kubeadm安装k8s1.25高可用集群
| 软件 | 版本 |
|---|
| docker | 最新版 |
| containerd | 1.6.6 |
| kubernetes | 1.25.0 |
| calico | 3.25 |
| 节点 | IP | 系统 | 功能 | CPU | 内存 | 硬盘 |
|---|
| node1 | 10.80.10.1 | centos7.9 | k8s-master | 4核心 | 8GB | 20GB |
| node2 | 10.80.10.2 | centos7.9 | k8s-node | 4核心 | 8GB | 20GB |
| node3 | 10.80.10.3 | centos7.9 | k8s-node | 4核心 | 8GB | 20GB |
node1、node2、node3
修改主机名:
1
2
3
4
5
6
| # node1
# hostnamectl set-hostname k8s-master1 && bash
# node2
# hostnamectl set-hostname k8s-node1 && bash
# node3
# hostnamectl set-hostname k8s-node2 && bash
|
node1、node2、node3
修改hosts解析:
1
2
3
4
| # vim /etc/hosts
10.80.10.1 k8s-master1
10.80.10.2 k8s-node1
10.80.10.3 k8s-node2
|
配置免密:
1
2
3
4
5
| # ssh-keygen -t rsa
回车
回车
回车
# for i in k8s-master1 k8s-node1 k8s-node2; do ssh-copy-id ${i}; done
|
关闭swap:
1
2
| # swapoff -a
# sed -ri 's/.*swap.*/#&/' /etc/fstab
|
加载内核参数:
1
2
3
4
5
6
7
8
9
10
| # modprobe br_netfilter
# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# sysctl -p /etc/sysctl.d/k8s.conf
# lsmod | grep br_netfilter
br_netfilter 22256 0
bridge 151336 1 br_netfilter
|
添加docker源和k8s源:
1
2
3
4
5
6
7
8
9
10
| # yum install -y yum-utils device-mapper-persistent-data lvm2
# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
# yum makecache fast
|
下载安装containerd:
1
2
3
| # yum install -y containerd.io-1.6.6
# mkdir -p /etc/containerd
# containerd config default > /etc/containerd/config.toml
|
修改containerd配置文件:
1
2
3
4
5
| # vim /etc/containerd/config.toml
# 125行,修改配置
SystemdCgroup = true
# 61行,修改配置
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"
|
启动containerd,设置开机自启:
1
2
3
| # systemctl start containerd
# systemctl enable containerd
# systemctl status containerd
|
修改crictl配置文件:
1
2
3
4
5
6
7
8
| # cat > /etc/crictl.yaml << EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF
# systemctl restart containerd
# systemctl status containerd
|
下载安装docker:
1
| # yum install -y docker-ce
|
启动docker,设置开机自启:
1
2
3
| # systemctl start docker
# systemctl enable docker
# systemctl status docker
|
配置containerd镜像加速:
1
2
3
| # vim /etc/containerd/config.toml
# 145行,修改配置
config_path = "/etc/containerd/certs.d"
|
1
2
3
4
| # mkdir -p /etc/containerd/certs.d/docker.io
# vim /etc/containerd/certs.d/docker.io/hosts.toml
[host."https://vh3bm52y.mirror.aliyuncs.com",host."https://registry.docker-cn.com"]
capabilities = ["pull"]
|
1
2
| # systemctl restart containerd
# systemctl status containerd
|
配置docker加速:
1
2
3
4
5
| # vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://pmn1o05g.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
|
1
2
3
| # systemctl daemon-reload
# systemctl restart docker
# systemctl status docker
|
下载安装k8s:
1
| # yum install -y kubelet-1.25.0 kubeadm-1.25.0 kubectl-1.25.0
|
设置kubelet开机自启:
1
| # systemctl enable kubelet
|
设置容器运行时:
1
| # crictl config runtime-endpoint unix:///run/containerd/containerd.sock
|
node1
ctr导入镜像及打包k8s镜像:
1
2
3
4
5
6
7
8
9
10
| # ctr -n=k8s.io images import k8s_1.25.0.tar.gz
# ctr -n k8s.io images export k8s_1.25.0.tar.gz \
registry.aliyuncs.com/google_containers/coredns:v1.9.3 \
registry.aliyuncs.com/google_containers/etcd:3.5.4-0 \
registry.aliyuncs.com/google_containers/kube-apiserver:v1.25.0 \
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.25.0 \
registry.aliyuncs.com/google_containers/kube-proxy:v1.25.0 \
registry.aliyuncs.com/google_containers/kube-scheduler:v1.25.0 \
registry.aliyuncs.com/google_containers/pause:3.7 \
registry.aliyuncs.com/google_containers/pause:3.8
|
kubeadm初始化k8s集群:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| # cd /root/
# kubeadm config print init-defaults > kubeadm.yaml
# vim kubeadm.yaml
# 12行,修改配置
advertiseAddress: 10.80.10.1
# 15行,修改配置
criSocket: unix:///run/containerd/containerd.sock
# 17行,修改配置
name: k8s-master1
# 30行,修改配置
imageRepository: registry.aliyuncs.com/google_containers
# 36行,添加配置
podSubnet: 10.244.0.0/16
# 尾行,添加配置
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
|
1
| # kubeadm init --config kubeadm.yaml --ignore-preflight-errors=SystemVerification
|
- –image-repository registry.aliyuncs.com/google_container:手动指定国内源。
1
2
3
| # mkdir -p $HOME/.kube
# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# sudo chown $(id -u):$(id -g) $HOME/.kube/config
|
1
2
3
| # kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master1 NotReady control-plane 6m57s v1.25.0
|
生成扩容master/node节点token:
1
2
| # kubeadm token create --print-join-command
kubeadm join 10.80.10.1:6443 --token ongce6.u3i2z64omo3ywt57 --discovery-token-ca-cert-hash sha256:d02075cfc528b4c68aa101104d2c7dd216250481babc127cb517df44669a75f1
|
node2、node3
扩容node节点:
1
| # kubeadm join 10.80.10.1:6443 --token ongce6.u3i2z64omo3ywt57 --discovery-token-ca-cert-hash sha256:d02075cfc528b4c68aa101104d2c7dd216250481babc127cb517df44669a75f1 --ignore-preflight-errors=SystemVerification
|
node1
工作节点打标签:
1
2
3
4
5
6
7
| # kubectl label nodes k8s-node1 node-role.kubernetes.io/work=work
# kubectl label nodes k8s-node2 node-role.kubernetes.io/work=work
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master1 NotReady control-plane 9m11s v1.25.0
k8s-node1 NotReady work 76s v1.25.0
k8s-node2 NotReady work 59s v1.25.0
|
ctr导入镜像及打包calico镜像:
1
2
3
4
5
| # ctr -n=k8s.io images import calico_3.25.tar.gz
# ctr -n k8s.io images export calico_3.25.tar.gz \
docker.io/calico/cni:v3.25.0 \
docker.io/calico/kube-controllers:v3.25.0 \
docker.io/calico/node:v3.25.0
|
安装calico插件:
版本对应:https://docs.tigera.io/calico/3.25/getting-started/kubernetes/requirements
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| # cd /usr/local/src/
# wget https://docs.tigera.io/archive/v3.25/manifests/calico.yaml --no-check-certificate
# kubectl apply -f calico.yaml
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master1 Ready control-plane 30m v1.25.0
k8s-node1 Ready work 22m v1.25.0
k8s-node2 Ready work 22m v1.25.0
# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-74677b4c5f-gvkw4 1/1 Running 0 16s
calico-node-59wr8 1/1 Running 0 16s
calico-node-gzjlb 1/1 Running 0 16s
calico-node-krfwg 1/1 Running 0 16s
coredns-c676cc86f-lbzqz 1/1 Running 0 30m
coredns-c676cc86f-vkggc 1/1 Running 0 30m
etcd-k8s-master1 1/1 Running 0 30m
kube-apiserver-k8s-master1 1/1 Running 0 30m
kube-controller-manager-k8s-master1 1/1 Running 0 30m
kube-proxy-7d8sj 1/1 Running 0 22m
kube-proxy-knrvw 1/1 Running 0 22m
kube-proxy-q9fmz 1/1 Running 0 30m
kube-scheduler-k8s-master1 1/1 Running 0 30m
|
创建pod测试coredns:
1
2
3
4
5
6
7
| # kubectl run busybox --image busybox:1.28 --restart=Never --rm -it busybox -- sh
# ping www.baidu.com -c 3
# nslookup kubernetes.default.svc.cluster.local
# exit
# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 32m
|
busybox要用指定的1.28版本,不能用最新版本,最新版本的nslookup会解析不到dns和ip。
ctr和crictl命令区别:
| 命令 | ctr | crictl |
|---|
| 查看运行的容器 | ctr task ls/ctr container ls | crictl ps |
| 查看镜像 | ctr images ls | crictl images |
| 查看容器日志 | 无 | crictl logs |
| 查看容器数据信息 | ctr container info | crictl inspect |
| 查看容器资源 | 无 | crictl status |
| 启动/关闭已有的容器 | ctr task start/kill | crictl start/stop |
| 运行一个新容器 | ctr run | 无 |
| 修改镜像标签 | ctr image tag | 无 |
| 创建一个新的容器 | ctr container create | crictl create |
| 导入镜像 | ctr image import | 无 |
| 导出镜像 | ctr image export | 无 |
| 删除容器 | ctr controller rm | crictl rm |
| 删除镜像 | ctr image rm | crictl rmi |
| 拉取镜像 | ctr image pull | crictl pull |
| 推送镜像 | ctr image push | 无# |