使用kubekey搭建k8s
搭建k8s
使用kubekey搭建k8s
虚拟机环境准备:
- 配置三台虚拟机
master: 192.168.19.133
node1: 192.168.19.134
node2: 192.168.19.136
- 固定虚拟机ip(以master为例)
vi /etc/sysconfig/network-scripts/ifcfg-ens33
- 添加dns
vi /etc/resolv.conf
nameserver 8.8.8.8
nameserver 114.114.114.114
- 修改hostname
vi /etc/hostname
master
- 修改Hosts
vi /etc/hosts
192.168.19.133 master
192.168.19.134 node1
192.168.19.136 node2
节点环境准备
- version
kubekey: v1.20
k8s: v1.22.1
- 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
- 关闭selinux
vi /etc/selinux/config
SELINUX=disabled
- 关闭swap分区
sudo swapoff -a
- 时间同步
yum -y install chrony
sed -i.bak '3,6d' /etc/chrony.conf && sed -i '3cserver ntp1.aliyun.com iburst' > /etc/chrony.conf
systemctl start chronyd && systemctl enable chronyd
chronys sources
- 内核参数设置
cat >/etc/sysctl.d/k8s.conf <<EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> net.ipv4.ip_forward = 1
> EOF
modprobe br_netfilter && sysctl -p /etc/sysctl.d/k8s.conf
- 安装ipvs
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
> #!/bin/bash
> modprobe -- ip_vs
> modprobe -- ip_vs_rr
> modprobe -- ip_vs_wrr
> modprobe -- ip_vs_sh
> modprobe -- nf_conntrack_ipv4
> EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_connt
rack_ipv4
yum -y install ipset ipvsadm
- 安装依赖组件
yum install -y ebtables socat ipset conntrack
- 安装、设置docker
yum remove docker*
curl https://get.docker.com | bash
systemctl disable docker.service
systemctl start docker.service
cat > /etc/docker/daemon.json <<EOF
> {
> "registry-mirrors": ["https://gqk8w9va.mirror.aliyuncs.com"]
> }
> EOF
sed -i.bak "s#^ExecStart=/usr/bin/dockerd.*#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -
-exec-opt native.cgroupdriver=systemd#g" /usr/lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker.service
- 设置其他
cat >/etc/yum.repos.d/kubernetes.repo <<EOF
> [kubernetes]
> name=Kubernetes
> baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
> http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
yum makecache fast
yum install -y kubelet-1.22.1 kubectl-1.22.1
安装集群
- 下载kubekey
curl -sfL https://get-kk.kubesphere.io | VERSION=v2.0.0 sh -
chmod ugo+x kk
- 创建集群配置yaml
./kk create config --with-kubernetes v1.22.1 -f ./config.yaml
- 修改集群配置文件
apiVersion: kubekey.kubesphere.io/v1alpha2
kind: Cluster
metadata:
name: cluster
spec:
hosts:
- {name: master, address: 192.168.19.133, internalAddress: 192.168.19.133, user: root, password: "你的密码"}
- {name: node1, address: 192.168.19.134, internalAddress: 192.168.19.134, user: root, password: "你的密码"}
- {name: node2, address: 192.168.19.136, internalAddress: 192.168.19.136, user: root, password: "你的密码"}
roleGroups:
etcd:
- master
master:
- master
control-plane:
- master
worker:
- node1
- node2
controlPlaneEndpoint:
## Internal loadbalancer for apiservers
# internalLoadbalancer: haproxy
domain: lb.kubesphere.local
address: ""
port: 6443
kubernetes:
version: v1.22.1
clusterName: cluster.local
network:
plugin: calico
kubePodsCIDR: 10.233.64.0/18
kubeServiceCIDR: 10.233.0.0/18
## multus support. https://github.com/k8snetworkplumbingwg/multus-cni
multusCNI:
enabled: false
registry:
plainHTTP: false
privateRegistry: ""
namespaceOverride: ""
registryMirrors: ["http://hub-mirror.c.163.com","http://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn"]
insecureRegistries: ["http://hub-mirror.c.163.com","http://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn"]
addons: []
- 安装集群
!!!!!
export KKZONE=cn
./kk create config -f ./config.yaml
- 开启kubectl自动补全
# Install bash-completion
yum install -y bash-completion
# Source the completion script in your ~/.bashrc file
echo 'source <(kubectl completion bash)' >>~/.bashrc
# Add the completion script to the /etc/bash_completion.d directory
kubectl completion bash >/etc/bash_completion.d/kubectl
- 验证
kubectl get nodes
- 注意事项
- 安装的时候不要开启http代理,否则etcd 探测会失败