二进制文件方式安装k8s 1.21

最新推荐文章于 2023-05-08 20:29:48 发布
最新推荐文章于 2023-05-08 20:29:48 发布
阅读量3.5k 收藏 11
点赞数
分类专栏: 容器化 文章标签: 运维 容器 k8s
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/fly0512/article/details/117886282
版权

文章目录

最近深入研究k8s,打算用二进制安装包,逐个组件安装配置,环境起来之后,也方便后续了解源码时调试,以下是记录。
本机起3个centos 7.6 x64 4c8g虚拟机,分配如下

master
192.168.122.31 k8s1 etcd1
node
192.168.122.30 k8s2 etcd2
192.168.122.209 k8s3 etcd3

安装版本1.21,下载地址在官网:https://dl.k8s.io/v1.21.1/kubernetes-server-linux-amd64.tar.gz
其他版本:https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG

国内装服务基本都会遇到官网镜像下载不下来的情况,我的方法是找国内源下载到本地后改名。
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.4.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.4.1 k8s.gcr.io/pause:3.4.1

安装etcd集群

vim /usr/lib/systemd/system/etcd.service
#文件内容如下,监听地址端口只支持ip地址,不支持hostname
[Unit]
Description=etcd server
After=network.target

[Service]
Type=notify
EnvironmentFile=-/etc/etcd/etcd.conf
ExecStart=/usr/bin/etcd

Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

配置参数

vi /etc/etcd/etcd.conf
#[member]
ETCD_NAME=etcd3
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_LISTEN_CLIENT_URLS="http://192.168.122.209:2379,http://127.0.0.1:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.122.209:2379,http://127.0.0.1:2379"

#[cluster]
ETCD_LISTEN_PEER_URLS="http://192.168.122.209:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.122.209:2380"
ETCD_INITIAL_CLUSTER="etcd1=http://192.168.122.31:2380,etcd2=http://192.168.122.30:2380,etcd3=http://192.168.122.209:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"

所有节点操作

mkdir -p /var/lib/etcd

systemctl daemon-reload 

systemctl enable etcd

systemctl start etcd

systemctl status etcd

etcdctl member list

查询etcd集群状态

ENDPOINTS=192.168.122.31:2379,192.168.122.30:2379,192.168.122.209:2379
etcdctl --write-out=table --endpoints=$ENDPOINTS endpoint status

生成k8s证书

不记得从哪个版本开始不支持http方式访问apiserver了,反正1.21是不支持的,所以需要ssl证书。

mkdir -p /etc/kubernetes/cert
cd /etc/kubernetes/cert/
openssl genrsa -out ca.key 2048
#/CN=master主机名
openssl req -x509 -new -nodes -key ca.key -subj "/CN=k8s1" -days 5000 -out ca.crt
openssl genrsa -out server.key 2048

vim master_ssl.cnf
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.cluster.local
DNS.5 = k8s1
IP.1 = 10.244.0.1
IP.2 = 192.168.122.31

openssl req -new -key server.key -subj "/CN=k8s1" -config master_ssl.cnf -out server.csr
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 5000 -extensions v3_req -extfile master_ssl.cnf -out server.crt

openssl genrsa -out cs_client.key 2048
openssl req -new -key cs_client.key -subj "/CN=k8s1" -config master_ssl.cnf -out cs_client.csr
openssl x509 -req -in cs_client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 5000 -out cs_client.crt

二进制安装k8s master3个服务

安装apiserver

mkdir -p /etc/kubernetes
vim /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API server
After=network.target

[Service]
EnvironmentFile=-/etc/kubernetes/apiserver
ExecStart=/usr/bin/kube-apiserver $KUBE_API_ARGS

Restart=on-failure
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

vim /etc/kubernetes/apiserver
KUBE_API_ARGS="--etcd-servers=http://192.168.122.31:2379,http://192.168.122.30:2379,http://192.168.122.209:2379 --client-ca-file=/etc/kubernetes/cert/ca.crt --tls-private-key-file=/etc/kubernetes/cert/server.key --tls-cert-file=/etc/kubernetes/cert/server.crt --kubelet-client-certificate=/etc/kubernetes/cert/cs_client.crt --kubelet-client-key=/etc/kubernetes/cert/cs_client.key --service-account-signing-key-file=/etc/kubernetes/cert/server.key --service-account-key-file=/etc/kubernetes/cert/server.key --service-account-issuer=https://kubernetes.default.svc --service-cluster-ip-range=10.244.0.0/16 --service-node-port-range=1-65535 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota --log-dir=/var/log/kubernetes --v=0 --allow-privileged=true"


systemctl enable kube-apiserver
systemctl start kube-apiserver
systemctl status kube-apiserver

安装controller-manager

vim /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
After=kube-apiserver.service
Requires=kube-apiserver.service

[Service]
EnvironmentFile=-/etc/kubernetes/controller-manager
ExecStart=/usr/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_ARGS

Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

vim /etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig --cluster-cidr=10.245.0.0/16 --service-account-private-key-file=/etc/kubernetes/cert/server.key --cluster-signing-cert-file=/etc/kubernetes/cert/ca.crt --cluster-signing-key-file=/etc/kubernetes/cert/ca.key --root-ca-file=/etc/kubernetes/cert/ca.crt --log-dir=/var/log/kubernetes --v=0"


vim /etc/kubernetes/kubeconfig
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/cert/ca.crt
    server: https://192.168.122.31:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: system:kube-controller-manager
  name: system:kube-controller-manager@kubernetes
current-context: system:kube-controller-manager@kubernetes
kind: Config
preferences: {}
users:
- name: system:kube-controller-manager
  user:
    client-certificate: /etc/kubernetes/cert/cs_client.crt
    client-key: /etc/kubernetes/cert/cs_client.key

systemctl enable kube-controller-manager
systemctl start kube-controller-manager
systemctl status kube-controller-manager

安装kube-scheduler

vim /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service
Requires=kube-apiserver.service

[Service]
EnvironmentFile=-/etc/kubernetes/scheduler
ExecStart=/usr/bin/kube-scheduler $KUBE_SCHEDULER_ARGS

Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

vim /etc/kubernetes/scheduler
KUBE_SCHEDULER_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig --log-dir=/var/log/kubernetes --v=0"

systemctl enable kube-scheduler
systemctl start kube-scheduler
systemctl status kube-scheduler

node节点安装服务

node 安装docker

操作略

分发ca文件

scp ca.crt k8s2:/etc/kubernetes/cert/
scp ca.crt k8s3:/etc/kubernetes/cert/
scp ca.key k8s3:/etc/kubernetes/cert/
scp ca.key k8s2:/etc/kubernetes/cert/

生成kubelet证书

openssl genrsa -out kubelet_client.key 2048
openssl req -new -key kubelet_client.key -subj "/CN=192.168.122.30" -out kubelet_client.csr
openssl x509 -req -in kubelet_client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 5000 -out kubelet_client.crt

openssl genrsa -out kubelet_client.key 2048
openssl req -new -key kubelet_client.key -subj "/CN=192.168.122.209" -out kubelet_client.csr
openssl x509 -req -in kubelet_client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 5000 -out kubelet_client.crt

node安装kubelet

vim /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Server
After=docker.service
Requires=docker.service

[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=-/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet $KUBELET_ARGS

Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

mkdir -p /var/lib/kubelet
mkdir -p /etc/kubernetes
vim /etc/kubernetes/kubelet
KUBELET_ARGS="--kubeconfig=/etc/kubernetes/kubelet.conf --hostname-override=192.168.122.30 --cluster-dns=10.244.0.2 --cluster-domain=cluster.local --network-plugin=cni --log-dir=/var/log/kubernetes --v=0"

vim /etc/kubernetes/kubelet.conf
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/cert/ca.crt
    server: https://192.168.122.31:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    namespace: default
    user: default-auth
  name: default-context
current-context: default-context
kind: Config
preferences: {}
users:
- name: default-auth
  user:
    client-certificate: /etc/kubernetes/cert/kubelet_client.crt
    client-key: /etc/kubernetes/cert/kubelet_client.key


systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet

node安装kube-proxy

vim /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-proxy Server
After=network.target
Requires=network.target

[Service]
EnvironmentFile=-/etc/kubernetes/kube-proxy
ExecStart=/usr/bin/kube-proxy $KUBE_PROXY_ARGS

Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

vim /etc/kubernetes/kube-proxy
KUBE_PROXY_ARGS="--kubeconfig=/etc/kubernetes/kubeproxy.config --log-dir=/var/log/kubernetes --v=2"

vi /etc/kubernetes/kubeproxy.config
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/cert/ca.crt
    server: https://192.168.122.31:6443
  name: default
contexts:
- context:
    cluster: default
    user: default
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: default
  user:
    client-certificate: /etc/kubernetes/cert/kubelet_client.crt
    client-key: /etc/kubernetes/cert/kubelet_client.key

systemctl enable kube-proxy
systemctl start kube-proxy
systemctl status kube-proxy

master节点配置kubectl

其他节点装不装看个人需要

mkdir /root/.kube
vi $HOME/.kube/config
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /etc/kubernetes/cert/ca.crt
    server: https://192.168.122.31:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate: /etc/kubernetes/cert/cs_client.crt
    client-key: /etc/kubernetes/cert/cs_client.key

检查集群及节点状态

kubectl get node
kubectl get cs

在这里插入图片描述

网络组件

#下载calicoctl
# wget -O /usr/local/bin/calicoctl https://github.com/projectcalico/calicoctl/releases/download/v3.9.1/calicoctl
# chmod +x /usr/local/bin/calicoctl

kubectl apply -f calico.yaml
#配置cidr和controller-manager定义的Pod cidr相同
            - name: CALICO_IPV4POOL_CIDR
              value: "10.245.0.0/16"
kubectl apply -f calico.yaml
#默认启动是ipip隧道 node-to-node mesh模式
#我们改为rr模式
https://mritd.com/2019/06/18/calico-3.6-forward-network-traffic/
https://blog.51cto.com/u_14143894/2463392

vi bgp.yaml
apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
  name: default
spec:
  logSeverityScreen: Info
  nodeToNodeMeshEnabled: false

#获取node名称
calicoctl get node
#导出一个作为rr选择器的节点配置
calicoctl get node 192.168.122.30 -o yaml > node.yaml

#修改配置,增加选择器参数
apiVersion: projectcalico.org/v3
kind: Node
metadata:
  annotations:
    projectcalico.org/kube-labels: '{"beta.kubernetes.io/arch":"amd64","beta.kubernetes.io/os":"linux","kubernetes.io/arch":"amd64","kubernetes.io/hostname":"192.168.122.30","kubernetes.io/os":"linux"}'
  creationTimestamp: "2021-06-08T04:05:06Z"
  labels:
    beta.kubernetes.io/arch: amd64
    beta.kubernetes.io/os: linux
    kubernetes.io/arch: amd64
    kubernetes.io/hostname: 192.168.122.30
    kubernetes.io/os: linux
    route-reflector: "true" # 注意是增加这一行
  name: 192.168.122.30
  resourceVersion: "71198"
  uid: f9b144a5-90e4-432e-8154-93e61bea683c
spec:
  addresses:
  - address: 192.168.122.30/24
  - address: 192.168.122.30
  bgp:
    ipv4Address: 192.168.122.30/24
    ipv4IPIPTunnelAddr: 172.16.228.192
  orchRefs:
  - nodeName: 192.168.122.30
    orchestrator: k8s
status: {}

calicoctl apply -f node.yaml

vi rr.yaml
kind: BGPPeer
apiVersion: projectcalico.org/v3
metadata:
  name: peer-to-rrs
spec:
  nodeSelector: "!has(route-reflector)"
  peerSelector: has(route-reflector)
---
kind: BGPPeer
apiVersion: projectcalico.org/v3
metadata:
  name: rr-mesh
spec:
  nodeSelector: has(route-reflector)
  peerSelector: has(route-reflector)

#应用生效
calicoctl apply -f bgp.yaml.yaml
calicoctl apply -f rr.yaml

#确认是否生效
calicoctl node status

#其他机器(比如宿主机)访问需要加2条路由
sudo ip route add 10.245.0.0/16  via 192.168.122.30
sudo ip route add 10.244.0.0/16  via 192.168.122.30

安装coredns

./deploy.sh -i 10.244.0.2 -d test.com > coredns.yaml
kubectl apply -f coredns.yaml
#本机加一条dns server
vi /etc/resole.conf
nameserver 10.244.0.2

#装个web图形
kubectl apply -f dashboard.yaml

#这个时候可以 https://pod ip:8443端口访问dashboard

#安装ingress
kubectl apply -f ingress.yaml

kubectl delete -A ValidatingWebhookConfiguration ingress-nginx-admission

kubectl apply -f dashboard-ingress.yaml

vi dashboard-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-ingress
  namespace: kubernetes-dashboard
  annotations: 
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/use-regex: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  rules:
  - host: "dashboard.xxx"
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443
吉甫作诵
关注
  • 0
    点赞
  • 11
    收藏
    觉得还不错? 一键收藏
  • 7
    评论
专栏目录
k8s二进制安装
nsydgs的博客
08-16 2318
k8s
k8s-v1.21.0-x86_64离线安装包.zip
08-19
文件复制到服务器,执行,就可以安装完成 sudo rpm -ivh *.rpm --force --nodeps 执行完成后再执行启动k8s: sudo systemctl daemon-reload sudo systemctl enable kubelet sudo systemctl start kubelet 然后 kubeadm init 初始化
k8s-二进制安装
栋院
03-21 5795
1 环境准备 pod 网段: 10.96.0.0/16 service 网段: 10.244.0.0/16 集群角色 IP 主机名 安装组件 控制节点 192.168.241.191 k8smaster01 apiserver、controller-manager、scheduler、etcd、docker、keepalived、haproxy 控制节点 192.168.241.192 k8smaster02 apiserver、cont
二进制安装k8s
yongyong169的博客
03-23 5059
kubeadm和二进制安装方式对比: kubeadm安装k8s默认etcd没有高可用,需要手动做成高可用,其次证书默认有效期为1年需要手工调整,如果解决了这两点是比较稳定的,kubeadm将组件放到pod里面,可以自动实现故障恢复,但是由于自动化程序较高,对于理解各个组件不如二进制友好,二进制通过将服务放到systemed管理便于debug,操作起来不如kubeadm方便。 节点规划 192.168.167.128 master1 192.168.167.129 m.....
【云原生】Kubernetes 二进制安装详细步骤
康师傅没有眼泪
10-24 5015
分布式中容器编排面临的问题为提高业务并发和高可用,会使用多台服务器,因此会面向这些问题• 多容器跨主机提供服务• 多容器分布节点部署• 多容器怎么升级• 怎么高效管理这些容器1.2Kubernetes解决的问题1.3 Kubernetes是什么• Kubernetes是Google在2014年开源的一个容器集群管理系统,Kubernetes简称K8s。• Kubernetes用于容器化应用程序的部署,扩展和管理,目标是让部署容器化应用简单高效。
二进制安装 k8s 资源文件.zip
02-14
https://blog.csdn.net/weixin_46560589/article/details/128934378 文章《手把手教你二进制安装生产环境 K8s 多 master 节点高可用集群详细图文教程》中所需的资源文件!!!
二进制方式部署k8s集群相关配置文件及依赖包
03-03
网络组件yaml文件:calico.yaml cfss生成证书安装包 etcd二次开发包:etcd-v3.4.9-linux-amd64.tar.gz k8s二进制安装包:kubernetes-server-v1.20.5-linux-amd64.tar.gz
二进制方式搭建k8s集群所需文件.zip
01-29
二进制方式搭建k8s集群所需文件.zip
二进制安装K8S 1.17.3
04-29
二进制安装K8S 1.17.3,包括etcd集群,Master集群,haproxy HA配置
全网最详细 二进制 k8s v1.25.x文档
小云的博客
09-14 3350
二进制安装k8sv1.25.0 IPv4/IPv6双栈Kubernetes 开源不易,帮忙点个star,谢谢了????介绍kubernetes(k8s二进制高可用安装部署,支持IPv4+IPv6双栈。我使用IPV6的目的是在公网进行访问,所以我配置了IPV6静态地址。若您没有IPV6环境,或者不想使用IPv6,不对主机进行配置IPv6地址即可。不配置IPV6,不影响后续,不过集群依旧是支持IPv6的...
kubernetes二进制文件下载
longtds的博客
10-10 604
kubernetes二进制文件下载
二进制安装Kubernetes(K8s)集群---从零安装教程(无证书)
热门推荐
Wielun
07-19 2万+
K8s介绍 Kubernetes一个用于容器集群的自动化部署、扩容以及运维的开源平台。 使用Kubernetes,你可以快速高效地响应客户需求: 动态地对应用进行扩容。 无缝地发布新特性。 仅使用需要的资源以优化硬件使用。 Kubernetes是: 简洁的:轻量级,简单,易上手 可移植的:公有,私有,混合,多重云(multi-cloud) 可扩展的: 模块化, ...
k8s二进制集群部署安装文档
zyx19855的博客
01-31 497
-initial-advertise-peer-urls,--initial-cluster,--initial-cluster-state,和--initial-cluster-token参数用于启动(静态启动,发现服务启动或者运行时重新配置)一个新成员,当重启已经存在的成员时将忽略。节点TLS CA文件的路径.--peer-ca-file可以替换为--peer-trusted-ca-file ca.crt --peer-client-cert-auth,而etcd将执行相同的操作。
K8S 1.21.3 高可用部署
liao__ran的博客
08-06 1201
k8s安装包 https://github.com/gghuogg/k8s-Installation-package 或 https://gitee.com/gaohaixiang192/k8s 系统版本 [root@k8s-node2 ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) 1、关闭firewalld和selinux(所有主机) vi /etc/selinux/config systemctl stop ..
保姆级二进制安装高可用k8s集群文档(1.23.8)
MyySophia的博客
11-26 1387
Etcd 是一个分布式键值存储系统, Kubernetes使用Etcd进行数据存储,所以先准备一个Etcd数据库, 为解决Etcd单点故障,应采用集群方式部署,这里使用3台组建集群,可容忍1台机器故障,你也 可以使用5台组建集群,可容忍2台机器故障。O指定该证书的 Group 为 k8s,kubelet 使用该证书访问 kube-apiserver 时 ,由于证书被 CA 签名,所以认证通过,同时由于证书用户组为经过预授权的 k8s,所以被授予访问所有 API 的权限;
二进制安装k8s(单master节点)
qq_30253693的博客
05-23 1100
二进制安装k8s(单master节点)
K8S二进制安装K8S(单台master)
云计算之路
05-08 857
本文讲解二进制安装K8S,包括master的4个组件。etcd的高可用集群,以及cni的k8s网络配置
二进制文件安装k8s
最新发布
09-27
安装Kubernetes时,可以通过二进制文件进行安装。具体步骤如下: 1. 下载所需的二进制文件: 可以从Kubernetes官方GitHub仓库的release页面下载所需的二进制文件。根据你的需求选择合适的版本和操作系统。常用的...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 7
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值