k8s安装记录
如无特别说明,则该步操作指在所有的机器上执行!!! 如无特别说明,则该步操作指在所有的机器上执行!!! 如无特别说明,则该步操作指在所有的机器上执行!!!目录
- k8s安装记录
- 零、版本说明
- 一、主机规划
- 二、系统安装
- 2.1.系统配置
- 2.2.docker安装
- 2.3.cri-dockerd安装
- 2.4.k8s安装
- 2.5.Master节点配置
- 2.6.Node节点配置
- 2.7.常用命令
- 3.附件
零、版本说明
- Oracle VM VirtualBox
6.1
- CentOS-7-x86_64-Minimal-2009
CentOS Linux release 7.9.2009 (Core)
- Docker
Client: Docker Engine - Community
Version: 26.0.2
API version: 1.43 (downgraded from 1.45)
Go version: go1.21.9
Git commit: 3c863ff
Built: Thu Apr 18 16:30:00 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 24.0.0
API version: 1.43 (minimum version 1.12)
Go version: go1.20.4
Git commit: 1331b8c
Built: Mon May 15 18:50:39 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.31
GitCommit: e377cd56a71523140ca6ae87e30244719194a521
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
- K8S
Kubernetes v1.28.0
- 中间件版本
cri-dockerd-0.3.2-3
Calico
v3.26.1
一、主机规划
主机IP | 主机名 | 主机角色 |
---|---|---|
192.168.1.60 | master1 | k8s master |
192.168.1.61 | node1 | k8s worder |
192.168.1.62 | node2 | k8s worder |
二、系统安装
2.1.系统配置
- crontab -e 里面添加一行然后保存退出: 0 */1 * * * ntpdate ntp4.aliyun.com
yum install -y ntpdate
crontab -e
service firewalld stop
systemctl disable firewalld
sed -i "s/timeout=5/timeout=1/" /boot/grub2/grub.cfg
sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
swapoff -a
sed -i "s/\/dev\/mapper\/centos-swap/#\/dev\/mapper\/centos-swap/" /etc/fstab
cat >> /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
vm.swappiness=0
EOF
modprobe br_netfilter
systemctl --system
cat >> /etc/hosts << EOF
192.168.1.60 master1
192.168.1.61 node1
192.168.1.62 node2
EOF
ssh-copy-id node1
ssh-copy-id node2
init 6
2.2.docker安装
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y --setopt=obsoletes=0 docker-ce-24.0.0-1.el7
systemctl enable docker
cat >> /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://【这里换成自己的注册点】.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
service docker start
2.3.cri-dockerd安装
curl -OL https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.2/cri-dockerd-0.3.2-3.el7.x86_64.rpm
rpm -ivh cri-dockerd-0.3.2-3.el7.x86_64.rpm
修改 /usr/lib/systemd/system/cri-docker.service 文件的 ExecStart=/usr/bin/cri-dockerd 配置为如下:
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --container-runtime-endpoint fd:// --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9
执行命令启动服务
systemctl daemon-reload && systemctl enable cri-docker && systemctl start cri-docker
2.4.k8s安装
cat >> /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y --setopt=obsoletes=0 kubeadm-1.28.0 kubelet-1.1.28.0 kubectl-1.1.28.0
systemctl enable kubelet
systemctl restart containerd.service
2.5.Master节点配置
MASTER节点上执行kubeadm init \
--apiserver-advertise-address=192.168.1.60 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.28.0 \
--pod-network-cidr=172.16.0.0/16 \
--cri-socket=unix:///var/run/cri-dockerd.sock
mkdir -p $HOME/.kube
/bin/cp -f /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
- 安装calico
- tigera-operator.yaml和custom-resources.yaml就是calico的安装文件,github下载不了,我绑定到本文资源里了。
- 如果能访问,可以使用带网址的命令安装
kubectl create -f tigera-operator.yaml
或
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yaml
- 查看,确保tigera-operator命名空间安装成功
kubectl get ns
- 查看pod分配情况
kubectl get pods -n tigera-operator -o wide
- custom-resources.yaml里面的网段需要和kubeadm init时指定的–pod-network-cidr网段保持一致
- 下面命令里我把custom-resources.yaml里面的网段从192.168.0.0换成了172.16.0.0
sed -i "s/192.168/172.16/" custom-resources.yaml
- 安装
kubectl create -f custom-resources.yaml
或
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/custom-resources.yaml
2.6.Node节点配置
NODE节点上执行kubeadm join 192.168.1.60:6443 --token 【这里贴kubeadm init生成的】 \
--discovery-token-ca-cert-hash 【这里贴kubeadm init生成的】 \
--cri-socket=unix:///var/run/cri-dockerd.sock
2.7.常用命令
#常用命令
kubectl get node #看node
kubectl get pod -n kube-system #看pods
journalctl -f -u kubelet.service #看日志
kubeadm token create --print-join-command #令牌过期
kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock #重置k8s
rm -rf /var/lib/calico/ && sudo rm -rf /etc/cni/net.d/10-calico.conflist && sudo rm -rf /etc/cni/net.d/calico-kubeconfig #node需要在reset后删除
3.附件
在文章开头,如图位置: