1、环境准备
准备2台虚拟机,安装集群一律使用内网ip通信,相关配置文件一律配置内网ip。
ip | 别名 | 用途 |
---|---|---|
192.168.0.193 | kubernetes-master.openlab.cn | 主节点,harbor仓库 |
192.168.0.194 | kubernetes-work.openlab.cn | work节点 |
hostnamectl set-hostname kubernetes-master.openlab.cn //修改主机名vi /etc/hosts
192.168.0.193 kubernetes-master.openlab.cn
192.168.0.194 kubernetes-work.openlab.cnsystemctl stop firewalld
systemctl disable firewalld
sed -i '/^SELINUX=/ c SELINUX=disabled' /etc/selinux/config
setenforce 0yum install -y wget tree bash-completion lrzsz psmisc net-tools vim //安装常用软件yum install chrony -y
vim /etc/chrony.conf //配置时间同步
...
注释第三行到第六行
:3,6 s/^/#
使用阿里云的时间服务器
server ntp1.aliyun.com iburstsystemctl enable --now chronyd //启动服务swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstabvim /etc/sysctl.d/k8s.conf
vm.swappiness=0
#配置iptables参数,使得流经网桥的流量也经过iptables/netfilter防火墙
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1modprobe br_netfilter //配置生效加载网桥过滤模块
modprobe overlay
sysctl -p /etc/sysctl.d/k8s.confyum install ipset ipvsadm -yvim /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrackchmod +x /etc/sysconfig/modules/ipvs.modules
/bin/bash /etc/sysconfig/modules/ipvs.modules
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
2、容器环境
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-cevim /etc/docker/daemon.json
{
"registry-mirrors": ["http://74f21445.m.daocloud.io","https://registry.docker-cn.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"], "insecure-registries": ["kubernetes-master.openlab.cn"],"exec-opts": ["native.cgroupdriver=systemd"]
}systemctl daemon-reload
systemctl enable --now docker
下载cri: cri-dockerd-0.3.4.amd64.tgz
tar xf cri-dockerd-0.3.4.amd64.tgz -C /usr/local/
mv /usr/local/cri-dockerd/cri-dockerd /usr/local/bin/
cri-dockerd --version
vim /etc/systemd/system/cri-dockerd.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9 --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --cri-dockerd-root-directory=/var/lib/dockershim --docker-endpoint=unix:///var/run/docker.sock --
cri-dockerd-root-directory=/var/lib/docker
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
vim /etc/systemd/system/cri-dockerd.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=/var/run/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
systemctl daemon-reload
systemctl enable --now cri-dockerd.service
下载docker-compose-linux-x86_64
install -m 755 docker-compose-linux-x86_64 /usr/local/bin/docker-compose
docker-compose version
3、harbor仓库
就把harbor仓库服务安装在主节点上
mkdir -p /data/server
tar xf harbor-offline-installer-v2.8.4.tgz -C /data/server/
cd /data/server/harbor/
docker load -i harbor.v2.8.4.tar.gz
cp harbor.yml.tmpl harbor.ymlvim harbor.yml
修改hostname
hostname: kubernetes-master.openlab.cn
注释掉https相关配置
#https:
# port: 443
# certificate: /your/certificate/path
# private_key: /your/private/key/path
修改密码
harbor_admin_password: 123456
设置data目录
data_volume: /data/server/harbor/data运行
./prepare
./install.sh
vim /etc/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose --file /data/server/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose --file /data/server/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.targetsystemctl daemon-reload
systemctl enable harbor.service
systemctl restart harbor
登录仓库,并推送一个镜像到私有仓库
docker pull busybox
docker login kubernetes-master.openlab.cn -u admin -p 123456
docker tag busybox:latest kubernetes-master.openlab.cn/library/busybox:latest
docker push kubernetes-master.openlab.cn/library/busybox:latest
登录harbor http://192.168.0.193 账号:admin 密码:123456
4、集群初始化
vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
yum install kubeadm kubectl kubelet -y //所有节点执行
kubeadm config images list
在master节点上获取镜像文件
vim images.sh
#!/bin/bash
images=$(kubeadm config images list --kubernetes-version=1.28.0 | awk -F'/' '{print $NF}')
for i in ${images}
dodocker pull registry.aliyuncs.com/google_containers/$idocker tag registry.aliyuncs.com/google_containers/$i kubernetes-master.openlab.cn/google_containers/$idocker push kubernetes-master.openlab.cn/google_containers/$idocker rmi registry.aliyuncs.com/google_containers/$i
donesh images.sh
master节点初始化
kubeadm init --kubernetes-version=1.28.0 \
--apiserver-advertise-address=192.168.0.193 \
--image-repository kubernetes-master.openlab.cn/google_containers \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=Swap \
--cri-socket=unix:///var/run/cri-dockerd.sock
node节点加入集群
kubeadm join 192.168.0.193:6443 --token vt6cak.agon8ijauq8cnhxv \--discovery-token-ca-cert-hash sha256:6bab4804f213d28877f655222df3d4f7e82c04c18ec40b0835ee175c6895a384
主节点定制k8s的登陆权限
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
echo "source <(kubectl completion bash)" >> ~/.bashrc
echo "source <(kubeadm completion bash)" >> ~/.bashrc
source ~/.bashrc
下载kube-flannel.yml
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlvim flannel.sh
#!/bin/bashfor i in $(grep image kube-flannel.yml | grep -v '#' | awk -F '/' '{print $NF}')
dodocker pull flannel/$idocker tag flannel/$i kubernetes-master.openlab.cn/google_containers/$idocker push kubernetes-master.openlab.cn/google_containers/$idocker rmi flannel/$i
donesh flannel.shsed -i '/ image:/s#docker.io/flannel#kubernetes-master.openlab.cn/google_containers#' kube-flannel.ymlkubectl apply -f kube-flannel.yml
5、查看集群状态
kubectl get node
kubectl get pod -n kube-system //全是Running就表示完成了
kubectl get cs //查看集群状态