[kubernetes]

kubernetes

集群图例

kubernetes 安装

主机清单

主机名	IP地址	最低配置
harbor	192.168.88.240	2CPU,4G内存
master	192.168.88.50	2CPU,4G内存
node-0001	192.168.88.51	2CPU,2G内存
node-0002	192.168.88.52	2CPU,2G内存
node-0003	192.168.88.53	2CPU,2G内存

安装控制节点

1、配置软件仓库

[root@server s4]# rsync -av docker/ 192.168.88.240:/var/ftp/rpms/docker/

root@192.168.88.240's password:

[root@server s4]# rsync -av kubernetes/packages/ 192.168.88.240:/var/ftp/rpms/k8s/

root@192.168.88.240's password:

# 更新 repodata

[root@server s4]# ssh 192.168.88.240

root@192.168.88.240's password:

[root@harbor ~]# createrepo --update /var/ftp/rpms/

2、系统环境配置

# 配置安装源

[root@master ~]# vim /etc/yum.repos.d/k8s.repo

[k8s]

name=Rocky Linux $releasever - Kubernetes

baseurl="ftp://192.168.88.240/rpms"

enabled=1

gpgcheck=0

# 禁用 firewall 和 swap

[root@master ~]# sed '/swap/d' -i /etc/fstab

[root@master ~]# swapoff -a

[root@master ~]# dnf remove -y firewalld-*

3、安装软件包

[root@master ~]# vim /etc/hosts

192.168.88.240  harbor

192.168.88.50   master

192.168.88.51   node-0001

192.168.88.52   node-0002

192.168.88.53   node-0003

[root@master ~]# dnf install -y kubeadm kubelet kubectl containerd.io ipvsadm ipset iproute-tc

[root@master ~]# containerd config default >/etc/containerd/config.toml

[root@master ~]# vim /etc/containerd/config.toml

61:     sandbox_image = "harbor:443/k8s/pause:3.9"

125:    SystemdCgroup = true

154 行新插入:

        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]

          endpoint = ["https://192.168.88.240:443"]

        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor:443"]

          endpoint = ["https://192.168.88.240:443"]

        [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.88.240:443".tls]

          insecure_skip_verify = true

[root@master ~]# systemctl enable --now kubelet containerd

4、配置内核参数

# 加载内核模块

[root@master ~]# vim /etc/modules-load.d/containerd.conf

br_netfilter

xt_conntrack

[root@master ~]# systemctl start systemd-modules-load.service

# 设置内核参数

[root@master ~]# vim /etc/sysctl.d/99-kubernetes-cri.conf

net.ipv4.ip_forward = 1

net.bridge.bridge-nf-call-iptables = 1

net.bridge.bridge-nf-call-ip6tables = 1

net.netfilter.nf_conntrack_max = 1000000

[root@master ~]# sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf

5、导入 k8s 镜像

• 拷贝本阶段 kubernetes/init 目录到 master
  rsync -av kubernetes/init 192.168.88.50:/root/

5.1 安装部署 docker

[root@master ~]# dnf install -y docker-ce

[root@master ~]# vim /etc/docker/daemon.json

{

    "registry-mirrors":["https://harbor:443"],

    "insecure-registries":["harbor:443"]

}

[root@master ~]# systemctl enable --now docker

[root@master ~]# docker info

5.2 上传镜像到 harbor 仓库

[root@master ~]# docker login harbor:443

Username: <登录用户>

Password: <登录密码>

Login Succeeded

[root@master ~]# docker load -i init/v1.29.2.tar.xz

[root@master ~]# docker images|while read i t _;do

    [[ "${t}" == "TAG" ]] && continue

    [[ "${i}" =~ ^"harbor:443/".+ ]] && continue

    docker tag ${i}:${t} harbor:443/k8s/${i##*/}:${t}

    docker push harbor:443/k8s/${i##*/}:${t}

    docker rmi ${i}:${t} harbor:443/k8s/${i##*/}:${t}

6、设置 Tab 键

[root@master ~]# source <(kubeadm completion bash|tee /etc/bash_completion.d/kubeadm)

[root@master ~]# source <(kubectl completion bash|tee /etc/bash_completion.d/kubectl)

7、master 安装

[root@master ~]# vim /root/init/init.yaml

13:  advertiseAddress: 192.168.88.50

# 测试系统环境

[root@master ~]# kubeadm init --config=init/init.yaml --dry-run 2>error.log

[root@master ~]# cat error.log

# 主控节点初始化

[root@master ~]# rm -rf error.log /etc/kubernetes/tmp

[root@master ~]# kubeadm init --config=init/init.yaml |tee init/init.log

# 管理授权

[root@master ~]# mkdir -p $HOME/.kube

[root@master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

[root@master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 验证安装结果

[root@master ~]# kubectl get nodes

NAME     STATUS     ROLES           AGE   VERSION

master   NotReady   control-plane   19s   v1.29.2

安装网络插件

• 拷贝本阶段 kubernetes/plugins 目录到 master
  rsync -av kubernetes/plugins 192.168.88.50:/root/

上传镜像

[root@master ~]# cd plugins/calico

[root@master calico]# docker load -i calico.tar.xz

[root@master calico]# docker images|while read i t _;do

    [[ "${t}" == "TAG" ]] && continue

    [[ "${i}" =~ ^"harbor:443/".+ ]] && continue

    docker tag ${i}:${t} harbor:443/plugins/${i##*/}:${t}

    docker push harbor:443/plugins/${i##*/}:${t}

    docker rmi ${i}:${t} harbor:443/plugins/${i##*/}:${t}

done

安装 calico

[root@master calico]# sed -ri 's,^(\s*image: )(.*/)?(.+),\1harbor:443/plugins/\3,' calico.yaml

4642:  image: docker.io/calico/cni:v3.26.4

4670:  image: docker.io/calico/cni:v3.26.4

4713:  image: docker.io/calico/node:v3.26.4

4739:  image: docker.io/calico/node:v3.26.4

4956:  image: docker.io/calico/kube-controllers:v3.26.4

[root@master calico]# kubectl apply -f calico.yaml

[root@master calico]# kubectl get nodes

NAME     STATUS   ROLES           AGE   VERSION

master   Ready    control-plane   23m   v1.29.2

安装计算节点

1、获取凭证

# 查看 token

[root@master ~]# kubeadm token list

TOKEN                     TTL         EXPIRES                

abcdef.0123456789abcdef   23h         2022-04-12T14:04:34Z

# 删除 token

[root@master ~]# kubeadm token delete abcdef.0123456789abcdef

bootstrap token "abcdef" deleted

# 创建 token 并记录返回的命令

[root@master ~]# kubeadm token create --ttl=0 --print-join-command

kubeadm join <IP.IP.IP.IP:6443> --token <......> --discovery-token-ca-cert-hash <sha256:......>

# 获取 hash 值 [1、在创建 token 时候显示  2、使用 openssl 计算]

[root@master ~]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt |openssl rsa -pubin -outform der |openssl dgst -sha256 -hex

2、node 安装

[root@node ~]# 控制节点（安装步骤 2）

[root@node ~]# 控制节点（安装步骤 3）

[root@node ~]# 控制节点（安装步骤 4）

[root@node ~]# kubeadm join 192.168.88.50:6443 --token <你的token> --discovery-token-ca-cert-hash sha256:<ca 证书 hash>

#------------------------ 在 master 节点上验证---------------------------

[root@master ~]# kubectl get nodes

NAME        STATUS   ROLES           AGE   VERSION

master      Ready    control-plane   76m   v1.29.2

node-0001   Ready    <none>          61s   v1.29.2

查看集群状态

# 验证节点工作状态

[root@master ~]# kubectl get nodes

NAME        STATUS   ROLES           AGE   VERSION

master      Ready    control-plane   99m   v1.29.2

node-0001   Ready    <none>          23m   v1.29.2

node-0002   Ready    <none>          57s   v1.29.2

node-0003   Ready    <none>          57s   v1.29.2

# 验证容器工作状态

[root@master ~]# kubectl -n kube-system get pods