- 1.k8s集群环境准备
- 1.1 环境准备
推荐阅读:
https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
- 1.2 关闭swap分区
swapoff -a && sysctl -w vm.swappiness=0 # 临时关闭
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab # 基于配置文件关闭- 1.3 确保各个节点MAC地址或product_uuid唯一
ifconfig ens33 | grep ether | awk '{print $2}'
cat /sys/class/dmi/id/product_uuid
温馨提示:
一般来讲,硬件设备会拥有唯一的地址,但是有些虚拟机的地址可能会重复。
Kubernetes使用这些值来唯一确定集群中的节点。 如果这些值在每个节点上不唯一,可能会导致安装失败。- 1.4 检查网络节点是否互通
简而言之,就是检查你的k8s集群各节点是否互通,可以使用ping命令来测试。
ping baidu.com -c 10
- 1.5.允许iptable检查桥接流量
modprobe bridge
modprobe br_netfilter
cat <<EOF | tee /etc/modules-load.d/k8s.conf
bridge
br_netfilter
EOF
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system- 1.6 检查端口是否被占用
参考链接:
https://kubernetes.io/zh-cn/docs/reference/networking/ports-and-protocols/
检查master节点和worker节点的各组件端口是否被占用。
- 1.7 安装Containerd
wget http://192.168.16.253/Resources/Containerd/oldboyedu-autoinstall-containerd-v1.6.36.tar.gz
tar xf oldboyedu-autoinstall-containerd-v1.6.36.tar.gz
./install-containerd.sh i
[root@master241 ~]# ctr version
Client:
Version: v1.6.36
Revision: 88c3d9bc5b5a193f40b7c14fa996d23532d6f956
Go version: go1.22.7
Server:
Version: v1.6.36
Revision: 88c3d9bc5b5a193f40b7c14fa996d23532d6f956
UUID: 40e0c4d0-7d11-45af-bcd4-e390d85c9954
[root@master241 ~]#
[root@master241 ~]# ctr ns ls
NAME LABELS
[root@master241 ~]#
[root@worker242 ~]# ctr version
Client:
Version: v1.6.36
Revision: 88c3d9bc5b5a193f40b7c14fa996d23532d6f956
Go version: go1.22.7
Server:
Version: v1.6.36
Revision: 88c3d9bc5b5a193f40b7c14fa996d23532d6f956
UUID: 54f82c7f-3e26-442d-93aa-25fb71c09a62
[root@worker242 ~]#
[root@worker243 ~]# ctr version
Client:
Version: v1.6.36
Revision: 88c3d9bc5b5a193f40b7c14fa996d23532d6f956
Go version: go1.22.7
Server:
Version: v1.6.36
Revision: 88c3d9bc5b5a193f40b7c14fa996d23532d6f956
UUID: a12d3098-817c-48fc-a8ba-5d6eaa57c821
[root@worker243 ~]# - 1.8 所有节点安装kubeadm,kubelet,kubectl
- 1.8.2 K8S所有节点配置软件源(建议拷贝2次)
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat </etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update- 1.8.3 查看一下当前环境支持的k8s版本
[root@master231 ~]# apt-cache madison kubeadm
kubeadm | 1.28.2-00 | https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
kubeadm | 1.28.1-00 | https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
kubeadm | 1.28.0-00 | https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
...
kubeadm | 1.23.17-00 | https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
kubeadm | 1.23.16-00 | https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
kubeadm | 1.23.15-00 | https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
kubeadm | 1.23.14-00 | https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial/main amd64 Packages
...- 1.8.4 所有节点安装 kubelet kubeadm kubectl
apt-get -y install kubelet=1.24.17-00 kubeadm=1.24.17-00 kubectl=1.24.17-00- 1.8.5 检查各组件版本
[root@worker232 ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.17", GitCommit:"953be8927218ec8067e1af2641e540238ffd7576", GitTreeState:"clean", BuildDate:"2023-02-22T13:33:14Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"}
[root@worker232 ~]#
[root@worker232 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.17", GitCommit:"953be8927218ec8067e1af2641e540238ffd7576", GitTreeState:"clean", BuildDate:"2023-02-22T13:34:27Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"}
The connection to the server localhost:8080 was refused - did you specify the right host or port?
[root@worker232 ~]#
[root@worker232 ~]# kubelet --version
Kubernetes v1.23.17
[root@worker232 ~]# 温馨提示:
其他两个节点都要检查下,避免你安装的版本和我不一致!
参考链接:
https://kubernetes.io/zh/docs/tasks/tools/install-kubectl-linux/
- 1.9 检查时区
[root@master241 ~]# ln -svf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
'/etc/localtime' -> '/usr/share/zoneinfo/Asia/Shanghai'
[root@master241 ~]#
[root@master241 ~]# ll /etc/localtime
lrwxrwxrwx 1 root root 33 Apr 7 17:34 /etc/localtime -> /usr/share/zoneinfo/Asia/Shanghai
[root@master241 ~]#
[root@master241 ~]# date -R
Mon, 07 Apr 2025 17:34:34 +0800
[root@master241 ~]# - 2.基于kubeadm组件初始化K8S的master组件
- 2.1.提前导入镜像
[root@master241 ~]# ctr -n k8s.io i import k8s-master-v1.24.17.tar.gz
unpacking registry.aliyuncs.com/google_containers/coredns:v1.8.6 (sha256:5b6ec0d6de9baaf3e92d0f66cd96a25b9edbce8716f5f15dcd1a616b3abd590e)...done
unpacking registry.aliyuncs.com/google_containers/etcd:3.5.6-0 (sha256:dd75ec974b0a2a6f6bb47001ba09207976e625db898d1b16735528c009cb171c)...done
unpacking registry.aliyuncs.com/google_containers/kube-apiserver:v1.24.17 (sha256:c9d4d1af06e8fc31f106acb6750bf2b2cfcb2f53faf04bdd10e1c8a9c337bb7a)...done
unpacking registry.aliyuncs.com/google_containers/kube-controller-manager:v1.24.17 (sha256:40f7817161a3473f595220031135d96e742b05bc8338a4d8d4252d399abef0d5)...done
unpacking registry.aliyuncs.com/google_containers/kube-proxy:v1.24.17 (sha256:093cb35f2fe180dd6631c70d68dcbd2d9df7db31664a6f842a9b5dbfc71410c8)...done
unpacking registry.aliyuncs.com/google_containers/kube-scheduler:v1.24.17 (sha256:c932ce373d2e7cf2a807514a23f90d35f9395a774daf006a20a0ce287cc97850)...done
unpacking registry.aliyuncs.com/google_containers/pause:3.7 (sha256:bb6ed397957e9ca7c65ada0db5c5d1c707c9c8afc80a94acbe69f3ae76988f0c)...done
unpacking registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6 (sha256:3d380ca8864549e74af4b29c10f9cb0956236dfb01c40ca076fb6c37253234db)...done
[root@master241 ~]#
[root@master241 ~]# ctr -n k8s.io i ls | awk 'NR>=1{print $1}' | grep google_containers | grep -v sha256
registry.aliyuncs.com/google_containers/coredns:v1.8.6
registry.aliyuncs.com/google_containers/etcd:3.5.6-0
registry.aliyuncs.com/google_containers/kube-apiserver:v1.24.17
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.24.17
registry.aliyuncs.com/google_containers/kube-proxy:v1.24.17
registry.aliyuncs.com/google_containers/kube-scheduler:v1.24.17
registry.aliyuncs.com/google_containers/pause:3.7
registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6
[root@master241 ~]#
彩蛋,导出镜像:
[root@master241 ~]# ctr -n k8s.io i export oldboyedu-master-v1.24.17.tar.gz `ctr -n k8s.io i ls | awk 'NR>=1{print $1}' | grep google_containers | grep -v sha256`
[root@master241 ~]#
[root@master241 ~]# ll -h oldboyedu-master-v1.24.17.tar.gz
-rw-r--r-- 1 root root 226M Apr 7 17:46 oldboyedu-master-v1.24.17.tar.gz
[root@master241 ~]# - 2.2 使用kubeadm初始化master节点
[root@master231 ~]# kubeadm init --kubernetes-version=v1.24.17 --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.100.0.0/16 --service-cidr=10.200.0.0/16 --service-dns-domain=www.sss.com
...
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
注意:这里是你自己的,不要复制我的哟
kubeadm join 10.0.0.241:6443 --token rgxi3n.5exnsto3m8qb7t1e \
--discovery-token-ca-cert-hash sha256:60007a140ec73889e633c6efa45e911d41f6010b1df76c192ac3437fd2c87a00
[root@master231 ~]# - 3.拷贝授权文件,用于管理K8S集群
[root@master241 ~]# mkdir -p $HOME/.kube
[root@master241 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master241 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config - 4.查看master组件是否正常工作
root@master241 ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true","reason":""}
[root@master241 ~]# - 5.查看工作节点
[root@master241 ~]# kubectl get no -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master241 NotReady control-plane 9m14s v1.24.17 10.0.0.241 <none> Ubuntu 22.04.4 LTS 5.15.0-119-generic containerd://1.6.36
[root@master241 ~]#
基于kubeadm部署worker组件
- 1.提前导入镜像
[root@worker243 ~]# ctr -n k8s.io i import k8s-slave-v1.24.17.tar.gz
[root@worker243 ~]# ctr -n k8s.io i ls | awk 'NR>=1{print $1}' | grep google_containers | grep -v sha256
registry.aliyuncs.com/google_containers/kube-proxy:v1.24.17
registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6
[root@worker243 ~]#
[root@worker242 ~]# ctr -n k8s.io i import k8s-slave-v1.24.17.tar.gz
[root@worker242 ~]# ctr -n k8s.io i ls | awk 'NR>=1{print $1}' | grep google_containers | grep -v sha256
registry.aliyuncs.com/google_containers/kube-proxy:v1.24.17
registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6
[root@worker242 ~]# - 2.将worker节点加入到master集群(注意,不要复制我的,而是根据你上一步master生成的token加入集群)
[root@worker242 ~]# kubeadm join 10.0.0.241:6443 --token rgxi3n.5exnsto3m8qb7t1e\ --discovery-token-ca-cert-hash sha256:60007a140ec73889e633c6efa45e911d41f6010b1df76c192ac3437fd2c87a00
[root@worker243 ~]# kubeadm join 10.0.0.241:6443 --token rgxi3n.5exnsto3m8qb7t1e\ --discovery-token-ca-cert-hash sha256:60007a140ec73889e633c6efa45e911d41f6010b1df76c192ac3437fd2c87a00
- 3.验证worker节点是否加入成功
[root@master241 ~]# kubectl get no -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master241 NotReady control-plane 19m v1.24.17 10.0.0.241 <none> Ubuntu 22.04.4 LTS 5.15.0-119-generic containerd://1.6.36
worker242 NotReady <none> 7m58s v1.24.17 10.0.0.242 <none> Ubuntu 22.04.4 LTS 5.15.0-119-generic containerd://1.6.36
worker243 NotReady <none> 7s v1.24.17 10.0.0.243 <none> Ubuntu 22.04.4 LTS 5.15.0-119-generic containerd://1.6.36
[root@master241 ~]#部署CNI插件之Flannel实战
- 1.导入镜像
ctr -n k8s.io i pull ghcr.io/flannel-io/flannel:v0.26.5
ctr -n k8s.io i pull ghcr.io/flannel-io/flannel-cni-plugin:v1.6.2-flannel1- 2.下载资源清单并修改自己的网段
wget https://github.com/flannel-io/flannel/releases/download/v0.26.5/kube-flannel.yml
[root@master241 ~]# grep 16 kube-flannel.yml
"Network": "10.244.0.0/16",
[root@master241 ~]#
[root@master241 ~]# sed -i '/16/s#244#100#' kube-flannel.yml
[root@master241 ~]#
[root@master241 ~]# grep 16 kube-flannel.yml
"Network": "10.100.0.0/16",
[root@master241 ~]# - 3.开始安装Flannel
[root@master241 ~]# kubectl apply -f kube-flannel.yml
namespace/kube-flannel created
serviceaccount/flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
[root@master241 ~]# - 4.查看Pod信息
[root@master241 ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-flannel kube-flannel-ds-5g7mw 1/1 Running 0 7m56s
kube-flannel kube-flannel-ds-bxjjq 1/1 Running 0 4s
kube-flannel kube-flannel-ds-rx97h 1/1 Running 0 7m56s
kube-system coredns-74586cf9b6-8rm7n 1/1 Running 0 43m
kube-system coredns-74586cf9b6-zd76c 1/1 Running 0 43m
kube-system etcd-master241 1/1 Running 0 43m
kube-system kube-apiserver-master241 1/1 Running 0 43m
kube-system kube-controller-manager-master241 1/1 Running 0 43m
kube-system kube-proxy-kkqsb 1/1 Running 0 32m
kube-system kube-proxy-njdqc 1/1 Running 0 43m
kube-system kube-proxy-tv98r 1/1 Running 0 24m
kube-system kube-scheduler-master241 1/1 Running 0 43m
[root@master241 ~]#
kubectl工具实现自动补全功能
- 1.添加环境变量
[root@master231 ~]# kubectl completion bash > ~/.kube/completion.bash.inc
[root@master231 ~]#
[root@master231 ~]# echo source '$HOME/.kube/completion.bash.inc' >> ~/.bashrc
[root@master231 ~]#
[root@master231 ~]# source ~/.bashrc
[root@master231 ~]# 2.验证自动补全功能
root@master231 ~]# kubectl # 连续按2次tab键测试能否出现命令
alpha auth cordon diff get patch run version
annotate autoscale cp drain help plugin scale wait
api-resources certificate create edit kustomize port-forward set
api-versions cluster-info debug exec label proxy taint
apply completion delete explain logs replace top
attach config describe expose options rollout uncordon
[root@master231 ~]# 至此k8s1.24部署完毕!
Categories: