k8s安装之kubeadm

k8s安装之kubeadm

所有主机更新内核(选做)
yum update -y
#升级所有包同时也升级软件和系统内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
#导入ELRepo仓库的公共密钥
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
#安装ELRepo仓库的yum源
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
#查看可用的系统内核包
yum --enablerepo=elrepo-kernel install -y kernel-ml
#安装最新版本内核
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
#查看系统上的所有可用内核
grub2-set-default 0
#设置默认版本,其中 0 是上面查询出来的可用内核
grub2-mkconfig -o /boot/grub2/grub.cfg
#生成 grub 配置文件
reboot
#重启
rpm -qa | grep kernel
#查看系统中全部的内核

#删除旧内核(可选)
rpm -qa | grep kernel
#查看系统中全部的内核
yum remove  过滤出来的旧内核

#所有主机IP地址不能设置成dhcp,要配置成静态IP
vim /etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR=192.168.1.128
NETMASK=255.255.255.0
GATEWAY=192.168.1.2
DNS1=144.144.144.144
DNS2=8.8.8.8
systemctl restart network

#所有主机配置主机名并绑定hosts,不同主机名称不同
hostnamectl set-hostname k8s-master
#临时修改主机名and永久修改
hostnamectl set-hostname k8s-node01
hostnamectl set-hostname k8s-node02
bash
cat << EOF >> /etc/hosts
192.168.1.128 k8s-master
192.168.1.129 k8s-node01
192.168.1.132 k8s-node02
EOF

#所有主机配置禁用selinux 
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux

#所有主机配置禁用防火墙
iptables -F
systemctl disable --now firewalld 
systemctl disable --now dnsmasq
systemctl disable --now NetworkManager
#CentOS7需要关闭NetworkManager,CentOS8不需要

#所有主机禁用swap分区
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab

#所有主机时间同步
yum -y install ntpdate
ntpdate time2.aliyun.com
hwclock --systohc
crontab -e
*/5 * * * * /usr/sbin/ntpdate time2.aliyun.com
timedatectl set-timezone Asia/Shanghai

#所有节点配置limit
ulimit -SHn 65535
vim /etc/security/limits.conf	#末尾添加如下内容
* soft nofile 65536
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited

#master配置
ssh-keygen -t rsa
for i in k8s-master k8s-node01 k8s-node02;do ssh-copy-id -i .ssh/id_rsa.pub $i;done

#所有主机将桥接的IPv4流量传递到iptables的链
cat << EOF >> /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter
modprobe overlay
sysctl -p

#所有主机安装模块
tee /etc/modules-load.d/ipvs.conf <<'EOF'
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
nf_conntrack
ip_tables
ip_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
systemctl enable --now systemd-modules-load.service
lsmod |grep -e ip_vs -e nf_conntrack

#开启一些k8s集群中必须的内核参数,所有节点配置k8s内核
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
user.max_user_namespaces=28633

fs.may_detach_mounts = 1
net.ipv4.conf.all.route_localnet = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
sysctl --system

#所有节点配置完内核后,重启服务器,保证重启后内核依旧加载
reboot
lsmod | grep --color=auto -e ip_vs -e nf_conntrack

#所有主机设置日志的保存方式
mkdir /var/log/journal
mkdir /etc/systemd/journal.conf.d

cat >/etc/systemd/journal.conf.d/99-prophet.conf <<EOF
[Journal]
#持久化保存到磁盘
Storage=persistent
#压缩历史日志
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
#最大占用空间10G
SystemMaxUse=10G
#单日志文件最大200M
SystemMaxFileSize=200M
#日志保存时间2周
MaxRetentionSec=2week
#不将日志转发到syslog
ForwardToSyslog=no
EOF
systemctl restart systemd-journald

#所有主机安装docker(本地rpm包安装方式)
mkdir -pv /opt/docker/rpm
rz  /opt/docker/rpm
#所需的rpm包上传到rpm目录中
yum -y localinstall ./*.rpm
#安装刚才所上传的rpm安装包
systemctl start docker
#启动docker
systemctl enable docker	
#设置docker为开机自启
docker info
#查看docker详细信息
cat > /etc/docker/daemon.json << EOF
{
 "registry-mirrors": [
    "https://nyakyfun.mirror.aliyuncs.com",
    "https://registry.docker-cn.com",
    "http://hub-mirror.c.163.com",
    "https://docker.mirrors.ustc.edu.cn"
  ],
 "exec-opts": ["native.cgroupdriver=systemd"],
 "max-concurrent-downloads": 10,
 "max-concurrent-uploads": 5,
 "log-driver": "json-file",
 "log-opts": {
   "max-size": "300m",
   "max-file": "2"
 },
 "insecure-registries":["192.168.10.250"],
 "live-restore": true,
 "storage-driver": "overlay2"
}
EOF
systemctl daemon-reload
#重启docker守护进程
systemctl restart docker
#重启docker
docker --version
#查看docker版本号
docker info


《《《《《《《《部署kubernetes集群》》》》》》》》
所欲主机执行
#配置阿里云的yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo 
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
       https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
cat /etc/yum.repos.d/kubernetes.repo
ls /etc/yum.repos.d/
CentOS-Base.repo	CentOS-Media.repo	kubernetes.repo

#安装kubelet kubeadm kubectl 
yum list kubeadm.x86_64 --showduplicates | sort -r 
#查看可用kubeadm版本
yum -y install kubelet-1.23.7 kubeadm-1.23.7 kubectl-1.23.7
#(yum 网络安装方式)
systemctl enable --now kubelet
#设置开启启动and现在启动


#master操作
kubeadm config print init-defaults > init-config.yaml
#创建默认的init-config.yaml文件

vim init-config.yaml 
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- 3groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.1.128	
  #//master节点IP地址,改
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: k8s-master	
  #改为master主机名称
  #//如果使用域名保证可以解析,或直接使用 IP 地址
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd		
    #etcd 容器挂载到本地的目录
imageRepository: registry.aliyuncs.com/google_containers
#修改为国内地址
kind: ClusterConfiguration
kubernetesVersion: v1.19.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.244.0.0/16 
  #新增加 Pod 网段
scheduler: {}

#初始化master节点
kubeadm config images list --config init-config.yaml
#查看镜像
kubeadm config images pull --config=init-config.yaml
#预先下载号初始化所需的镜像网络安装
mkdir a
cd a
rz 上传已经下载好的镜像
#(本地安装)
ls | while read line
do
docker load -i $line
done
cd /root/a
rm -rfv ./*.tar
cd 
rm -rfv a
#把读取到都上穿到本地镜像仓库
kubeadm init --config=init-config.yaml
#初始化安装K8S,注意运行前一定要给该虚拟机最少2G2核,docker必须是运行的
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
vim 1.txt
kubeadm join 192.168.1.128:6443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:4512ce73af59ed4b25e96416f0f7f3fa1e8d48ad84f2b9f9687ad3b0eca55e41
#因为Kubeadm init生成的token有效期只有24小时,所以要重新生成一个新的token
kubeadm token create --ttl 0 --print-join-command
kubeadm token list
把生成的新的写入到1.txt
vim 1.txt
kubeadm join 192.168.1.128:6443 --token eutwqx.93palhqa7s8vjln6 \
        --discovery-token-ca-cert-hash sha256:4512ce73af59ed4b25e96416f0f7f3fa1e8d48ad84f2b9f9687ad3b0eca55e41
        
#node执行
把1.txt文件中的内容复制出来在两台node节点执行
kubeadm join 192.168.1.128:6443 --token eutwqx.93palhqa7s8vjln6 \
        --discovery-token-ca-cert-hash sha256:4512ce73af59ed4b25e96416f0f7f3fa1e8d48ad84f2b9f9687ad3b0eca55e41
        
#master
kubectl get cs
#查看节点信息
kubectl get nodes
#查询所有node
kubectl get pod -A
#查询所有pod


《《《《《《安装calico网络插件》》》》
mkdir calico
cd calico
curl https://docs.projectcalico.org/manifests/calico.yaml -O
ls

kubectl apply -f calico.yaml
#根据calico.yml文件创建
kubectl get pod -A
#查询所有pod
rz cni-v3.23.1.tar	kube-controllers-v3.23.1.tar	node-v3.23.1.tar
#上传这三个文件
for i in `ls *.tar` ;do docker load < $i ;done
#把.tar文件导入到本地的镜像仓库中

node执行
rz cni-v3.23.1.tar	kube-controllers-v3.23.1.tar	node-v3.23.1.tar
#上传这三个文件
for i in `ls *.tar` ;do docker load < $i ;done
小实验之添加一个node
iptables -F
setenforce 0
systemctl disable --now firewalld 
systemctl disable --now dnsmasq
systemctl disable --now NetworkManager
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
hostnamectl set-hostname k8s-node03
bash

#master执行
vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.128 k8s-master
192.168.1.129 k8s-node01
192.168.1.132 k8s-node02
192.168.1.132 k8s-node02
192.168.1.141 k8s-node03
#添加新加的node节点
scp /etc/hosts 192.168.1.141:/etc/
scp /etc/hosts 192.168.1.132:/etc/
scp /etc/hosts 192.168.1.129:/etc/
scp /etc/resolv.conf 192.168.1.141:/etc/

#node3执行
vim /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=none
IPADDR=192.168.1.141
NETMASK=255.255.255.0
GATEWAY=192.168.1.2
DNS1=144.144.144.144
DNS2=8.8.8.8
systemctl restart network
yum -y install vim wget net-tools lrzsz
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
cat << EOF >> /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter
modprobe overlay
sysctl -p
mkdir -pv  /opt/docker/rpm
cd /opt/docker/rpm
rz docker所需要的包
rpm -ivh ./*.rpm --force --nodeps
touch /etc/docker/daemon.json
cat > /etc/docker/daemon.json << EOF
{
 "registry-mirrors": [
    "https://nyakyfun.mirror.aliyuncs.com",
    "https://registry.docker-cn.com",
    "http://hub-mirror.c.163.com",
    "https://docker.mirrors.ustc.edu.cn"
  ],
 "exec-opts": ["native.cgroupdriver=systemd"],
 "max-concurrent-downloads": 10,
 "max-concurrent-uploads": 5,
 "log-driver": "json-file",
 "log-opts": {
   "max-size": "300m",
   "max-file": "2"
 },
 "insecure-registries":["192.168.10.250"],
 "live-restore": true,
 "storage-driver": "overlay2"
}
EOF
systemctl daemon-reload
#重启docker守护进程
systemctl restart docker
#重启docker
docker --version
#查看docker版本号
docker info
#配置阿里云的yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo 
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
       https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
cat /etc/yum.repos.d/kubernetes.repo
ls /etc/yum.repos.d/
CentOS-Base.repo	CentOS-Media.repo	kubernetes.repo

#安装kubelet kubeadm kubectl 
yum list kubeadm.x86_64 --showduplicates | sort -r 
#查看可用kubeadm版本
yum -y install kubelet-1.23.7 kubeadm-1.23.7 kubectl-1.23.7
#(yum 网络安装方式)
systemctl enable --now kubelet
#设置开启启动and现在启动
kubeadm join 192.168.1.128:6443 --token eutwqx.93palhqa7s8vjln6 \
        --discovery-token-ca-cert-hash sha256:4512ce73af59ed4b25e96416f0f7f3fa1e8d48ad84f2b9f9687ad3b0eca55e41
        
master执行
kubectl get nodes
kubectl get pods -n kube-system

node3执行
mkdir -pv /opt/k8s/images
cd /opt/k8s/images
rz kube-proxy-v1.23.0.tar pause-3.6.tar coredns-v1.8.6.tar
for i in `ls *.tar` ;do docker load < $i ;done

节点管理命令
master执行
kubeadm reset
#重置master和node配置
kubectl delete node k8s-node03
#删除node03节点

node03执行
docker rm -f $(docker ps -aq)
#删除所有的容器
systemctl stop kubelet
rm -rf /etc/kubernetes/*
rm -rfv /var/lib/kubernetes/*
#执行完之后node就和master彻底失去联系
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值