OpenEular（欧拉）操作系统23.03搭建kubernetes

我是你的甲乙丙丁

已于 2023-09-26 14:09:40 修改

阅读量1k

点赞数

文章标签： kubernetes docker 容器

于 2023-09-08 13:59:57 首次发布

本文链接：https://blog.csdn.net/weixin_45437959/article/details/132758820

版权

kubeadm安装Kubernetes v1.24.0 docker

1. 环境准备

1、配置hosts

cat <<EOF >> /etc/hosts
172.30.28.163  master-163
172.30.28.164  node-164
EOF

2.关闭防火墙、selinux和swap。

systemctl stop firewalld
systemctl disable firewalld
setenforce 0 #实时动态关闭
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #禁止重启后自动开启
swapoff -a #实时动态关闭
sed -i '/ swap / s/^/#/' /etc/fstab #禁止重启后自动开启

2.配置内核参数，将桥接的IPv4流量传递到iptables的链

cat <<EOF >/etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF

modprobe br_netfilter  #执行该命令 如果不执行就会在应用k8s.conf时出现加载错误

sysctl -p /etc/sysctl.d/k8s.conf #应用配置文件

5.安装常用工具

yum clean all 
yum makecache
yum update -y
yum install -y  crictl socat conntrack

6.主机时间同步

yum install -y ntp
systemctl enable ntpd && systemctl start ntpd
cat <<EOF >/etc/ntp.conf 
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ::1
server ntp.aliyun.com iburst
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
EOF
systemctl restart ntpd

2. 软件安装

1.安装docker

# step 1: 安装必要的一些系统工具
yum install -y device-mapper-persistent-data lvm2 crictl
# Step 2: 开启Docker服务
yum -y install docker
systemctl start docker
# Step 3: 开机自启
systemctl enable docker

# 修改cgroup
cat > /etc/docker/daemon.json << EOF
{
    "exec-opts": ["native.cgroupdriver=systemd"],
    "registry-mirrors":["https://docker.mirrors.ustc.edu.cn/"]
}
EOF

systemctl daemon-reload
systemctl restart docker

docker服务为容器运行提供计算资源，是所有容器运行的基本平台。

2.安装ipset、ipvsadm

# ipvs安装
yum install -y ipset ipvsadm

# 配置ipvsadm
cat > /etc/sysconfig/modules/ipvs.module <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_sh
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- nf_conntrack
EOF

# 授权运行
chmod 755 /etc/sysconfig/modules/ipvs.module 
/etc/sysconfig/modules/ipvs.module

3.安装cri-docker

# x86
## 下载文件
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.4/cri-dockerd-0.3.4.amd64.tgz
## 解压
tar -xvf cri-dockerd-0.3.4.amd64.tgz
# arm
## 下载文件
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.4/cri-dockerd-0.3.4.arm64.tgz
## 解压
tar -xvf cri-dockerd-0.3.4.arm64.tgz

# 复制二进制文件到指定目录
cp cri-dockerd/cri-dockerd /usr/bin/

# 配置启动文件
cat <<"EOF" > /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket

[Service]
Type=notify

ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint=unix:///var/run/cri-docker.sock --network-plugin=cni --cni-bin-dir=/opt/cni/bin \
          --cni-conf-dir=/etc/cni/net.d --image-pull-progress-deadline=30s --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7 \
          --docker-endpoint=unix:///var/run/docker.sock --cri-dockerd-root-directory=/var/lib/docker
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target

EOF

# 生成socket 文件
cat <<"EOF" > /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service

[Socket]
ListenStream=/var/run/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target

EOF

# 启动 cri-dockerd
systemctl daemon-reload
systemctl start cri-docker
#设置开机启动
systemctl enable cri-docker
# 查看启动状态
systemctl status cri-docker

3.安装kubeadm、kubelet、kubectl

# master执行
yum install -y kubernetes-kubelet kubernetes-kubeadm kubernetes-master 
# node执行
yum install -y kubernetes-kubelet kubernetes-kubeadm kubernetes-master 

systemctl enable kubelet

cat <<EOF > /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF

Kubelet负责与其他节点集群通信，并进行本节点Pod和容器生命周期的管理。

Kubeadm是Kubernetes的自动化部署工具，降低了部署难度，提高效率。

Kubectl是Kubernetes集群管理工具。

4、部署master 节点

获取默认的初始化参数文件

kubeadm config print init-defaults > init.default.yaml

修改初始化参数文件

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 172.30.28.163 #本机ip
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/cri-docker.sock # 指定cri-docker
  imagePullPolicy: IfNotPresent
  name: master-163 # 本机主机名
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 阿里镜像仓库
kind: ClusterConfiguration
kubernetesVersion: 1.24.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.1.0.0/16 # svc子网
  podSubnet: 10.224.0.0/16 # pod子网
scheduler: {}

# 指定ipvs
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs

查看和拉取K8S集群需要的镜像

kubeadm config images list --config=init.default.yaml
kubeadm config images pull --config=init.default.yaml --v=5

运行kubeadm init命令安装master

kubeadm init --config=init.default.yaml
# 如果初始化失败，可以重置 
kubeadm reset --cri-socket unix:///var/run/cri-docker.sock

复制配置文件到home目录下

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

添加节点（在node节点执行）

kubeadm join 172.30.22.163:6443 --token abcdef.0123456789abcdef \
	--discovery-token-ca-cert-hash sha256:6abcc08c10867f175668756b992eaceed2e1ab54d21bebfe14d70107429342ef \
	 --cri-socket unix:///var/run/cri-docker.sock

5、安装calico网络插件

wget https://docs.projectcalico.org/v3.23/manifests/calico.yaml

# 修改pod子网
vim calico.yaml
- name: CALICO_IPV4POOL_CIDR
  value: "10.224.0.0/16"

kubectl create -f calico.yaml

node为Ready

[root@master-163 ~]# kubectl get node
NAME      STATUS      ROLES           AGE   VERSION
master-163   Ready    control-plane   5m   v1.24.1
node-164     Ready    <none>          4m   v1.24.0
[root@master-163 ~]# kubectl get pod -A 
NAMESPACE     NAME                                     READY   STATUS    RESTARTS      AGE
kube-system   calico-kube-controllers-d569cccf-vfpl5   1/1     Running   2
10m
kube-system   calico-node-8ppfs                        1/1     Running   1 
10m
kube-system   calico-node-gfcvp                        1/1     Running   0             10m
kube-system   coredns-74586cf9b6-kn7h5                 1/1     Running   0             15m
kube-system   coredns-74586cf9b6-qdhnn                 1/1     Running   0             15m
kube-system   etcd-master-163                          1/1     Running   0             15m
kube-system   kube-apiserver-master-163                1/1     Running   0             15m
kube-system   kube-controller-manager-master-163       1/1     Running   0             15m
kube-system   kube-proxy-455t4                         1/1     Running   1
14m
kube-system   kube-proxy-4cgsz                         1/1     Running   0             15m
kube-system   kube-scheduler-master-163                1/1     Running   0             15m

6、部署nginx

cat >  nginx.yaml  << "EOF"
---
apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx-web
spec:
  replicas: 2
  selector:
    name: nginx
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:1.19.6
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service-nodeport
spec:
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30001
      protocol: TCP
  type: NodePort
  selector:
    name: nginx
EOF

查看nginx svc 端口

[root@master-163 ~]# kubectl create -f nginx.yaml
replicationcontroller/nginx-web created
service/nginx-service-nodeport created
[root@master-163 ~]# kubectl get pods
NAME              READY   STATUS    RESTARTS   AGE
nginx-web-67v2z   1/1     Running   0          9s
nginx-web-cj895   1/1     Running   0          9s
[root@master-163 ~]# kubectl get svc
NAME                     TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE
kubernetes               ClusterIP   10.1.0.1       <none>        443/TCP        20m
nginx-service-nodeport   NodePort    10.1.213.151   <none>        80:30001/TCP   9s
[root@master-163 ~]# curl 172.30.28.163：30001