VMware虚拟机:(1线程2核心+4GB内存)× 3
操作系统:Ubuntu 20.04.6 LTS
以下流程中在 初始化集群 前的1、2、3项是每个节点都需要操作与配置的,可以配置好一个虚拟机后克隆多个,随后每个节点记得修改主机名、hosts文件以及网卡文件等;
整体安装部署流程
3、安装 kubeadm、kubelet 和 kubectl
更新系统及软件包:
root@kubernetes-001:~# apt update root@kubernetes-001:~# apt upgrade
关闭防火墙:
root@kubernetes-001:~# ufw disable root@kubernetes-001:~# systemctl stop ufw root@kubernetes-001:~# systemctl disable ufw
关闭selinux(Ubuntu 20.04.6 不自带selinux,若有则需要关闭):
root@kubernetes-001:~# sestatus
##若有则需要修改/etc/selinux/config root@kubernetes-001:~# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
关闭swap:
root@kubernetes-001:~# swapoff -a
##删除/etc/fstab中swap的配置
root@kubernetes-001:~# vim /etc/fstab
... ...
/dev/disk/by-id/dm-uuid-LVM-MKV**** / ext4 defaults 0 1
/swap none swap defaults 0 0 (该行删除)
配置网络(各个节点主机配置本机IP地址):
root@kubernetes-001:~# vim /etc/netplan/00-installer-config.yaml
network:
ethernets:
ens33:
addresses:
- 192.168.1.101/24
nameservers:
addresses:
- 192.168.1.1
- 192.168.2.1
routes:
- to: default
via: 192.168.1.1
version: 2
root@kubernetes-001:~# netplan apply
时间同步:
root@kubernetes-001:~# apt-get install -y chrony ##添加同步服务器地址(可选择阿里源添加,ntp.ubuntu.com为原有,可不作修改删除) root@kubernetes-001:~# vim /etc/chrony/chrony.conf ... ... pool ntp.ubuntu.com iburst maxsources 4 pool ntp1.aliyun.com iburst maxsources 1 ... ... root@kubernetes-001:~# cat /etc/timezone Asia/Shanghai ##查看时区,有误需修改 root@kubernetes-001:~# echo 'Asia/Shanghai' > /etc/timezone root@kubernetes-001:~# ls -l /etc/localtime lrwxrwxrwx 1 root root 33 Dec 16 10:56 /etc/localtime -> /usr/share/zoneinfo/Asia/Shanghai ##若无软连接,则新建 root@kubernetes-001:~# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime root@kubernetes-001:~# systemctl restart chronyd root@kubernetes-001:~# chronyc sources
内核参数调整:
root@kubernetes-001:~# vim /etc/modules-load.d/k8s.conf overlay br_netfilter root@kubernetes-001:~# modprobe overlay root@kubernetes-001:~# modprobe br_netfilter root@kubernetes-001:~# vim /etc/sysctl.d/kubernetes.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 root@kubernetes-001:~# sysctl -p /etc/sysctl.d/kubernetes.conf root@kubernetes-001:~# sysctl --system root@kubernetes-001:~# lsmod | grep br_netfilter br_netfilter 28672 0 bridge 176128 1 br_netfilter
修改主机名及hosts(各个节点主机配置本机主机名及127地址):
root@kubernetes-001:~# vim /etc/hostname kubernetes-001 root@kubernetes-001:~# # vim /etc/hosts 127.0.0.1 localhost 127.0.1.1 kubernetes-001 192.168.1.101 kubernetes-001 192.168.1.102 kubernetes-002 192.168.1.103 kubernetes-003
ssh互信:
##全部回车确认即可 root@kubernetes-001:~# ssh-keygen ##需要将其他节点root用户生成的 id_rsa.pub 追加写到 authorized_keys 中,每个节点主机都需要有其他主机的密钥 root@kubernetes-001:~# ssh-copy-id -i /root/.ssh/id_rsa.pub kubernetes-00? ##或手动vi添加 root@kubernetes-001:~# vim /root/.ssh/authorized_keys ****************= root@kubernetes-001 ****************= root@kubernetes-002 ****************= root@kubernetes-003
安装containerd:
root@kubernetes-001:~# apt install -y containerd
root@kubernetes-001:~# containerd -v
containerd github.com/containerd/containerd 1.7.24
修改配置:
root@kubernetes-001:~# mkdir -p /etc/containerd root@kubernetes-001:~# containerd config default > /etc/containerd/config.toml ##修改 SystemdCgroup 为 true ##修改sandbox_image源 为 registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10 或 registry.aliyuncs.com/google_containers/pause:3.10 root@kubernetes-001:~# sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml root@kubernetes-001:~# sed -i "s#registry.k8s.io/pause:3.8#registry.aliyuncs.com/google_containers/pause:3.10#g" /etc/containerd/config.toml root@kubernetes-001:~# vim /etc/containerd/config.toml ... ... sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.10" ... ... SystemdCgroup = true ... ... root@kubernetes-001:~# vim /etc/crictl.yaml runtime-endpoint: unix:///run/containerd/containerd.sock image-endpoint: unix:///run/containerd/containerd.sock timeout: 10 debug: false root@kubernetes-001:~# systemctl daemon-reload root@kubernetes-001:~# systemctl start containerd root@kubernetes-001:~# systemctl enable containerd root@kubernetes-001:~# systemctl status containerd
配置文件分发至其他节点:
root@kubernetes-001:~# scp /etc/containerd/config.toml kubernetes-00?:/etc/containerd/config.toml
root@kubernetes-001:~# scp /etc/crictl.yaml kubernetes-00?:/etc/crictl.yaml
##在目标节点执行
root@kubernetes-00?:~# systemctl daemon-reload
root@kubernetes-00?:~# systemctl restart containerd
root@kubernetes-00?:~# systemctl status containerd
3、安装 kubeadm、kubelet 和 kubectl
参考:https://v1-32.docs.kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
root@kubernetes-001:~# apt-get install -y apt-transport-https ca-certificates curl gpg
##ubuntu 22.04 之前版本需创建目录
root@kubernetes-001:~# mkdir /etc/apt/keyrings
root@kubernetes-001:~# curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
root@kubernetes-001:~# echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
root@kubernetes-001:~# apt-get update
root@kubernetes-001:~# apt-get install -y kubelet kubeadm kubectl
root@kubernetes-001:~# apt-mark hold kubelet kubeadm kubectl
root@kubernetes-001:~# systemctl enable kubelet
root@kubernetes-001:~# systemctl status kubelet
root@kubernetes-001:~# kubeadm version
root@kubernetes-001:~# kubectl version
root@kubernetes-001:~# kubelet --version
只在master节点执行:
root@kubernetes-001:~# kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.32.10 --cri-socket=unix:///run/containerd/containerd.sock root@kubernetes-001:~# kubeadm config print init-defaults > kubeadm-config.yaml root@kubernetes-001:~# vi kubeadm-config.yaml advertiseAddress: master节点IP name: master节点主机名 imageRepository: 镜像源地址,此处可使用阿里源 registry.cn-hangzhou.aliyuncs.com/google_containers 或 registry.aliyuncs.com/google_containers root@kubernetes-001:~# kubeadm init --config kubeadm-config.yaml root@kubernetes-001:~# mkdir -p $HOME/.kube root@kubernetes-001:~# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config root@kubernetes-001:~# sudo chown $(id -u):$(id -g) $HOME/.kube/config root@kubernetes-001:~# export KUBECONFIG=/etc/kubernetes/admin.conf ##若此后再次加入新节点,需要重新生成token,然后在新节点执行kubeadm join命令 root@kubernetes-001:~# kubeadm token create --print-join-command
在非master节点执行:
##将node节点加入集群
# kubeadm join 192.168.1.XXX:6443 --token xxxxxxxxxxxxxxs --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
root@kubernetes-001:~# wget https://raw.githubusercontent.com/projectcalico/calico/v3.24.1/manifests/calico.yaml root@kubernetes-001:~# sed -i "s#docker.io#quay.io#g" calico.yaml root@kubernetes-001:~# kubectl apply -f calico.yaml
##正常pod状态为 Running
root@kubernetes-001:~# kubectl get pod -n kube-system
##正常节点状态为 Ready root@kubernetes-001:~# kubectl get node
浙公网安备 33010602011771号