01- 集群系统初始化
关闭防火墙
# systemctl disable --now firewalld禁用selinux
# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
# grep ^SELINUX= /etc/selinux/config配置hosts解析
# cat >> /etc/hosts <<'EOF'
10.0.0.201 master
10.0.0.204 node01
10.0.0.205 node02
10.0.0.206 node03
EOF禁用swap
# swapoff -a && sysctl -w vm.swappiness=0
# sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab允许iptable检查桥接流量
# cat <<EOF | tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
# modprobe br_netfilter
# cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF
# sysctl -p /etc/sysctl.d/k8s.conf安装IPVS
# yum install -y ipset ipvsadm
# cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4配置集群时间同步
# yum install chrony -y
# systemctl enable chronyd --now
# chronyc sources02- 所有节点部署docker
配置docker源
# curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
或
# yum install -y yum-utils
# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo卸载旧版本docker
# yum remove docker* 安装指定的docker版本
# yum -y install docker-ce-20.10.24 docker-ce-cli-20.10.24安装docker命令拓展
# yum -y install bash-completion
# source /usr/share/bash-completion/bash_completion配置docker优化
# mkdir -p /etc/docker && tee /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn",
"https://hub-mirror.c.163.com",
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://mirror.baidubce.com",
"https://docker.nju.edu.cn",
"https://docker.mirrors.sjtug.sjtu.edu.cn/"
],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF启动docker
# systemctl daemon-reload && systemctl enable docker --now03- 所有节点安装kubeadm,kubelet,kubectl
配置软件源
# cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
EOF查看kubeadm的版本
# yum -y list kubeadm --showduplicates | sort -r安装kubeadm,kubelet,kubectl软件包
# yum -y install kubeadm-1.23.17-0 kubelet-1.23.17-0 kubectl-1.23.17-0启动kubelet服务
# systemctl enable --now kubelet && systemctl status kubelet添加kubectl的自动补全功能
# echo "source <(kubectl completion bash)" >> ~/.bashrc && source ~/.bashrc04- 初始化control plan节点
查看指定版本的k8s需要哪些镜像
# kubeadm config images list --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.17手动拉取镜像
# kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.17使用kubeadm初始化master节点
# kubeadm init --kubernetes-version=v1.23.17 --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=192.168.0.0/16 --service-cidr=10.96.0.0/16 --service-dns-domain=123.com拷贝授权文件,用于管理K8S集群
# mkdir -p $HOME/.kube
# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# sudo chown $(id -u):$(id -g) $HOME/.kube/config
# export KUBECONFIG=/etc/kubernetes/admin.conf查看集群节点
# kubectl get componentstatuses
# kubectl get cs05- 配置所有worker节点加入k8s集群
所有节点加入K8S集群
# kubeadm join 10.0.0.201:6443 --token dgpfut.jd1iwnpnwml9h0jz \
--discovery-token-ca-cert-hash sha256:8d67b9fca698d95b5a422f216af17a91bdb65c412bbe13a89c372904cf4b27ee查看现有的节点
# kubectl get nodes06- 安装网络插件并验证连通性
下载flannel的资源清单 记得改网段再应用
# kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
# sed -i.bak 's#10.244.0.0/16#192.168.0.0/16#g' kube-flannel.yml如果忘记改网段了就删除该配置
# kubectl delete -f kube-flannel.yml 应用flanne
# kubectl apply -f kube-flannel.yml 检查flannel组件是否正常,均处于"Running"状态!
# kubectl get pods -A -o wide| grep kube-flannel
