1、环境准备
1、服务器信息
IP地址 | 主机名 | 安装组件 | 版本信息 |
---|---|---|---|
10.10.8.251 | k8s-node1 | kubeadm、kubelet、kubectl、docker、 keepalive、nginx、etcd | kubeadm:1.22.9 docker:23.0.0 nginx:1.20.1 keepalived:1.3.5 |
10.10.8.252 | k8s-node2 | kubeadm、kubelet、kubectl、docker、 keepalive、nginx、etcd | 同上 |
10.10.8.253 | k8s-node3 | kubeadm、kubelet、kubectl、docker 、keepalive、nginx、etcd | 同上 |
10.10.8.254 | – | Keepalived VIP | — |
所有节点均执行环境初始化操作
2、配置hosts文件
vi /etc/hosts
##内容
10.10.8.251 k8s-node1
10.10.8.252 k8s-node2
10.10.8.253 k8s-node3
3、关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
4、关闭Swap
swapoff -a
yes | cp /etc/fstab /etc/fstab_bak
cat /etc/fstab_bak |grep -v swap > /etc/fstab
5、配置内核转发参数
echo """
vm.swappiness = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
""" > /etc/sysctl.d/k8s.conf
执行命令使修改生效
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
6、加载ipvs模块
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
7、安装基础软件包
yum -y install epel-release vim tree ntpdate wget net-tools telnet
8、配置时间同步
ntpdate -u ntp1.aliyun.com
9、创建目录(按需)
mkdir /data/docker #docker数据目录
10、其他配置
cat >> /etc/sysctl.d/limits.conf << EOF
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
EOF
2、部署Docker环境
所有节点均执行部署Docker操作
1、卸载旧版本的docker
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
2、安装所需要的软件包
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
3、设置稳定的存储库
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
4、安装docker-ce,多个版本docker-ce 列出并排序
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce-23.0.0-1.el7 #安装指定版本
5.修改docker相关参数
mkdir /etc/docker #创建目录,修改docker0默认网段
vim /etc/docker/daemon.json #查看其他节点的配置并复制
{
"bip":"172.18.0.1/22",
"exec-opts": ["native.cgroupdriver=systemd"]
}
#修改docker工作目录
vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd 后面添加工作目录 --data-root=/data/docker
systemctl daemon-reload
systemctl start docker
systemctl enable docker
3、部署kubeadm、kubectl、kubelet
所有节点均执行部署操作
1、添加组件yum源
cat <<EOF> /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2、查看版本信息
yum list kubeadm --showduplicates | sort -r
yum list kubectl --showduplicates | sort -r
yum list kubelet --showduplicates | sort -r
3、安装指定版本
yum -y install kubelet-1.22.9-0 \
kubeadm-1.22.9-0 kubectl-1.22.9-0 --disableexcludes=kubernetes
systemctl enable kubelet
4、在/etc/sysctl.conf中添加以下内容,开启内核转发
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p
sysctl --system
4、部署keepalive+nginx高可用
所有节点均执行部署操作
1、安装nginx、keepalived
yum -y install keepalived nginx
2、配置keepalived
10.10.8.251
vim /etc/keepalived/keepalived.conf
global_defs {
router_id m1
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface em2 #注意替换成实际的网卡信息
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 888
}
virtual_ipaddress {
10.10.8.254/24
}
}
10.10.8.252
vim /etc/keepalived/keepalived.conf
global_defs {
router_id m1
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface em2 #注意替换成实际的网卡信息
virtual_router_id 51
priority 140
advert_int 1
authentication {
auth_type PASS
auth_pass 888
}
virtual_ipaddress {
10.10.8.254/24
}
}
10.10.8.253
vim /etc/keepalived/keepalived.conf
global_defs {
router_id m1
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface em2 #注意替换成实际的网卡信息
virtual_router_id 51
priority 130
advert_int 1
authentication {
auth_type PASS
auth_pass 888
}
virtual_ipaddress {
10.10.8.254/24
}
}
3、keepalived启动开机启动
systemctl enable keepalived
systemctl start keepalived
4、配置nginx
nginx四层代理,增加以下配置
vim /etc/nginx/nginx.conf
#...
stream {
server {
listen 8443;
proxy_pass kube_apiserver;
}
upstream kube_apiserver {
server 10.10.8.251:6443 weight=10 max_fails=3 fail_timeout=5s;
server 10.10.8.252:6443 weight=10 max_fails=3 fail_timeout=5s;
server 10.10.8.253:6443 weight=10 max_fails=3 fail_timeout=5s;
}
}
#...
nginx -t
#如果报错unknown directive "stream"
yum install nginx-mod-stream -y
5、启动、开机启动nginx
systemctl start nginx
systemctl enable nginx
5、部署Kubernetes集群
1、 准备镜像
由于国内访问k8s.gcr.io存在某些原因下载不了镜像,可以在国内的镜像仓库中下载它们(比如使用阿里云镜像仓库。阿里云代理镜像仓库地址:registry.aliyuncs.com/google_containers
所有节点执行:
kubeadm config images pull --kubernetes-version=v1.22.9 --image-repository=registry.aliyuncs.com/google_containers
2、准备ini配置文件
master1执行命令,生成集群初始化文件kubeadm-init.yaml
kubeadm config print init-defaults > kubeadm-init.yaml
修改kubeadm-init.yaml文件(文件根据实际进行调整)
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.10.8.251 #master节点1 的IP
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
imagePullPolicy: IfNotPresent
name: k8s-node1
taints: null
---
controlPlaneEndpoint: "10.10.8.254:8443" #nginx(keepalivedVIP)代理地址和端口
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers #镜像仓库地址
kind: ClusterConfiguration
kubernetesVersion: 1.22.9 #k8s版本
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12 #service的地址范围
scheduler: {}
3、初始化集群
master1执行命令初始化集群
kubeadm init --config kubeadm-init.yaml --upload-certs
注意如果初始化失败,根据具体报错进行调整后,执行以下命令重置,并重新执行初始化
kubeadm reset #重置
kubeadm init --config kubeadm-init.yaml --upload-certs
初始化完成状态如下
kubeadm join 10.10.8.254:8443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:9def62f17c71c41681f16961b955294c77a7cd822108f0b9806b858e1d390de8 \
--control-plane --certificate-key 31eabed6388cd762ef4fcc9e6af14e34d5a6cadae65271bc40f68481daa81c93
#为master加入的命令,命令token有时限,请勿直接复制,根据实际的进行操作
kubeadm join 10.10.8.254:8443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:9def62f17c71c41681f16961b955294c77a7cd822108f0b9806b858e1d390de8
#node加入的命令,命令token有时限,请勿直接复制,根据实际的进行操作
执行以下命令
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
4、其他节点加入集群
master节点加入集群
kubeadm join 10.10.8.254:8443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:9def62f17c71c41681f16961b955294c77a7cd822108f0b9806b858e1d390de8 \
--control-plane --certificate-key 31eabed6388cd762ef4fcc9e6af14e34d5a6cadae65271bc40f68481daa81c93
#为master加入的命令,命令token有时限,请勿直接复制,根据实际的进行操作
#重新生成
kubeadm-init-phase-upload-certs-upload-cert
node节点加入集群
kubeadm join 10.10.8.254:8443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:9def62f17c71c41681f16961b955294c77a7cd822108f0b9806b858e1d390de8
#node加入的命令,命令token有时限,请勿直接复制,根据实际的进行操作
#重新生成
kubeadm-init-phase-upload-certs-upload-cert
去掉master污点,允许master运行容器
kubectl taint nodes --all node-role.kubernetes.io/master-
查看证书时间。ca证书默认10年,组件默认1年
kubeadm certs check-expiration
查看所有节点信息
kubectl get nodes
状态是NotReady,因为还没有安装网络插件。
6、安装网络插件-calico
下载最新的编排文件
curl https://docs.projectcalico.org/archive/v3.21/manifests/calico.yaml -O
安装网络插件
kubectl apply -f calico.yaml
calico默认网段为192.168.0.0/16,可编辑calico.yaml自行修改
kubectl get pod -n kube-system | grep calico
启动完成后查看集群节点状态,已经是Ready状态
kubectl get node
7、其他组件部署和优化
7.1 部署Metrices-Server
下载部署文件
wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml -O metrics-server.yaml
根据实际修改文件
...
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls
image: bitnami/metrics-server:0.6.3
...
部署服务
kubectl apply -f metrics-server.yaml
查看启动状态
kubectl get pod -n kube-system -l k8s-app=metrics-server -w
查看资源使用状态
kubectl top nodes
7.2 集群相关优化(可选)
1、修改NodePort端口范围
在所有Master管理节点执行
$ sed -i '/- --secure-port=6443/a\ - --service-node-port-range=20000-40000' /etc/kubernetes/manifests/kube-apiserver.yaml
2、解决kubectl get cs显示异常问题
在所有Master管理节点执行
sed -i 's/^[^#].*--port=0$/#&/g' /etc/kubernetes/manifests/{kube-scheduler.yaml,kube-controller-manager.yaml}
3、解决调度器监控不显示问题
在所有Master管理节点执行
sed -i 's#bind-address=127.0.0.1#bind-address=0.0.0.0#g' /etc/kubernetes/manifests/kube-controller-manager.yaml
sed -i 's#bind-address=127.0.0.1#bind-address=0.0.0.0#g' /etc/kubernetes/manifests/kube-scheduler.yaml
Kubeadm高可用集群部署完成。