1、安装环境初始化
- 1.1、
centos8-minimal
安装更新并安装vim
命令
cd /etc/yum.repos.d/
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
yum makecache
yum update -y
yum -y install vim
更新完成后,检查centos版本
[root@localhost yum.repos.d]# cat /etc/redhat-release
CentOS Linux release 8.5.2111
[root@localhost yum.repos.d]# rpm -q kernel
kernel-4.18.0-348.7.1.el8_5.x86_64
- 1.2、关闭
SELINUX
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
- 1.3、关闭
swap
swapoff -a
sed -i 's/^[^#].*swap/#&/' /etc/fstab
systemctl daemon-reload
- 1.4、关闭
ipv6
echo net.ipv6.conf.all.disable_ipv6=1 >> /etc/sysctl.conf
echo NETWORKING_IPV6=no >> /etc/sysconfig/network
sed -i 's/IPV6INIT=yes/IPV6INIT=no/g' /etc/sysconfig/network-scripts/ifcfg-enp0s3
sysctl -p
ip a
可查看ipv6
是否关闭
- 1.5、关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld
- 1.6、配置将桥接流量传递到
iptables
并执行生效
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
2、安装containerd
及相关工具
- 2.1、安装
containerd
在https://github.com/containerd/containerd/releases
查看最新版本的containerd
,目前最新版本为containerd 1.6.8
,下载地址为https://github.com/containerd/containerd/releases/download/v1.6.8/containerd-1.6.8-linux-amd64.tar.gz
解压安装如下
tar Cxzvf /usr/local containerd-1.6.8-linux-amd64.tar.gz
mkdir -p /usr/local/lib/systemd/system/
mv containerd.service /usr/local/lib/systemd/system/
systemctl daemon-reload
systemctl enable --now containerd
在https://github.com/opencontainers/runc/releases
中下载 runc.amd64
,同时执行以下安装命令
install -m 755 runc.amd64 /usr/local/sbin/runc
- 2.2、安装
cni
插件及nerdctl
工具
在https://github.com/containernetworking/plugins/releases
下载cni
插件并安装
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz
在https://github.com/containerd/nerdctl/releases
下载nerdctl
工具并解压安装
tar Cxzvvf /usr/local/bin nerdctl-0.23.0-linux-amd64.tar.gz
以上安装containerd
总共4个文件,如下
cni-plugins-linux-amd64-v1.1.1.tgz
containerd-1.6.8-linux-amd64.tar.gz
nerdctl-0.23.0-linux-amd64.tar.gz
runc.amd64
安装完成后,即可使用nerdctl images
查看镜像,与docker images
类似,需要注意的是containerd
有命名空间的区分
查看命名空间
nerdctl ns ls
查看指定命名空间的镜像
nerdctl -n k8s.io images
- 2.3、修改
contaierd
的默认配置,先将默认配置导出再进行修改
创建
containerd
默认配置目录,并将现有的默认配置导出
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
然后修改config.toml
,将里面的配置项SystemdCgroup = false
改为SystemdCgroup = true
,同时修改默认的sandbox
镜像(因无法从k8s.gcr.io
下载镜像),修改内容如下
sandbox_image = "k8s.gcr.io/pause:3.6"
=>
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"
修改完成后重新加载并重启
systemctl daemon-reload
systemctl enable containerd --now
systemctl restart containerd
至此,containerd
安装完成。
3、安装kubernetes
在http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/Packages/
下载kubernetes
安装文件,当然也可以去官网下载,下载的安装文件如下
14083ac8b11792469524dae98ebb6905b3921923937d6d733b8abb58113082b7-kubernetes-cni-1.1.1-0.x86_64.rpm
40c1f30871f010cdc338ee1dfe78f25cb389e17cce6067fb2b9c3e0c55895c6e-kubeadm-1.25.4-0.x86_64.rpm
7ed577f67bc98553ff7816f592d66b00a3a572559a665834ea97de8dd6e99c0a-kubectl-1.25.4-0.x86_64.rpm
a34253f2adef09943b26afd6cff6eb22983aa334d54d875f74e5a7a6bab1c7f1-kubelet-1.25.4-0.x86_64.rpm
e382ead81273ab8ebcddf14cc15bf977e44e1fd541a2cfda6ebe5741c255e59f-cri-tools-1.25.0-0.x86_64.rpm
iproute-tc-5.12.0-4.el8.x86_64.rpm
下载完成后,执行本地安装yum localinstall -y *.rpm
,安装成功后查看版本
[root@localhost ~]# kubectl version --output=yaml
clientVersion:
buildDate: "2022-11-09T13:36:36Z"
compiler: gc
gitCommit: 872a965c6c6526caa949f0c6ac028ef7aff3fb78
gitTreeState: clean
gitVersion: v1.25.4
goVersion: go1.19.3
major: "1"
minor: "25"
platform: linux/amd64
kustomizeVersion: v4.5.7
此时已完成基本的安装,master
和worker
均需完成以上步骤,本人是使用VirtualBox
虚拟出master
及worker
两台机器,因此在此复制一台worker
机器,修改hostname
并配置/etc/hosts
4、master
上安装集群
- 4.1、准备好基础镜像
将hostname
改为kubernetes-master
并配置host
,hostnamectl set-hostname kubernetes-master
master
机器上准备好以下镜像
registry.aliyuncs.com/google_containers/coredns v1.9.3
registry.aliyuncs.com/google_containers/etcd 3.5.5-0
registry.aliyuncs.com/google_containers/kube-apiserver v1.25.0
registry.aliyuncs.com/google_containers/kube-controller-manager v1.25.0
registry.aliyuncs.com/google_containers/kube-proxy v1.25.0
registry.aliyuncs.com/google_containers/kube-scheduler v1.25.0
registry.aliyuncs.com/google_containers/pause 3.6
registry.aliyuncs.com/google_containers/pause 3.8
可以预先准备好镜像将其导入节约下载时间
nerdctl load -i coredns--v1.9.3.tar.gz
nerdctl load -i etcd--3.5.5-0.tar.gz
nerdctl load -i kube-apiserver--v1.25.0.tar.gz
nerdctl load -i kube-controller-manager--v1.25.0.tar.gz
nerdctl load -i kube-proxy--v1.25.0.tar.gz
nerdctl load -i kube-scheduler--v1.25.0.tar.gz
nerdctl load -i pause--3.8.tar.gz
nerdctl load -i pause--3.6.tar.gz
- 4.2、修改
kubeadm
默认配置文件
导出kubeadm
默认配置并修改
kubeadm config print init-defaults --component-configs KubeletConfiguration > kubeadm.yaml
kubeadm.yaml
修改内容如下,没有重复项,均只有一项需要修改
advertiseAddress: 1.2.3.4
=>
advertiseAddress: 192.168.30.88
criSocket: unix:///var/run/containerd/containerd.sock
=>
criSocket: /run/containerd/containerd.sock
name: Node
=>
name: kubernetes-master
imageRepository: registry.k8s.io
=>
imageRepository: registry.aliyuncs.com/google_containers
- 4.3、初始化集群
修改完成后,开始初始化集群kubeadm init --config kubeadm.yaml
,事先准备好镜像后,大概10几秒钟即可完成初始化,看到以下结果
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.30.88:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:ccc7f320b1b64af6a2b51ecf422dc575f0be771aecfb2de8d72c5089c6feb13a
[root@kubernetes-master ~]#
按照提示执行以下命令即可
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
此时获取节点信息如下,kubectl describe node kubernetes-master
可以看到是cni plugin not initialized
,即插件没有安装
[root@kubernetes-master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
kubernetes-master NotReady control-plane 100s v1.25.4
- 4.4、部署安装
calico
在https://docs.projectcalico.org/manifests/calico.yaml
下载好部署文件,或者直接安装kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
,但是在安装之前同样先将准备好的镜像导入节省时间
nerdctl load -i cni--v3.24.5.tar.gz
nerdctl load -i kube-controllers--v3.24.5.tar.gz
nerdctl load -i node--v3.24.5.tar.gz
镜像如下
calico/cni v3.24.5
calico/kube-controllers v3.24.5
calico/node v3.24.5
安装完成后即可看到以下结果
[root@kubernetes-master calico]# kubectl get node
NAME STATUS ROLES AGE VERSION
kubernetes-master Ready control-plane 21m v1.25.4
[root@kubernetes-master calico]# kubectl get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-798cc86c47-2xq82 1/1 Running 0 8m56s
kube-system calico-node-ztzqr 1/1 Running 0 8m56s
kube-system coredns-c676cc86f-frpkj 1/1 Running 0 20m
kube-system coredns-c676cc86f-jxqbc 1/1 Running 0 20m
kube-system etcd-kubernetes-master 1/1 Running 0 20m
kube-system kube-apiserver-kubernetes-master 1/1 Running 0 20m
kube-system kube-controller-manager-kubernetes-master 1/1 Running 0 20m
kube-system kube-proxy-qrlwt 1/1 Running 0 20m
kube-system kube-scheduler-kubernetes-master 1/1 Running 0 20m
5、worker
上加入集群
将hostname
改为kubernetes-worker
并配置host
,使用执行加入集群语句
kubeadm join 192.168.30.88:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:ccc7f320b1b64af6a2b51ecf422dc575f0be771aecfb2de8d72c5089c6feb13a
加入后获得结果,在等待calico-node及kube-proxy部署成功后即可。
回到master
节点上,查看集群状态
其中需要特别注意的是containerd
镜像的命名空间