一、镜像文件
需提前放置到虚拟机中
可到官方网站获取
docker镜像文件,华为云centos镜像文件,kubernetes镜像文件
# docker-ce.repo [docker-ce-stable] name=Docker CE Stable - $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable enabled=1 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-stable-debuginfo] name=Docker CE Stable - Debuginfo $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/stable enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-stable-source] name=Docker CE Stable - Sources baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/stable enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-test] name=Docker CE Test - $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/test enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-test-debuginfo] name=Docker CE Test - Debuginfo $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/test enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-test-source] name=Docker CE Test - Sources baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/test enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-nightly] name=Docker CE Nightly - $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/nightly enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-nightly-debuginfo] name=Docker CE Nightly - Debuginfo $basearch baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/nightly enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg [docker-ce-nightly-source] name=Docker CE Nightly - Sources baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/nightly enabled=0 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg # kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
二、确保本机网络通畅
三、执行基本环境配置脚本
此脚本每台虚拟机都需运行
#/bin/bash echo "域名映射" sleep 5 cat >> /etc/hosts << EOF 10.0.0.11 k8s-master 10.0.0.22 k8s-node01 10.0.0.33 k8s-node02 EOF echo "软件包重构" sleep 5 yum clean all && yum makecache &> /dev/null cd echo "下载软件包" sleep 5 yum install -y vim git &> /dev/null yum install -y wget jq psmisc net-tools telnet yum-utils &> /dev/null yum install -y device-mapperpersistent-data lvm2 tree &> /dev/null sleep 5 echo "关闭防火墙" sleep 5 systemctl disable --now firewalld echo "关闭dns" sleep 5 systemctl disable --now dnsmasq echo "设置selinux" setenforce 0 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config echo "关闭swap分区" swapoff -a && sysctl -w vm.swappiness=0 sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab echo "配置时间同步" sleep 5 yum -y install ntpdate &> /dev/null ntpdate time2.aliyun.com echo "调整限制" ulimit -SHn 65535 cat >> /etc/security/limits.conf << EOF * soft nofile 65536 * hard nofile 131072 * soft nproc 65535 * hard nproc 655350 * soft memlock unlimited * hard memlock unlimited EOF echo "配置ipvs模块" sleep 5 yum install ipvsadm ipset sysstat conntrack libseccomp -y &> /dev/null modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack cat >> /etc/modules-load.d/ipvs.config << EOF ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp ip_vs_sh nf_conntrack ip_tables ip_set xt_set ipt_set ipt_rpfilter ipt_REJECT ipip EOF sysctl --system &> /dev/null systemctl enable --now systemd-modules-load.service echo "配置k8s内核" sleep 5 cat >> /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 fs.may_detach_mounts = 1 net.ipv4.conf.all.route_localnet = 1 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 fs.file-max=52706963 fs.nr_open=52706963 net.netfilter.nf_conntrack_max=2310720 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 327680 net.ipv4.tcp_orphan_retries = 3 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.ip_conntrack_max = 65536 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_timestamps = 0 EOF echo "卸载容器基础软件" sleep 5 yum remove -y podman runc containerd echo "下载容器软件" sleep 5 yum install containerd.io docker-ce dockerce-cli -y &> /dev/null echo "配置模块" sleep 5 cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf overlay br_netfilter EOF modprobe -- overlay modprobe -- br_netfilter echo "配置内核" sleep 5 cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOF sysctl --system &> /dev/null echo "生成配置文件" sleep 5 mkdir -p /etc/containerd containerd config default | tee /etc/containerd/config.toml &> /dev/null sed -i '63c sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9"' /etc/containerd/config.toml sed -i '127c SystemdCgroup = true' /etc/containerd/config.toml systemctl daemon-reload systemctl enable --now containerd echo "配置客户端的运行位置" sleep 5 cat <<EOF | sudo tee /etc/crictl.yaml runtime-endpoint: unix:///run/containerd/containerd.sock image-endpoint: unix:///run/containerd/containerd.sock timeout: 10 debug: false EOF echo "安装k8s组件" sleep 5 yum install kubectl-1.28* -y &> /dev/null yum install kubelet-1.28* -y &> /dev/null systemctl daemon-reload systemctl enable --now kubelet yum install kubeadm-1.28* -y &> /dev/null systemctl daemon-reload echo "更新软件包" yum update -y &> /dev/null echo "1、配置无密码连接ssh-keygen ssh-copy-id" echo "2、配置定时同步时间crontab -e * 5 * * * /usr/sbin/ntpdate time2.aliyun.com" echo "3、进入/etc/containerd/config.toml中调整格式" echo "4、查看kubelet是否正常开启,如果没有正常开启,卸载重新安装kubelet与kubeadm" echo "5、重启虚拟机" echo "6、重启后记得运行echo 1 > /proc/sys/net/ipv4/ip_forward命令"
四、执行上个脚本最后所提示的任务
每台虚拟机都需执行
ssh-keygen ssh-copy-id k8s-node01 ssh-copy-id k8s-node02 ssh-copy-id k8s-master crontab -e # 写入* 5 * * * /usr/sbin/ntpdate time2.aliyun.com vim /etc/containerd/config.toml systemctl status kubelet reboot echo 1 > /proc/sys/net/ipv4/ip_forward
五、执行初始化并安装calico组件
只用master节点执行
注意:当看到复制token,并将初始化生成的token保存好,复制给node节点的信息时,复制该token分别粘贴到node节点中,执行该命令
#/bin/bash echo "git镜像仓库" sleep 3 cd /root/ ; git clone https://gitee.com/dukuan/k8s-ha-install.git echo "编辑yaml文件" sleep 5 cat >> kubeadm-config.yaml << EOF apiVersion: kubeadm.k8s.io/v1beta3 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: 7t2weq.bjbawausm0jaxury ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 10.0.0.11 bindPort: 6443 nodeRegistration: criSocket: unix:///var/run/containerd/containerd.sock name: k8s-master taints: - effect: NoSchedule key: node-role.kubernetes.io/control-plane --- apiServer: certSANs: - 10.0.0.11 timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta3 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controlPlaneEndpoint: 10.0.0.11:6443 controllerManager: {} etcd: local: dataDir: /var/lib/etcd imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers kind: ClusterConfiguration kubernetesVersion: v1.28.2 networking: dnsDomain: cluster.local podSubnet: 172.16.0.0/16 serviceSubnet: 10.96.0.0/16 scheduler: {} EOF echo "生成新的yaml文件" sleep 3 kubeadm config migrate --old-config kubeadm-config.yaml --new-config new.yaml echo "根据yaml文件下载镜像" kubeadm config images pull --config /root/new.yaml echo "停止kubelet服务" systemctl stop kubelet echo "配置ip_forward文件" echo 1 > /proc/sys/net/ipv4/ip_forward echo "开始初始化" sleep 3 kubeadm init --config /root/new.yaml --upload-certs echo "复制token,并将初始化生成的token保存好,复制给node节点" sleep 10 echo "编辑conf文件" cat >> /root/.bashrc << EOF export KUBECONFIG=/etc/kubernetes/admin.conf EOF echo "激活文件" source /root/.bashrc echo "开始安装配置calico组件" cd k8s-ha-install/ echo "切换分支" git checkout manual-installation-v1.28.x cd calico/ POD_SUBNET=`cat /etc/kubernetes/manifests/kube-controller-manager.yaml | grep cluster-cidr= | awk -F= '{print $NF}'` echo "修改IP地址" sed -i "s#POD_CIDR#${POD_SUBNET}#g" calico.yaml echo "根据指定的yaml文件生成pod" kubectl apply -f calico.yaml echo "更新所有软件包" sleep 3 yum update -y &> /dev/null echo "重启" sleep 3 reboot