kubernetes二进制安装 -- 1.30.3

最新推荐文章于 2024-09-06 23:23:29 发布
最新推荐文章于 2024-09-06 23:23:29 发布
阅读量874 收藏 5
点赞数 32
文章标签: kubernetes 容器 云原生
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_56189058/article/details/140950825
版权

1、节点规划

10.202.99.34 master01
10.202.99.35 master02
10.202.99.36 master03
10.202.99.37 node01
10.202.99.100 vip

2、环境准备

2.1、关闭防火墙、selinux、swap和NetworkManager

# 关闭selinux
## 临时关闭
setenforce 0
## 永久关闭
sed -i 's/enforcing/disabled/' /etc/selinux/config

# 关闭防火墙
systemctl disable --now firewalld
systemctl stop firewalld
systemctl disable firewalld


# 关闭swap分区
sed -ri 's/.*swap.*/#&/' /etc/fstab 
swapoff -a 

# 关闭NetworkMannger
systemctl stop NetworkManager
systemctl disable NetworkManager

2.2、配置节点免密和时间同步

# 配置hosts主机名解析
# vim /etc/hosts
10.202.99.34 master01
10.202.99.35 master02
10.202.99.36 master03
10.202.99.37 node01

# 各节点之间免密通信。
# 生成密钥 (回车)
ssh-keygen -t rsa -q -N ''

# 分发公钥
for i in master01 master02 master03 node01;do ssh-copy-id -i ~/.ssh/id_rsa.pub $i;done
for i in master02 master03 node01;do scp -r /root/.ssh/  $i:/root/;done
# 分发hosts
for i in master02 master03 node01;do scp -r /etc/hosts  $i:/etc/;done

# 时间同步
yum install chrony -y

# vim /etc/chrony/chrony.conf
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp3.aliyun.com iburst

systemctl start chronyd
systemctl enable chronyd

# 配置centos7阿里源
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
# 配置epel阿里源
wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
# yum makecahe

2.3、内核升级

# 下载内核安装包
# https://www.elrepo.org 目前不支持RHEL- 7,支持RHEL- 8和RHEL- 9
# 使用rpm包升级内核,rpm包下载地址
http://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/
# centos内核升级需要下载三个rpm包(下载对应版本的包)
kernel
kernel-devel
kernel-headers

# 安装内核rpm包
# 安装内核包 (kernel)
rpm -ivh kernel-lt-5.4.278-1.el7.elrepo.x86_64.rpm
# 安装内核开发包 (kernel-devel)
rpm -ivh kernel-lt-devel-5.4.278-1.el7.elrepo.x86_64.rpm
# 安装内核头文件包 (kernel-headers)
rpm -ivh kernel-lt-headers-5.4.278-1.el7.elrepo.x86_64.rpm

# 验证内核版本
# 查看默认启动顺序
awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg

CentOS Linux (5.4.278-1.el7.elrepo.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-a66a00f1a66a00f1a66a00f1a66a00f1) 7 (Core)

# 默认启动的顺序是从0开始,新内核是从头插入(目前位置在0,而5.4.278的是在1),所以需要选择0
grub2-set-default 0  
# 重启系统
reboot
# 验证内核版本
uname -r
# 5.4.278-1.el7.elrepo.x86_64

2.4、安装IPVS

# 安装 IPVS
yum install -y conntrack-tools ipvsadm ipset conntrack libseccomp

# 加载 IPVS 模块
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr
ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in \${ipvs_modules}; do
/sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/modprobe \${kernel_module}
fi
done
EOF

chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs

# 增加k8s转发配置并使其生效。(所有节点)
# /etc/sysctl.d/k8s.conf文件,添加如下内容:
# 内核参数

cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp.keepaliv.probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp.max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp.max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.top_timestamps = 0
net.core.somaxconn = 16384
EOF

# 立即生效
sysctl --system

2.5、docker安装、Containerd配置

# docker安装
# step 1: 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3
sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# Step 4: 更新并安装Docker-CE
sudo yum makecache fast
sudo yum -y install docker-ce
# Step 5: 开启Docker服务和开机自启
systemctl start docker && systemctl enable docker

# Step 6: 配置阿里镜像加速(登录阿里云->容器镜像服务->镜像工具)
# 需要再添加 "exec-opts": ["native.cgroupdriver=systemd"]
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://d6mtathr.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
sudo systemctl daemon-reload && sudo systemctl restart docker && sudo systemctl status docker


#修改containerd配置
#本步骤node节点也要同样的修改
#备份源文件
cp /etc/containerd/config.toml /etc/containerd/config.toml.bak

####  Containerd 1.4 开始弃用runtime v1 了,考虑使用 runtime v2 需要添加一下配置

cat <<EOF > /etc/containerd/config.toml
version = 2
[plugins]
  [plugins."io.containerd.grpc.v1.cri"]
    sandbox_image = "registry.cn-guangzhou.aliyuncs.com/my_aliyund/pause:v3.9"
    [plugins."io.containerd.grpc.v1.cri".cni]
      bin_dir = "/opt/cni/bin"
      conf_dir = "/etc/cni/net.d"
    [plugins."io.containerd.grpc.v1.cri".registry]
       config_path = "/etc/containerd/certs.d"
   [plugins."io.containerd.grpc.v1.cri".containerd]
      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
          runtime_type = "io.containerd.runc.v2"
          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
            SystemdCgroup = true
  [plugins."io.containerd.internal.v1.opt"]
    path = "/var/lib/containerd/opt"
EOF

sudo systemctl restart containerd && sudo systemctl status containerd && sudo systemctl enable containerd


###### 内核升级需要重启
#重启并检查
reboot  # 可安装IPVS和docker后再重启

3、集群证书

# 以下命令只需要在master01执行即可
# 安装证书生成工具
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64

# 设置执行权限
chmod a+x cfssljson_linux-amd64
chmod a+x cfssl_linux-amd64

# 移动到/usr/local/bin
mv cfssl_linux-amd64 /usr/local/bin/cfssl
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson

3.1、生成配置证书

mkdir -p /opt/cert/ca
cd /opt/cert/ca

cat > /opt/cert/ca/ca-config.json <<EOF
{
  "signing": {
    "default": {
      "expiry": "876000h"
    },
    "profiles": {
      "kubernetes": {
        "usages": [
          "signing",
          "key encipherment",
          "server auth",
          "client auth"
        ],
           "expiry": "876000h"
      }
    }
  }
}
EOF

3.2、生成根证书请求文件

cat > /opt/cert/ca/ca-csr.json << EOF
{
  "CN": "kubernetes",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names":[{
    "C": "CN",
    "ST": "GuangZhou",
    "L": "GuangZhou"
  }]
}
EOF

3.3、生成根证书

cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

4、安装ETCD集群

4.1、节点规划

10.202.99.34 etcd01
10.202.99.35 etcd02
10.202.99.36 etcd03

4.2、创建ETCD集群证书

mkdir -p /opt/cert/etcd
cd /opt/cert/etcd

# hosts 为k8s节点和VIP的IP

cat > etcd-csr.json << EOF
{
    "CN": "etcd",
    "hosts": [
        "127.0.0.1",
        "10.202.99.34",
        "10.202.99.35",
        "10.202.99.36",
        "10.202.99.37",
        "10.202.99.100"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
          "C": "CN",
          "ST": "GuangZhou",
          "L": "GuangZhou"
        }
    ]
}
EOF

4.3、生成ETCD证书

cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes etcd-csr.json | cfssljson -bare etcd

4.4、颁发ETCD证书

cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes etcd-csr.json | cfssljson -bare etcd

4.5、部署ETCD集群

# 下载ETCD安装包
cd ~
wget https://mirrors.huaweicloud.com/etcd/v3.5.12/etcd-v3.5.12-linux-amd64.tar.gz

# 解压
tar -xf etcd-v3.5.12-linux-amd64.tar.gz

# 分发至其他节点
for i in master01 master02 master03
do
	scp ./etcd-v3.5.12-linux-amd64/etcd* root@$i:/usr/local/bin/
done

# 验证
etcd --version

4.6、注册ETCD服务

# 在三台master节点上执行 注意修改IP
mkdir -pv /etc/kubernetes/conf/etcd

ETCD_NAME=`hostname`
INTERNAL_IP=`hostname -i`
INITIAL_CLUSTER=master01=https://10.202.99.34:2380,master02=https://10.202.99.35:2380,master03=https://10.202.99.36:2380

cat << EOF | sudo tee /usr/lib/systemd/system/etcd.service
[Unit]
Description=etcd
Documentation=https://github.com/coreos

[Service]
ExecStart=/usr/local/bin/etcd \\
  --name ${ETCD_NAME} \\
  --cert-file=/etc/etcd/ssl/etcd.pem \\
  --key-file=/etc/etcd/ssl/etcd-key.pem \\
  --peer-cert-file=/etc/etcd/ssl/etcd.pem \\
  --peer-key-file=/etc/etcd/ssl/etcd-key.pem \\
  --trusted-ca-file=/etc/etcd/ssl/ca.pem \\
  --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem \\
  --peer-client-cert-auth \\
  --client-cert-auth \\
  --initial-advertise-peer-urls https://${INTERNAL_IP}:2380 \\
  --listen-peer-urls https://${INTERNAL_IP}:2380 \\
  --listen-client-urls https://${INTERNAL_IP}:2379,https://127.0.0.1:2379 \\
  --advertise-client-urls https://${INTERNAL_IP}:2379 \\
  --initial-cluster-token etcd-cluster \\
  --initial-cluster ${INITIAL_CLUSTER} \\
  --initial-cluster-state new \\
  --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

# 启动ETCD服务
systemctl enable --now etcd && systemctl status etcd

4.7、测试ETCD服务

# 第一种方式
ETCDCTL_API=3 etcdctl \
--cacert=/etc/etcd/ssl/etcd.pem \
--cert=/etc/etcd/ssl/etcd.pem \
--key=/etc/etcd/ssl/etcd-key.pem \
--endpoints="https://10.202.99.34:2379,https://10.202.99.35:2379,https://10.202.99.36:2379" \
endpoint status --write-out='table'

# 第二种方式
ETCDCTL_API=3 etcdctl \
--cacert=/etc/etcd/ssl/etcd.pem \
--cert=/etc/etcd/ssl/etcd.pem \
--key=/etc/etcd/ssl/etcd-key.pem \
--endpoints="https://10.202.99.34:2379,https://10.202.99.35:2379,https://10.202.99.36:2379" \
member list --write-out='table'

5、部署Master节点

# 部署master节点上的各个组件

5.1、集群规划

10.202.99.34 master01
10.202.99.35 master02
10.202.99.36 master03

# kube-apiserver、控制器、调度器、calico、etcd、kubelet、kube-proxy、DNS

5.2、创建证书

5.2.1、创建集群CA证书
# 只需要在master01上执行
mkdir /opt/cert/k8s
cd /opt/cert/k8s

# 创建配置证书
cat > ca-config.json << EOF
{
  "signing": {
    "default": {
      "expiry": "876000h"
    },
    "profiles": {
      "kubernetes": {
         "expiry": "876000h",
         "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ]
      }
    }
  }
}
EOF

# 创建请求证书

cat > ca-csr.json << EOF
{
    "CN": "kubernetes",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "GuangZhou",
            "ST": "GuangZhou"
        }
    ]
}
EOF

# 创建证书
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
5.2.2、创建集群普通证书
5.2.2.1、创建kube-apiserver的证书
cd /opt/cert/k8s
# api-server:

# hosts为节点和VIP的IP

cat > server-csr.json << EOF
{
    "CN": "kubernetes",
    "hosts": [
        "127.0.0.1",
        "10.202.99.34",
        "10.202.99.35",
        "10.202.99.36",
        "10.202.99.37",
        "10.202.99.100",
        "10.96.0.1",
        "kubernetes",
        "kubernetes.default",
        "kubernetes.default.svc",
        "kubernetes.default.svc.cluster",
        "kubernetes.default.svc.cluster.local"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "GuangZhou",
            "ST": "GuangZhou"
        }
    ]
}
EOF


# 生成证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
5.2.2.2、创建controller-manager的证书
cat > kube-controller-manager-csr.json << EOF
 {
     "CN": "system:kube-controller-manager",
     "hosts": [
         "127.0.0.1",
         "10.202.99.34",
         "10.202.99.35",
         "10.202.99.36",
         "10.202.99.37",
         "10.202.99.100"
     ],
     "key": {
         "algo": "rsa",
         "size": 2048
     },
     "names": [
         {
             "C": "CN",
             "L": "GuangZhou",
             "ST": "GuangZhou",
             "O": "system:kube-controller-manager",
             "OU": "System"
         }
     ]
 }
EOF

# 生成证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
5.2.2.3、创建kube-scheduler的证书
cat > kube-scheduler-csr.json << EOF
 {
     "CN": "system:kube-scheduler",
     "hosts": [
         "127.0.0.1",
         "10.202.99.34",
         "10.202.99.35",
         "10.202.99.36",
         "10.202.99.37",
         "10.202.99.100"
     ],
     "key": {
         "algo": "rsa",
         "size": 2048
     },
     "names": [
         {
             "C": "CN",
             "L": "GuangZhou",
             "ST": "GuangZhou",
             "O": "system:kube-scheduler",
             "OU": "System"
         }
     ]
 }
EOF

# 生成证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
5.2.2.4、创建kube-proxy证书
cat > kube-proxy-csr.json << EOF
 {
     "CN":"system:kube-proxy",
     "hosts":[],
     "key":{
         "algo":"rsa",
         "size":2048
     },
     "names":[
         {
             "C":"CN",
             "L":"GuangZhou",
             "ST":"GuangZhou",
             "O":"system:kube-proxy",
             "OU":"System"
         }
     ]
 }
EOF

# 生成证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
5.2.2.5、创建集群管理员证书
cat > admin-csr.json << EOF
 {
     "CN":"admin",
     "key":{
         "algo":"rsa",
         "size":2048
     },
     "names":[
         {
             "C":"CN",
             "L":"GuangZhou",
             "ST":"GuangZhou",
             "O":"system:masters",
             "OU":"System"
         }
     ]
 }
EOF

# 生成证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin

5.3、分发证书

mkdir -pv /etc/kubernetes/ssl
cp -p ./{ca*pem,server*pem,kube-controller-manager*pem,kube-scheduler*.pem,kube-proxy*pem,admin*.pem} /etc/kubernetes/ssl

for i in master01 master02 master03;do
ssh root@$i "mkdir -pv /etc/kubernetes/ssl"
scp /etc/kubernetes/ssl/* root@$i:/etc/kubernetes/ssl
done

6、下载安装包和创建配置文件

6.1、下载安装包和分发组件

# 下载安装包
## 下载server安装包
wget https://dl.k8s.io/v1.30.2/kubernetes-server-linux-amd64.tar.gz

## 分发组件
tar -xf kubernetes-server-linux-amd64.tar.gz
cd kubernetes/server/bin
for i in master01 master02 master03 ;do  scp kube-apiserver kube-controller-manager kube-proxy kubectl kubelet kube-scheduler root@$i:/usr/local/bin; done

6.2、创建集群配置文件

6.2.1、创建kube-controller-manager.kubeconfig
# 只需在master01上执行
mkdir /opt/conf
cd /opt/conf

## 创建kube-controller-manager.kubeconfig
# KUBE_APISERVER 为 VIP
export KUBE_APISERVER="https://10.202.99.100:8443"
 
# 设置集群参数
kubectl config set-cluster kubernetes \
  --certificate-authority=/etc/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=kube-controller-manager.kubeconfig

# 设置客户端认证参数
kubectl config set-credentials "kube-controller-manager" \
  --client-certificate=/etc/kubernetes/ssl/kube-controller-manager.pem \
  --client-key=/etc/kubernetes/ssl/kube-controller-manager-key.pem \
  --embed-certs=true \
  --kubeconfig=kube-controller-manager.kubeconfig
    
# 设置上下文参数(在上下文参数中将集群参数和用户参数关联起来)
kubectl config set-context default \
  --cluster=kubernetes \
  --user="kube-controller-manager" \
  --kubeconfig=kube-controller-manager.kubeconfig

# 配置默认上下文
kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig
6.2.2、创建kube-scheduler.kubeconfig
# 创建kube-scheduler.kubeconfig
# KUBE_APISERVER 为 VIP
export KUBE_APISERVER="https://10.202.99.100:8443"
    
# 设置集群参数
kubectl config set-cluster kubernetes \
  --certificate-authority=/etc/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=kube-scheduler.kubeconfig
    
# 设置客户端认证参数
kubectl config set-credentials "kube-scheduler" \
  --client-certificate=/etc/kubernetes/ssl/kube-scheduler.pem \
  --client-key=/etc/kubernetes/ssl/kube-scheduler-key.pem \
  --embed-certs=true \
  --kubeconfig=kube-scheduler.kubeconfig
    
# 设置上下文参数(在上下文参数中将集群参数和用户参数关联起来)
kubectl config set-context default \
  --cluster=kubernetes \
  --user="kube-scheduler" \
  --kubeconfig=kube-scheduler.kubeconfig
    
# 配置默认上下文
kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig
6.2.3、创建kube-proxy.kubeconfig集群配置文件
## 创建kube-proxy.kubeconfig集群配置文件
# KUBE_APISERVER 为 VIP
export KUBE_APISERVER="https://10.202.99.100:8443"
    
# 设置集群参数
kubectl config set-cluster kubernetes \
  --certificate-authority=/etc/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=kube-proxy.kubeconfig
    
# 设置客户端认证参数
kubectl config set-credentials "kube-proxy" \
  --client-certificate=/etc/kubernetes/ssl/kube-proxy.pem \
  --client-key=/etc/kubernetes/ssl/kube-proxy-key.pem \
  --embed-certs=true \
  --kubeconfig=kube-proxy.kubeconfig
    
# 设置上下文参数(在上下文参数中将集群参数和用户参数关联起来)
kubectl config set-context default \
  --cluster=kubernetes \
  --user="kube-proxy" \
  --kubeconfig=kube-proxy.kubeconfig
    
# 配置默认上下文
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
6.2.4、创建超级管理员的集群配置文件
# KUBE_APISERVER 为 VIP
export KUBE_APISERVER="https://10.202.99.100:8443"
    
# 设置集群参数
kubectl config set-cluster kubernetes \
  --certificate-authority=/etc/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=admin.kubeconfig
    
# 设置客户端认证参数
kubectl config set-credentials "admin" \
  --client-certificate=/etc/kubernetes/ssl/admin.pem \
  --client-key=/etc/kubernetes/ssl/admin-key.pem \
  --embed-certs=true \
  --kubeconfig=admin.kubeconfig
    
# 设置上下文参数(在上下文参数中将集群参数和用户参数关联起来)
kubectl config set-context default \
  --cluster=kubernetes \
  --user="admin" \
  --kubeconfig=admin.kubeconfig
    
# 配置默认上下文
kubectl config use-context default --kubeconfig=admin.kubeconfig

6.3、分发集群配置文件

# /opt/conf/

for i in master01 master02 master03; do
ssh root@$i  "mkdir -pv /etc/kubernetes/cfg"
scp ./*.kubeconfig root@$i:/etc/kubernetes/cfg
done

6.4、创建集群token

# /opt/conf/    
# 只需要创建一次
# 必须要用自己机器创建的Token
TLS_BOOTSTRAPPING_TOKEN=`head -c 16 /dev/urandom | od -An -t x | tr -d ' '`
    
cat > token.csv << EOF
${TLS_BOOTSTRAPPING_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
EOF



3b91c0489acd7bbb2214df2013f7af70,kubelet-bootstrap,10001,"system:kubelet-bootstrap"

# 分发集群token,用于集群TLS认证

for i in master01 master02 master03;do
scp token.csv root@$i:/etc/kubernetes/cfg/
done

7、部署组件

7.1、安装kube-apiserver

7.1.1、创建kube-apiserver的配置文件
#### 部署各个组件
# 在所有的master节点上执行


##### 创建kube-apiserver的配置文件
# 在所有的master节点上执行
KUBE_APISERVER_IP=`hostname -i`

cat > /etc/kubernetes/cfg/kube-apiserver.conf << EOF
KUBE_APISERVER_OPTS="--v=2 \\
--advertise-address=${KUBE_APISERVER_IP} \\
--default-not-ready-toleration-seconds=360 \\
--default-unreachable-toleration-seconds=360 \\
--max-mutating-requests-inflight=2000 \\
--max-requests-inflight=4000 \\
--default-watch-cache-size=200 \\
--delete-collection-workers=2 \\
--bind-address=0.0.0.0 \\
--secure-port=6443 \\
--allow-privileged=true \\
--service-cluster-ip-range=10.96.0.0/16 \\
--service-node-port-range=30000-52767 \\
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \\
--authorization-mode=RBAC,Node \\
--enable-bootstrap-token-auth=true \\
--token-auth-file=/etc/kubernetes/cfg/token.csv \\
--kubelet-client-certificate=/etc/kubernetes/ssl/server.pem \\
--kubelet-client-key=/etc/kubernetes/ssl/server-key.pem \\
--tls-cert-file=/etc/kubernetes/ssl/server.pem  \\
--tls-private-key-file=/etc/kubernetes/ssl/server-key.pem \\
--client-ca-file=/etc/kubernetes/ssl/ca.pem \\
--service-account-signing-key-file=/etc/kubernetes/ssl/ca-key.pem \\
--service-account-key-file=/etc/kubernetes/ssl/ca.pem \\
--service-account-issuer=api \\
--audit-log-maxage=30 \\
--audit-log-maxbackup=3 \\
--audit-log-maxsize=100 \\
--audit-log-path=/var/log/kubernetes/k8s-audit.log \\
--etcd-servers=https://10.202.99.34:2379,https://10.202.99.35:2379,https://10.202.99.36:2379 \\
--etcd-cafile=/etc/etcd/ssl/ca.pem \\
--etcd-certfile=/etc/etcd/ssl/etcd.pem \\
--etcd-keyfile=/etc/etcd/ssl/etcd-key.pem"
EOF
7.1.2、注册kube-apiserver的服务
##### 注册kube-apiserver的服务
# 在所有的master节点上执行

cat > /usr/lib/systemd/system/kube-apiserver.service << EOF
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]
EnvironmentFile=/etc/kubernetes/cfg/kube-apiserver.conf
ExecStart=/usr/local/bin/kube-apiserver \$KUBE_APISERVER_OPTS
StandardOutput=file:/var/log/kubernetes/kube-apiserver.log
StandardError=file:/var/log/kubernetes/kube-apiserver.err
Restart=on-failure
RestartSec=10
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF



systemctl daemon-reload && systemctl restart kube-apiserver
systemctl status kube-apiserver && systemctl enable kube-apiserver
7.1.3、对kube-apiserver做高可用
##### 对kube-apiserver做高可用
- 安装高可用软件
  # 三台master节点都需要安装
  # keeplived + haproxy
yum install -y keepalived haproxy


# - 修改keepalived配置文件
# - 修改haproxy配置文件
7.1.3.1、配置keepalived

# 根据节点的不同,修改的配置也不同

mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak
cd /etc/keepalived
KUBE_APISERVER_IP=`hostname -i`
  
cat > /etc/keepalived/keepalived.conf <<EOF
  ! Configuration File for keepalived
  global_defs {
      router_id LVS_DEVEL
  }
  vrrp_script chk_kubernetes {
      script "/etc/keepalived/check_kubernetes.sh"
      interval 2
      weight -5
      fall 3
      rise 2
  }
  vrrp_instance VI_1 {
      state MASTER
      interface eth0
      mcast_src_ip ${KUBE_APISERVER_IP}
      virtual_router_id 57
      priority 100
      advert_int 2
      authentication {
          auth_type PASS
          auth_pass K8SHA_KA_AUTH
      }
      virtual_ipaddress {
          10.202.99.100
      }
  }
EOF
  
systemctl enable --now keepalived && systemctl status keepalived
7.1.3.2、配置haproxy
# 高可用软件
cat > /etc/haproxy/haproxy.cfg <<EOF
  global
    maxconn  2000
    ulimit-n  16384
    log  127.0.0.1 local0 err
    stats timeout 30s
  
  defaults
    log global
    mode  http
    option  httplog
    timeout connect 5000
    timeout client  50000
    timeout server  50000
    timeout http-request 15s
    timeout http-keep-alive 15s
  
  frontend monitor-in
    bind *:33305
    mode http
    option httplog
    monitor-uri /monitor
  
  listen stats
    bind    *:8006
    mode    http
    stats   enable
    stats   hide-version
    stats   uri       /stats
    stats   refresh   30s
    stats   realm     Haproxy\ Statistics
    stats   auth      admin:admin
  
  frontend k8s-master
    bind 0.0.0.0:8443
    bind 127.0.0.1:8443
    mode tcp
    option tcplog
    tcp-request inspect-delay 5s
    default_backend k8s-master
  
  backend k8s-master
    mode tcp
    option tcplog
    option tcp-check
    balance roundrobin
    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
    server kubernetes-master-01    10.202.99.34:6443  check inter 2000 fall 2 rise 2 weight 100
    server kubernetes-master-02    10.202.99.35:6443  check inter 2000 fall 2 rise 2 weight 100
    server kubernetes-master-03    10.202.99.36:6443  check inter 2000 fall 2 rise 2 weight 100
EOF
   
systemctl enable --now haproxy.service && systemctl status haproxy

7.2、部署TLS

# apiserver 动态签署颁发到master节点,实现证书签署自动化
7.2.1、创建集群配置文件
# 只需要在一台节点上执行
export KUBE_APISERVER="https://10.202.99.100:8443"

# 设置集群参数
kubectl config set-cluster kubernetes \
  --certificate-authority=/etc/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=kubelet-bootstrap.kubeconfig

#### !!!!!!!!!!!!!!!!!!!!!     
# 设置客户端认证参数,此处token必须用上叙token.csv中的token
# 使用自己的token.csv里面的token
kubectl config set-credentials "kubelet-bootstrap" \
  --token=fe425383cb799d3ff15a2b779c3e306c \
  --kubeconfig=kubelet-bootstrap.kubeconfig

# 设置上下文参数(在上下文参数中将集群参数和用户参数关联起来)
kubectl config set-context default \
  --cluster=kubernetes \
  --user="kubelet-bootstrap" \
  --kubeconfig=kubelet-bootstrap.kubeconfig

# 配置默认上下文
kubectl config use-context default --kubeconfig=kubelet-bootstrap.kubeconfig
7.2.2、分发证书
# 颁发集群配置文件
for i in master01 master02 master03; do
scp kubelet-bootstrap.kubeconfig root@$i:/etc/kubernetes/cfg/
done
7.2.3、 创建TLS低权限用户
##### 创建TLS低权限用户
# 声明一下admin配置文件所在位置:
export KUBECONFIG=/etc/kubernetes/cfg/admin.kubeconfig
# 创建一个低权限用户
kubectl create clusterrolebinding kubelet-bootstrap \
--clusterrole=system:node-bootstrapper \
--user=kubelet-bootstrap

7.3、部署contorller-manager

7.3.1、编辑配置文件
##### 编辑配置文件
# 需要在三台master节点上执行
cat > /etc/kubernetes/cfg/kube-controller-manager.conf << EOF
KUBE_CONTROLLER_MANAGER_OPTS="--v=2 \\
--leader-elect=true \\
--cluster-name=kubernetes \\
--bind-address=127.0.0.1 \\
--cluster-cidr=10.244.0.0/16 \\
--service-cluster-ip-range=10.96.0.0/16 \\
--cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \\
--cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem  \\
--root-ca-file=/etc/kubernetes/ssl/ca.pem \\
--kubeconfig=/etc/kubernetes/cfg/kube-controller-manager.kubeconfig \\
--tls-cert-file=/etc/kubernetes/ssl/kube-controller-manager.pem \\
--tls-private-key-file=/etc/kubernetes/ssl/kube-controller-manager-key.pem \\
--controllers=*,bootstrapsigner,tokencleaner \\
--use-service-account-credentials=true \\
--node-monitor-grace-period=10s"
EOF
7.3.2、注册服务
##### 注册服务
# 需要在三台master节点上执行
cat > /usr/lib/systemd/system/kube-controller-manager.service << EOF
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]
EnvironmentFile=/etc/kubernetes/cfg/kube-controller-manager.conf
ExecStart=/usr/local/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

# 启动服务
systemctl daemon-reload && systemctl enable --now kube-controller-manager.service && systemctl status kube-controller-manager

7.4、部署kube-scheduler

7.4.1、编写配置文件
# 三台机器上都需要执行cat > /etc/kubernetes/cfg/kube-scheduler.conf << EOF
KUBE_SCHEDULER_OPTS="--v=2 \
--kubeconfig=/etc/kubernetes/cfg/kube-scheduler.kubeconfig \
--leader-elect=true \
--bind-address=0.0.0.0"
EOF
7.4.2、注册服务
# 三台节点上都需要执行
cat > /usr/lib/systemd/system/kube-scheduler.service << EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]
EnvironmentFile=/etc/kubernetes/cfg/kube-scheduler.conf
ExecStart=/usr/local/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF


## 启动服务
systemctl daemon-reload 
systemctl enable --now kube-scheduler.service 
systemctl status kube-scheduler
systemctl restart kube-scheduler

7.5、部署kubelet服务

7.5.1、创建kubelet服务配置文件
# 需要在三台master节点上执行 注意pause的镜像更换成自己的
KUBE_HOSTNAME=`hostname`

cat > /etc/kubernetes/cfg/kubelet.conf << EOF
KUBELET_OPTS="--v=2 \\
--hostname-override=${KUBE_HOSTNAME} \\
--kubeconfig=/etc/kubernetes/cfg/kubelet.kubeconfig \\
--bootstrap-kubeconfig=/etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig \\
--config=/etc/kubernetes/cfg/kubelet-config.yml \\
--cert-dir=/etc/kubernetes/ssl \\
--pod-infra-container-image=registry.cn-guangzhou.aliyuncs.com/my_aliyund/pause:3.9 \\
--container-runtime-endpoint=unix:///run/containerd/containerd.sock"
EOF
7.5.2、创建kubelet-config.yaml
# 需要在三台master节点上执行
KUBE_HOSTNAME=`hostname -i`

cat > /etc/kubernetes/cfg/kubelet-config.yml << EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: ${KUBE_HOSTNAME}
port: 10250
readOnlyPort: 10255
cgroupDriver: systemd
clusterDNS:
- 10.96.0.2
clusterDomain: cluster.local
failSwapOn: false
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 2m0s
    enabled: true
  x509:
    clientCAFile: /etc/kubernetes/ssl/ca.pem
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 5m0s
    cacheUnauthorizedTTL: 30s
evictionHard:
  imagefs.available: 15%
  memory.available: 100Mi
  nodefs.available: 10%
  nodefs.inodesFree: 5%
maxOpenFiles: 1000000
maxPods: 110
EOF
7.5.3、注册kubelet的服务
# 需要在三台master节点上执行
cat > /usr/lib/systemd/system/kubelet.service << EOF
[Unit]
Description=Kubernetes Kubelet
After=docker.service

[Service]
EnvironmentFile=/etc/kubernetes/cfg/kubelet.conf
ExecStart=/usr/local/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
RestartSec=10
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF



## 启动服务
systemctl daemon-reload 
systemctl enable --now kubelet.service 
systemctl status kubelet

7.6、部署kube-proxy

7.6.1、创建配置文件
# 需要在三台master节点上执行
KUBE_HOSTNAME=`hostname -i`

cat > /etc/kubernetes/cfg/kube-proxy.conf << EOF
KUBE_PROXY_OPTS="--v=2 \\
--cluster-cidr=10.244.0.0/16 \\
--config=/etc/kubernetes/cfg/kube-proxy-config.yml"
EOF
7.6.2、创建kube-proxy-config.yml
# 需要在三台master节点上执行
KUBE_HOSTNAME=`hostname -i`
HOSTNAME=`hostname`

cat > /etc/kubernetes/cfg/kube-proxy-config.yml << EOF
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: ${KUBE_HOSTNAME}
healthzBindAddress: ${KUBE_HOSTNAME}:10256
metricsBindAddress: ${KUBE_HOSTNAME}:10249
clientConnection:
  burst: 200
  kubeconfig: /etc/kubernetes/cfg/kube-proxy.kubeconfig
  qps: 100
hostnameOverride: ${HOSTNAME}
clusterCIDR: 10.244.0.0/16
enableProfiling: true
mode: "ipvs"
kubeProxyIPTablesConfiguration:
  masqueradeAll: false
kubeProxyIPVSConfiguration:
  scheduler: rr
  excludeCIDRs: []
EOF
7.6.3、注册服务
# 需要在三台master节点上执行
cat > /usr/lib/systemd/system/kube-proxy.service << EOF
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=/etc/kubernetes/cfg/kube-proxy.conf
ExecStart=/usr/local/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure
RestartSec=10
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

### 启动服务
systemctl daemon-reload 
systemctl enable --now kube-proxy.service 
systemctl status kube-proxy
systemctl restart kube-proxy

8、加入集群节点

8.1、查看集群节点加入请求

# 只需要在一台节点上执行即可
kubectl get csr

####
NAME                                                   AGE     SIGNERNAME                                    REQUESTOR           REQUESTEDDURATION   CONDITION
node-csr--XQzkuoVY9gDu0_Vtn9ctH4J2-BNldjxawrR5Z2pqFo   2m56s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>              Pending
node-csr-1NtmSLAqnIAD3qdRfGVV1rAiDjhFwx3u4r-sSStvTgo   2m56s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>              Pending
node-csr-76uScdIZ0Nrgu_D4e6TQBcFZ8an6ZCGoaxCPrxtw5xM   2m56s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>              Pending

8.2、批准加入

# 只需要在一台节点上执行即可
kubectl certificate approve `kubectl get csr | grep "Pending" | awk '{print $1}'`

# 查看节点
kubectl get no

9、安装网络插件

# 安装calico插件

9.1、安装 calico

# 下载calico.yaml
curl -L https://projectcalico.docs.tigera.io/manifests/calico.yaml -O

# 查看calico所需的镜像
cat calico.yaml | grep image

# 修改calico.yaml 中的image镜像源
sed -i "#docker.io/calico/cni:v3.28.1#registry.cn-guangzhou.aliyuncs.com/my_aliyund/calico-kube-controllers:v3.28.1#g" calico.yaml

sed -i "#docker.io/calico/cni:v3.28.1#registry.cn-guangzhou.aliyuncs.com/my_aliyund/calico-cni:v3.28.1#g" calico.yaml

sed -i "#docker.io/calico/node:v3.28.1#registry.cn-guangzhou.aliyuncs.com/my_aliyund/calico-node:v3.28.1#g" calico.yaml

# 检查是否修改成功
cat calico.yaml | grep image

##修改calico.yaml 中 CIDR为自己的配置网段
# CALICO_IPV4POOL_CIDR

# 创建calico
kubectl apply -f calico.yaml

查看calico的pod状态
kubectl get pods -n kube-system

# crictl命令执行如果出现下面的告警信息
# WARN[0000] image connect using default endpoints: [unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead.

# 解决
export CRICTL_ENDPOINT=unix:///run/containerd/containerd.sock

cat << EOF> /etc/crictl.yaml 
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
EOF


####### 没有circtl命令
## 下载安装包(下载慢可以在外面下载,再传上虚拟机)
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.30.1/crictl-v1.30.1-linux-amd64.tar.gz

# 解压
tar -xf crictl-v1.30.1-linux-amd64.tar.gz

# 分发到其他节点
for i in master01 master02 master03; do 
    scp crictl root@$i:/usr/local/bin/;  
done

# 验证
crictl version
kubectl命令错误提示
# 错误提示:
The connection to the server localhost:8080 was refused - did you specify the right host or port?
# 解决:
#临时解决:
#声明一下admin配置文件所在位置:
export KUBECONFIG=/etc/kubernetes/cfg/admin.kubeconfig
#永久解决:在profile底部增加
cat << EOF >> /etc/profile
#### kubernetes
export KUBECONFIG=/etc/kubernetes/cfg/admin.kubeconfig
#### kubernetes
EOF

source /etc/profile

9.2、安装集群DNS

# 只需要在一台节点上执行即可
# 下载DNS安装配置文件包
# wget https://github.com/coredns/deployment/archive/refs/heads/master.zip

unzip deployment-master.zip
cd deployment-master/kubernetes/

# 修改coredns.yaml.sed文件中的 image 为可pull的镜像源
# 执行部署命令
./deploy.sh -i 10.96.0.2 -s | kubectl apply -f -

# 验证集群DNS
kubectl get pods -A

10、安装node节点

# node需要部署哪些组件? kubelet、kube-proxy、calico

10.1、分发软件包、证书、配置文件

# master01
## 分发软件包(解压k8s软件包的位置)

for i in node01;do scp kubernetes/server/bin/kubelet kubernetes/server/bin/kube-proxy root@$i:/usr/local/bin; done
 


## 分发证书
# /data/
for i in node01; do ssh root@$i "mkdir -pv /etc/kubernetes/ssl"; scp -pr /etc/kubernetes/ssl/{ca*.pem,admin*pem,kube-proxy*pem} root@$i:/etc/kubernetes/ssl; done



## 分发配置文件
# 分发ETCD证书
cd /etc/etcd/ssl
for i in node01;do ssh root@$i "mkdir -pv /etc/etcd/ssl"; scp ./*  root@$i:/etc/etcd/ssl; done

10.2、部署kubelet

# 分发kubelet配置文件在master01

for i in node01;do 
    ssh root@$i "mkdir -pv  /etc/kubernetes/cfg";
    scp /etc/kubernetes/cfg/kubelet.conf root@$i:/etc/kubernetes/cfg/kubelet.conf; 
    scp /etc/kubernetes/cfg/kubelet-config.yml root@$i:/etc/kubernetes/cfg/kubelet-config.yml; 
    scp /usr/lib/systemd/system/kubelet.service root@$i:/usr/lib/systemd/system/kubelet.service; 
    scp /etc/kubernetes/cfg/kubelet.kubeconfig root@$i:/etc/kubernetes/cfg/kubelet.kubeconfig; 
    scp /etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig root@$i:/etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig; 
    scp /etc/kubernetes/cfg/token.csv root@$i:/etc/kubernetes/cfg/token.csv;
done

## 修改node节点的配置文件kubelet-config.yml和kubelet.conf的IP和主机名
# 启动kubelet
systemctl enable --now kubelet.service && systemctl status kubelet

10.3、部署kube-proxy

# 分发配置文件在master01

for i in node01; do 
    scp /etc/kubernetes/cfg/kube-proxy.conf root@$i:/etc/kubernetes/cfg/kube-proxy.conf;  
    scp /etc/kubernetes/cfg/kube-proxy-config.yml root@$i:/etc/kubernetes/cfg/kube-proxy-config.yml ;  
    scp /usr/lib/systemd/system/kube-proxy.service root@$i:/usr/lib/systemd/system/kube-proxy.service;  
    scp /etc/kubernetes/cfg/kube-proxy.kubeconfig root@$i:/etc/kubernetes/cfg/kube-proxy.kubeconfig;    
done
# !!!!!!!
# 修改kube-proxy-config.yml中IP和主机名

# 启动
systemctl enable --now kube-proxy.service && systemctl status kube-proxy

10.4、加入节点

# 查看集群状态
kubectl get cs

# 查看加入集群请求
kubectl get csr

# 批准加入
kubectl certificate approve `kubectl get csr | grep "Pending" | awk '{print $1}'`

# 查看加入状态
kubectl get csr

# 查看加入节点
kubectl get nodes

# 设置集群角色
kubectl label nodes master01 node-role.kubernetes.io/master=master01
kubectl label nodes node01 node-role.kubernetes.io/node=node01
———————896
关注
  • 32
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
K8S二进制部署详解,一文教会你部署高可用K8S集群
景天科技苑
02-07 4047
虽然kubeadm方式搭建K8S比较简单,但是对里面的原理都不清楚的话,生产中使用功能可能不便于排查故障。二进制方式部署的k8s集群比较稳定。 二进制方式搭建:在官网下载相关组件的二进制,如果手动安装,对kubernetes理解也会更全面。 Kubeadm和二进制都适合生产环境,在生产环境运行都很稳定,具体如何选择,可以根据实际项目进行评估。
Kubernetes系列】CentOS8下部署Kubernetes1.24
邓邓子的博客
06-13 4062
操作系统:CentOS 8.5.2111 2.禁用 SELinux (1)临时关闭 (2)永久关闭 将: 修改为: 3.关闭 firewalld 4.关闭 swap,注释 swap 分区 Kubernetes 1.8 开始要求关闭系统的 Swap,如果不关闭,默认配置下 kubelet 将无法启动。 使用如下命令关闭 Swap: 修改 /etc/fstab 文件,注释掉 swap 的自动挂载,使用 free -m 确认 swap 已经关闭: 调整 swappiness 参数,修改 /etc/sysc
二进制安装Kubernetes v1.30.1高可用集群
weixin_72583321的博客
05-30 1125
Kubeadm 和二进制都适合生产环境,在生产环境运行都很稳定,具体如何选择,可以根据实际项目进行评估。
k8s的二进制部署(源码部署)
2303_79207100的博客
12-27 1098
opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints="https://20.0.0.17:2379,https://20.0.0.37:2379,https://20.0.0.47:2379" member remove 故障节点的id。对于Pod,将输出Pod所在的Node名。
二进制方式部署k8s集群(实践)
qq_54494363的博客
07-24 1560
二进制部署Kubernetes (二进制部署k8s) 是一种手动安装和配置Kubernetes集群的方法,适用于那些对Kubernetes架构和组件有深入了解的高级用户和管理员。
二进制安装Kubernetes(k8s)v1.30.1
小云的博客
05-26 653
二进制安装Kubernetes(k8s)v1.30.1https://github.com/cby-chen/Kubernetes 开源不易,帮忙点个star,谢谢了介绍kubernetes(k8s)二进制高可用安装部署,支持IPv4+IPv6双栈。我使用IPV6的目的是在公网进行访问,所以我配置了IPV6静态地址。若您没有IPV6环境,或者不想使用IPv6,不对主机进行配置IPv6地址即可。不配...
kubenetes1.30云原生(最新)二进制部署及简易服务发布
qq_42658764的博客
05-22 1369
containerd测试拉取Harbor中的镜像能拉取下来就算完成了,但是containerd目前这样看用起来还是很麻烦的,不像docker的命令那么简单,而且大多数人还是习惯了docker的命令格式,所有我们在来部署一个nerctl,这个是containerd的高级命令行工具,他百分之八九十的复刻了docker的命令。同时我们可以使用netstart -ntlp端口使用情况查看,看到我们目前在跑的集群服务有哪些,分别的端口是多少,kubectl是命令行工具不存在后台服务,所有没端口。
使用二进制安装部署kubernetes(详细精讲版)
一叶的博客
08-13 4254
使用二进制安装部署kubernetes(参考版) 本次安装主要是用来学习kubernetes安装的相关过程及组件的配置,若用于企业实践可根据具体需要在节点添加相应的组件 上一篇文章详细讲解了如何在物理机上安装centos操作系统(小白可直接按照文章内容直接完成安装,需要改的参数会具体指出) 如果是新安装的操作系统,可以安装下列组件,方便操作(其它可跳过第一阶段,直接看准备工作) 1,安装工具(已安装可跳过) 安装wge yum -y install wget yum换源(换源后yum安装
云原生kubernetes最新版本1.30.2,集群搭建部署全方位攻略
热门推荐
景天科技苑
06-24 2万+
目前k8s最新版本1.30.2集群搭建部署,保姆级教程,一文搞定搭建过程中的所有疑难杂症
K8S集群1.27.1版本全程无伤搭建,Ubuntu22.04环境
m0_60100524的博客
05-18 1585
kubernetes1.27搭建,自从K8S在1.24版本开始宣布不支持docker之后,安装1.24后的版本总是会有新问题,本文根据官方文档搭建,踩遍所有坑,应该能解决绝大部分安装时出现的问题
k8s1.20二进制安装
小五
03-14 1万+
安装说明 本文章将演示CentOS 7二进制方式安装高可用k8s 1.20+,相对于其他版本,二进制安装方式并无太大区别,只需要区分每个组件版本的对应关系即可。 二 集群安装 机信息,服务器IP地址不能设置成dhcp,要配置成静态IP,VIP不要和公司内网重复。 192.168.1.11 k8s-master01 # 2C2G 40G 192.168.1.12 k8s-master02 # 2C2G 40G 192.168.1.13 k8s-master03 # 2C2G 40G 192.168.1.1
一起来学k8s 29.二进制k8s集群cronjob
隔壁小翔
08-15 724
二进制k8s集群cronjob 环境准备 ##/etc/hosts 192.168.48.101 master01 192.168.48.102 master02 192.168.48.103 master03 192.168.48.201 node01 192.168.48.202 node02 192.168.48.54 nfs ## keepalived的vip 192.168.48.6...
k8s 1.29 一键安装脚本, 丝滑致极
aifeier的博客
01-31 2194
高可用 k8s 1.29 安装, 一键安装脚本, 以及基于 keepalived 与 nginx 实现高可用 apiserver 用于高可用 k8s 集群
Kubernetes部署篇】二进制搭建K8s高可用集群1.26.15版本(超详细,可跟做)
秦子腾
08-30 1820
kube-scheduler,负责将 Pods 调度到合适的节点上,根据预定义的策略和资源的可用性,选择最适合的节点以运行 Pod,kube-scheduler 会考虑各种因素,如节点资源、Pod 需求、亲和性和反亲和性规则等,确保 Pod 在集群中均匀地分布并满足性能需求。提示:在master-1、master-2、master-3中部署组件,证书和配置的可以先在其中一台生成,然后拷贝到其他master主机中。1、创建etcd目录(master-1、master-2、master-3中都要先创建)
k8s v1.30 完整安装过程及CNI安装过程总结
从善若水的博客
07-21 1151
k8s v1.30 完整安装过程及CNI安装过程总结
ubuntu安装k8s1.30
qadlr的博客
06-14 568
查看最新版本 修改下行的版本号(1.7.17)下载即可:(下载的是 cri-containerd-XXX-linux-amd64.tar.gz)
K8S中部署MySQL高可用工具Orchestrator
sozee910的博客
09-05 1158
Orchestrator 可以部署在物理机、虚拟机或 Kubernetes 集群中,笔者发现目前针对k8s集群部署的方式介绍较少,现通过示例详细阐述Orchestrator 这一功能强大且灵活的工具部署方式,希望学习mysql和k8s的同学提供帮助
k8s API资源对象
最新发布
巧克力人生的博客
09-06 637
如果想直接通过k8s节点的IP直接访问到service对应的资源,可以使用NodePort,Nodeport对应的端口范围:30000-32767。这种方式,需要配合公有云资源比如阿里云、亚马逊云来实现,这里需要一个公网IP作为入口,然后来负载均衡所有的Pod。该方式为默认类型,即,不定义type字段时(如上面service的示例),就是该类型。说明:Taint叫做污点,如果某一个节点上有污点,则不会被调度运行pod。使用yaml文件来配置、部署资源对象。作用:对外提供访问端口。
二进制数-0.1110的补码
07-09
对于二进制数的补码表示,我们需要先确定它是有符号数还是无符号数。如果是有符号数,则需要使用补码表示。 对于二进制数-0.1110,我们可以发现最高位是1,表示它是一个负数。因此,我们需要将其转换为补码表示。 首先,将其绝对值转换为二进制数: 0.1110 * 2 = 1.1100 -> 1 0.1100 * 2 = 1.1000 -> 1 0.1000 * 2 = 1.0000 -> 1 所以,-0.1110的二进制表示为-0.111。 接下来,我们需要求补码。由于它是一个负数,我们需要将其转换为补码表示。首先,将二进制数的每一位取反,得到反码: -0.111 -> -1.000 然后,将反码的每一位加1,得到补码: -1.000 + 1 = -0.000 最后,将补码转换回二进制形式: -0.000 = -0 * 2^0 + 0 * 2^-1 + 0 * 2^-2 + 0 * 2^-3 = -0 所以,二进制数-0.1110的补码为-0。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值