K8S安装部署

K8S
发布日期:   2024-11-19
文章字数:   120
阅读时长:   1 分
阅读次数:  

前置环境

操作系统 IP 主机名
Rocky Linux release 9.4 (Blue Onyx) 192.168.2.100 master
Rocky Linux release 9.4 (Blue Onyx) 192.168.2.101 node01
Rocky Linux release 9.4 (Blue Onyx) 192.168.2.102 node02

切换源

使用脚本一键切换源

bash <(curl -sSL https://linuxmirrors.cn/main.sh) \
  --source mirrors.aliyun.com \
  --branch rockylinux

image-20241119150631904

dnf makecache

防火墙修改 firewalld 为 iptables

systemctl stop firewalld
systemctl disable firewalld

yum -y install iptables-services
systemctl start iptables
iptables -F
systemctl enable iptables
service iptables save

禁用 Selinux

setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
grubby --update-kernel ALL --args selinux=0
# 查看是否禁用,grubby --info DEFAULT
# 回滚内核层禁用操作,grubby --update-kernel ALL --remove-args selinux
# 设置时区
timedatectl set-timezone Asia/Shanghai

关闭 swap 分区

swapoff -a
sed -i 's:/dev/mapper/rl-swap:#/dev/mapper/rl-swap:g' /etc/fstab

安装 ipvs

yum install -y ipvsadm

开启路由转发

echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p

加载 bridge

yum install -y epel-release
yum install -y bridge-utils

modprobe br_netfilter
echo 'br_netfilter' >> /etc/modules-load.d/bridge.conf
echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf
sysctl -p

安装docker

一键安装docker

bash <(curl -sSL https://linuxmirrors.cn/docker.sh)

安装cri-docker

wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.9/cri-dockerd-0.3.9.amd64.tgz
tar -xf cri-dockerd-0.3.9.amd64.tgz
cp cri-dockerd/cri-dockerd /usr/bin/
chmod +x /usr/bin/cri-dockerd

配置 cri-docker 服务

cat << EOF > /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF

添加 cri-docker 套接字

cat << EOF | sudo tee /usr/lib/systemd/system/cri-docker.socket > /dev/null
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF

启动 cri-docker 服务

systemctl daemon-reload
systemctl enable cri-docker
systemctl start cri-docker
systemctl is-active cri-docker

添加 kubeadm yum 源

cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=kubernetes
baseurl=http://mirrors4.tuna.tsinghua.edu.cn/kubernetes/yum/repos/kubernetes-el7-$basearch
name=Kubernetes
baseurl=http://mirrors4.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.29/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/repodata/repomd.xml.key

[cri-o]
name=CRI-O
baseurl=http://mirrors4.tuna.tsinghua.edu.cn/kubernetes/addons:/cri-o:/stable:/v1.29/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/addons:/cri-o:/prerelease:/main/rpm/repodata/repomd.xml.key
EOF

安装 kubeadm 1.29 版本

yum install -y kubelet-1.29.2 kubectl-1.29.2 kubeadm-1.29.2

初始化节点

kubeadm init --apiserver-advertise-address=192.168.2.100  --image-repository=registry.aliyuncs.com/google_containers  --kubernetes-version 1.29.2 --service-cidr=10.10.0.0/12 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all --cri-socket unix:///run/cri-dockerd.sock -v=5

image-20241120115349923

复制配置

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装calico网络插件

curl https://raw.githubusercontent.com/projectcalico/calico/v3.26.3/manifests/calico-typha.yaml -o calico.yaml

其中要修改相关的配置

       # 指定为 pod 地址
       - name: CALICO_IPV4POOL_CIDR
         value: "10.244.0.0/16"
       # 修改为 BGP 模式  
       - name: CALICO_IPV4POOL_IPIP
         value: "Off"

kubectl apply -f calico.yaml

image-20241120140320862

master 已经就绪

加入新的节点

kubeadm join 192.168.2.100:6443 --token 3dkh6x.mt7kdhs2dd703oeo \
    --discovery-token-ca-cert-hash sha256:7cba82e92dcf1a545b757403a03f5dcf41fe167881c00388af5da3f459ed6b20 \
    --cri-socket unix:///run/cri-dockerd.sock

注意新的节点也需要安装calico网络插件

image-20241120145626338

文章作者: 清风笑丶
文章链接: http://www.hphblog.cn/2024/11/19/k8s-an-zhuang-bu-shu/
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 清风笑丶 !
K8S
 上一篇
K8S网络 K8S网络
网络模型Kubernetes 的网络模型假定了所有 Pod 都在一个可以直接连通的扁平的网络空间中,这在GCE(Google Compute Engine)里面是现成的网络模型,Kubernetes 假定这个网络已经存在。而在私有云里搭建
2024-11-20 清风笑丶
K8S
下一篇 
K8S基本概念 K8S基本概念
pod简介Pod 是可以在 Kubernetes 中创建和管理的、最小的可部署的计算单元,它是一个或多个紧密关联的容器的组合,这些容器共享同一个网络命名空间和存储卷。Pod提供了一个抽象层,它封装了容器在节点上的运行环境,例如存储、网络和运
2024-11-14 Pod
K8S
  目录