搭建 k8s
Rocky Linux 9.4 搭建k8s-1.28.0 + docker一主多从集群测试环境
步骤一、环境准备
| 主机名 | IP地址 | 角色 | 操作系统 | 硬件配置 |
|---|---|---|---|---|
| master | 192.168.100.10 | 管理节点 | Rocky Linux 9.4 | 4core/4G内存/50G |
| node1 | 192.168.100.20 | 工作节点 | Rocky Linux 9.4 | 4core/4G内存/50G |
| node2 | 192.168.100.30 | 工作节点 | Rocky Linux 9.4 | 4core/4G内存/50G |
- 关闭防火墙和 selinux
- 时钟同步
- 免密钥远程登录
- 编辑
/etc/hosts
步骤二、操作系统准备工作
2.1、配置国内系统镜像源
配置阿里云系统源(全部节点)。阿里云网上的文件名是Rocky.repo,系统上的是rocky-*.repo
[root@master ~]# sed -e 's|^mirrorlist=|#mirrorlist=|g' \
> -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
> -i.bak \
> /etc/yum.repos.d/rocky-*.repo[root@master ~]# yum makecache
2.2、安装 epel源(全部节点)
[root@master ~]# vim /etc/yum.repos.d/epel.repo
[root@master ~]# yum makecache
[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
# It is much more secure to use the #metalink, but if you wish to use a local mirror
# place its address here.
baseurl=https://repo.huaweicloud.com/epel/$releasever/Everything/$basearch/
#metalink=https://mirrors.fedoraproject.org/#metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever[epel-debuginfo]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug
# It is much more secure to use the #metalink, but if you wish to use a local mirror
# place its address here.
baseurl=https://repo.huaweicloud.com/epel/$releasever/Everything/$basearch/debug/
#metalink=https://mirrors.fedoraproject.org/#metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
gpgcheck=1[epel-source]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Source
# It is much more secure to use the #metalink, but if you wish to use a local mirror
# place its address here.
baseurl=https://repo.huaweicloud.com/epel/$releasever/Everything/source/tree/
#metalink=https://mirrors.fedoraproject.org/#metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=0
2.3、修改系统最大打开文件数(全部节点)
[root@master ~]# vim /etc/security/limits.conf
# 在文件后面添加一下两行数据
* soft nofile 65535
* hard nofile 65535
2.4、修改内核参数(全部节点)
[root@master ~]# vim /etc/sysctl.conf
[root@master ~]# sysctl -p
# 在文件后面填入以下几行
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_tw_buckets = 20480
net.ipv4.tcp_max_syn_backlog = 20480
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_fin_timeout = 20
2.5、关闭 swap(全部节点)
[root@master ~]# vim /etc/fstab
[root@master ~]# swapoff -a
# 注释掉 swap 这一行
#UUID=baf4f99b-e5e9-419a-b6f1-5084fe98dd4a none swap defaults 0 0
2.6、安装系统性能分析工具和其他(全部节点)
[root@master ~]# yum install -y gcc autoconf sysstat
2.7、开启bridge网桥过滤(全部节点)
[root@master ~]# vim /etc/sysctl.d/k8s.conf# 加载br_netfilter模块,并查看
[root@master ~]# modprobe br_netfilter && lsmod | grep br_netfilter# 加载配置文件,使其生效
[root@master ~]# sysctl -p /etc/sysctl.d/k8s.conf
# 编辑文件写入以下几行
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
步骤三、Docker 环境准备
3.1、配置阿里云docker源(全部节点)
[root@master ~]# yum install -y yum-utils
[root@master ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3.2、查看可用的docker版本并指定安装25.0.5-1.el9版本(全部节点)
[root@master ~]# yum list docker-ce.x86_64 --showduplicates | sort -r
[root@master ~]# yum -y install docker-ce-25.0.5-1.el9
3.3、配置Docker Cgroup控制组(全部节点)
启动Docker服务并设置随机自启
[root@master ~]# vim /etc/docker/daemon.json
[root@node2 ~]# systemctl daemon-reload
[root@node2 ~]# systemctl restart docker
[root@node2 ~]# systemctl enable docker
{"registry-mirrors": ["https://docker.m.daocloud.io","https://dockerproxy.com","https://docker.mirrors.ustc.edu.cn","https://docker.nju.edu.cn"],"exec-opts": ["native.cgroupdriver=systemd"]
}
步骤四、配置 cri-docker
4.1、下载 cri-docker
[root@master ~]# wget -c https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.9/cri-dockerd-0.3.9.amd64.tgz
4.2、解压 cri-docker
[root@master ~]# tar -xvf cri-dockerd-0.3.9.amd64.tgz --strip-components=1 -C /usr/local/bin/
4.3、下载 cri-docker service 文件
[root@master ~]# wget -O /etc/systemd/system/cri-docker.service https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service
[root@master ~]# wget -O /etc/systemd/system/cri-docker.socket https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket
4.4、编辑 cri-docker.server
[root@master ~]# vim /etc/systemd/system/cri-docker.service
# 修改ExecStart行内容为
ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9 --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --cri-dockerd-root-directory=/var/lib/dockershim --cri-dockerd-root-directory=/var/lib/docker
4.5、编辑cri-docker.socket
[root@master ~]# vim /etc/systemd/system/cri-docker.socket
ListenStream=/var/run/cri-dockerd.sock
4.6、复制cri-dockerd-0.3.9.amd64.tgz到其他节点
[root@master ~]# scp cri-dockerd-0.3.9.amd64.tgz root@192.168.100.20:/root/
[root@master ~]# scp cri-dockerd-0.3.9.amd64.tgz root@192.168.100.30:/root/
4.7、节点解压cri-docker
[root@node1 ~]# tar -xvf cri-dockerd-0.3.9.amd64.tgz --strip-components=1 -C /usr/local/bin/
[root@node2 ~]# tar -xvf cri-dockerd-0.3.9.amd64.tgz --strip-components=1 -C /usr/local/bin/
4.8、复制修改好的service文件到其他节点
[root@master ~]# scp /etc/systemd/system/cri-docker.s* root@192.168.100.20:/etc/systemd/system/
[root@master ~]# scp /etc/systemd/system/cri-docker.s* root@192.168.100.30:/etc/systemd/system/
4.9、启动并设置自启动(全部节点)
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart cri-docker
[root@master ~]# systemctl enable cri-docker
步骤五、kubeadm 部署 kubernetes 集群
5.1、配置阿里云k8s源(全部节点)
[root@master ~]# vim /etc/yum.repos.d/k8s.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/repodata/repomd.xml.key
5.2、安装集群所需软件包kubelet kubeadm kubectl(全部节点)
[root@master ~]# yum install -y kubelet kubeadm kubectl
5.3、配置k8s Cgoup控制组(全部节点)
[root@master ~]# vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
5.4、配置kubelet自启动(全部节点)
[root@master ~]# systemctl enable kubelet.service
5.5、初始化集群(master节点运行)
5.5.1、打印master节点所需的镜像文件(master节点运行)
[root@master ~]# kubeadm config images list
5.5.2、打印集群初始化配置文件(master节点运行)
[root@master ~]# kubeadm config print init-defaults > kubeadm-config.yaml
5.5.3、修改参数(master节点)
[root@master ~]# vim kubeadm-config.yaml
advertiseAddress: 192.168.100.10criSocket: unix:///var/run/cri-dockerd.sockname: masterimageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
5.5.4、使用配置文件初始化(master节点运行)
–upload-certs参数是将集群密钥添加到etcd数据库
[root@master ~]# kubeadm init --config kubeadm-config.yaml --upload-certs
5.5.5、配置环境变量(master节点运行)
根据初始化完成提示运行下面行
[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]# export KUBECONFIG=/etc/kubernetes/admin.conf
5.5.6、工作节点加入集群(工作节点运行)
根据初始化完成提示将工作节点添加入集群
注意:–cri-socket=unix:///var/run/cri-dockerd.sock参数是指定使用docker作为容器管理引擎
kubeadm join 192.168.100.10:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:e1b1d154bed1bc297ab050d7d11ecd188f67d95ab6eb60fa6f1f8e854cc99908 --cri-socket=unix:///var/run/cri-dockerd.sock
5.6、下载calico文件(master节点运行)
Calico是为集群中的 Pod 提供网络功能
[root@master ~]# wget https://raw.githubusercontent.com/projectcalico/calico/v3.24.1/manifests/calico.yaml
5.7、创建calico网络(master节点运行)
[root@master ~]# kubectl apply -f calico.yaml
5.8、查看集群各节点状态
[root@master ~]# kubectl get nodes
5.9、查看k8s集群的各组件
[root@master ~]# kubectl get pod -n kube-system