基于 Docker 的 Kubernetes 1.20.2 集群部署—CentOS7.9(单)
一、基础环境准备(all node)
1.1 修改主机名
hostnamectl set-hostname <主机名>
1.2 配置 /etc/hosts 文件
10.49.18.102 master01
10.49.18.124 node02
1.3 关闭 swap
关闭 swap 并验证
swapoff -a && sysctl -w vm.swappiness=0
sed -i '/swap/d' /etc/fstab
free
1.4 关闭 selinux 与防火墙
sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
getenforce
systemctl stop iptables
systemctl disable iptables
systemctl stop firewalld
systemctl disable firewalld
firewall-cmd --state
1.5 配置 repo 仓库
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all && yum makecache
## 软件安装
yum -y install net-tools telnet vim git lsof wget lrzsz bind-utils traceroute ipset ipvsadm
1.6 配置主机网桥过滤功能
- 添加网桥过滤
# 添加网桥过滤及地址转发
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
---
modprobe br_netfilter
lsmod | grep br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
- 开启IPVS
cat > /etc/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
---
chmod +x /etc/ipvs.modules && bash /etc/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
二. 安装Docker(all node)
2.1 添加 docker yum源
yum-config-manager \
--add-repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's/download.docker.com/mirrors.aliyun.com\/docker-ce/g' /etc/yum.repos.d/docker-ce.repo
2.2 docker 安装
yum makecache fast
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce-19.03.0 docker-ce-cli-19.03.0
systemctl enable docker --now
docker version //验证是否安装成功
备注:指定版本安装 yum install {package name-version info}
2.3 修改配置
## 创建或修改/etc/docker/daemon.json:
cat > /etc/docker/daemon.json <Cgroup Driver: systemd
三、安装 kubeadm| kubelet |kubectl (all node)
3.1 配置yum镜像仓库
cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
---
yum makecache fast
yum list --showduplicates | sort -r
3.2 各节点上安装
yum list kubeadm.x86_64 --showduplicates | sort -r
yum install -y kubeadm-1.20.2-0 kubelet-1.20.2-0 kubectl.1.20.2-0
3.3 修改 kubelet 配置
cat > /etc/sysconfig/kubelet << EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF
## kubelet 设置为开机启动即可(不需要手动启动),集群初始化后会自动启动
systemctl enable kubelet
四. kubernetes 集群安装
登录到 master 节点
4.1 查看镜像
# kubeadm config images list --kubernetes-version v1.20.2
k8s.gcr.io/kube-apiserver:v1.20.2
k8s.gcr.io/kube-controller-manager:v1.20.2
k8s.gcr.io/kube-scheduler:v1.20.2
k8s.gcr.io/kube-proxy:v1.20.2
k8s.gcr.io/pause:3.2
k8s.gcr.io/etcd:3.4.13-0
k8s.gcr.io/coredns:1.7.0
4.2 镜像拉取
kubeadm config images pull --kubernetes-version v1.20.2 --image-repository registry.aliyuncs.com/google_containers
## 查看相关镜像
docker images
4.3 集群初始化配置
## 生成初始化配置
kubeadm config print init-defaults > kubeadm-init.yaml
## 调整初始化配置
## vim kubeadm-init.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.49.18.102 # 当前 master 节点 IP
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock # 运行时如果不是 docker 就需要调整
name: master01 # 当前 master 节点名字
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 调整为阿里云仓库地址
kind: ClusterConfiguration
kubernetesVersion: v1.20.2 # 更新版本号
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16 # 根据需求调整
serviceSubnet: 10.96.0.0/12 # 根据需求调整
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"
4.4 集群初始化
kubeadm init --config kubeadm-init.yaml --upload-certs
---
...省略...
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.49.18.102:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:a205f5902d850d955728c485c34815c0da80529f54d30d8384f23538aa9afeab
根据上述提示完成操作
4.4 网络配置
curl -O https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
## 根据 kubeadm-init.yaml 的初始化配置中,podSubnet 字段的设置,对网络进行调整
vim kube-flannel.yml
...省略...
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
...省略...
kubectl apply -f kube-flannel.yml
kubectl get pod -n kube-flannel # 此时查看看 pod 是否都为running状态
## 部署完成后,检查 node 状态是否都为 Ready 状态
kubectl get node
NAME STATUS ROLES AGE VERSION
master01 Ready control-plane,master 47m v1.20.2