环境准备
centos7.9,8G4C
准备工作:
关闭防火墙firewalld、selinux
设置主机名
设置/etc/hosts
[root@localhost ~]# hostnamectl set-hostname master
[root@localhost ~]# hostnamectl set-hostname worker1
[root@localhost ~]# hostnamectl set-hostname worker2
[root@master ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.101 master
192.168.1.103 worker1
192.168.1.105 worker2
[root@master ~]# systemctl stop firewalld&&systemctl disable firewalld&&setenforce 0
[root@master ~]#sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
关闭交换分区
[root@master ~]# swapoff -a
[root@master ~]# vim /etc/fstab
交换分区加上注释
#/dev/mapper/centos-swap swap swap defaults 0 0
将桥接的ipv4流量传递到iptables链,打开端口转发
[root@master ~]# modprobe br_netfilter
[root@master ~]# cat >/etc/sysctl.d/k8s.conf<<EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
[root@master ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
kernel.kptr_restrict = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/60-libvirtd.conf ...
fs.aio-max-nr = 1048576
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
* Applying /etc/sysctl.conf ...
[root@master ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
[root@master ~]# sysctl -p
net.ipv4.ip_forward = 1
时间同步
[root@worker2 ~]# yum install -y chrony &&systemctl start chronyd && systemctl enable chronyd
配置containerd
[root@worker2 ~]# yum install -y yum-utils &&sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@master ~]# yum install containerd.io -y &&systemctl enable containerd --now
[root@master ~]# containerd config default>/etc/containerd/config.toml
[root@master ~]# vim /etc/containerd/config.toml
sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10"
SystemdCgroup = true
[root@master ~]# systemctl restart containerd
配置kubernetes仓库
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
配置crictl与containerd交互
[root@master ~]# crictl config --set runtime-endpoint=/run/containerd/containerd.sock
[root@master ~]# crictl images
IMAGE TAG IMAGE ID SIZE
k8s初始化
[root@master ~]# kubeadm config print init-defaults>kubeadm-config.yaml
[root@master ~]# kubeadm init --config kubeadm-config.yaml
主节点配置
[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
工作节点
[root@master ~]# scp /etc/kubernetes/admin.conf [email protected]:/root
[root@master ~]# scp /etc/kubernetes/admin.conf [email protected]:/root
[root@worker1 ~]# mkdir -p $HOME/.kube
[root@worker1 ~]# sudo cp -i admin.conf $HOME/.kube/config
[root@worker1 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@worker1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady control-plane 16m v1.31.2
[root@worker2 ~]# mkdir -p $HOME/.kube
[root@worker2 ~]# sudo cp -i admin.conf $HOME/.kube/config
[root@worker2 ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[root@worker2 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady control-plane 17m v1.31.2
工作节点加入集群
[root@worker1 ~]# kubeadm join 192.168.1.101:6443 --token abcdef.0123456789abcdef \
> --discovery-token-ca-cert-hash sha256:54ff174d318f6dd6b7e357ba40f6364cfa4394c5bf1ed74a9d8fdab907fe1b19
[root@worker2 ~]# kubeadm join 192.168.1.101:6443 --token abcdef.0123456789abcdef \
> --discovery-token-ca-cert-hash sha256:54ff174d318f6dd6b7e357ba40f6364cfa4394c5bf1ed74a9d8fdab907fe1b19
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady control-plane 19m v1.31.2
worker1 NotReady <none> 59s v1.31.2
worker2 NotReady <none> 52s v1.31.2
这里发现状态都为NotReady,因为网络还没有通,现在安装calico网络插件
安装calico网络插件
calico.yaml文件地址:
calico/manifests/calico.yaml at master · projectcalico/calicohttps://github.com/projectcalico/calico/blob/master/manifests/calico.yaml这里我是采用的离线安装,把calico需要的镜像提前下载到了本地,进行导入。通过xftp进行上传
[root@master ~]# mkdir calico
[root@master ~]# ls calico/
calico.yaml cni.tar controller.tar node.tar
#三个节点都进行镜像导入
[root@master calico]# ctr -n=k8s.io images import cni.tar && ctr -n=k8s.io images import node.tar && ctr -n=k8s.io images import controller.tar
[root@master calico]# ctr images list
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/calico/cni:master application/vnd.oci.image.manifest.v1+json sha256:857793c712dacf42f3d4b7c0223ba1b6497098ad8270029346d62adafb00bd5b 209.5 MiB linux/amd64 -
docker.io/calico/kube-controllers:master application/vnd.oci.image.manifest.v1+json sha256:a01cd6d582c44775bb1b1053fe05501d44afd79be66bc770ac9218a1dfbf31ea 78.6 MiB linux/amd64 -
docker.io/calico/node:master application/vnd.oci.image.manifest.v1+json sha256:5e3d9dddee857783469742393998a84ee2497bdba98dd44424e28699f58e40ad 325.5 MiB linux/amd64 -
[root@master calico]# kubectl apply -f calico.yaml
[root@master calico]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-7bcf789c97-9jx9j 1/1 Running 0 16m
calico-node-d6n68 1/1 Running 0 16m
calico-node-dlnpr 1/1 Running 0 16m
calico-node-t4kzf 1/1 Running 0 16m
coredns-fcd6c9c4-fz4kz 1/1 Running 0 55m
coredns-fcd6c9c4-r7qgx 1/1 Running 0 55m
etcd-master 1/1 Running 0 56m
kube-apiserver-master 1/1 Running 0 55m
kube-controller-manager-master 1/1 Running 4 (109s ago) 55m
kube-proxy-2pgkw 1/1 Running 0 37m
kube-proxy-px64d 1/1 Running 0 37m
kube-proxy-tvxds 1/1 Running 0 55m
kube-scheduler-master 1/1 Running 3 (99s ago) 55m
[root@master calico]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 61m v1.31.2
worker1 Ready <none> 42m v1.31.2
worker2 Ready <none> 42m v1.31.2
k8s命令补全
[root@master calico]# echo 'source /usr/share/bash-completion/bash_completion' >> ~/.bashrc
[root@master calico]# echo 'source <(kubectl completion bash)' >> ~/.bashrc
[root@master calico]# source ~/.bashrc
以上操作就完成了K8s集群的搭建