kubeadm部署k8 s 1.30

我和1001个粉丝的故事
850 阅读5分钟

k8s 集群准备

序号操作系统版本
1ubuntu22.04

主机硬件配置

cpu内存角色主机名ip
44Gmaster01k8s-master01172.16.222.10
44Gnodenoed01172.16.222.20
44Gnodenode02172.16.222.30
配置主机
hostnamectl hostname k8s-master01
hostnamectl hostname node01
hostnamectl hostname node02
配置apt 阿里源 ubuntu 22.04 LTS (jammy) 配置如下
vim /etc/apt/sources.list

deb https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse

# deb https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
ip地址解析
cat >> /etc/hosts <<EOF
 172.16.222.10    k8s-master01
 172.16.222.20 node01
 172.16.222.30 node02
 EOF

配置时间同步

timedatectl set-timezone Asia/Shanghai
date 查看时间

配置内核转发

modprobe br_netfilter && lsmod |grep br_netfilter
		modprobe ip_conntrack && lsmod | grep conntrack
cat >/etc/modules-load.d/modules.conf<<EOF
ip_vs
ip_vs_lc
ip_vs_lblc
ip_vs_lblcr
ip_vs_rr
ip_vs_wrr
ip_vs_sh
ip_vs_dh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
ip_tables
ip_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
xt_set
br_netfilter
nf_conntrack
overlay
EOF
		systemctl restart systemd-modules-load.service
		lsmod | grep -e ip_vs -e nf_conntrack
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward 看内核转发是否开启

修改内核参数

cat << EOF | tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward=1
vm.max_map_count=262144
kernel.pid_max=4194303
fs.file-max=1000000
net.ipv4.tcp_max_tw_buckets=6000
net.netfilter.nf_conntrack_max=2097152
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
EOF
vim  /etc/sysctl.conf
sysctl -p /etc/sysctl.d/k8s.conf
或 sysctl --system

安装ipset 及ipvsadm

所有主机

apt install chrony ipvsadm tree ipset -y

配置ipvsadm模块

cat << EOF | tee ipvs.sh 
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF

bash ipvs.sh
lsmod | grep ip_vs
关闭swap
swapoff -a 

sed -i '/swap/s/^/#/' /etc/fstab
cni工具
CNI工具 
	CNI是什么?
		为容器提供网桥,如果不安装CNI,容器只有host网络模式。
	安装CNI:
		wget https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
		mkdir -p /opt/cni/bin
		tar xvf cni-plugins-linux-amd64-v1.5.1.tgz -C /opt/cni/bin/

k8s 容器运行时containerd

apt update
apt-cache madison containerd  看版本

	apt install containerd[=版本号] -y
	/lib/systemd/system/containerd.service (二进制安装参考此配置)
	mkdir /etc/containerd/  ## 存放containerd的配置文件
	#配置containerd
	containerd config default > /etc/containerd/config.toml
	修改pause镜像地址:
		sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"  #阿里镜像地址
		sandbox_image = "harbor.hiuiu.com/kubernetes/google_containers/pause:3.9" #本地harbor镜像地址
	修改镜像加速配置
		168       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
	  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
	  endpoint = ["https://hzsbbqty.mirror.aliyuncs.com"]
	修改为true
		137             SystemdCgroup =  true

部署软件及组件镜像准备

安装 kubeadm 、kubelet、 kubectl

	apt update
	apt install apt-transport-https ca-certificates curl gpg
	mkdir -p -m 755 /etc/apt/keyrings
	#k8s 的公共签名的密钥

	curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg   
	## 阿里源
	echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/ /" |  tee /etc/apt/sources.list.d/kubernetes.list 
	## 安装命令
	apt-get update && apt-cache madison kubeadm
	apt-get install -y kubelet=1.30.3-1.1 kubeadm=1.30.3-1.1 kubectl=1.30.3-1.1
	
vim /etc/kubelet    kubeadm 初始化的时候它会自动启动
锁定版本 防止自动更新

拉取镜像

kubeadm config images list --kubernetes-version=v1.30.3
registry.k8s.io/kube-apiserver:v1.30.3
registry.k8s.io/kube-controller-manager:v1.30.3
registry.k8s.io/kube-scheduler:v1.30.3
registry.k8s.io/kube-proxy:v1.30.3
registry.k8s.io/coredns/coredns:v1.11.1
registry.k8s.io/pause:3.9
registry.k8s.io/etcd:3.5.12-0

sudo kubeadm config images pull \
--image-repository=registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.30.3 \
--cri-socket=unix:///run/containerd/containerd.sock

初始化master

sudo kubeadm init \
--apiserver-advertise-address=172.16.222.10 \
--control-plane-endpoint=k8s-master01 \
--kubernetes-version=v1.30.3 \
--service-cidr=10.50.0.0/16 \
--pod-network-cidr=10.60.0.0/16 \
--cri-socket=unix:///run/containerd/containerd.sock \
--image-repository=registry.aliyuncs.com/google_containers \
--ignore-preflight-errors=swap

kubectl  get pods -n kube-system

------------------------重新初始化

第一种,手动删除:
1. 删除/etc/kubernetes/文件夹下的所有文件
2. 删除$HOME/.kube文件夹
3. 删除/var/lib/etcd文件夹
[root@k8s-master ~]# rm -rf /etc/kubernetes/*
[root@k8s-master ~]# rm -rf ~/.kube/*
[root@k8s-master ~]# rm -rf /var/lib/etcd/*
4、停用上图所列的端口号
[root@k8s-master ~]# lsof -i :6443|grep -v "PID"|awk '{print "kill -9",$2}'|sh
[root@k8s-master ~]# lsof -i :10251|grep -v "PID"|awk '{print "kill -9",$2}'|sh
[root@k8s-master ~]# lsof -i :10252|grep -v "PID"|awk '{print "kill -9",$2}'|sh
[root@k8s-master ~]# lsof -i :10250|grep -v "PID"|awk '{print "kill -9",$2}'|sh
[root@k8s-master ~]# lsof -i :2379|grep -v "PID"|awk '{print "kill -9",$2}'|sh
[root@k8s-master ~]# lsof -i :2380|grep -v "PID"|awk '{print "kill -9",$2}'|sh
第二种,kubectl命令清除环境
[root@k8s-master ~]# kubeadm reset


# 1. 强制重置 kubeadm 状态(清理证书、配置、旧容器等) sudo kubeadm reset -f
# 2. 手动删除控制平面静态 Pod 清单(报错中提示已存在的 4 个文件) sudo rm -f /etc/kubernetes/manifests/kube-apiserver.yaml \ /etc/kubernetes/manifests/kube-controller-manager.yaml \ /etc/kubernetes/manifests/kube-scheduler.yaml \ /etc/kubernetes/manifests/etcd.yaml 
# 3. 清理 kubelet 残留数据(释放 10250 端口,重置 kubelet 状态) sudo rm -rf /var/lib/kubelet/* /etc/kubernetes/pki/* sudo systemctl restart kubelet # 重启 kubelet,确保端口释放

安装 工具

image.png




.安装nerdctl工具
下载路径
wget https://github.com/containerd/nerdctl/releases/download/v1.3.0/nerdctl-1.3.0-linux-amd64.tar.gz
	安装
tar xvf nerdctl-1.7.6-linux-amd64.tar.gz -C /usr/local/bin/
nerdctl version
mkdir /etc/nerdctl
cat > /etc/nerdctl/nerdctl.toml <<EOF
namespace = "k8s.io"
debug = false
debug_full = false
insecure_registry = true  #允许非官方证书
EOF
6.CNI工具
	CNI是什么?
		为容器提供网桥,如果不安装CNI,容器只有host网络模式。
	安装CNI:
		wget https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
  mkdir -p /opt/cni/bin
tar xvf cni-plugins-linux-amd64-v1.2.0.tgz -C /opt/cni/bin/

测试

  nerdctl run -it -p 80:80 --rm  --name=nginx_test registry.cn-       hangzhou.aliyuncs.com/6aliyun6/yun:nginx-1.18

image.png

image.png

image.png

image.png

image.png

image.png

还需要装calico 插件

需要calico镜像和yaml文件

我用的是本地镜像的方法

tar -zxvf calico-release-v3.28.0.tgz
	cd release-v3.28.0/
	cd images/
	# 找calico配置文件,calico.yaml
	release-v3.28.0/manifests/calico.yaml #calico配置文件 
	修改配置文件:calico.yaml
	(1) pod网络地址: 
		calico.yaml
		#/CALICO_IPV4POOL_CIDR
		- name: CALICO_IPV4POOL_CIDR
		 value: "10.200.0.0/16"
		 pod网段

	(2)镜像地址
		cat calico.yaml | grep image:
		  ---
	      image: docker.io/calico/cni:v3.28.0
          image: docker.io/calico/cni:v3.28.0
          image: docker.io/calico/node:v3.28.0
          image: docker.io/calico/node:v3.28.0
          image: docker.io/calico/kube-controllers:v3.28.0
          ---
          cd /release-v3.28.0/images
          ---
          release-v3.28.0/images# ll
			total 876528
			drwxrwxr-x 2 1001 1001       213 May 11 08:20 ./
			drwxrwxr-x 5 1001 1001        48 May 11 08:20 ../
			-rw------- 1 1001 1001 208990208 May 11 08:20 calico-cni.tar
			-rw------- 1 1001 1001  41927168 May 11 08:19 calico-dikastes.tar
			-rw------- 1 1001 1001 128270336 May 11 08:19 calico-flannel-migration-controller.tar
			-rw------- 1 1001 1001  79177216 May 11 08:19 calico-kube-controllers.tar
			-rw------- 1 1001 1001 354560512 May 11 08:20 calico-node.tar
			-rw------- 1 1001 1001  13446144 May 11 08:19 calico-pod2daemon.tar
			-rw------- 1 1001 1001  71183360 May 11 08:20 calico-typha.tar
		  ---
		  导入K8S环境里面(三台节点都要载入镜像)
nerdctl load -i calico-cni.tar
nerdctl load -i calico-node.tar
nerdctl load -i calico-kube-controllers.tar
          #执行安装
          kubectl apply -f calico.yaml

          #验证

		  kubectl run  nginx11  --image=harbor.hiuiu.com/basic_image/centos7_filebeat_nginx:2408.u sleep 10000
		  kubectl run  nginx22  --image=harbor.hiuiu.com/basic_image/centos7_filebeat_nginx:2408.u sleep 10000
		  kubectl get pod -o wide
		  kubectl exec nginx11 -it bash
		  ping nginx22
		  
		  kubectl exec nginx22 -it bash

主节点执行yaml文件

注意格式 image.png

avatar
文章
阅读
粉丝