Kubeadm 安装kubernetes
1、基础环境准备1.1 服务器环境最小化安装基础系统,并关闭防火墙 selinux和swap,更新软件源、时间同步、安装常用命令,重启后验证基础配置这里使用Ubuntu18.04部署角色主机名ipk8s-master1k8s-master110.10.100.101k8s-master2k8s-master210.10.100.102k8s-master3k8s-master210.10.100.
·
1、基础环境准备
1.1 服务器环境
最小化安装基础系统,并关闭防火墙 selinux和swap,更新软件源、时间同步、安装常用命令,重启后验证基础配置
这里使用Ubuntu18.04部署
| 角色 | 主机名 | ip |
|---|---|---|
| k8s-master1 | k8s-master1 | 10.10.100.101 |
| k8s-master2 | k8s-master2 | 10.10.100.102 |
| k8s-master3 | k8s-master2 | 10.10.100.103 |
| haproxy1 | haproxy1 | 10.10.100.104 |
| haproxy2 | haproxy2 | 10.10.100.105 |
| harbor | harbor | 10.10.100.106 |
| node1 | k8s-node1 | 10.10.100.107 |
| node2 | k8s-node2 | 10.10.100.108 |
| node3 | k8s-node3 | 10.10.100.109 |
2、 反向代理及harbor
2.1 keepalived安装配置
2.1.1 安装
#安装keepalived
root@haproxy1:~# apt-get install keepalived -y
#拷贝配置文件
root@haproxy1:~# cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf
2.1.2 配置
master
root@haproxy1:~# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 80
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 10.10.100.104
unicast_peer {
10.10.100.105
}
virtual_ipaddress {
10.10.100.188 dev eth0 label eth0:1
}
}
BACKUP
root@haproxy2:~# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 80
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 10.10.100.105
unicast_peer {
10.10.100.104
}
virtual_ipaddress {
10.10.100.188 dev eth0 label eth0:1
}
}
2.2 haproxy安装配置
2.2.1 安装
root@haproxy1:~# apt-get install software-properties-common
root@haproxy1:~# add-apt-repository ppa:vbernat/haproxy-2.0
root@haproxy1:~# apt update
root@haproxy1:~# apt-cache madison haproxy
root@haproxy1:~# apt install haproxy=2.0.25-1ppa1~bionic
2.2.3 配置文件
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth haadmin:123456
listen k8s-6443
bind 10.10.100.188:6443
mode tcp
balance roundrobin
server 10.10.100.101 10.10.100.101:6443 check inter 2s fall 3 rise 5
server 10.10.100.102 10.10.100.102:6443 check inter 2s fall 3 rise 5
server 10.10.100.103 10.10.100.103:6443 check inter 2s fall 3 rise 5
3、安装 harbor
#安装docker
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
apt-get -y update
apt-get -y install docker-ce=5:20.10.10~3-0~ubuntu-bionic
#安装docker-compose
apt install python-pip -y
pip install --upgrade pip
pip install docker-compose
#安装harbor
cd /usr/local/src
wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.6.tgz
tar xf harbor-offline-installer-v1.7.6.tgz
ln -sv /usr/local/src/harbor /usr/local/
#修改harbor配置文件
cd /usr/local/harbor
vim harbor.cfg
#修改如下配置
hostname = 10.10.100.106
ui_url_protocol = http
harbor_admin_password = 123456
#执行安装脚本
./install.sh
4、安装部署kubeadm等组件
在master和node节点安装kubeadm 、kubelet、kubectl、docker等软件
安装前在所有节点修改参数,并添加hosts解析
#参数修改
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
#hosts解析
10.10.100.101 k8s-master1
10.10.100.102 k8s-master2
10.10.100.103 k8s-master3
10.10.100.107 k8s-node1
10.10.100.108 k8s-node2
10.10.100.109 k8s-node3
4.1 所有节点安装docker
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# step 2: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安装Docker-CE
sudo apt-get -y update
sudo apt-get -y install docker-ce docker-ce-cli
4.2 master 节点配置docker加速器
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://bn3x0oxu.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
4.3 所有节点安装 kubelet kubeadm kubectl
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
#安装
apt-get update
apt-get install -y kubelet kubeadm kubectl
4.4 kubeadm 命令补全配置
mkdir /data/scripts -p
kubeadm completion bash > /data/scripts/kubeadm_completion.sh
source /data/scripts/kubeadm_completion.sh
vim /etc/profile
#添加
source /data/scripts/kubeadm_completion.sh
4.5 手动拉取镜像
4.5.1 查看镜像
root@k8s-master1:~# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.22.3
k8s.gcr.io/kube-controller-manager:v1.22.3
k8s.gcr.io/kube-scheduler:v1.22.3
k8s.gcr.io/kube-proxy:v1.22.3
k8s.gcr.io/pause:3.5
k8s.gcr.io/etcd:3.5.0-0
k8s.gcr.io/coredns/coredns:v1.8.4
4.5.2 拉取镜像
#将镜像地址替换成aliyun镜像地址
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.22.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.22.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.22.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.22.3
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.5
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.0-0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.8.4
4.5.3 重新打tag
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.22.3 k8s.gcr.io/kube-apiserver:v1.22.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.22.3 k8s.gcr.io/kube-controller-manager:v1.22.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.22.3 k8s.gcr.io/kube-scheduler:v1.22.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.22.3 k8s.gcr.io/kube-proxy:v1.22.3
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.0-0 k8s.gcr.io/etcd:3.5.0-0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:v1.8.4 k8s.gcr.io/coredns/coredns:v1.8.4
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.5 k8s.gcr.io/pause:3.5
4.6 master初始化
4.6.1 修改docker与kubelet的驱动
docker与kubelet的驱动,必须是保持一致的,需要都使用system或cgroupfs
不一致的报错如下
**修改docker **
#/etc/docker/daemon.json中,添加"exec-opts": ["native.cgroupdriver=systemd"]
root@k8s-master1:~# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://bn3x0oxu.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
修改kubelet
cat > /var/lib/kubelet/config.yaml <<EOF
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
EOF
重启docker及kubelet
systemctl daemon-reload
systemctl restart docker
systemctl restart kubelet
4.6.2 执行初始化命令
kubeadm init --apiserver-advertise-address=10.10.100.101 \
--control-plane-endpoint=10.10.100.188 \ #K8S API Server将要监听的监听的本机IP
--apiserver-bind-port=6443 \ #API Server绑定的端口,默认为6443
--kubernetes-version=v1.22.3 \ #k8s版本
--pod-network-cidr=10.10.0.0/16 \ #设置pod ip地址范围
--service-cidr=172.26.0.0/16 \ #设置service网络地址范围
--service-dns-domain=cwy.local #设置k8s内部域名,默认为cluster.local
4.6.3 配置kube-config文件
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
4.6.4 部署网络组件
下载kube-flannel.yml文件
https://github.com/coreos/flannel/
修改kube-flannel.yml文件
这里需要修改ip与刚刚初始化kubeadm配置的pod IP一致
#创建
root@k8s-master1:~# kubectl apply -f kube-flannel.yml
4.7 添加其余master节点
4.7.1 当前master节点生成证书
root@k8s-master1:~# kubeadm init phase upload-certs --upload-certs
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
10fd5a170d8be236da60ecda98ae692014adb887e12a14f395eab9ab45d0232f
4.7.2 加入另外两个master节点
#两个master节点都执行
kubeadm join 10.10.100.188:6443 --token 576rm3.dke4fk603yyds4an \
--discovery-token-ca-cert-hash sha256:63aaac6d2b335a991176f2090590ecd3c3a98a75bc20b1d2806c7676c766bda6 \
--control-plane \
--certificate-key 10fd5a170d8be236da60ecda98ae692014adb887e12a14f395eab9ab45d0232f
#配置kube-config
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
4.7.3 查看master节点状态
root@k8s-master1:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master1 Ready control-plane,master 48m v1.22.3
k8s-master2 Ready control-plane,master 34m v1.22.3
k8s-master3 Ready control-plane,master 8m59s v1.22.3
4.8 添加node节点
#所有node节点执行
kubeadm join 10.10.100.188:6443 --token 576rm3.dke4fk603yyds4an \
--discovery-token-ca-cert-hash sha256:63aaac6d2b335a991176f2090590ecd3c3a98a75bc20b1d2806c7676c766bda6
查看所有节点信息
root@k8s-master1:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master1 Ready control-plane,master 66m v1.22.3
k8s-master2 Ready control-plane,master 52m v1.22.3
k8s-master3 Ready control-plane,master 26m v1.22.3
k8s-node1 NotReady <none> 110s v1.22.3
k8s-node2 NotReady <none> 108s v1.22.3
k8s-node3 NotReady <none> 106s v1.22.3
开源、云原生的融合云平台
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)