kubeadm搭建k8s
环境说明
虚拟机配置
主机名 | ip地址 | 节点类型 | 系统版本 | 资源配置 |
---|---|---|---|---|
master | 10.5.146.44 | master、etcd | centos7.5 | CPU>=2,内存>=4G,磁盘40G |
node1 | 10.5.146.45 | worker | centos7.5 | CPU>=2,内存>=2G,磁盘40G |
node2 | 10.5.146.46 | worker | centos7.5 | CPU>=2,内存>=2G,磁盘40G |
相关组件版本说明
组件 | 版本 | 说明 |
---|---|---|
kubernetes | 1.20.4 | 主程序 |
docker | 19.03.15 | 容器 |
calico | 3.18.1 | 网络插件 |
etcd | 3.14.13 | 数据库 |
coredns | 1.7.0 | dns组件 |
kubernetes-dashboard | v2.2.0 | web界面 |
注意:
- 节点之中不可以有重复的主机名、MAC地址或者product_uuid
- 禁用交换分区
系统配置
清空防火墙规则和selinux:
iptables -F
setenforce 0
sed -i 's/SELINUX=/SELINUX=disabled/g' /etc/selinux/config
设置yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo https://repo.huaweicloud.com/repository/conf/CentOS-7-reg.repo
yum install -y epel-release
sed -i "s/#baseurl/baseurl/g" /etc/yum.repos.d/epel.repo
sed -i "s/metalink/#metalink/g" /etc/yum.repos.d/epel.repo
sed -i "s@https\?://download.fedoraproject.org/pub@https://repo.huaweicloud.com@g" /etc/yum.repos.d/epel.repo
修改内核参数: > ```shell cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 vm.swappiness = 0 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl -p /etc/sysctl.d/k8s.conf
如果出现sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No Such file or directory这样的错误,可以忽略
加载内核模块:配置IPVS
```shell
cat &gt; /etc/sysconfig/modules/ipvs.modules &lt;&lt;EOF
#!/bin/bash
modprobe -- br_netfilter
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules &amp;&amp; \
bash /etc/sysconfig/modules/ipvs.modules &amp;&amp; \
lsmod | grep -E &quot;ip_vs|nf_conntrack_ipv4&quot;
安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
wget -O /etc/yum.repos.d/docker-ce.repo https://repo.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+repo.huaweicloud.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
##安装docker-ce
yum install -y docker-ce-19.03.15
mkdir /etc/docker
##配置加速器
cat &gt; /etc/docker/daemon.json &lt;&lt; EOF
{
&quot;exec-opts&quot;: [&quot;native.cgroupdriver=systemd&quot;],
&quot;log-driver&quot;: &quot;json-file&quot;,
&quot;log-opts&quot;: {
&quot;max-size&quot;: &quot;100m&quot;,
&quot;max-file&quot;: &quot;10&quot;
},
&quot;live-restore&quot;: true,
&quot;registry-mirrors&quot;: [&quot;https://pqbap4ya.mirror.aliyuncs.com&quot;]
}
EOF
##重启docker服务并配置随机自启动
systemctl restart docker
systemctl enable docker
集群安装
安装kubeadm、kubelet、kubectl
cat &lt;&lt;EOF &gt; /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9
systemctl enable kubelet &amp;&amp; systemctl start kubelet
安装master节点
创建默认的kubeadm-config.yaml文件
kubeadm config print init-defaults &gt; kubeadm-config.yaml
修改kubeadm-config.yaml文件如下:
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.5.146.44
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: cka01
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.20.9
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}
安装master节点:
kubeadm init --config kubeadm-config.yaml
配置访问集群
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -u) $HOME/.kube/config
配置worker节点
在master节点上,当master部署成功时,会返回类似如下指令,直接将该条指令复制至worker节点执行,即可完成节点的添加
> 以上指令的token有效期只有24小时,当token失效以后,可使用如下命令生成新的添加节点指令
kubeadm token create --print-join-command
安装calico网络插件(master)
可用如下命令获取calico.yaml配置文件
curl https://docs.projectcalico.org/manifests/calico.yaml -O
安装calico
kubectl apply -f calico.yaml
> 若因为网络原因使用无法获取calico.yaml配置文件,则可直接访问如下网址,将calico.yaml内容复制到master节点https://docs.projectcalico.org/v3.18/manifests/calico.yaml