemctl daemon-reload systemctl enable kubelet.service systemctl status kubelet.service
查看控制层所有组件是否正常运行
─# kubectl get all -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-flannel pod/kube-flannel-ds-8qrl4 1/1 Running 10 50m kube-system pod/coredns-59d64cd4d4-ntpzx 1/1 Running 1 63m kube-system pod/coredns-59d64cd4d4-r7tvj 1/1 Running 1 63m kube-system pod/etcd-k201 1/1 Running 1 63m kube-system pod/kube-apiserver-k201 1/1 Running 1 63m kube-system pod/kube-controller-manager-k201 1/1 Running 1 63m kube-system pod/kube-proxy-r6zrb 1/1 Running 1 63m kube-system pod/kube-scheduler-k201 1/1 Running 1 63m NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default service/kubernetes ClusterIP 10.20.0.1 <none> 443/TCP 63m kube-system service/kube-dns ClusterIP 10.20.0.10 <none> 53/UDP,53/TCP,9153/TCP 63m NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE kube-flannel daemonset.apps/kube-flannel-ds 11111 <none> 50m kube-system daemonset.apps/kube-proxy 11111 kubernetes.io/os=linux 63m NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE kube-system deployment.apps/coredns 2/2 22 63m NAMESPACE NAME DESIRED CURRENT READY AGE kube-system replicaset.apps/coredns-59d64cd4d4 222 63m
Master node 参与工作负载
使用 kubeadm 初始化的集群, Pod 不会被调度到 Master Node 上,也就是说 Master Node 不参与工作负载。这是因为当前的 master 节点 node1 被打上了 污点。
去掉这个污点使 master 参与工作负载:
╰─# kubectl taint nodes k201 node-role.kubernetes.io/master-node/k201 untainted ╭─root@k201 ~ ╰─#
添加node节点
1.克隆k201虚机,作为node节点
2.修改克隆的虚机的ip 和 hostname
修改ip
vim /etc/sysconfig/network-scripts/ifcfg-ens33 IPADDR=xx.xx.xx.202
修改hostname
vim /etc/hostname k202
修改hosts
vim /etc/hosts xx.xx.xx.201 k201 xx.xx.xx.202 k202
重启虚机
reboot
删除 kubeadm
kubeadm reset ifconfig cni0 down && ip link delete cni0 ifconfig flannel.1 down && ip link delete flannel.1 rm-rf /var/lib/cni/ rm-rf /etc/kubernetes rm-rf /root/.kube/config rm-rf /var/lib/etcd
加入节点
kubeadm join 192.168.10.201:6443 --token 19s3o7.xzel3wisb53r6jsc \ --discovery-token-ca-cert-hash sha256:9adeb71478f04d25c470daef8a53f9ca4021e5f990388360f02445f495629f3b
从201节点拷贝证书到202
scp root@k201:/root/.kube/config /root/.kube/
验证测试
╰─# kubectl get nodes NAME STATUS ROLES AGE VERSION k201 Ready control-plane,master 94m v1.21.5 k202 Ready <none> 3m54s v1.21.5 ╭─root@k202 ~ ╰─#