以下均在root用户下操作,个人学习使用,部署环境时均使用官网最新版本。
1、修改配置能信息
1)查看swap是否关闭,
输入free -m,若Swap一栏均为0,则已关闭;
#关闭swap(临时关闭防火墙,)
swapoff -a
#关闭swap(永久,重启系统生效)
sed -ri 's/.*swap.*/#&/' /etc/fstab
最新k8s版本是否支持swap,可参考官方文档。
2)查看防火墙是否关闭,
输入ufw status,若显示为Status: inactive,则已关闭;
ufw disable,关闭防火墙,
3)iptables配置,
#将桥接的IPV4流量传递到iptables链中,
cat >> /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
#net.ipv4.ip_forward = 1
#user.max_user_namespaces=28633
EOF
带#的部分,目前我没有配置。
输入:sysctl --system,或 sysctl -p /etc/sysctl.d/k8s.conf 生效,
#允许 iptables 检查桥接流量,
cat < br_netfilter EOF 输入:sysctl --system,或modprobe br_netfilter 生效, 4)设置主机hosts, cat >> /etc/hosts << EOF 10.0.0.55 k8smaster EOF 2、安装docker, 1)先备份,cp /etc/apt/sources.listcp /etc/apt/sources.list /etc/apt/sources.list.bak 安装依赖:apt-get -y install apt-transport-https ca-certificates curl softwareproperties-common 安装证书:curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/ gpg | sudo apt-key add - 添加源:add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/ docker-ce/linux/ubuntu $(lsb_release -cs) stable" 更新, apt-get -y update 安装 Docker:apt -y install docker-ce 2)配置docker镜像, tee /etc/docker/daemon.json<<-'EOF' {"registry-mirror": [ "https://8jkycesx.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"] } EOF systemctl daemon-reload systemctl restart docker docker --version 3、安装k8s kubelet kubeadm kubectl # 安装基础软件并设置源 1)apt-get install -y ca-certificates curl software-properties-common apt-transport-https curl 2)curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 3)tee /etc/apt/sources.list.d/kubernetes.list < deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF # 刷新软件列表,然后直接安装, apt-get update apt-get install -y kubelet kubeadm kubectl # 列出k8s需要的镜像, kubeadm config images list k8s.gcr.io/kube-apiserver:v1.24.3 k8s.gcr.io/kube-controller-manager:v1.24.3 k8s.gcr.io/kube-scheduler:v1.24.3 k8s.gcr.io/kube-proxy:v1.24.3 k8s.gcr.io/pause:3.7 k8s.gcr.io/etcd:3.5.3-0 k8s.gcr.io/coredns/coredns:v1.8.6 # 使用docker命令将对应版本镜像拉取下来,并重新打标签, docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.24.3 docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.24.3 k8s.gcr.io/kube-apiserver:v1.24.3 ... # 完成所有镜像操作后,进行初始化 3.1 在master节点执行kubeadm初始化命令, kubeadm init --control-plane-endpoint=10.0.0.55 --pod-network-cidr=10.244.0.0/16 --cri-socket=/run/containerd/containerd.sock --image-repository=registry.aliyuncs.com/google_containers 初始化过程中遇到的问题: 1)容器运行时 Containerd未部署, apt-get install -y containerd.io containerd -v mkdir -p /etc/containerd/ containerd config default | tee /etc/containerd/config.toml 修改/etc/containerd/config.toml: [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] ... [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] SystemdCgroup = true 再修改 /etc/containerd/config.toml 中的 [plugins."io.containerd.grpc.v1.cri"] ... # sandbox_image = "k8s.gcr.io/pause:3.6" sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7" systemctl start containerd systemctl enable containerd 3.2 使用yaml文件进行初始化,新建kubeadm-config.yaml, 内容如: apiVersion: kubeadm.k8s.io/v1beta3 bootstrapTokens: - groups: - system: bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 10.0.0.55 bindPort: 6443 nodeRegistration: criSocket: /var/run/dockershim.sock imagePullPolicy: IfNotPresent name: master taints: - effect: PreferNoSchedule key: node-role.kubernetes.io/master --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta3 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: {} etcd: local: dataDir: /var/lib/etcd imageRepository: registry.aliyuncs.com/google_containers kind: ClusterConfiguration kubernetesVersion: 1.24.3 networking: dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12 podSubnet: 10.244.0.0/16 scheduler: {} --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd failSwapOn: false --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs ubuntu格式化yaml文件, vim kubeadm-config.yaml vim下,输入":set paste",再进入insert模式,编辑保存, kubeadm init --config kubeadm-config.yaml 3.3 1)配置环境变量 以便你能正常使用 kubectl 进行集群的操作,对于常规用户用如下命令, mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id-u):$(id-g) $HOME/.kube/config 对于 root 用户,执行如下命令 exportKUBECONFIG=/etc/kubernetes/admin.conf 第二件事:将节点加入集群 后面要将 worker 节点加入集群,就要执行这条命令, kubeadm join 10.0.0.55:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:abff18ed13b8f78c5b157da3b67445aa0112b563e0892b4a737631ac26b14502 kubeadm token create --print-join-command 可以更新上述命令。 3.4 部署 calico kubectl apply -f https://projectcalico.docs.tigera.io/v3.23/manifests/calico.yaml kubectl get pod -A 等待网络 ok 后,再次确认下集群的环境, 所有的 Pod 均已 Running,所有的 node 均已 Ready 3.5创建一个简单的 redis pod。 参考https://kubernetes.io/zh-cn/docs/tutorials/configuration/configure-redis-using-configmap/ 3.6部署dashboard kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml 再参考下述链接,创建用户, https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md