安装k8s集群 软件 版本 docker 最新版 kubernetes 1.23.1 calico 3.25
节点 IP 系统 功能 CPU 内存 硬盘 node1 10.80.10.1 centos7.9 k8s-master 4核心 8GB 20GB node2 10.80.10.2 centos7.9 k8s-node 4核心 8GB 20GB
node1、node2
修改主机名:
1 2 3 4 # node1 # hostnamectl set-hostname k8s-master1 && bash # node2 # hostnamectl set-hostname k8s-node1 && bash
修改hosts解析:
1 2 3 # vim /etc/hosts 10.80.10.1 k8s-master1 10.80.10.2 k8s-node1
配置免密:
1 2 3 4 5 # ssh-keygen 回车 回车 回车 # for i in k8s-master1 k8s-node1; do ssh-copy-id ${i}; done
关闭swap:
1 2 # swapoff -a # sed -ri 's/.*swap.*/#&/' /etc/fstab
加载内核参数:
1 2 3 4 5 6 7 8 9 10 # modprobe br_netfilter # cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF # sysctl -p /etc/sysctl.d/k8s.conf # lsmod | grep br_netfilter br_netfilter 22256 0 bridge 151336 1 br_netfilter
添加docker源和k8s源:
1 2 3 4 5 6 7 8 9 10 # yum install -y yum-utils device-mapper-persistent-data lvm2 # yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 EOF # yum makecache fast
下载安装docker:
1 # yum install -y docker-ce
启动docker,设置开机自启:
1 2 # systemctl enable docker --now # systemctl status docker
配置docker加速:
1 2 3 4 5 # vim /etc/docker/daemon.json { "registry-mirrors": ["https://pmn1o05g.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com"], "exec-opts": ["native.cgroupdriver=systemd"] }
1 2 3 # systemctl daemon-reload # systemctl restart docker # systemctl status docker
下载安装k8s:
1 # yum install -y kubelet-1.23.1 kubeadm-1.23.1 kubectl-1.23.1
kubeadm:kubeadm是一个工具,用来初始化k8s集群的。
kubelet:安装在集群所有节点上,用于启动Pod的,kubeadm安装k8s,k8s控制节点和工作节点的组件,都是基于pod运行的,只要pod启动,就需要kubelet。
kubectl:通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件
设置kubelet开机自启:
1 # systemctl enable kubelet
node1
打包及解压镜像包:
1 2 3 4 5 6 7 8 9 10 11 12 13 # cd /usr/local/src/ # docker save -o k8s_1.23.1.tar.gz \ calico/kube-controllers:v3.25.0 \ calico/cni:v3.25.0 \ calico/node:v3.25.0 \ registry.aliyuncs.com/google_containers/kube-apiserver:v1.23.1 \ registry.aliyuncs.com/google_containers/kube-proxy:v1.23.1 \ registry.aliyuncs.com/google_containers/kube-controller-manager:v1.23.1 \ registry.aliyuncs.com/google_containers/kube-scheduler:v1.23.1 \ registry.aliyuncs.com/google_containers/etcd:3.5.1-0 \ registry.aliyuncs.com/google_containers/coredns:v1.8.6 \ registry.aliyuncs.com/google_containers/pause:3.6 # docker load -i k8s_1.23.1.tar.gz
kubeadm初始化k8s集群:
1 2 3 4 5 # kubeadm init --kubernetes-version=1.23.1 \ --apiserver-advertise-address=10.80.10.1 \ --image-repository registry.aliyuncs.com/google_containers \ --pod-network-cidr=10.244.0.0/16 \ --ignore-preflight-errors=SystemVerification
–image-repository registry.aliyuncs.com/google_container:手动指定国内源。 1 2 3 # mkdir -p $HOME/.kube # sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config # sudo chown $(id -u):$(id -g) $HOME/.kube/config
1 2 3 # kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master1 NotReady control-plane,master 56s v1.23.1
生成扩容master/node节点token:
1 2 # kubeadm token create --print-join-command kubeadm join 10.80.10.1:6443 --token ymwhje.jcw26lfgjbcjuqz9 --discovery-token-ca-cert-hash sha256:7ec7609bfac56a96dd3b5e66e299617a7bbe27193ed50e9058a9fb8848ab4a5b
node2
扩容node节点:
1 # kubeadm join 10.80.10.1:6443 --token ymwhje.jcw26lfgjbcjuqz9 --discovery-token-ca-cert-hash sha256:7ec7609bfac56a96dd3b5e66e299617a7bbe27193ed50e9058a9fb8848ab4a5b
node1
查看工作节点:
1 2 3 4 # kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master1 NotReady control-plane,master 5m16s v1.23.1 k8s-node1 NotReady <none> 26s v1.23.1
安装calico插件:
版本对应:https://docs.tigera.io/calico/3.25/getting-started/kubernetes/requirements
1 2 3 4 5 6 # cd /usr/local/src/ # wget https://docs.tigera.io/archive/v3.25/manifests/calico.yaml --no-check-certificate # vim calico.yaml # 4568行,添加配置 - name: IP_AUTODETECTION_METHOD value: interface=ens33
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 # kubectl apply -f calico.yaml # kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master1 Ready control-plane,master 10m v1.23.1 k8s-node1 Ready <none> 5m35s v1.23.1 # kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-64cc74d646-vfx6s 1/1 Running 0 4m18s calico-node-25hdh 1/1 Running 0 4m18s calico-node-xrcf9 1/1 Running 0 4m18s coredns-6d8c4cb4d-25xmb 1/1 Running 0 10m coredns-6d8c4cb4d-gp44j 1/1 Running 0 10m etcd-k8s-master1 1/1 Running 0 11m kube-apiserver-k8s-master1 1/1 Running 0 11m kube-controller-manager-k8s-master1 1/1 Running 0 11m kube-proxy-7xxpw 1/1 Running 0 10m kube-proxy-db4gv 1/1 Running 0 6m20s kube-scheduler-k8s-master1 1/1 Running 0 11m
创建pod测试coredns:
1 2 3 4 # kubectl run busybox --image busybox:1.28 --restart=Never --rm -it busybox -- sh # ping www.baidu.com -c 3 # nslookup kubernetes.default.svc.cluster.local # exit
查看ca证书和api证书有效时间:
1 2 3 4 5 6 # openssl x509 -in /etc/kubernetes/pki/ca.crt -noout -text | grep Not Not Before: Dec 6 03:36:22 2023 GMT Not After : Dec 3 03:36:22 2033 GMT # openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text | grep Not Not Before: Dec 6 03:36:22 2023 GMT Not After : Dec 5 03:36:22 2024 GMT
延长有效时间:
1 2 3 # cd /usr/local/src/ # chmod +x update-kubeadm-cert.sh # ./update-kubeadm-cert.sh all
再次查看证书:
1 2 3 # openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text | grep Not Not Before: Dec 6 04:04:00 2023 GMT Not After : Dec 3 04:04:00 2033 GMT