RockyLinux部署k8s
一、场景:随着centos8的终结,centos7也将在2024年寿终正寝,所以本文将从centos创始人维护的RockyLinux重新进入BP时代。
二、系统安装
1、下载RockyLinux系统管网下载:Rocky Linux
2、系统安装和centos差不多,本文将通过Promox Virtual进行,Promox的安装请参考:
微服务架构(一)简单的服务器虚拟框架选型及安装_Morik的博客-CSDN博客_微服务架构服务器配置
2.1、系统基本配置2核、4g、双网卡
2.2、选择最小安装、时区上海、网络打开--->配置--->常规--->自动连接、设置root密码直接开始;等待安装完成重启 ip a 查看地址,idea或其他工具远程连接。
三、初始化系统
1、dnf配置
1.1、安装语言
[root@anonymous ~]# dnf install glibc-langpack-en
1.2、替换阿里云源
[root@anonymous ~]# sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
-i.bak \
/etc/yum.repos.d/Rocky-*.repo
2、生成缓存、下载常用工具
[root@anonymous ~]# dnf makecache
[root@anonymous ~]# dnf -y install vim bash-completion net-tools gcc wget
3、Docker 安装
3.1、设置docker镜像仓库
[root@anonymous ~]# dnf config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3.2、更新dnf软件包索引
[root@anonymous ~]# dnf update
3.3、查看目前官方仓库的 docker 版本。
[root@anonymous ~]# dnf list docker-ce.x86_64 --showduplicates |sort -r
[root@anonymous ~]# dnf remove docker-ce docker-ce-cli containerd.io -y
[root@anonymous ~]# dnf install -y docker-ce-20.10.8 docker-ce-cli-20.10.8 containerd.io-1.4.10 --allowerasing
[root@anonymous ~]# dnf -y remove podman
#修改docker镜像下载地址
[root@anonymous ~]# mkdir -p /etc/docker
[root@anonymous ~]# cat >> /etc/docker/daemon.json << OFF
{
"registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
OFF
#启动docker并设置开机启动
[root@anonymous ~]# systemctl start docker
[root@anonymous ~]# systemctl enable docker --now
4、关闭swap分区
[root@anonymous ~]# swapoff -a
[root@anonymous ~]# sed -i 's/.*swap.*/#&/' /etc/fstab
5、禁用 SELINUX
[root@anonymous ~]# setenforce 0
[root@anonymous ~]# sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
[root@anonymous ~]# sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@anonymous ~]# sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
[root@anonymous ~]# sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config
6、关闭防火墙和开启启动
[root@anonymous ~]# systemctl stop firewalld.service
[root@anonymous ~]# systemctl disable firewalld.service
7、安装iptables
[root@anonymous network-scripts]# modprobe -- ip_vs
[root@anonymous network-scripts]# modprobe -- ip_vs_rr
[root@anonymous network-scripts]# modprobe -- ip_vs_wrr
[root@anonymous network-scripts]# modprobe -- ip_vs_sh
[root@anonymous network-scripts]# modprobe -- nf_conntrack_ipv4
[root@anonymous network-scripts]# lsmod | grep ip_vs
8、将桥接的IPv4流量传递到iptables的链:
[root@anonymous network-scripts]# cat >>/etc/sysctl.d/k8s.conf<< OFF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
OFF
[root@anonymous network-scripts]# modprobe br_netfilter
#查看
[root@anonymous network-scripts]# sysctl -p /etc/sysctl.d/k8s.conf
9、添加k8s软件源信息
[root@anonymous network-scripts]# cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
10、删除已有环境,到此一个干净的系统就初始化完成了(生成vm模板供主节点和工作节点克隆)
#这里连续敲几下回车
[root@anonymous network-scripts]# dnf list kubeadm --showduplicates |sort -r
[root@anonymous network-scripts]# dnf -y remove kubeadm.x86_64 kubectl.x86_64 kubelet.x86_64
11、配置静态ip
[root@anonymous ~]# cat << OFF >/etc/sysconfig/network-scripts/ifcfg-ens19
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens19
UUID=f47b7ac6-e1e3-4ec5-a1b4-855dff9fa008
DEVICE=ens19
ONBOOT=yes
IPADDR=192.168.1.80
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
OFF12、刷新查看网络配置
[root@anonymous ~]# nmcli c reload
[root@anonymous ~]# nmcli c up ens19
[root@anonymous ~]# nmcli d show
13、设置主机
[root@anonymous ~]# hostnamectl set-hostname k8s-master
[root@anonymous ~]# cat >> /etc/hosts <14、安装k8s依赖
[root@anonymous ~]# dnf install -y kubeadm-1.21.5 kubectl-1.21.5 kubelet-1.21.515、启动kubelet
[root@anonymous ~]# systemctl daemon-reload
[root@anonymous ~]# systemctl start kubelet.service
[root@anonymous ~]# systemctl enable kubelet.service
[root@anonymous ~]# systemctl status kubelet.service
四、主节点部署
1、初始化k8s,成功后记录红框内的token和hash
[root@anonymous ~]# kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.21.5 --pod-network-cidr=10.10.0.0/16 --service-cidr=10.20.0.0/16 --apiserver-advertise-address=192.168.1.80
2、创建kubectl
[root@anonymous ~]# mkdir -p $HOME/.kube
[root@anonymous ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@anonymous ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@anonymous ~]# source <(kubectl completion bash) && echo 'source <(kubectl completion bash)' >> ~/.bashrc
[root@anonymous ~]# kubectl get all -A
#先注释(/etc/kubernetes/manifests/kube-scheduler.yaml、/etc/kubernetes/manifests/kube-controller-manager.yaml):- --port=0 scheduler和controller才能健康
[root@anonymous ~]# kubectl get cs
#查看并修改mode为ipvs
[root@anonymous ~]# kubectl describe cm -n kube-system kube-proxy
[root@anonymous ~]# kubectl edit cm -n kube-system kube-proxy3、安装kube-flannel网络到此基础网络配置完成(最后做好系统快照)
[root@anonymous ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
#下载yml后在- --kube-subnet-mgr后新增网卡绑定:- --iface=ens19最后部署
[root@anonymous ~]# kubectl apply -f kube-flannel.yml
4、主节点集群可以克隆一台(具体的vip漂移、负载均衡可参照简单的数据库集群系列(六)之keepalived虚拟节点故障自动切换_非生物语言学家的博客-CSDN博客)
[root@anonymous ~]# kubeadm join 192.168.1.80:6443 --config --token buwk6x.qxoj9n2l29s73lxk --discovery-token-ca-cert-hash sha256:0614dcce78b5608932e91f25ffbf8850f6cb0341afd1b58fcf42e7bb884b1ad6
5、安装kubernetes-dashboard
5.1、下载配置文件(下载不成功可以用浏览器直接打开vim进去)
[root@anonymous ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml5.2、修改配置文件在service节点下新增type: NodePort和nodePort: 30000
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30000
selector:
k8s-app: kubernetes-dashboard5.3、启动用生成的token登录进去
[root@anonymous k8s]# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
[root@anonymous k8s]# source /etc/profile
[root@anonymous k8s]# kubectl create -f recommended.yaml
[root@anonymous k8s]# kubectl get pod -n kubernetes-dashboard
五、工作节点部署
1、clone三 中的vm并配置网络
[root@anonymous ~]# cat << OFF >/etc/sysconfig/network-scripts/ifcfg-ens19
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens19
UUID=f47b7ac6-e1e3-4ec5-a1b4-855dff9fa218
DEVICE=ens19
ONBOOT=yes
IPADDR=192.168.1.81
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
OFF2、重启网络
[root@anonymous ~]# nmcli c reload
[root@anonymous ~]# nmcli c up ens19
[root@anonymous ~]# nmcli d show
#设置主机名
[root@anonymous ~]# cat >> /etc/hosts <3、定义node节点名称连接主节点
[root@anonymous ~]# scp root@k8s-master:/root/.kube/config /root/.kube/config
[root@anonymous ~]# kubeadm join 192.168.1.80:6443 --token buwk6x.qxoj9n2l29s73lxk --discovery-token-ca-cert-hash sha256:0614dcce78b5608932e91f25ffbf8850f6cb0341afd1b58fcf42e7bb884b1ad6
[root@anonymous ~]# kubectl label nodes k8s-node001 node-role.kubernetes.io/umf01=
4、去到master主机上查询([root@anonymous k8s]# kubectl get nodes)
