序号 | 主机IP | 主机名 | 系统 | 备注 |
1 | 192.168.3.114 | master | rockylinux8.6最小化安装 | 控制节点 |
2 | 192.168.3.115 | node1 | rockylinux8.6最小化安装 | 工作节点 |
3 | 192.168.3.116 | node2 | rockylinux8.6最小化安装 | 工作节点 |
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
systemctl disable firewalld
swapoff -a
reboot
注:swapoff -a 为临时关闭swap分区。永久关闭swap分区,vi /etc/fstab 注释swap分区一行
192.168.3.114 master
192.168.3.115 node1
192.168.3.116 node2
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
-i.bak \
/etc/yum.repos.d/Rocky-*.repo
dnf makecache
dnf install -y wget bash-completion vim
ssh-keygen
ssh-copy-id node1
yes
ssh-copy-id node2
yes
dnf install -y chrony
更改 /etc/chrony.conf 配置文件
将pool 2.pool.ntp.org iburst
改为
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp1.tencent.com iburst
server ntp2.tencent.com iburst
systemctl enable --now chronyd
chronyc sources
date
modprobe br_netfilter
lsmod | grep br_netfilter
cat > /etc/sysctl.d/k8s.conf <
dnf install -y yum-utils device-mapper-persistent-data lvm2 ipvsadm net-tools
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
dnf makecache
dnf install -y containerd
containerd config default > /etc/containerd/config.toml
更改配置文件
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml
sed -i "s#k8s.gcr.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
配置镜像加速
sed -i '/registry.mirrors]/a\ \ \ \ \ \ \ \ [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]' /etc/containerd/config.toml
sed -i '/registry.mirrors."docker.io"]/a\ \ \ \ \ \ \ \ \ \ endpoint = ["https://0x3urqgf.mirror.aliyuncs.com"]' /etc/containerd/config.toml
启动containerd
systemctl enable --now containerd.service
systemctl status containerd.service
在master设备上执行
dnf install -y kubelet-1.25.0 kubeadm-1.25.0 kubectl-1.25.0
systemctl enable kubelet
在node1及node2上执行
dnf install -y kubelet-1.25.0 kubeadm-1.25.0
systemctl enable kubelet
kubeadm config print init-defaults > init-defaults.yaml
vim 修改文件 init-defaults.yaml
12行
advertiseAddress: 192.168.3.114
17行
name: master
24行
clusterName: mycluster
30行
imageRepository: registry.aliyuncs.com/google_containers
增加及修改35行
podSubnet: 10.1.0.0/16
serviceSubnet: 10.10.0.0/16
文件最后加入
---
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd
修改后的文件如下:
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.3.114
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: master
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: mycluster
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.25.0
networking:
dnsDomain: cluster.local
podSubnet: 10.1.0.0/16
serviceSubnet: 10.10.0.0/16
scheduler: {}
---
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd
初始化集群
kubeadm init --config init-defaults.yaml
执行命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
k8s命令自动补全
source <(kubeadm completion bash)
echo "source <(kubeadm completion bash)" >> ~/.bashrc
source ~/.bashrc
master节点上执行
kubeadm token create --print-join-command
kubeadm join 192.168.3.114:6443 --token os6ate.0vwis78qdzpnxj4g --discovery-token-ca-cert-hash sha256:869b4865adfd47368c4fe19ce7bf443bed4bef498beb4ddef71fecfdab2c8dc1
master节点上查看
kubectl get nodes
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
监控pod状态,待所有pod状态为running
kubectl get pods -n kube-system -w
kubectl get nodes
kubectl get componentstatuses
kubectl cluster-info
kubectl -n kube-system get pod
测试网络
kubectl run busybox --image busybox:1.28 --restart=Never --rm -it busybox -- sh
测试Pod
vim mypod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
kubectl get pods -o wide
curl 10.1.104.1