Install kubernetes v1.24.4 on centos 7.9

原创

不会Coding的一休哥

发布于 2022-09-06 11:05:07

5370

发布于 2022-09-06 11:05:07

文章被收录于专栏：云原生&DevOps

Install kubernets v1.24.4 on centos

安装配置先决条件

环境

主机名	IP地址
master01	192.168.56.104
work01	192.168.56.105
work02	192.168.56.106

设置主机名

hostnamectl set-hostname master01
hostnamectl set-hostname work01
hostnamectl set-hostname work02

增加hosts

#for kubernetes
192.168.56.104 master01
192.168.56.105 work01
192.168.56.106 work02
192.168.56.104 cluster-endpoint

关闭防火墙、selinux、SWAP

# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# 将 SELinux 设置为 permissive 模式（相当于将其禁用）
setenforce 0 # 临时生效
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 关闭Swap
swapoff -a  
sed -ri 's/.*swap.*/#&/' /etc/fstab

开启时钟同步

# 设置时区
timedatectl set-timezone Asia/Shanghai
# 开启ntp同步
timedatectl set-ntp yes
# 立即校准时间
chronyc tracking
# 检查NTP详情
timedatectl
# 查看时间同步源状态
chronyc sourcestats -v

允许 iptables 检查桥接流量

确保 br_netfilter 模块被加载。这一操作可以通过运行 lsmod | grep br_netfilter 来完成。若要显式加载该模块，可执行 sudo modprobe br_netfilter。

为了让你的 Linux 节点上的 iptables 能够正确地查看桥接流量，你需要确保在你的 sysctl 配置中将 net.bridge.bridge-nf-call-iptables 设置为 1。例如：

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
EOF
sudo sysctl --system

安装基础环境

安装docker

配置docker 所需yum源

yum install -y yum-utils
yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

如果存在老版本先卸载

yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine

yum install -y docker-ce docker-ce-cli containerd.io

启动docker

systemctl enable docker --now

配置加速器

选择一个即可

# 创建或修改 /etc/docker/daemon.json 文件，修改为如下形式
{
  "registry-mirrors" : [
    "https://registry.docker-cn.com",
    "https://docker.mirrors.ustc.edu.cn",
    "http://hub-mirror.c.163.com",
    "https://cr.console.aliyun.com/"
  ]
}

重启生效

systemctl restart dokcer

配置containerd

备份默认配置文件，并生成一份更全的默认配置文件

cp /etc/containerd/config.toml /etc/containerd/config.toml.ori
containerd  config default > /etc/containerd/config.toml

替换默认sandbox_image

#把sandbox_image = "k8s.gcr.io/pause:3.6" 该为"registry.aliyuncs.com/google_containers/pause:3.7"
sed -i 's#k8s.gcr.io/pause:3.6#registry.aliyuncs.com/google_containers/pause:3.7#g' /etc/containerd/config.toml

配置 systemd cgroup driver

# 修改下面配置中的 SystemdCgroup = false 为true
#[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
#  ...
#  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
#    SystemdCgroup = true
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml 
    
# 配置 containerd的存储路径
# 修改 root = "/var/lib/containerd"为root = "/data/containerd"
#sed -i 's#root = "/var/lib/containerd"#root = "/data/containerd"#g' /etc/containerd/config.toml

检查配置

cat /etc/containerd/config.toml #查看修改结果是否正确

启动 containerd 并设置开机自启

systemctl daemon-reload
systemctl enable --now containerd
# 配置 systemd cgroup driver

配置crictl

crictl config runtime-endpoint unix:///run/containerd/containerd.sock
crictl config image-endpoint unix:///run/containerd/containerd.sock
systemctl restart containerd

安装kubernetes

配置yum源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安装kubeadm 1.24.4 版本及相关工具包

yum install -y kubelet-1.24.4 kubeadm-1.24.4 kubectl-1.24.4 --disableexcludes=kubernetes

启动kubelet并加入开机启动

systemctl enable kubelet --now

下载k8s相关镜像

查看镜像版本

kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.24.4
k8s.gcr.io/kube-controller-manager:v1.24.4
k8s.gcr.io/kube-scheduler:v1.24.4
k8s.gcr.io/kube-proxy:v1.24.4
k8s.gcr.io/pause:3.7
k8s.gcr.io/etcd:3.5.3-0
k8s.gcr.io/coredns/coredns:v1.8.6

下载镜像

sudo tee ./images.sh <<-'EOF'
#!/bin/bash
images=(
kube-apiserver:v1.24.4
kube-proxy:v1.24.4
kube-controller-manager:v1.24.4
kube-scheduler:v1.24.4
coredns:v1.8.6
etcd:3.5.3-0
pause:3.7
)
for imageName in ${images[@]} ; do
docker pull registry.aliyuncs.com/google_containers/$imageName
done
EOF
chmod +x ./images.sh && ./images.sh

kubernetes 集群创建

通过kubeadm初始化集群

--pod-network-cidr 192.168.0.0/16 使用Calico网络插件的时候需要这么配置，如果跟现有网络冲突，请自行修改。 --image-repository registry.aliyuncs.com/google_containers 受限于网络原因，指定image的仓库地址。

也可以提前将需要的image使用kubeadm config images pull，下载回来。

kubeadm init \
--apiserver-advertise-address=192.168.56.104 \
--control-plane-endpoint=cluster-endpoint \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.24.4 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=192.169.0.0/16

service-cidr 能与宿主机地址段冲突

集群初始化成功

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:

  kubeadm join cluster-endpoint:6443 --token 1tj6xd.ij7m9dhl9qiz00w9 \
        --discovery-token-ca-cert-hash sha256:96ab862ac21dab9c248e865520f161b3425d989c5208d0dc882007b640df6cab \
        --control-plane 

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join cluster-endpoint:6443 --token 1tj6xd.ij7m9dhl9qiz00w9 \
        --discovery-token-ca-cert-hash sha256:96ab862ac21dab9c248e865520f161b3425d989c5208d0dc882007b640df6cab

查看集群状态

kubectl 管理环境配置

配置管理config

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

kubectl 命令自动补全设置

yum install bash-completion -y
echo 'source <(kubectl completion bash)' >>~/.bashrc
echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -F __start_kubectl k' >>~/.bashrc
# 生效
source ~/.bashrc 
k get nodes

网络插件calico部署

官方文档：https://projectcalico.docs.tigera.io/getting-started/kubernetes/quickstart下载calico cni插件

curl https://docs.projectcalico.org/manifests/calico.yaml -O

多网卡部署

修改参数指定网卡 IP_AUTODETECTION_METHOD=interface=eth.*

spec:
  containers:
  - env:
    - name: DATASTORE_TYPE
      value: kubernetes
    - name: IP_AUTODETECTION_METHOD  # DaemonSet中添加该环境变量
      value: interface=enp0s8    # 指定内网网卡
    - name: WAIT_FOR_DATASTORE
      value: "true"

CIDR与初始化保持一致

            - name: CALICO_IPV4POOL_CIDR
              value: "192.169.0.0/16"

安装calico cni

kubectl apply -f calico.yaml

查看pod创建过程

watch kubectl get pods A

查看创建成功有的pods

kubectl get pods -A

查看node状态,由noready改变为ready

  kubectl get nodes

部署calicoctl

curl -L https://github.com/projectcalico/calico/releases/download/v3.24.1/calicoctl-linux-amd64 -o kubectl-calico
chmod +x kubectl-calico
kubectl-calico -h
# 查看配置
kubectl-calico get profile -o wide

添加work节点

kubeadm join cluster-endpoint:6443 --token 1tj6xd.ij7m9dhl9qiz00w9 \
        --discovery-token-ca-cert-hash sha256:96ab862ac21dab9c248e865520f161b3425d989c5208d0dc882007b640df6cab

重新生成token

kubeadm token create --print-join-command

检查节点状态(加入初始化等待一小会)

# node状态ready
[root@master01 ~]# kubectl get nodes 
NAME       STATUS   ROLES           AGE     VERSION
master01   Ready    control-plane   46h     v1.24.4
work01     Ready    <none>          4m28s   v1.24.4
work02     Ready    <none>          4m23s   v1.24.4
# pod 全部running
[root@master01 ~]# kubectl get pods -A 
NAMESPACE     NAME                                       READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-6799f5f4b4-gw6lx   1/1     Running   0          32m
kube-system   calico-node-f5mlf                          1/1     Running   0          4m34s
kube-system   calico-node-l6dnr                          1/1     Running   0          32m
kube-system   calico-node-tdt2p                          1/1     Running   0          4m29s
kube-system   coredns-74586cf9b6-gtf8l                   1/1     Running   0          46h
kube-system   coredns-74586cf9b6-wzq9j                   1/1     Running   0          46h
kube-system   etcd-master01                              1/1     Running   0          46h
kube-system   kube-apiserver-master01                    1/1     Running   0          46h
kube-system   kube-controller-manager-master01           1/1     Running   0          46h
kube-system   kube-proxy-bbktr                           1/1     Running   0          4m34s
kube-system   kube-proxy-krf88                           1/1     Running   0          46h
kube-system   kube-proxy-qwb7j                           1/1     Running   0          4m29s
kube-system   kube-scheduler-master01                    1/1     Running   0          46h

测试验证

创建deployment

kubectl create deployment nginx-demo --image=nginx

创建NodePort类型的服务

kubectl expose deployment nginx-demo --port 80 --target-port=80  --type=NodePort --name=nginx-demo-external

检查创建状态

[root@master01 tools]# kubectl get deployment -o wide
NAME         READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES   SELECTOR
nginx-demo   1/1     1            1           89s   nginx        nginx    app=nginx-demo

验证集群内部访问

[root@master01 tools]# kubectl get pods -o wide
NAME                          READY   STATUS    RESTARTS   AGE    IP              NODE     NOMINATED NODE   READINESS GATES
nginx-demo-854c6768d4-4xnx9   1/1     Running   0          100s   192.168.75.65   work02   <none>           <none>
[root@master01 tools]# curl -i 192.168.75.65
HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Mon, 05 Sep 2022 04:37:28 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 19 Jul 2022 14:05:27 GMT
Connection: keep-alive
ETag: "62d6ba27-267"
Accept-Ranges: bytes

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

验证集群外部访问

[root@master01 tools]# kubectl get svc -o wide
NAME                  TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE    SELECTOR
kubernetes            ClusterIP   10.96.0.1      <none>        443/TCP        46h    <none>
nginx-demo-external   NodePort    10.96.62.175   <none>        80:31298/TCP   2m3s   app=nginx-demo
[root@master01 tools]# curl -i 10.96.62.175
HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Mon, 05 Sep 2022 04:38:20 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 19 Jul 2022 14:05:27 GMT
Connection: keep-alive
ETag: "62d6ba27-267"
Accept-Ranges: bytes

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

部署Kubernetes-Dashboard

# 下载dashboard部署文件
wget -O kubernets-dashboard.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml

# 修改暴露端口类型
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001

kubectl apply -f kubernetes-dashboard

检查kubernetes-dashboard运行状态

[root@master01 tools]# kubectl get deployments -n kubernetes-dashboard
NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
dashboard-metrics-scraper   1/1     1            1           2m40s
kubernetes-dashboard        1/1     1            1           2m40s
[root@master01 tools]# kubectl get pods -n kubernetes-dashboard 
NAME                                        READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-8c47d4b5d-4qwwc   1/1     Running   0          2m48s
kubernetes-dashboard-6c75475678-4qqkt       1/1     Running   0          2m48s
[root@master01 tools]# kubectl get pod,svc -n kubernetes-dashboard 
NAME                                            READY   STATUS    RESTARTS   AGE
pod/dashboard-metrics-scraper-8c47d4b5d-4qwwc   1/1     Running   0          2m56s
pod/kubernetes-dashboard-6c75475678-4qqkt       1/1     Running   0          2m56s

NAME                                TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
service/dashboard-metrics-scraper   ClusterIP   10.96.73.33     <none>        8000/TCP        2m56s
service/kubernetes-dashboard        NodePort    10.96.233.162   <none>        443:30001/TCP   2m56s

创建Service Account 及ClusterRoleBinding

# 创建管理员账号
kubectl create serviceaccount k8sadmin -n kube-system
# 授予管理员权限
sudo kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin

获取kubernetes-dashboard 需要的token

[root@master01 tools]# kubectl -n kube-system create token k8sadmin
eyJhbGciOiJSUzI1NiIsImtpZCI6ImxWTnBuUl9WTnRJa083Ny1IQjNSbVRzdDlZem9peTBiVlBZWU1CV0NjZnMifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjYyMzY1NjE4LCJpYXQiOjE2NjIzNjIwMTgsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJrOHNhZG1pbiIsInVpZCI6IjcxMzI1NzBiLWU2MDMtNDdhZC1hZTFkLTQxNTBmYWM3YmQ4NyJ9fSwibmJmIjoxNjYyMzYyMDE4LCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06azhzYWRtaW4ifQ.hDZLqjCE1pxmuFv-6_dfUGf1FRwItd03XpU8plxkDvcXnxx4N5dCqewtG3VEuAtsG-u7EH-GX9NXv6bpa5lzRXvMtQHdIcCSq6at1zGRVLloQvsNAvLXWYN0H7hmn2-jPGvzE7-ES2ITkWjZ9c5Q2lliuJTshaEyG1cTU1nqQWnp-LLSrwfcsQjdviJ7qXqhH3mPtVOAldLdgUE1Fj3vNilkTUmfnClQXNEzXNLAMiDqTNWeEseXTtcX_88qE2hHACpQLX9IjeUJYIcv5hziuQXKSMuBLiuJJu_rd4_woFHjm6hVYqvvxOPjd8jcw2QNkaTakzZHTEsTRuHFK5YGAw

登录验证

# 访问宿主机
https://192.168.56.104:30001/

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

kubernetes

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

kubernetes

登录后参与评论

0 条评论

热度

Install kubernetes v1.24.4 on centos 7.9

Install kubernetes v1.24.4 on centos 7.9

Install kubernets v1.24.4 on centos

安装配置先决条件

环境

设置主机名

增加hosts

关闭防火墙、selinux、SWAP

开启时钟同步

允许 iptables 检查桥接流量

安装基础环境

安装docker

配置docker 所需yum源

启动docker

配置加速器

重启生效

配置containerd

备份默认配置文件，并生成一份更全的默认配置文件

替换默认sandbox_image

配置 systemd cgroup driver

检查配置

启动 containerd 并设置开机自启

配置crictl

安装kubernetes

配置yum源

安装kubeadm 1.24.4 版本及相关工具包

启动kubelet并加入开机启动

下载k8s相关镜像

查看镜像版本

下载镜像

kubernetes 集群创建

通过kubeadm初始化集群

集群初始化成功

查看集群状态

kubectl 管理环境配置

配置管理config

kubectl 命令自动补全设置

网络插件calico部署

多网卡部署

CIDR与初始化保持一致

安装calico cni

查看pod创建过程

查看创建成功有的pods

查看node状态,由noready改变为ready

部署calicoctl

添加work节点

重新生成token

检查节点状态(加入初始化等待一小会)

测试验证

创建deployment

创建NodePort类型的服务

检查创建状态

验证集群内部访问

验证集群外部访问

部署Kubernetes-Dashboard

检查kubernetes-dashboard运行状态

创建Service Account 及ClusterRoleBinding

获取kubernetes-dashboard 需要的token

登录验证

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐