| 主机名 | ip | 角色 |
| docker-harbor.revkarl.org | 172.25.254.250 | harbor仓库 |
| k8s-master | 172.25.254.100 | master,k8s集群控制节点 |
| k8s-node1 | 172.25.254.10 | worker,k8s集群工作节点 |
| k8s-node2 | 172.25.254.20 | worker,k8s集群工作节点 |
注意:
所有节点禁用selinux和防火墙
所有节点同步时间和解析
所有节点安装docker-ce
所有节点禁用swap,注意注释掉/etc/fstab文件中的定义
关闭防火墙
systemctl disabled firewalld
systemctl stop firewalld
grubby --update-kernel ALL --args selinux=0
reboot
禁用所有swap分区
systemctl mask swap.target
swapoff -a
vim /etc/fstab
进行本地dns解析
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.10 k8s-node1
172.25.254.20 k8s-node2
172.25.254.100 k8s-master
172.25.254.250 reg.revkarl.org
安装所有docker
vim /etc/yum.repos.d/docker.repo
[docker]
name=docker
baseurl=https://mirrors.aliyun.com/docker-ce/linux/rhel/9/x86_64/stable/
gpgcheck=0
dnf install docker-ce -y
创建k8s放置证书的目录
mkdir -p /etc/docker/certs.d/reg.revkarl.org/
复制harbor仓库中的证书并启动docker
ls /data/certs/
revkarl.org.crt revkarl.org.key
scp /data/certs/revkarl.org.crt root@172.25.254.100:/etc/docker/certs.d/reg,revkarl.org/ca.crtsystemctl enable --now docker
登录harbor仓库
docker login reg.revkarl.org
docker info
安装k8s部署工具
[root@k8s-master ~]# vim /etc/yum.repos.d/k8s.repo
[k8s]
name=k8s
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm
gpgcheck=0
[root@k8s-master ~]# dnf install kubelet-1.30.0 kubeadm-1.30.0 kubectl-1.30.0 -y
设置kubectl命令补齐功能
[root@k8s-master ~]# dnf install bash-completion -y
[root@k8s-master ~]# echo "source > ~/.bashrc
[root@k8s-master ~]# source ~/.bashrc
在所节点安装cri-docker
注:k8s从1.24版本开始移除了dockershim,所以需要安装cri-docker插件才能使用docker
[root@k8s-master ~]# dnf install libcgroup-0.41-19.el8.x86_64.rpm \
> cri-dockerd-0.3.14-3.el8.x86_64.rpm -y
[root@k8s-master ~]# vim /lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl start cri-docker
[root@k8s-master ~]# ll /var/run/cri-dockerd.sock
srw-rw---- 1 root docker 0 10月 5 22:14 /var/run/cri-dockerd.sock
在master节点拉取k8s所需要的镜像
[root@k8s-master ~]# kubeadm config images pull \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.30.0 \
--cri-socket=unix:///var/run/cri-dockerd.sock
上传镜像到harbor仓库
[root@k8s-master ~]# docker images | awk '/google/{ print $1":"$2}' \
| awk -F "/" '{system("docker tag "$0" reg.timinglee.org/k8s/"$3)}'
[root@k8s-master ~]# docker images | awk '/k8s/{system("docker push "$1":"$2)}
集群初始化
启动kubelet服务
[root@k8s-master ~]# systemctl status kubelet.service
初始化命令
kubeadm init --pod-network-cidr=10.244.0.0/16 \
--image-repository reg.revkarl.org/k8s \
--kubernetes-version v1.30.0 \
--cri-socket=unix:///var/run/cri-dockerd.sock指定集群配置文件变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
安装flannel网络插件
下载flannel的yaml部署文件
[root@k8s-master ~]# wget https://github.com/flannel io/flannel/releases/latest/download/kube-flannel.yml
下载镜像:
docker pull docker.io/flannel/flannel:v0.25.5
docekr docker.io/flannel/flannel-cni-plugin:v1.5.1-flannel1
上传镜像到仓库
docker tag flannel/flannel:v0.25.5reg.timinglee.org/flannel/flannel:v0.25.5
docker push reg.timinglee.org/flannel/flannel:v0.25.5
docker tag flannel/flannel-cni-plugin:v1.5.1-flannel1reg.timinglee.org/flannel/flannel-cni-plugin:v1.5.1-flannel1
docker push reg.timinglee.org/flannel/flannel-cni-plugin:v1.5.1-flanne11
安装flannel网络插件
kubectl apply -f kube-flannel.yml
检查好后加入集群
kubeadm join 172.25.254.100:6443 --token
5hwptm.zwn7epa6pvatbpwf--discovery-token-ca-certhashsha256:52f1a83b70ffc8744db5570288ab51987ef2b563bf906ba4244a300f61e9db23 --cri-socket=unix:///var/run/cri-dockerd.sock
在master节点查看node的状态
kubectl get nodes
