1、初始化配置
#以下步骤所有主机都执行一次
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
#关闭selinux
#永久关闭
sed -i 's/enforcing/disabled/' /etc/selinux/config
#临时关闭
setenforce 0
#关闭swap
#临时关闭
swapoff -a
#永久关闭
sed -ri 's/.*swap.*/#&/' /etc/fstab
#根据规划设置主机名 ,各个主机名不一样
hostnamectl set-hostname k8s-master
#在master添加hosts
cat >> /etc/hosts << EOF
192.168.1.113 k8s-master130
192.168.1.114 k8s-node1
EOF
#将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
#生效sysctl
sysctl --system
#时间同步
yum -y install chrony
systemctl enable chronyd
systemctl start chronyd
#配置DNS
vi /etc/sysconfig/network-scripts/ifcfg-ens192
DNS=8.8.8.8
vi /etc/resolv.conf
nameserver 8.8.8.8
2、设置主机之间免密登录
#master主机执行,生成秘钥
ssh-keygen -t rsa
# 以下每个节点执行一次
# 注:必须将.ssh的权限设为700),如果提示.ssh已经存在,则登录192.168.1.114节点删除.ssh文件
ssh root@192.168.1.114 "mkdir .ssh;chmod 0700 .ssh"
#同步秘钥
scp ~/.ssh/id_rsa.pub root@192.168.1.114:.ssh/id_rsa.pub
#进入192.168.1.114服务器,输入命令
touch /root/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
3、安装docker
# 以下所有主机执行一次
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
#添加yum docker软件源
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
#安装docker
yum -y install docker-ce
#启用并启动docker
systemctl enable docker && systemctl start docker
#配置镜像下载加速器
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#重启docker
systemctl daemon-reload
systemctl restart docker
docker info
4、安装cri-dockerd
# 以下所有主机执行一次
#下载cri-dockerd安装包,需要文明下载
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.x86_64.rpm
#安装cri-dockerd
rpm -ivh cri-dockerd-0.3.1-3.el7.x86_64.rpm
#修改镜像地址为国内,否则kubelet拉取不了镜像导致启动失败
vi /usr/lib/systemd/system/cri-docker.service
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
#启动cri-dockerd
systemctl daemon-reload
systemctl enable cri-docker && systemctl start cri-docker
5、添加yum k8s软件源
# 所有主机执行
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
6、安装flannel
# 安装flannel(在master执行)
mkdir /run/flannel/
cat <<EOF> /run/flannel/subnet.env
FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.1.0/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
EOF
#下载文件
https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# 安装
kubectl apply -f kube-flannel.yml
# 安装完flannel,将配置拷到node节点,否则添加节点之后状态不对
scp -r /etc/cni root@192.168.44.4:/etc
# 这一步也要拷贝,否则节点看着正常,但是pod由于网络原因无法创建
scp -r /run/flannel/ root@192.168.44.4:/run
7、安装kubeadm、kubelet、kubectl
#所有主机执行
yum install -y kubelet-1.26.0 kubeadm-1.26.0 kubectl-1.26.0
systemctl enable kubelet
#master主机执行 pod-network-cidr service-cidr 和上述flannel要一致
kubeadm init --apiserver-advertise-address=192.168.1.113 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.26.0 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 --cri-socket=unix:///var/run/cri-dockerd.sock --ignore-preflight-errors=all
#如果成功后,会显示需要执行的命令,将初始化结果中的命令复制出来执行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#以下在node节点执行 这个命令是从上述初始化结果中copy出来
kubeadm join 192.168.1.113:6443 --token gknmvi.jpfdf0vsveat2ysq --discovery-token-ca-cert-hash sha256:2bc76dec8367f85f5571a4c4511759953e5001f408a7c9eeea2ccbb21dedb0d2 --cri-socket unix:///var/run/cri-dockerd.sock
#查看部署结果
kubectl get pods --all-namespaces
kubectl get nodes