一、环境准备

1、Linux初始化(CentOS)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

# 1、关闭防火墙
systemctl stop firewalld
systemctl disable firewalld

# 2、关闭selinux
# linux下的一个安全机制,主要是对文件系统访问做一个权限控制,
# 这个权限控制会影响到kubernetes中的一个组件kuberlete的安装,
# 因为这个组件的安装会访问本地的文件操作系统
# 永久
getenforce # 查看selinux状态
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

# 3、关闭swap
# swap分区的作用是当物理内存不足时,利用swap分区做数据交换,
# 但是在kubernetes中完全不支持swap分区,所以必须禁止掉
# 永久
vi /etc/fstab
#/dev/mapper/centos-swap swap                    swap    defaults        0 0  注释这一行
# 永久关闭重启linux
reboot

# 4、修改hosts (建议先固定虚拟机IP)
vi /etc/hosts
172.16.167.129  master1
172.16.167.130  node1
172.16.167.131  node2

# 5、调整内核参数及模块
cat <<EOF> /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF> /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter
# 设置必需的 sysctl 参数,允许iptables检查桥接流量,这些参数在重新启动后仍然存在
# 将桥连的ipv4流量传递到iptables
# 有一些ipv4的流量不能走iptables链,导致流量丢失
# 【linux内核的一个过滤器,每个流量都会经过他,然后再匹配是否可进入当前应用进程去处理】
cat <<EOF> /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sudo sysctl --system

# 6、时间同步【启动chronyd系统服务】
yum install chrony -y
systemctl enable chronyd
systemctl start chronyd
chronyc sources

date

# 7、安装containerd
yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum install containerd -y

systemctl start containerd
systemctl enable containerd

containerd config default > /etc/containerd/config.toml

# 配置
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml
# 修改基础设施镜像
sed -i 's#sandbox_image = "registry.k8s.io/pause:3.6"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"#' /etc/containerd/config.toml

systemctl daemon-reload
systemctl restart containerd
# 8、安装CRI客户端
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.23.0/crictl-v1.23.0-linux-amd64.tar.gz
tar zxvf crictl-v1.23.0-linux-amd64.tar.gz -C /usr/local/bin

cat <<EOF> /etc/crictl.yaml 
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF

# 验证是否可用
crictl pull nginx:alpine
crictl images
crictl rmi nginx:alpine

# 9、安装k8s 添加K8S源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
        http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# 查看版本版本命令 yum list kubeadm --showduplicates | sort -r
yum install -y kubelet-1.23.5-0 kubectl-1.23.5-0 kubeadm-1.23.5-0

# 修改 kubelet 配置
cat <<EOF> /etc/sysconfig/kubelet
KUBELET_KUBEADM_ARGS="--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
EOF
systemctl start kubelet
systemctl enable kubelet

二、部署master和node 节点

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# 直接初始化
kubeadm init \
--kubernetes-version v1.23.5 \
--apiserver-advertise-address 172.16.167.129 \
--control-plane-endpoint master1 \
--image-repository registry.aliyuncs.com/google_containers \
--pod-network-cidr 10.244.0.0/16 \
--cri-socket /run/containerd/containerd.sock


--kubernetes-version:指定的版本
--apiserver-advertise-address:K8S主节点的地址
--pod-network-cidr:pod的网络IP范围

# 如果出现
# /proc/sys/net/bridge/bridge-nf-call-iptables contents are not set to 1
# 可能是因为重启后参数失效
# 可以重新执行一下环境准备的第5步 配置iptables
# 如果安装过程出现什么问题可以通过以下命令查看日志
journalctl -xeu kubelet

# 成功之后会有接下来执行命令的提示
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubeadm join master1:6443 --token lpanup.o2sxyitr0zscbg7p \
  --discovery-token-ca-cert-hash sha256:06b1ecce8e40a46dbaaf4014a385fb44b7c5ef8ee08bcfc92df103d21c0bc2bd 
  
# 在master节点运行
kubectl get nodes
# 能看到节点信息

# 安装calico网络插件
mkdir -p /root/i && cd /root/i

# 下载
curl https://docs.projectcalico.org/manifests/calico.yaml -o /root/i/calico.yaml

# 查看一下版本`v3.22.2`,如果不是替换不生效

# 修改镜像
sed -i 's#docker.io/calico/cni:v3.22.2#registry.cn-shanghai.aliyuncs.com/wanfei/cni:v3.22.2#' /root/i/calico.yaml
sed -i 's#docker.io/calico/pod2daemon-flexvol:v3.22.2#registry.cn-shanghai.aliyuncs.com/wanfei/pod2daemon-flexvol:v3.22.2#' /root/i/calico.yaml
sed -i 's#docker.io/calico/node:v3.22.2#registry.cn-shanghai.aliyuncs.com/wanfei/node:v3.22.2#' /root/i/calico.yaml
sed -i 's#docker.io/calico/kube-controllers:v3.22.2#registry.cn-shanghai.aliyuncs.com/wanfei/kube-controllers:v3.22.2#' /root/i/calico.yaml

# 执行
kubectl apply -f /root/i/calico.yaml
#等几分钟之后运行下列命令查看状态
kubectl get pods -n kube-system
kubectl get nodes

参考博客:
https://blog.csdn.net/qq_38983728/article/details/123755691