# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# 关闭swap分区
sed -i 's/.*swap.*/#&/' /etc/fstab
swapoff -a
# 关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
# 添加hosts
echo "192.168.31.219 master \
192.168.31.220 node01 \
192.168.31.221 node02" >> /etc/hosts
# 添加hostname
hostnamectl set-hostname [主机名称如 master]
# 使其hsots文件生效
systemctl restart NetworkManager
# 升级linux内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum -y install https://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
yum --enablerepo="elrepo-kernel" -y install kernel-lt.x86_64
grub2-set-default 0
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
# 查看内核=是否变更
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
# 时间同步配置
yum install chrony -y
systemctl start chronyd && systemctl enable chronyd && chronyc sources
date
# 内核路由转发 以及网桥过滤
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
vm.swappiness=0
EOF
# 网桥转发生效执行此命令
sysctl --system
# 加载br_netfilter模块
modprobe br_netfilter
# 查看加载情况
lsmod |grep br_netfilter
# 网桥转发生效执行此命令
sysctl --system
# 安装ipset
yum -y install ipset ipvsadm
# 加载
cat > /etc/sysconfig/modules/ipvs.modules << EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
# 赋予权限
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack
# 中间需要安装docker
# 添加docker镜像地址
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://registry.docker-cn.com",
"https://docker.mirrors.ustc.edu.cn",
"https://dockerhub.azk8s.cn",
"http://hub-mirror.c.163.com"
]
}
EOF
#安装wget 命令
yum install wget
# 下载最新版本 cri-docker
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.8/cri-dockerd-0.3.8.amd64.tgz
tar xf cri-dockerd-0.3.8.amd64.tgz
mv cri-dockerd/cri-dockerd /usr/bin/
rm -rf cri-dockerd cri-dockerd-0.3.8.amd64.tgz
# 配置cri-docker的启动项目
cat > /usr/lib/systemd/system/cri-docker.service<<EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9 --container-runtime-endpoint fd://
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
cat > /usr/lib/systemd/system/cri-docker.socket<<EOF
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
# 更新systemd相关 cri-docker配置 同时设置成开机自启动
systemctl daemon-reload
systemctl enable cri-docker && systemctl start cri-docker && systemctl status cri-docker
# 添加k8s镜像源地址
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/repodata/repomd.xml.key
EOF
# 安装相关组件yum源
yum install -y kubelet kubeadm kubectl
# 设置kublet 开机自启动 同时启动kubelet
systemctl enable kubelet && systemctl start kubelet
# 配置 cgroup 驱动与docker一致
cp /etc/sysconfig/kubelet{,.bak}
cat > /etc/sysconfig/kubelet <<EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF
# 安装kubectl 自动补全命令组件
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc
# 查看镜像仓库是否有相关镜像
kubeadm config images list --image-repository registry.aliyuncs.com/google_containers
# 拉取相关镜像
kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers \
--cri-socket=unix:///var/run/cri-dockerd.sock
# 上述所有配置主从都要进行配置 下方master和node自己配置自己的
# master节点运行 启动master节点相关组件及容器【master】
kubeadm init \
--apiserver-advertise-address 192.168.31.219 \
--kubernetes-version v1.28.11 \
--pod-network-cidr=10.244.0.0/16 \
--image-repository registry.aliyuncs.com/google_containers \
--cri-socket=unix:///var/run/cri-dockerd.sock \
--ignore-preflight-errors=all
# 创建kubeconfig master启动完成后也会提示此命令【master】
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
# 创建相关kubeadm token 【master】
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
# 使用我们自己生成的证书 在子节点进行join时需要token 以及sha【masert】
kubeadm token create --ttl 0 --print-join-command
# 查看是否已经创建成功证书 在node节点join要用到 【master】
kubeadm token list
# 【master】查看pod是否启动【master】
kubectl get pods -n kube-system
# 【master】查看kubectl node节点状态
kubectl get nodes
# node节点join到master上 【node】
kubeadm join 192.168.31.219:6443 --token acghar.ou14qezy8dale4fe --discovery-token-ca-cert-hash sha256:f399d1b10c978428ec3d41e485f3c06a509f5eecf073ffcdfb1bbf03eb397f5e --cri-socket=unix:///var/run/cri-dockerd.sock
# 下载网络插件cni 如果不添加网络插件kublet会报相关错误【master】【https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart】
wget https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/calico.yaml
# 【master】修改相关配置 cni.yml文件中相关配置CALICO_IPV4POOL_CIDR 改成admin init中 --pod-network-cidr 参数相同
kubectl apply -f /你的路下的/calico.yaml
K8S 1.28.9基于docker容器 启动 相关组件部署方式
于 2024-04-29 19:42:54 首次发布