配置centos镜像源
配置docker镜像源
配置k8s镜像源
使用阿里云镜像站点
地址:https://developer.aliyun.com/mirror/
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all && yum makecache
关闭防火墙
systemctl disable firewalld.service
systemctl stop firewalld.service
systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
关闭selinux
getenforce 0
vim /etc/selinux/config
SELINUX=disabled
关闭交换空间
swapoff -a
vim /etc/fstab
#注释交换空间配置
#/dev/mapper/centos-swap swap swap defaults 0 0
配置文件
集群内所有服务器路由转发
#配置路由转发
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
#开启路由转发
sysctl -p
配置内核模块
vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
#加载内核模块
sysctl -p
#查看内核模块
sysctl --system
集群内所有服务器hosts名称解析
vim /etc/hosts
192.168.44.180 master
192.168.44.182 node1
192.168.44.183 node2
master服务器配置免密登录所有服务器
[root@k8s-master yum.repos.d]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:iLQasTtJjfX4Q9ibIhG3LrWx9QxzxLw1SBWHIEVBlPY root@k8s-master
The key's randomart image is:
+---[RSA 2048]----+
| .=O=oo. |
| =o... |
| o + .=.o |
| X O o oE. |
| * X O S |
| . O B O |
| B = = o |
| + . . |
| |
+----[SHA256]-----+
[root@k8s-master yum.repos.d]# for i in master node1 node2
> do
> ssh-copy-id $i
> done
安装docker
#查看docker的安装包
yum list docker-ce.x86_64 --showduplicates | sort -r
#默认安装最新版本
#yum -y install docker
#也可以指定版本安装
yum -y install docker-ce-23.0.5-1.el7
docker --version
Docker version 23.0.5, build bc4487a
#docker配置目录
ll /etc/docker/
#启动docker
systemctl enable docker.service --now
#查看docker引擎
docker info | grep Cgroup
Cgroup Driver: cgroupfs
Cgroup Version: 1
#修改配置更改docker引擎为systemd,并配置清华大学镜像加速站点
vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://mirrors.tuna.tsinghua.edu.cn/"]
}
#system重新加载配置
systemctl daemon-reload
#重启docker
systemctl restart docker.service
#再次查看docker引擎信息
docker info | grep Cgroup
Cgroup Driver: systemd
Cgroup Version: 1
master服务器部署docker镜像仓库
yum install -y docker-distribution
systemctl enable docker-distribution --now
Created symlink from /etc/systemd/system/multi-user.target.wants/docker-distribution.service to /usr/lib/systemd/system/docker-distribution.service.
#镜像仓库配置文件和数据目录
ll /etc/docker-distribution/registry/config.yml
-rw-r--r-- 1 root root 177 5月 18 2018 /etc/docker-distribution/registry/config.yml
ll /var/lib/registry/
总用量 0
#访问查看仓库
curl http://192.168.44.188:5000/v2/_catalog
{"repositories":[]}
所有服务器添加镜像仓库地址到docker配置文件
#此处未指定启动引擎未system,是因为docker启动时已经使用了system引擎
#"exec-opts": ["native.cgroupdriver=systemd"],
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://hub-mirror.c.163.com"],
"insecure-registries":["192.168.44.188:5000", "registry:5000"]
}
docker info |grep Cgroup
WARNING: You're not using the default seccomp profile
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Cgroup Driver: systemd
安装cri-dockerd
下载地址:https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.src.rpm
yum -y install cri-dockerd-0.3.1-3.el7.x86_64.rpm
systemctl enable cri-docker.service --now
systemctl status cri-docker.service
● cri-docker.service - CRI Interface for Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/cri-docker.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2023-05-04 11:01:21 CST; 10s ago
Docs: https://docs.mirantis.com
Main PID: 28380 (cri-dockerd)
Tasks: 7
Memory: 8.6M
CGroup: /system.slice/cri-docker.service
└─28380 /usr/bin/cri-dockerd --container-runtime-endpoint fd://
5月 04 11:01:20 master cri-dockerd[28380]: time="2023-05-04T11:01:20+08:00" level=info msg="Start docker client with request timeout 0s"
5月 04 11:01:20 master cri-dockerd[28380]: time="2023-05-04T11:01:20+08:00" level=info msg="Hairpin mode is set to none"
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Loaded network plugin cni"
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Docker cri networking managed by network plugin cni"
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Docker Info: &{ID:12f6ca30-afdb-4ebb-ab6d-a6b37b646d55 Con...] [Native
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Setting cgroupDriver systemd"
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Docker cri received runtime config &RuntimeConfig{NetworkC...idr:,},}"
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Starting the GRPC backend for the Docker CRI interface."
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Start cri-dockerd grpc backend"
5月 04 11:01:21 master systemd[1]: Started CRI Interface for Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.
安装k8s
#查看kubeadm版本
yum list kubeadm --showduplicates | sort -r
#查看kubelet版本
yum list kubelet --showduplicates | sort -r
#查看kubectl版本
yum list kubectl --showduplicates | sort -r
#默认安装最新版本
#yum install -y kubelet kubeadm kubectl
#也可以指定版本安装
yum -y install kubeadm-1.23.6-0 kubelet-1.23.6-0 kubectl-1.23.6-0
systemctl enable kubelet && systemctl start kubelet && systemctl status kubelet -l
● kubelet.service - kubelet: The Kubernetes Node Agent
Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/kubelet.service.d
└─10-kubeadm.conf
Active: active (running) since 四 2023-05-04 10:37:40 CST; 24min ago
Docs: https://kubernetes.io/docs/
Main PID: 25196 (kubelet)
Tasks: 17
Memory: 97.2M
CGroup: /system.slice/kubelet.service
└─25196 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.6
5月 04 11:01:27 master kubelet[25196]: I0504 11:01:27.952801 25196 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net.d"
5月 04 11:01:30 master kubelet[25196]: E0504 11:01:30.442018 25196 kubelet.go:2386] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"
5月 04 11:01:32 master kubelet[25196]: I0504 11:01:32.954165 25196 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net.d"
5月 04 11:01:35 master kubelet[25196]: E0504 11:01:35.450024 25196 kubelet.go:2386] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"
5月 04 11:01:37 master kubelet[25196]: I0504 11:01:37.956023 25196 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net.d"
5月 04 11:01:40 master kubelet[25196]: E0504 11:01:40.457817 25196 kubelet.go:2386] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"
5月 04 11:01:42 master kubelet[25196]: I0504 11:01:42.957783 25196 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net.d"
5月 04 11:01:45 master kubelet[25196]: E0504 11:01:45.466460 25196 kubelet.go:2386] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"
5月 04 11:01:47 master kubelet[25196]: I0504 11:01:47.958131 25196 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net.d"
5月 04 11:01:50 master kubelet[25196]: E0504 11:01:50.474760 25196 kubelet.go:2386] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"
配置tab补全
kubectl completion bash >/etc/bash_completion.d/kubectl
kubeadm completion bash >/etc/bash_completion.d/kubeadm
#退出新窗口生效
exit
安装IPVS代理软件包
yum install -y ipvsadm ipset
master服务器
使用kubeadm部署
kubeadm #用来初始化集群的指令
config 配置管理命令
help 查看帮助
init 初始命令
join node 加入集群的命令
reset 还原状态命令
token token凭证管理命令
version 查看版本
查看部署k8s的基础镜像
kubeadm config images list
I0504 09:27:49.367326 12118 version.go:255] remote version is much newer: v1.27.1; falling back to: stable-1.23
k8s.gcr.io/kube-apiserver:v1.23.17
k8s.gcr.io/kube-controller-manager:v1.23.17
k8s.gcr.io/kube-scheduler:v1.23.17
k8s.gcr.io/kube-proxy:v1.23.17
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6
master初始化集群
kubeadm init \
--apiserver-advertise-address=192.168.44.184 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.23.6 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/16
生成初始化集群文件模板
kubeadm config print init-defaults > kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: node
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.27.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
下载基础镜像
阿里云仓库:registry.aliyuncs.com/google_containers
vim pullImages.sh
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.27.1
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.27.1
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.27.1
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.27.1
docker pull registry.aliyuncs.com/google_containers/pause:3.9
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.7-0
docker pull registry.aliyuncs.com/google_containers/coredns/coredns:v1.10.1
docker pull registry.aliyuncs.com/google_containers
环境介绍
linux内核版本 大于等于 3.10
查看内核版本
uname -r
最低配置 2cpu 2G内存
节点中不能有重复的主机名,mac地址,product_uuid
卸载防火墙,禁用swap,禁用selinux
配置指定docker私有镜像仓库的地址和cgroup驱动(daemon.json文件)和k8s一致,为systemd
安装IPVS代理软件包 ipvsadm ipset