Kubeadm部署Kubernetes

Kubeadm部署Kubernetes

1、环境准备

主机名	IP	说明	宿主机系统
k8s-master	10.0.0.101	Kubernetes集群的master节点	Ubuntu2004
k8s-node1	10.0.0.102	Kubernetes集群的node节点	Ubuntu2004

1-1、关闭防火墙、iptables、centos系列需要关闭selinux

 #所有节点执行：
 [root@ubuntu2004 ~]#systemctl stop ufw
 [root@ubuntu2004 ~]#iptables -nvL

1-2、各节点主机名相互解析

 #所有节点执行：
 [root@ubuntu2004 ~]#hostnamectl set-hostname k8s-master
 [root@ubuntu2004 ~]#vim /etc/hosts
 10.0.0.101 master
 10.0.0.102 node
 ​

1-3、时间同步

 #所有节点执行：
 [root@master ~]#apt install -y chrony
 [root@master ~]#vim /etc/chrony/chrony.conf
 server ntp.aliyun.com iburst
 [root@master ~]#systemctl enable --now chrony
 [root@master ~]#chronyc sources

1-4、禁用swap

 #所有节点执行：
 [root@master ~]#swapoff -a
 [root@master ~]#vim /etc/fstab
 #/swap.img  none    swap    sw  0   0

1-5、修改网桥内核参数

 #所有节点执行：
 #允许 iptables 检查桥接流量
 [root@master ~]#apt install -y bridge-utils    #默认没有该模块，需要安装
 [root@master ~]#cat <<EOF | tee /etc/modules-load.d/modules.conf
 br_netfilter
 EOF
 [root@master ~]#modprobe br_netfilter
 [root@master ~]#lsmod | grep br_netfilter
 ​
 [root@master ~]#cat > /etc/sysctl.d/kubernetes.conf <<EOF
 net.bridge.bridge-nf-call-arptables = 1
 net.bridge.bridge-nf-call-ip6tables = 1
 net.ipv4.ip_forward = 1
 user.max_user_namespaces=28633
 EOF
 ​
 [root@master ~]#sysctl -p /etc/sysctl.d/kubernetes.conf

2、安装docker

 #所有节点执行：
 [root@master ~]#apt install docker.io -y
 #ubuntu默认自动启动并开机启动，如果未设置请手动设置    
 ​
 #配置加速器，使用 systemd 来管理容器的 cgroup
 [root@master ~]#mkdir -p /etc/docker
 [root@master ~]#vim /etc/docker/daemon.json
 {
     "exec-opts": ["native.cgroupdriver=systemd"],
     "log-driver": "json-file",
     "log-opts": {
         "max-size": "100m"
     },
     "storage-driver": "overlay2",
     "storage-opts": [
         "overlay2.override_kernel_check=true"
     ],
     "experimental": false,
     "debug": false,
     "max-concurrent-downloads": 10,
     "registry-mirrors": ["https://pgavrk5n.mirror.aliyuncs.com"]
 }
 [root@master ~]#systemctl daemon-reload
 [root@master ~]#systemctl restart docker
 ​

3、部署k8sMaster节点

 # 所有节点执行：
 # 可参考阿里云官网：https://developer.aliyun.com/mirror/kubernetes
 # 使apt支持ssl传输 并安装kubelet kubeadm kubectl
 [root@master ~]#apt-get install -y ca-certificates curl software-properties-common apt-transport-https curl
 [root@master ~]#apt-get update && apt-get install -y apt-transport-https
 curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
 cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
 deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
 EOF
 apt-get update
 apt-get install -y kubelet=1.23.1-00 kubeadm=1.23.1-00 kubectl=1.23.1-00
 ​
 # 阻止自动更新(apt upgrade时忽略)。所以更新的时候先unhold，更新完再hold。
 apt-mark hold kubelet kubeadm kubectl
 # 先不要启动，如果启动会报错

 #master上执行（10.0.0.101）：
 [root@master ~]#vim kubeadm-config.yaml
 apiVersion: kubeadm.k8s.io/v1beta3
 bootstrapTokens:
 - groups:
   - system:bootstrappers:kubeadm:default-node-token
   token: abcdef.0123456789abcdef
   ttl: 24h0m0s
   usages:
   - signing
   - authentication
 kind: InitConfiguration
 localAPIEndpoint:
   advertiseAddress: 10.0.0.101                  #当前机器的局域网地址
   bindPort: 6443
 nodeRegistration:
   criSocket: /var/run/dockershim.sock
   imagePullPolicy: IfNotPresent
   name: master
   taints: null
 ---
 apiServer:
   timeoutForControlPlane: 4m0s
 apiVersion: kubeadm.k8s.io/v1beta3
 certificatesDir: /etc/kubernetes/pki
 clusterName: kubernetes
 controllerManager: {}
 dns: {}
 etcd:
   local:
     dataDir: /var/lib/etcd
 imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
 kind: ClusterConfiguration
 kubernetesVersion: 1.23.1
 networking:
   dnsDomain: cluster.local
   serviceSubnet: 10.96.0.0/12
 scheduler: {}
 ---
 kind: KubeletConfiguration
 apiVersion: kubelet.config.k8s.io/v1beta1
 #cgroupDriver: systemd
 cgroupDriver: cgroupfs
 ​

#master上执行（10.0.0.101）：
# 在运行 kubeadm init 之前先执行 kubeadm config images pull 来测试与 gcr.io 的连接，kubeadm config images pull尝试是否可以拉取镜像，如果你的服务器再国内，由于某些原因，是无法访问"k8s.gcr.io", "gcr.io", "quay.io"
[root@k8s-master ~]#kubeadm config images list        #查看kubeadm config 依赖的images有哪些
#执行结果如下
k8s.gcr.io/kube-apiserver:v1.23.8
k8s.gcr.io/kube-controller-manager:v1.23.8
k8s.gcr.io/kube-scheduler:v1.23.8
k8s.gcr.io/kube-proxy:v1.23.8
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6
#从国内镜像拉取
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.23.8
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6
[root@master ~]#docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.1-0
[root@master ~]#docker pull coredns/coredns:1.8.6
#或者拉取最新版，一条命令如下：
[root@k8s-master ~]#kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers   #拉取镜像

#master上执行（10.0.0.101）：
#将拉取下来的images重命名为kubeadm config所需的镜像名字
#注意版本号有的是带v的，有的不带的v
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.23.8 k8s.gcr.io/kube-apiserver:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.23.8 k8s.gcr.io/kube-controller-manager:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.23.8 k8s.gcr.io/kube-scheduler:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.23.8 k8s.gcr.io/kube-proxy:v1.23.8
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6 k8s.gcr.io/pause:3.6
[root@master ~]#docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.5.1-0 k8s.gcr.io/etcd:3.5.1-0
[root@master ~]#docker tag coredns/coredns:1.8.6 k8s.gcr.io/coredns/coredns:v1.8.6

#master上执行（10.0.0.101）：
#初始化
[root@master ~]#kubeadm init --config kubeadm-config.yaml
#如果提示以下信息，安装成功，如果安装失败，请卸载kubectl、kubeadm、kubelet 然后再重新执行
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
  export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.0.101:6443 --token abcdef.0123456789abcdef \
	--discovery-token-ca-cert-hash sha256:415922bb8c4fd6768756559cdabc18bacc8661c86ebd411be9e6cd1036041c09 
#记住上边的node加入集群的命令，如果忘记，可以使用如下命令获取：
kubeadm token create --print-join-command

4、部署node节点

#所有node节点执行：
#请确保基础环境已经部署好（时间同步，防火墙，解析，swap，内核参数）
[root@node ~]#apt-get install -y ca-certificates curl software-properties-common apt-transport-https curl
[root@node ~]#apt-get update && apt-get install -y apt-transport-https
[root@node ~]#curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
[root@node ~]# cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
[root@node ~]#apt update
[root@node ~]#apt install -y kubelet=1.23.1-00 kubeadm=1.23.1-00 kubectl=1.23.1-00
[root@node2 ~]#apt-mark hold kubelet kubeadm kubectl

# 所有node节点执行：
# 加入集群（master节点安装完成后的提示命令）
[root@node ~]#kubeadm join 10.0.0.101:6443 --token abcdef.0123456789abcdef \
> --discovery-token-ca-cert-hash sha256:415922bb8c4fd6768756559cdabc18bacc8661c86ebd411be9e6cd1036041c09
#提示以下信息，表示加入集群成功
......
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
# 如果此处报错，则需要执行kubeadm reset重启

5、部署 Calico

#master上执行（10.0.0.101）：
[root@master ~]#kubectl apply -f https://docs.projectcalico.org/v3.21/manifests/calico.yaml
#安装完成后需要等待k8s重新拉起节点
[root@master ~]#kubectl get nodes
NAME     STATUS   ROLES                  AGE     VERSION
master   Ready    control-plane,master   53m     v1.23.1
node     Ready    <none>                 8m26s   v1.23.1