【无标题】

配置centos镜像源
配置docker镜像源
配置k8s镜像源
使用阿里云镜像站点
地址：https://developer.aliyun.com/mirror/

curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo


yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo


cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF


yum clean all && yum makecache

关闭防火墙

systemctl disable firewalld.service
systemctl stop firewalld.service
systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

关闭selinux

getenforce 0

vim /etc/selinux/config
SELINUX=disabled

关闭交换空间

swapoff -a
vim /etc/fstab
#注释交换空间配置
#/dev/mapper/centos-swap swap                    swap    defaults        0 0

配置文件
集群内所有服务器路由转发

#配置路由转发
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1

#开启路由转发
sysctl -p

配置内核模块

vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

#加载内核模块
sysctl -p

#查看内核模块
sysctl --system	

集群内所有服务器hosts名称解析

vim /etc/hosts
192.168.44.180  master
192.168.44.182  node1
192.168.44.183  node2

master服务器配置免密登录所有服务器

[root@k8s-master yum.repos.d]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:iLQasTtJjfX4Q9ibIhG3LrWx9QxzxLw1SBWHIEVBlPY root@k8s-master
The key's randomart image is:
+---[RSA 2048]----+
|      .=O=oo.    |
|       =o...     |
|  o +  .=.o      |
|   X O o oE.     |
|  * X O S        |
| . O B O         |
|  B = = o        |
|   + . .         |
|                 |
+----[SHA256]-----+


[root@k8s-master yum.repos.d]# for i in master node1 node2
> do
> ssh-copy-id $i
> done

安装docker

#查看docker的安装包
yum list docker-ce.x86_64 --showduplicates | sort -r

#默认安装最新版本
#yum -y install docker

#也可以指定版本安装
yum -y install docker-ce-23.0.5-1.el7

docker --version
Docker version 23.0.5, build bc4487a

#docker配置目录
ll /etc/docker/

#启动docker
systemctl enable docker.service --now

#查看docker引擎
docker info | grep Cgroup
 Cgroup Driver: cgroupfs
 Cgroup Version: 1

#修改配置更改docker引擎为systemd，并配置清华大学镜像加速站点
vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://mirrors.tuna.tsinghua.edu.cn/"]
}

#system重新加载配置
systemctl daemon-reload

#重启docker
systemctl restart docker.service 

#再次查看docker引擎信息
docker info | grep Cgroup
 Cgroup Driver: systemd
 Cgroup Version: 1

master服务器部署docker镜像仓库

yum install -y docker-distribution

systemctl enable docker-distribution --now
Created symlink from /etc/systemd/system/multi-user.target.wants/docker-distribution.service to /usr/lib/systemd/system/docker-distribution.service.


#镜像仓库配置文件和数据目录
ll /etc/docker-distribution/registry/config.yml
-rw-r--r-- 1 root root 177 5月  18 2018 /etc/docker-distribution/registry/config.yml

ll /var/lib/registry/
总用量 0

#访问查看仓库
curl http://192.168.44.188:5000/v2/_catalog
{"repositories":[]}

所有服务器添加镜像仓库地址到docker配置文件

#此处未指定启动引擎未system，是因为docker启动时已经使用了system引擎
#"exec-opts": ["native.cgroupdriver=systemd"],
vim /etc/docker/daemon.json

{
    "registry-mirrors": ["https://hub-mirror.c.163.com"],
    "insecure-registries":["192.168.44.188:5000", "registry:5000"]
}


docker info |grep Cgroup
WARNING: You're not using the default seccomp profile
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Cgroup Driver: systemd

安装cri-dockerd
下载地址：https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.src.rpm

yum -y install cri-dockerd-0.3.1-3.el7.x86_64.rpm
systemctl enable cri-docker.service  --now
systemctl status cri-docker.service
● cri-docker.service - CRI Interface for Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/cri-docker.service; enabled; vendor preset: disabled)
   Active: active (running) since 四 2023-05-04 11:01:21 CST; 10s ago
     Docs: https://docs.mirantis.com
 Main PID: 28380 (cri-dockerd)
    Tasks: 7
   Memory: 8.6M
   CGroup: /system.slice/cri-docker.service
           └─28380 /usr/bin/cri-dockerd --container-runtime-endpoint fd://

5月 04 11:01:20 master cri-dockerd[28380]: time="2023-05-04T11:01:20+08:00" level=info msg="Start docker client with request timeout 0s"
5月 04 11:01:20 master cri-dockerd[28380]: time="2023-05-04T11:01:20+08:00" level=info msg="Hairpin mode is set to none"
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Loaded network plugin cni"
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Docker cri networking managed by network plugin cni"
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Docker Info: &{ID:12f6ca30-afdb-4ebb-ab6d-a6b37b646d55 Con...] [Native
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Setting cgroupDriver systemd"
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Docker cri received runtime config &RuntimeConfig{NetworkC...idr:,},}"
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Starting the GRPC backend for the Docker CRI interface."
5月 04 11:01:21 master cri-dockerd[28380]: time="2023-05-04T11:01:21+08:00" level=info msg="Start cri-dockerd grpc backend"
5月 04 11:01:21 master systemd[1]: Started CRI Interface for Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.

安装k8s

#查看kubeadm版本
yum list kubeadm --showduplicates | sort -r
#查看kubelet版本
yum list kubelet --showduplicates | sort -r
#查看kubectl版本
yum list kubectl --showduplicates | sort -r
#默认安装最新版本
#yum install -y kubelet kubeadm kubectl

#也可以指定版本安装
yum -y install kubeadm-1.23.6-0 kubelet-1.23.6-0 kubectl-1.23.6-0

systemctl enable kubelet && systemctl start kubelet && systemctl status kubelet -l

● kubelet.service - kubelet: The Kubernetes Node Agent
   Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/kubelet.service.d
           └─10-kubeadm.conf
   Active: active (running) since 四 2023-05-04 10:37:40 CST; 24min ago
     Docs: https://kubernetes.io/docs/
 Main PID: 25196 (kubelet)
    Tasks: 17
   Memory: 97.2M
   CGroup: /system.slice/kubelet.service
           └─25196 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.6

5月 04 11:01:27 master kubelet[25196]: I0504 11:01:27.952801   25196 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net.d"
5月 04 11:01:30 master kubelet[25196]: E0504 11:01:30.442018   25196 kubelet.go:2386] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"
5月 04 11:01:32 master kubelet[25196]: I0504 11:01:32.954165   25196 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net.d"
5月 04 11:01:35 master kubelet[25196]: E0504 11:01:35.450024   25196 kubelet.go:2386] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"
5月 04 11:01:37 master kubelet[25196]: I0504 11:01:37.956023   25196 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net.d"
5月 04 11:01:40 master kubelet[25196]: E0504 11:01:40.457817   25196 kubelet.go:2386] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"
5月 04 11:01:42 master kubelet[25196]: I0504 11:01:42.957783   25196 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net.d"
5月 04 11:01:45 master kubelet[25196]: E0504 11:01:45.466460   25196 kubelet.go:2386] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"
5月 04 11:01:47 master kubelet[25196]: I0504 11:01:47.958131   25196 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net.d"
5月 04 11:01:50 master kubelet[25196]: E0504 11:01:50.474760   25196 kubelet.go:2386] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message:docker: network plugin is not ready: cni config uninitialized"

配置tab补全

kubectl completion bash >/etc/bash_completion.d/kubectl
kubeadm completion bash >/etc/bash_completion.d/kubeadm

#退出新窗口生效
exit

安装IPVS代理软件包

yum install -y ipvsadm ipset

master服务器

使用kubeadm部署

kubeadm #用来初始化集群的指令
config 配置管理命令
help 查看帮助
init 初始命令
join node 加入集群的命令
reset 还原状态命令
token token凭证管理命令
version 查看版本 

查看部署k8s的基础镜像

 kubeadm config images list
I0504 09:27:49.367326   12118 version.go:255] remote version is much newer: v1.27.1; falling back to: stable-1.23
k8s.gcr.io/kube-apiserver:v1.23.17
k8s.gcr.io/kube-controller-manager:v1.23.17
k8s.gcr.io/kube-scheduler:v1.23.17
k8s.gcr.io/kube-proxy:v1.23.17
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6

master初始化集群

kubeadm init \
--apiserver-advertise-address=192.168.44.184 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.23.6 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/16 

生成初始化集群文件模板

kubeadm config print init-defaults > kubeadm.yaml

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 1.2.3.4
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: node
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.27.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: {}

下载基础镜像
阿里云仓库：registry.aliyuncs.com/google_containers

vim pullImages.sh
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.27.1
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.27.1
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.27.1
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.27.1
docker pull registry.aliyuncs.com/google_containers/pause:3.9
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.7-0
docker pull registry.aliyuncs.com/google_containers/coredns/coredns:v1.10.1
docker pull registry.aliyuncs.com/google_containers

环境介绍
linux内核版本 大于等于 3.10
查看内核版本
uname -r
最低配置 2cpu 2G内存
节点中不能有重复的主机名，mac地址，product_uuid
卸载防火墙，禁用swap，禁用selinux
配置指定docker私有镜像仓库的地址和cgroup驱动（daemon.json文件）和k8s一致，为systemd
安装IPVS代理软件包 ipvsadm ipset