kubeadm搭建k8s
<h1>环境说明</h1>
<h3>虚拟机配置</h3>
<table>
<thead>
<tr>
<th style="text-align: left;">主机名</th>
<th style="text-align: left;">ip地址</th>
<th style="text-align: left;">节点类型</th>
<th style="text-align: left;">系统版本</th>
<th style="text-align: left;">资源配置</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left;">master</td>
<td style="text-align: left;">10.5.146.44</td>
<td style="text-align: left;">master、etcd</td>
<td style="text-align: left;">centos7.5</td>
<td style="text-align: left;">CPU>=2,内存>=4G,磁盘40G</td>
</tr>
<tr>
<td style="text-align: left;">node1</td>
<td style="text-align: left;">10.5.146.45</td>
<td style="text-align: left;">worker</td>
<td style="text-align: left;">centos7.5</td>
<td style="text-align: left;">CPU>=2,内存>=2G,磁盘40G</td>
</tr>
<tr>
<td style="text-align: left;">node2</td>
<td style="text-align: left;">10.5.146.46</td>
<td style="text-align: left;">worker</td>
<td style="text-align: left;">centos7.5</td>
<td style="text-align: left;">CPU>=2,内存>=2G,磁盘40G</td>
</tr>
</tbody>
</table>
<h3>相关组件版本说明</h3>
<table>
<thead>
<tr>
<th style="text-align: left;">组件</th>
<th style="text-align: left;">版本</th>
<th style="text-align: left;">说明</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left;">kubernetes</td>
<td style="text-align: left;">1.20.4</td>
<td style="text-align: left;">主程序</td>
</tr>
<tr>
<td style="text-align: left;">docker</td>
<td style="text-align: left;">19.03.15</td>
<td style="text-align: left;">容器</td>
</tr>
<tr>
<td style="text-align: left;">calico</td>
<td style="text-align: left;">3.18.1</td>
<td style="text-align: left;">网络插件</td>
</tr>
<tr>
<td style="text-align: left;">etcd</td>
<td style="text-align: left;">3.14.13</td>
<td style="text-align: left;">数据库</td>
</tr>
<tr>
<td style="text-align: left;">coredns</td>
<td style="text-align: left;">1.7.0</td>
<td style="text-align: left;">dns组件</td>
</tr>
<tr>
<td style="text-align: left;">kubernetes-dashboard</td>
<td style="text-align: left;">v2.2.0</td>
<td style="text-align: left;">web界面</td>
</tr>
</tbody>
</table>
<p><strong>注意:</strong></p>
<ul>
<li>节点之中不可以有重复的主机名、MAC地址或者product_uuid</li>
<li>禁用交换分区</li>
</ul>
<h1>系统配置</h1>
<p>清空防火墙规则和selinux:</p>
<pre><code class="language-shell">iptables -F
setenforce 0
sed -i 's/SELINUX=/SELINUX=disabled/g' /etc/selinux/config</code></pre>
<p>设置yum源</p>
<pre><code class="language-shell">wget -O /etc/yum.repos.d/CentOS-Base.repo https://repo.huaweicloud.com/repository/conf/CentOS-7-reg.repo
yum install -y epel-release
sed -i &quot;s/#baseurl/baseurl/g&quot; /etc/yum.repos.d/epel.repo
sed -i &quot;s/metalink/#metalink/g&quot; /etc/yum.repos.d/epel.repo
sed -i &quot;s@https\?://download.fedoraproject.org/pub@https://repo.huaweicloud.com@g&quot; /etc/yum.repos.d/epel.repo</code></pre>
<p>修改内核参数:
> ```shell
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
vm.swappiness = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl -p /etc/sysctl.d/k8s.conf</p>
<pre><code>如果出现sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No Such file or directory这样的错误,可以忽略
加载内核模块:配置IPVS
```shell
cat &gt; /etc/sysconfig/modules/ipvs.modules &lt;&lt;EOF
#!/bin/bash
modprobe -- br_netfilter
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules &amp;&amp; \
bash /etc/sysconfig/modules/ipvs.modules &amp;&amp; \
lsmod | grep -E &quot;ip_vs|nf_conntrack_ipv4&quot;</code></pre>
<h1>安装docker</h1>
<pre><code class="language-shell">yum install -y yum-utils device-mapper-persistent-data lvm2
wget -O /etc/yum.repos.d/docker-ce.repo https://repo.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+repo.huaweicloud.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
##安装docker-ce
yum install -y docker-ce-19.03.15
mkdir /etc/docker
##配置加速器
cat &gt; /etc/docker/daemon.json &lt;&lt; EOF
{
&quot;exec-opts&quot;: [&quot;native.cgroupdriver=systemd&quot;],
&quot;log-driver&quot;: &quot;json-file&quot;,
&quot;log-opts&quot;: {
&quot;max-size&quot;: &quot;100m&quot;,
&quot;max-file&quot;: &quot;10&quot;
},
&quot;live-restore&quot;: true,
&quot;registry-mirrors&quot;: [&quot;https://pqbap4ya.mirror.aliyuncs.com&quot;]
}
EOF
##重启docker服务并配置随机自启动
systemctl restart docker
systemctl enable docker</code></pre>
<h1>集群安装</h1>
<h2>安装kubeadm、kubelet、kubectl</h2>
<pre><code class="language-shell">cat &lt;&lt;EOF &gt; /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9
systemctl enable kubelet &amp;&amp; systemctl start kubelet</code></pre>
<h2>安装master节点</h2>
<h3>创建默认的kubeadm-config.yaml文件</h3>
<p><code>kubeadm config print init-defaults &gt; kubeadm-config.yaml</code>
修改kubeadm-config.yaml文件如下:</p>
<pre><code class="language-shell">apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.5.146.44
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: cka01
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.20.9
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}</code></pre>
<h3>安装master节点:</h3>
<p><code>kubeadm init --config kubeadm-config.yaml</code></p>
<h3>配置访问集群</h3>
<pre><code class="language-shell">mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -u) $HOME/.kube/config</code></pre>
<h2>配置worker节点</h2>
<p>在master节点上,当master部署成功时,会返回类似如下指令,直接将该条指令复制至worker节点执行,即可完成节点的添加
<img src="https://www.showdoc.com.cn/server/api/attachment/visitFile?sign=485e8bed1ec7799df5098700a72e5622&amp;file=file.png" alt="" />
> 以上指令的token有效期只有24小时,当token失效以后,可使用如下命令生成新的添加节点指令
<code>kubeadm token create --print-join-command</code></p>
<h2>安装calico网络插件(master)</h2>
<p>可用如下命令获取calico.yaml配置文件
<code>curl https://docs.projectcalico.org/manifests/calico.yaml -O</code>
安装calico
<code>kubectl apply -f calico.yaml</code>
> 若因为网络原因使用无法获取calico.yaml配置文件,则可直接访问如下网址,将calico.yaml内容复制到master节点https://docs.projectcalico.org/v3.18/manifests/calico.yaml</p>
<h2>检查集群状态</h2>
<p><img src="https://www.showdoc.com.cn/server/api/attachment/visitFile?sign=b65fb120303be96e7c5b5cd451452288&amp;file=file.png" alt="" /></p>
<h1>扩展插件安装</h1>
<h2>安装helm</h2>
<h2>安装ingress</h2>
<h2>安装metrics-server</h2>
<h2>安装dashboard</h2>
<h1>重置集群</h1>
<h1>升级集群</h1>
<h2>注意事项</h2>
<h2>升级</h2>
<h3>升级master节点</h3>
<h3>升级worker节点</h3>