一、 安装前准备
1. 初始化系统环境
ubuntu系统环境初始化 :网络 network 、域名 hostname、ssh登录、内核优化等等
2. 安装容器引擎 containerd
apt update //更新软件包
apt install containerd -y //下载软件包
mkdir /etc/containerd/ //存放containerd的配置文件
containerd config default > /etc/containerd/config.toml //导入默认配置,文件名是固定的
vim /etc/containerd/config.toml
//修改pause镜像地址,此处使用阿里镜像地址
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"
//修改镜像加速配置
169 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
170 endpoint = ["https://ryici85m.mirror.aliyuncs.com"]
//ubuntu2204版本要修改为true
137 SystemdCgroup = true
systemctl restart containerd.service
systemctl status containerd.service
3. 安装crictl工具
root@node2:~/apps# mkdir /root/apps/
root@node2:~/apps# cd /root/apps/ //上传软件包
root@node2:~/apps# ls
crictl-v1.29.0-linux-amd64.tar.gz
root@node2:~/apps# mkdir /usr/local/bin/crictl
root@node2:~/apps# tar xvf crictl-v1.29.0-linux-amd64.tar.gz -C /usr/local/bin/crictl
crictl
root@node2:~/apps# vim /etc/profile
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/bin/crictl
//在最后一行插入
root@node2:~/apps# source /etc/profile //执行脚本
root@node2:~/apps# crictl -v //查看版本
crictl version v1.29.0
root@node2:~/apps# cat > /etc/crictl.yaml <<EOF
runtime-endpoint: "unix:///run/containerd/containerd.sock"
image-endpoint: "unix:///run/containerd/containerd.sock"
timeout: 10
debug: false
EOF
4. 安装nerdctl工具
root@node2:~/apps# cd /root/apps/ //上传nerdctl软件包
root@node2:~/apps# ls
crictl-v1.29.0-linux-amd64.tar.gz nerdctl-1.7.6-linux-amd64.tar.gz
root@node2:~/apps# tar xvf nerdctl-1.7.6-linux-amd64.tar.gz -C /usr/local/bin/
root@node2:~/apps# nerdctl version
root@node2:~/apps# mkdir /etc/nerdctl
root@node2:~/apps# cat > /etc/nerdctl/nerdctl.toml <<EOF //配置(官方发布的固定配置)
namespace = "k8s.io"
debug = false
debug_full = false
insecure_registry = true
EOF
5. 安装CNI工具
root@node2:~/apps# ls
crictl-v1.29.0-linux-amd64.tar.gz cni-plugins-linux-amd64-v1.5.1.tgz nerdctl-1.7.6-linux-amd64.tar.gz
root@node2:~/apps# mkdir /opt/cni/bin/ -p
root@node2:~/apps# tar xvf cni-plugins-linux-amd64-v1.5.1.tgz -C /opt/cni/bin/
6. 拉取镜像进行测试
//上传nginx镜像
root@node2:~/apps# ls
nerdctl-1.7.6-linux-amd64.tar.gz cni-plugins-linux-amd64-v1.5.1.tgz nginx.tar.gz crictl-v1.29.0-linux-amd64.tar.gz
//加载镜像
root@node2:~/apps# nerdctl load -i /root/apps/nginx.tar.gz
//运行容器
root@node2:~/apps# nerdctl run -it -p 8000:80 --rm --name=nginx_test harbor.hiuiu.com/basic_image/centos7_filebeat_nginx:2408.u
//验证容器是否运行
root@node2:~/apps# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9a355b4b33e4 harbor.hiuiu.com/basic_image/centos7_filebeat_nginx:2408.u "/bin/bash" 21 seconds ago Up 0.0.0.0:8000->80/tcp nginx_test
7. 初始化K8S环境
- 安装基本的软件
apt install chrony ipvsadm tree ipset -y
- 关闭防火墙和关闭selinux
ufw disable
ufw status
或者
systemctl stop ufw
systemctl status firewalld
- 关闭swap 交换分区
//临时关闭
swapoff -a
//永久关闭
sed -i '/swap.img/s/^/#/' /etc/fstab
- 配置时间服务器
sed -i 's/pool ntp.ubuntu.com/pool ntp.ntsc.ac.cn/' /etc/chrony/chrony.conf
systemctl restart chronyd
systemctl status chronyd
- 加载模块
modprobe br_netfilter && lsmod | grep br_netfilter
modprobe ip_conntrack && lsmod | grep conntrack
cat >/etc/modules-load.d/modules.conf<<EOF
ip_vs
ip_vs_lc
ip_vs_lblc
ip_vs_lblcr
ip_vs_rr
ip_vs_wrr
ip_vs_sh
ip_vs_dh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
ip_tables
ip_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
xt_set
br_netfilter
nf_conntrack
overlay
EOF
systemctl restart systemd-modules-load.service
lsmod | grep -e ip_vs -e nf_conntrack
- 修改内核参数
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
vm.max_map_count=262144
kernel.pid_max=4194303
fs.file-max=1000000
net.ipv4.tcp_max_tw_buckets=6000
net.netfilter.nf_conntrack_max=2097152
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
sysctl -p
- 修改hosts文件
vim /etc/hosts
192.168.204.110 m.kk.com
192.168.204.120 n1.kk.com
192.168.204.130 n2.kk.com
- 修改machin-id (克隆机器的需要修改)
cat /etc/machine-id //查看machin-id
rm -f /etc/machine-id
systemd-machine-id-setup
二、 正式安装 K8S-kubeadm 方式
1. 配置说明
//域名 IP地址 配置 角色
m.kk.com 192.168.204.110 4c4G master
n1.kk.com 192.168.204.120 4c4G node1
n2.kk.com 192.168.204.130 4c4G node2
2. 安装 kubeadm 、kubelet、 kubectl
apt update
apt install apt-transport-https ca-certificates curl gpg -y
mkdir -p -m 755 /etc/apt/keyrings
//默认官方地址
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
//阿里源
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list
//安装命令
apt-get update && apt-cache madison kubeadm
apt-get install -y kubelet=1.30.3-1.1 kubeadm=1.30.3-1.1 kubectl=1.30.3-1.1
3. 拉取镜像
//上传 images_download.sh 脚本
bash images_download.sh //执行脚本
nerdctl images //查看镜像
4. 创建MASTER
root@m:~# systemctl restart kubelet.service
root@m:~# ufw disable
root@m:~# swapoff -a
kubeadm init --apiserver-advertise-address=192.168.204.110 --apiserver-bind-port=6443 --kubernetes-version=v1.30.3 --pod-network-cidr=10.200.0.0/16 --service-cidr=10.96.0.0/16 --service-dns-domain=cluster.local --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --ignore-preflight-errors=swap
`按照提示执行:`
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
source /etc/profile
5. 节点加入集群
kubeadm join 192.168.204.110:6443 --token gh3nxw.6u4ttn0limx9yz9y \
--discovery-token-ca-cert-hash sha256:9d8505f7aa3e3217e2530856eb5ede76f213dea019034d2c0900b07addf1fa52
6. 查看集群节点
kubectl get nodes
