K8s是现在运维必备的一项技能,最近也在学习和了解,那么先从最简单的安装开始。
1.修改Host映射(所有主机都需要做)
root@master233:~# cat >> /etc/hosts <<EOF
192.168.1.233 master233
192.168.1.234 slave234
192.168.1.235 slave235
EOF
2.安装软件(所有主机都需要做)
root@master233:~# apt-get update && sudo apt-get install -y apt-transport-https ca-certificates vim curl gpg ntpdate
3.时间同步设置(所有主机都需要做)
root@master233:~# ntpdate time1.aliyun.com
root@master233:~# timedatectl set-timezone Asia/Shanghai
root@master233:~# crontab -e
0 0 * * * ntp.aliyun.com
4.关闭交换分区(所有主机都需要做)
root@master233:~# sed -i '/swap/s/^/# /' /etc/fstab && swapoff -a
5.调整内核参数&开启转发(所有主机都需要做)
# 调整内核参数
root@master233:~# cat << EOF |tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
overlay
br_netfilter
# 加载
root@master233:~# modprobe overlay
root@master233:~# modprobe br_netfilter
# 查看是否成功
root@master233:~# lsmod | egrep "overlay"
overlay 151552 0
root@master233:~# lsmod | egrep "br_netfilter"
br_netfilter 32768 0
bridge 311296 1 br_netfilter
# 开启内核转发
root@master233:~# cat << EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 加载
sysctl -p /etc/sysctl.d/k8s.conf
sysctl --system
# 查看是否加载成功
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
# 安装IPVS
root@master233:~# apt install ipset ipvsadm -y
root@master233:~# cat<< EOF |tee /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
EOF
root@master233:~# cat << EOF |tee ipvs.sh
#!/bin/sh
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
root@master233:~# bash ipvs.sh
# 查看加载情况
root@master233:~# lsmod | grep ip_vs
6.安装Docker及cri-docker(所有主机都需要做)
root@master233:~# apt-get -y install apt-transport-https ca-certificates curl software-properties-common
root@master233:~# curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
root@master233:~# add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
root@master233:~# apt-get -y update
root@master233:~# apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
root@master233:~# curl -LO https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.21/cri-dockerd_0.3.21.3-0.ubuntu-jammy_amd64.deb
root@master233:~# dpkg -i cri-dockerd_0.3.21.3-0.ubuntu-jammy_amd64.deb
root@master233:~# systemctl enable --now cri-docker
7.安装K8s(所有主机都需要做)
# 使用阿里源
root@master233:~# curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
root@master233:~# echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list
# 更新源
root@master233:~# apt-get update
# 安装1.29
root@master233:~# apt-get install -y kubelet kubeadm kubectl
# 锁定版本
root@master233:~# apt-mark hold kubelet kubeadm kubectl
8.更新kubelet配置(所有主机都需要做)
root@master233:~# vi /etc/default/kubelet
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
root@master233:~# systemctl enable kubelet
9.kubectl命令补全(所有主机都需要做)
root@master233:~# apt install -y bash-completion
root@master233:~# echo'source <(kubectl completion bash)' >>~/.bashrc
10.修改Cri的k8s沙箱(所有主机都需要做)
root@master233:~# sed -i.bak '/^ExecStart/c ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.10.1' /lib/systemd/system/cri-docker.service
root@master233:~# systemctl daemon-reload && systemctl restart cri-docker.service
11.主节点初始化(只有Master操作)
root@master233:~# kubeadm config print init-defaults > kubeadm-init-config.yaml
root@master233:~# vi kubeadm-init-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.1.233 # master ip
bindPort: 6443
nodeRegistration:
criSocket: unix:///run/cri-dockerd.sock
imagePullPolicy: IfNotPresent
name: master233 # master 主机名
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 镜像仓库
kind: ClusterConfiguration
kubernetesVersion: 1.29.15 # k8s版本
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16 # 增加pod子网
scheduler: {}
12.下载镜像(只有Master操作)
root@master233:~# kubeadm config images pull --config ./kubeadm-init-config.yaml
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.29.15
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.29.15
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.29.15
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.29.15
[config/images] Pulled registry.aliyuncs.com/google_containers/coredns:v1.11.1
[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.9 # 这个不用在意 初始化的时候会变成3.10版本
[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.5.16-0
13.初始化K8s(只有Master操作)
root@master233:~# kubeadm init --config ./kubeadm-init-config.yaml
[init] Using Kubernetes version: v1.29.15
.....
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.1.233:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:fdc14f28184833db07b0677cea087b9a63926c4b9f3aa803f66de7657c386e84
root@master233:~# mkdir -p $HOME/.kube
root@master233:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@master233:~# chown $(id -u):$(id -g) $HOME/.kube/config
14.从节点加入(只有Slave操作)
root@slave234:~# kubeadm join 192.168.1.233:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:fdc14f28184833db07b0677cea087b9a63926c4b9f3aa803f66de7657c386e84 \
--cri-socket unix:///var/run/cri-dockerd.sock
[preflight] Running pre-flight checks
.....
root@slave235:~# kubeadm join 192.168.1.233:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:fdc14f28184833db07b0677cea087b9a63926c4b9f3aa803f66de7657c386e84 \
--cri-socket unix:///var/run/cri-dockerd.sock
[preflight] Running pre-flight checks
.....
15.安装网络插件flannel
root@master233:~# kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
root@master233:~# kubectl get pod -n kube-flannel
NAME READY STATUS RESTARTS AGE
kube-flannel-ds-6f57x 1/1 Running 0 51s
kube-flannel-ds-87qqt 1/1 Running 0 51s
kube-flannel-ds-8lg6h 1/1 Running 0 51s
16.查看K8s状态
root@master233:~# kubectl get node
NAME STATUS ROLES AGE VERSION
master233 Ready control-plane 26m v1.29.15
slave234 Ready <none> 4m37s v1.29.15
slave235 Ready <none> 4m30s v1.29.15
