基于 Docker 的 Kubernetes 1.20.2 集群部署—CentOS7.9（单）

一、基础环境准备(all node)

1.1 修改主机名

hostnamectl set-hostname <主机名>

1.2 配置 /etc/hosts 文件

10.49.18.102 master01
10.49.18.124  node02

1.3 关闭 swap

关闭 swap 并验证
swapoff -a && sysctl -w vm.swappiness=0
sed  -i '/swap/d'  /etc/fstab
free

1.4 关闭 selinux 与防火墙

sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config  
setenforce 0       
getenforce  
systemctl stop iptables
systemctl disable iptables
systemctl stop firewalld   
systemctl disable firewalld   
firewall-cmd --state  

1.5 配置 repo 仓库

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all && yum makecache
## 软件安装
yum -y install net-tools telnet vim git lsof wget lrzsz bind-utils traceroute ipset ipvsadm

1.6 配置主机网桥过滤功能

• 添加网桥过滤

# 添加网桥过滤及地址转发
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
---
modprobe br_netfilter
lsmod | grep br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf

• 开启IPVS

cat > /etc/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
---
chmod +x /etc/ipvs.modules && bash /etc/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

二. 安装Docker（all node）

2.1 添加 docker yum源

yum-config-manager \
--add-repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's/download.docker.com/mirrors.aliyun.com\/docker-ce/g' /etc/yum.repos.d/docker-ce.repo

2.2 docker 安装

yum makecache fast
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce-19.03.0 docker-ce-cli-19.03.0
systemctl enable docker --now
docker version //验证是否安装成功

备注：指定版本安装 yum install {package name-version info}

2.3 修改配置

## 创建或修改/etc/docker/daemon.json：
cat > /etc/docker/daemon.json   <Cgroup Driver: systemd

三、安装 kubeadm| kubelet |kubectl （all node）

3.1 配置yum镜像仓库

cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
---
yum makecache fast
yum list --showduplicates | sort -r

3.2 各节点上安装

yum list kubeadm.x86_64 --showduplicates | sort -r
yum install -y kubeadm-1.20.2-0  kubelet-1.20.2-0  kubectl.1.20.2-0 

3.3 修改 kubelet 配置

cat > /etc/sysconfig/kubelet << EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF

## kubelet 设置为开机启动即可（不需要手动启动），集群初始化后会自动启动
systemctl enable kubelet 

四. kubernetes 集群安装

登录到 master 节点

4.1 查看镜像

# kubeadm config images list --kubernetes-version v1.20.2
k8s.gcr.io/kube-apiserver:v1.20.2
k8s.gcr.io/kube-controller-manager:v1.20.2
k8s.gcr.io/kube-scheduler:v1.20.2
k8s.gcr.io/kube-proxy:v1.20.2
k8s.gcr.io/pause:3.2
k8s.gcr.io/etcd:3.4.13-0
k8s.gcr.io/coredns:1.7.0

4.2 镜像拉取

kubeadm config images pull --kubernetes-version v1.20.2 --image-repository registry.aliyuncs.com/google_containers
## 查看相关镜像
docker images  

4.3 集群初始化配置

## 生成初始化配置
kubeadm config print init-defaults > kubeadm-init.yaml

## 调整初始化配置
## vim kubeadm-init.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 10.49.18.102  # 当前 master 节点 IP
  bindPort: 6443                  
nodeRegistration:
  criSocket: /var/run/dockershim.sock  # 运行时如果不是 docker 就需要调整
  name: master01                  # 当前 master 节点名字
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers  # 调整为阿里云仓库地址
kind: ClusterConfiguration
kubernetesVersion: v1.20.2    # 更新版本号
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16    # 根据需求调整
  serviceSubnet: 10.96.0.0/12 # 根据需求调整
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"

4.4 集群初始化

kubeadm init --config kubeadm-init.yaml --upload-certs

---
...省略...
To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.49.18.102:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:a205f5902d850d955728c485c34815c0da80529f54d30d8384f23538aa9afeab

根据上述提示完成操作

4.4 网络配置

curl -O https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml   

## 根据 kubeadm-init.yaml 的初始化配置中，podSubnet 字段的设置，对网络进行调整
vim kube-flannel.yml
...省略...
  net-conf.json: |
    {
      "Network": "10.244.0.0/16",
      "Backend": {
        "Type": "vxlan"
       }
   }
...省略...

kubectl apply -f  kube-flannel.yml
kubectl get pod -n kube-flannel  # 此时查看看 pod 是否都为running状态

## 部署完成后，检查 node 状态是否都为 Ready 状态
kubectl get node
NAME       STATUS   ROLES                  AGE   VERSION
master01   Ready    control-plane,master   47m   v1.20.2