主机名 | IP地址 |
---|---|
master01 | 192.168.56.104 |
work01 | 192.168.56.105 |
work02 | 192.168.56.106 |
hostnamectl set-hostname master01
hostnamectl set-hostname work01
hostnamectl set-hostname work02
#for kubernetes
192.168.56.104 master01
192.168.56.105 work01
192.168.56.106 work02
192.168.56.104 cluster-endpoint
# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# 将 SELinux 设置为 permissive 模式(相当于将其禁用)
setenforce 0 # 临时生效
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 关闭Swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
# 设置时区
timedatectl set-timezone Asia/Shanghai
# 开启ntp同步
timedatectl set-ntp yes
# 立即校准时间
chronyc tracking
# 检查NTP详情
timedatectl
# 查看时间同步源状态
chronyc sourcestats -v
确保 br_netfilter
模块被加载。这一操作可以通过运行 lsmod | grep br_netfilter
来完成。若要显式加载该模块,可执行 sudo modprobe br_netfilter
。
为了让你的 Linux 节点上的 iptables 能够正确地查看桥接流量,你需要确保在你的 sysctl 配置中将 net.bridge.bridge-nf-call-iptables
设置为 1
。例如:
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
yum install -y yum-utils
yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
如果存在老版本先卸载
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
yum install -y docker-ce docker-ce-cli containerd.io
systemctl enable docker --now
选择一个即可
# 创建或修改 /etc/docker/daemon.json 文件,修改为如下形式
{
"registry-mirrors" : [
"https://registry.docker-cn.com",
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com",
"https://cr.console.aliyun.com/"
]
}
systemctl restart dokcer
cp /etc/containerd/config.toml /etc/containerd/config.toml.ori
containerd config default > /etc/containerd/config.toml
#把sandbox_image = "k8s.gcr.io/pause:3.6" 该为"registry.aliyuncs.com/google_containers/pause:3.7"
sed -i 's#k8s.gcr.io/pause:3.6#registry.aliyuncs.com/google_containers/pause:3.7#g' /etc/containerd/config.toml
# 修改下面配置中的 SystemdCgroup = false 为true
#[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
# ...
# [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
# SystemdCgroup = true
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
# 配置 containerd的存储路径
# 修改 root = "/var/lib/containerd"为root = "/data/containerd"
#sed -i 's#root = "/var/lib/containerd"#root = "/data/containerd"#g' /etc/containerd/config.toml
cat /etc/containerd/config.toml #查看修改结果是否正确
systemctl daemon-reload
systemctl enable --now containerd
# 配置 systemd cgroup driver
crictl config runtime-endpoint unix:///run/containerd/containerd.sock
crictl config image-endpoint unix:///run/containerd/containerd.sock
systemctl restart containerd
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-1.24.4 kubeadm-1.24.4 kubectl-1.24.4 --disableexcludes=kubernetes
systemctl enable kubelet --now
kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.24.4
k8s.gcr.io/kube-controller-manager:v1.24.4
k8s.gcr.io/kube-scheduler:v1.24.4
k8s.gcr.io/kube-proxy:v1.24.4
k8s.gcr.io/pause:3.7
k8s.gcr.io/etcd:3.5.3-0
k8s.gcr.io/coredns/coredns:v1.8.6
sudo tee ./images.sh <<-'EOF'
#!/bin/bash
images=(
kube-apiserver:v1.24.4
kube-proxy:v1.24.4
kube-controller-manager:v1.24.4
kube-scheduler:v1.24.4
coredns:v1.8.6
etcd:3.5.3-0
pause:3.7
)
for imageName in ${images[@]} ; do
docker pull registry.aliyuncs.com/google_containers/$imageName
done
EOF
chmod +x ./images.sh && ./images.sh
--pod-network-cidr 192.168.0.0/16 使用Calico网络插件的时候需要这么配置,如果跟现有网络冲突,请自行修改。 --image-repository registry.aliyuncs.com/google_containers 受限于网络原因,指定image的仓库地址。
也可以提前将需要的image使用kubeadm config images pull,下载回来。
kubeadm init \
--apiserver-advertise-address=192.168.56.104 \
--control-plane-endpoint=cluster-endpoint \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.24.4 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=192.169.0.0/16
service-cidr 能与宿主机地址段冲突
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
kubeadm join cluster-endpoint:6443 --token 1tj6xd.ij7m9dhl9qiz00w9 \
--discovery-token-ca-cert-hash sha256:96ab862ac21dab9c248e865520f161b3425d989c5208d0dc882007b640df6cab \
--control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join cluster-endpoint:6443 --token 1tj6xd.ij7m9dhl9qiz00w9 \
--discovery-token-ca-cert-hash sha256:96ab862ac21dab9c248e865520f161b3425d989c5208d0dc882007b640df6cab
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
yum install bash-completion -y
echo 'source <(kubectl completion bash)' >>~/.bashrc
echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -F __start_kubectl k' >>~/.bashrc
# 生效
source ~/.bashrc
k get nodes
官方文档:https://projectcalico.docs.tigera.io/getting-started/kubernetes/quickstart下载calico cni插件
curl https://docs.projectcalico.org/manifests/calico.yaml -O
修改参数指定网卡
IP_AUTODETECTION_METHOD=interface=eth.*
spec:
containers:
- env:
- name: DATASTORE_TYPE
value: kubernetes
- name: IP_AUTODETECTION_METHOD # DaemonSet中添加该环境变量
value: interface=enp0s8 # 指定内网网卡
- name: WAIT_FOR_DATASTORE
value: "true"
- name: CALICO_IPV4POOL_CIDR
value: "192.169.0.0/16"
kubectl apply -f calico.yaml
watch kubectl get pods A
kubectl get pods -A
kubectl get nodes
curl -L https://github.com/projectcalico/calico/releases/download/v3.24.1/calicoctl-linux-amd64 -o kubectl-calico
chmod +x kubectl-calico
kubectl-calico -h
# 查看配置
kubectl-calico get profile -o wide
kubeadm join cluster-endpoint:6443 --token 1tj6xd.ij7m9dhl9qiz00w9 \
--discovery-token-ca-cert-hash sha256:96ab862ac21dab9c248e865520f161b3425d989c5208d0dc882007b640df6cab
kubeadm token create --print-join-command
# node状态ready
[root@master01 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 Ready control-plane 46h v1.24.4
work01 Ready <none> 4m28s v1.24.4
work02 Ready <none> 4m23s v1.24.4
# pod 全部running
[root@master01 ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-6799f5f4b4-gw6lx 1/1 Running 0 32m
kube-system calico-node-f5mlf 1/1 Running 0 4m34s
kube-system calico-node-l6dnr 1/1 Running 0 32m
kube-system calico-node-tdt2p 1/1 Running 0 4m29s
kube-system coredns-74586cf9b6-gtf8l 1/1 Running 0 46h
kube-system coredns-74586cf9b6-wzq9j 1/1 Running 0 46h
kube-system etcd-master01 1/1 Running 0 46h
kube-system kube-apiserver-master01 1/1 Running 0 46h
kube-system kube-controller-manager-master01 1/1 Running 0 46h
kube-system kube-proxy-bbktr 1/1 Running 0 4m34s
kube-system kube-proxy-krf88 1/1 Running 0 46h
kube-system kube-proxy-qwb7j 1/1 Running 0 4m29s
kube-system kube-scheduler-master01 1/1 Running 0 46h
kubectl create deployment nginx-demo --image=nginx
kubectl expose deployment nginx-demo --port 80 --target-port=80 --type=NodePort --name=nginx-demo-external
[root@master01 tools]# kubectl get deployment -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx-demo 1/1 1 1 89s nginx nginx app=nginx-demo
[root@master01 tools]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-demo-854c6768d4-4xnx9 1/1 Running 0 100s 192.168.75.65 work02 <none> <none>
[root@master01 tools]# curl -i 192.168.75.65
HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Mon, 05 Sep 2022 04:37:28 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 19 Jul 2022 14:05:27 GMT
Connection: keep-alive
ETag: "62d6ba27-267"
Accept-Ranges: bytes
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master01 tools]# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 46h <none>
nginx-demo-external NodePort 10.96.62.175 <none> 80:31298/TCP 2m3s app=nginx-demo
[root@master01 tools]# curl -i 10.96.62.175
HTTP/1.1 200 OK
Server: nginx/1.23.1
Date: Mon, 05 Sep 2022 04:38:20 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 19 Jul 2022 14:05:27 GMT
Connection: keep-alive
ETag: "62d6ba27-267"
Accept-Ranges: bytes
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
# 下载dashboard部署文件
wget -O kubernets-dashboard.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml
# 修改暴露端口类型
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001
kubectl apply -f kubernetes-dashboard
[root@master01 tools]# kubectl get deployments -n kubernetes-dashboard
NAME READY UP-TO-DATE AVAILABLE AGE
dashboard-metrics-scraper 1/1 1 1 2m40s
kubernetes-dashboard 1/1 1 1 2m40s
[root@master01 tools]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-8c47d4b5d-4qwwc 1/1 Running 0 2m48s
kubernetes-dashboard-6c75475678-4qqkt 1/1 Running 0 2m48s
[root@master01 tools]# kubectl get pod,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-8c47d4b5d-4qwwc 1/1 Running 0 2m56s
pod/kubernetes-dashboard-6c75475678-4qqkt 1/1 Running 0 2m56s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.96.73.33 <none> 8000/TCP 2m56s
service/kubernetes-dashboard NodePort 10.96.233.162 <none> 443:30001/TCP 2m56s
# 创建管理员账号
kubectl create serviceaccount k8sadmin -n kube-system
# 授予管理员权限
sudo kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin
[root@master01 tools]# kubectl -n kube-system create token k8sadmin
eyJhbGciOiJSUzI1NiIsImtpZCI6ImxWTnBuUl9WTnRJa083Ny1IQjNSbVRzdDlZem9peTBiVlBZWU1CV0NjZnMifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNjYyMzY1NjE4LCJpYXQiOjE2NjIzNjIwMTgsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJrOHNhZG1pbiIsInVpZCI6IjcxMzI1NzBiLWU2MDMtNDdhZC1hZTFkLTQxNTBmYWM3YmQ4NyJ9fSwibmJmIjoxNjYyMzYyMDE4LCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06azhzYWRtaW4ifQ.hDZLqjCE1pxmuFv-6_dfUGf1FRwItd03XpU8plxkDvcXnxx4N5dCqewtG3VEuAtsG-u7EH-GX9NXv6bpa5lzRXvMtQHdIcCSq6at1zGRVLloQvsNAvLXWYN0H7hmn2-jPGvzE7-ES2ITkWjZ9c5Q2lliuJTshaEyG1cTU1nqQWnp-LLSrwfcsQjdviJ7qXqhH3mPtVOAldLdgUE1Fj3vNilkTUmfnClQXNEzXNLAMiDqTNWeEseXTtcX_88qE2hHACpQLX9IjeUJYIcv5hziuQXKSMuBLiuJJu_rd4_woFHjm6hVYqvvxOPjd8jcw2QNkaTakzZHTEsTRuHFK5YGAw
# 访问宿主机
https://192.168.56.104:30001/
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。