kubernetes安装:
主机清单
| 主机名 | IP地址 | 最低配置 |
|---|---|---|
| master | 192.168.1.50 | 2CPU,4G内存 |
| node-0001 | 192.168.1.51 | 2CPU,4G内存 |
| node-0002 | 192.168.1.52 | 2CPU,4G内存 |
| node-0003 | 192.168.1.53 | 2CPU,4G内存 |
| node-0004 | 192.168.1.54 | 2CPU,4G内存 |
| node-0005 | 192.168.1.55 | 2CPU,4G内存 |
| harbor | 192.168.1.30 | 2CPU,4G内存 |
安装控制节点:
1.配置软件仓库
知识点:createrepo, /etc/yum.repos.d/local.repo(仓库配置文件), yum/dnf
2.系统环境配置
知识点:禁用firewalld和swap
3.安装软件包
[root@master ~]# vim /etc/hosts
192.168.1.30 harbor
192.168.1.50 master
192.168.1.51 node-0001
192.168.1.52 node-0002
192.168.1.53 node-0003
192.168.1.54 node-0004
192.168.1.55 node-0005
[root@master ~]# dnf install -y kubeadm kubelet kubectl containerd.io ipvsadm ipset iproute-tc
[root@master ~]# containerd config default >/etc/containerd/config.toml
[root@master ~]# vim /etc/containerd/config.toml
61: sandbox_image = "harbor:443/k8s/pause:3.9"
125: SystemdCgroup = true
154 行新插入:[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://harbor:443"][plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor:443"]endpoint = ["https://harbor:443"][plugins."io.containerd.grpc.v1.cri".registry.configs."harbor:443".tls]insecure_skip_verify = true
[root@master ~]# systemctl enable --now kubelet containerd4.配置内核参数
# 加载内核模块
cat >/etc/modules-load.d/containerd.conf<<EOF
overlay
br_netfilter
xt_conntrack
EOF
systemctl start systemd-modules-load.service # 设置内核参数
cat >/etc/sysctl.d/99-kubernetes-cri.conf<<EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.netfilter.nf_conntrack_max = 1000000
EOF
sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf5.导入k8s镜像
[root@master ~]# dnf install -y docker-ce
[root@master ~]# mkdir -p /etc/docker
[root@master ~]# vim /etc/docker/daemon.json
{"registry-mirrors":["https://harbor:443"],"insecure-registries":["harbor:443"]
}
[root@master ~]# systemctl enable --now docker# 登录 harbor 仓库,上传镜像
[root@master ~]# docker login harbor:443
Username: admin
Password: ********
Login Succeeded
[root@master ~]# docker load -i init/v1.xx.tar.xz
[root@master ~]# docker images|while read i t _;do[[ "${t}" == "TAG" ]] && continue[[ "${i}" =~ ^"harbor:443/".+ ]] && continuedocker tag ${i}:${t} harbor:443/k8s/${i##*/}:${t}docker push harbor:443/k8s/${i##*/}:${t}docker rmi ${i}:${t} harbor:443/k8s/${i##*/}:${t}
done6.设置Tab键
source <(kubeadm completion bash|tee /etc/bash_completion.d/kubeadm)
source <(kubectl completion bash|tee /etc/bash_completion.d/kubectl)7.master安装
# 测试系统环境
[root@master ~]# kubeadm init --config=init/init.yaml --dry-run 2>error.log
[root@master ~]# cat error.log
[root@master ~]# rm -rf error.log /etc/kubernetes/tmp
# 主控节点初始化
[root@master ~]# kubeadm init --config=init/init.yaml |tee init/init.log# 管理授权
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config# 验证安装结果
[root@master ~]# kubectl get nodes安装网络插件
上传镜像
[root@master ~]# cd plugins/calico
[root@master calico]# docker load -i calico.tar.xz
[root@master calico]# docker images|while read i t _;do[[ "${t}" == "TAG" ]] && continue[[ "${i}" =~ ^"harbor:443/".+ ]] && continuedocker tag ${i}:${t} harbor:443/plugins/${i##*/}:${t}docker push harbor:443/plugins/${i##*/}:${t}docker rmi ${i}:${t} harbor:443/plugins/${i##*/}:${t}
done安装calico
[root@master calico]# sed -ri 's,^(\s*image: )(.*/)?(.+),\1harbor:443/plugins/\3,' calico.yaml[root@master calico]# kubectl apply -f calico.yaml
[root@master calico]# kubectl get nodes安装计算节点
1.获取凭证
# 查看 token
kubeadm token list
TOKEN TTL EXPIRES
abcdef.0123456789abcdef 23h 2022-04-12T14:04:34Z# 删除 token
kubeadm token delete abcdef.0123456789abcdef
bootstrap token "abcdef" deleted# 创建 token
kubeadm token create --ttl=0 --print-join-command
kubeadm join 192.168.1.50:6443 --token xxx --discovery-token-ca-cert-hash sha256:xxx# 获取token_hash
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt |openssl rsa -pubin -outform der |openssl dgst -sha256 -hex2.node安装
[root@node ~]# 参考控制节点安装步骤2
[root@node ~]# 参考控制节点安装步骤3
[root@node ~]# 参考控制节点安装步骤4[root@node ~]# kubeadm join 192.168.1.50:6443 --token xxx --discovery-token-ca-cert-hash sha256:xxx[root@master ~]# kubectl get nodes3.批量部署
嫌“2.node安装”那个步骤太麻烦,使用ansible执行剧本
ansible.cfg
[defaults]
inventory = hostlist
host_key_checking = False
hostlist
[nodes]
192.168.1.[51:55]
run.yaml
- name: node join k8s clusterhosts: nodes,gitlabvars:master: "192.168.1.50:6443"token: "xxx"token_hash: "sha256:xxx"tasks:- name: disable swap from fstab filelineinfile:path: /etc/fstabstate: absentregexp: 'swap'- name: remove firewalld packagesdnf:name: "firewalld-*"state: absent- name: install k8s node packagesdnf:name: kubeadm,kubelet,kubectl,containerd.io,ipvsadm,ipset,iproute-tcstate: latestupdate_cache: yes- name: update modify config.tomltemplate:src: config.j2dest: /etc/containerd/config.tomlowner: rootgroup: rootmode: '0644'- name: create containerd.confcopy:dest: /etc/modules-load.d/containerd.confowner: rootgroup: rootmode: '0644'content: |overlaybr_netfilterxt_conntrack- name: modprobe br_netfiltershell: modprobe br_netfilter- name: create 99-kubernetes-cri.confcopy:dest: /etc/sysctl.d/99-kubernetes-cri.confowner: rootgroup: rootmode: '0644'content: |net.ipv4.ip_forward = 1net.bridge.bridge-nf-call-iptables = 1net.bridge.bridge-nf-call-ip6tables = 1net.netfilter.nf_conntrack_max = 1000000- name: set /etc/hostscopy:dest: /etc/hostsowner: rootgroup: rootmode: '0644'content: |::1 localhost localhost.localdomain localhost6 localhost6.localdomain6127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4192.168.1.30 harbor192.168.1.50 master{% for i in groups.nodes %}{{ hostvars[i].ansible_eth0.ipv4.address }} {{ hostvars[i].ansible_hostname }}{% endfor %}- name: enable k8s kubelet,runtime serviceservice:name: "{{ item }}"state: startedenabled: yesloop:- systemd-modules-load- containerd- kubelet- name: check node statestat:path: /etc/kubernetes/kubelet.confregister: result- name: node join clustershell: |swapoff -asysctl -p /etc/sysctl.d/99-kubernetes-cri.confkubeadm join {{ master }} --token {{ token }} --discovery-token-ca-cert-hash {{ token_hash }}args:executable: /bin/bashwhen: result.stat.exists == False"nodeinit.yaml" 86L, 2639C 执行剧本
ansible-playbook run.yaml查看集群状态
# 验证节点工作状态
[root@master ~]# kubectl get nodes# 验证容器工作状态
[root@master ~]# kubectl -n kube-system get pods
