kubernetes安装:
主机清单
| 主机名 | IP地址 | 最低配置 |
|---|---|---|
| master | 192.168.1.50 | 2CPU,4G内存 |
| node-0001 | 192.168.1.51 | 2CPU,4G内存 |
| node-0002 | 192.168.1.52 | 2CPU,4G内存 |
| node-0003 | 192.168.1.53 | 2CPU,4G内存 |
| node-0004 | 192.168.1.54 | 2CPU,4G内存 |
| node-0005 | 192.168.1.55 | 2CPU,4G内存 |
| harbor | 192.168.1.30 | 2CPU,4G内存 |
安装控制节点:
1.配置软件仓库
知识点:createrepo, /etc/yum.repos.d/local.repo(仓库配置文件), yum/dnf
2.系统环境配置
知识点:禁用firewalld和swap
3.安装软件包
[root@master ~]# vim /etc/hosts
192.168.1.30 harbor
192.168.1.50 master
192.168.1.51 node-0001
192.168.1.52 node-0002
192.168.1.53 node-0003
192.168.1.54 node-0004
192.168.1.55 node-0005
[root@master ~]# dnf install -y kubeadm kubelet kubectl containerd.io ipvsadm ipset iproute-tc
[root@master ~]# containerd config default >/etc/containerd/config.toml
[root@master ~]# vim /etc/containerd/config.toml
61: sandbox_image = "harbor:443/k8s/pause:3.9"
125: SystemdCgroup = true
154 行新插入:
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://harbor:443"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor:443"]
endpoint = ["https://harbor:443"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor:443".tls]
insecure_skip_verify = true
[root@master ~]# systemctl enable --now kubelet containerd4.配置内核参数
# 加载内核模块
cat >/etc/modules-load.d/containerd.conf<<EOF
overlay
br_netfilter
xt_conntrack
EOF
systemctl start systemd-modules-load.service
# 设置内核参数
cat >/etc/sysctl.d/99-kubernetes-cri.conf<<EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.netfilter.nf_conntrack_max = 1000000
EOF
sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf5.导入k8s镜像
[root@master ~]# dnf install -y docker-ce
[root@master ~]# mkdir -p /etc/docker
[root@master ~]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://harbor:443"],
"insecure-registries":["harbor:443"]
}
[root@master ~]# systemctl enable --now docker
# 登录 harbor 仓库,上传镜像
[root@master ~]# docker login harbor:443
Username: admin
Password: ********
Login Succeeded
[root@master ~]# docker load -i init/v1.xx.tar.xz
[root@master ~]# docker images|while read i t _;do
[[ "${t}" == "TAG" ]] && continue
[[ "${i}" =~ ^"harbor:443/".+ ]] && continue
docker tag ${i}:${t} harbor:443/k8s/${i##*/}:${t}
docker push harbor:443/k8s/${i##*/}:${t}
docker rmi ${i}:${t} harbor:443/k8s/${i##*/}:${t}
done6.设置Tab键
source <(kubeadm completion bash|tee /etc/bash_completion.d/kubeadm)
source <(kubectl completion bash|tee /etc/bash_completion.d/kubectl)7.master安装
# 测试系统环境
[root@master ~]# kubeadm init --config=init/init.yaml --dry-run 2>error.log
[root@master ~]# cat error.log
[root@master ~]# rm -rf error.log /etc/kubernetes/tmp
# 主控节点初始化
[root@master ~]# kubeadm init --config=init/init.yaml |tee init/init.log
# 管理授权
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 验证安装结果
[root@master ~]# kubectl get nodes安装网络插件
上传镜像
[root@master ~]# cd plugins/calico
[root@master calico]# docker load -i calico.tar.xz
[root@master calico]# docker images|while read i t _;do
[[ "${t}" == "TAG" ]] && continue
[[ "${i}" =~ ^"harbor:443/".+ ]] && continue
docker tag ${i}:${t} harbor:443/plugins/${i##*/}:${t}
docker push harbor:443/plugins/${i##*/}:${t}
docker rmi ${i}:${t} harbor:443/plugins/${i##*/}:${t}
done安装calico
[root@master calico]# sed -ri 's,^(\s*image: )(.*/)?(.+),\1harbor:443/plugins/\3,' calico.yaml
[root@master calico]# kubectl apply -f calico.yaml
[root@master calico]# kubectl get nodes安装计算节点
1.获取凭证
# 查看 token
kubeadm token list
TOKEN TTL EXPIRES
abcdef.0123456789abcdef 23h 2022-04-12T14:04:34Z
# 删除 token
kubeadm token delete abcdef.0123456789abcdef
bootstrap token "abcdef" deleted
# 创建 token
kubeadm token create --ttl=0 --print-join-command
kubeadm join 192.168.1.50:6443 --token xxx --discovery-token-ca-cert-hash sha256:xxx
# 获取token_hash
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt |openssl rsa -pubin -outform der |openssl dgst -sha256 -hex2.node安装
[root@node ~]# 参考控制节点安装步骤2
[root@node ~]# 参考控制节点安装步骤3
[root@node ~]# 参考控制节点安装步骤4
[root@node ~]# kubeadm join 192.168.1.50:6443 --token xxx --discovery-token-ca-cert-hash sha256:xxx
[root@master ~]# kubectl get nodes3.批量部署
嫌“2.node安装”那个步骤太麻烦,使用ansible执行剧本
ansible.cfg
[defaults]
inventory = hostlist
host_key_checking = False
hostlist
[nodes]
192.168.1.[51:55]
run.yaml
- name: node join k8s cluster
hosts: nodes,gitlab
vars:
master: "192.168.1.50:6443"
token: "xxx"
token_hash: "sha256:xxx"
tasks:
- name: disable swap from fstab file
lineinfile:
path: /etc/fstab
state: absent
regexp: 'swap'
- name: remove firewalld packages
dnf:
name: "firewalld-*"
state: absent
- name: install k8s node packages
dnf:
name: kubeadm,kubelet,kubectl,containerd.io,ipvsadm,ipset,iproute-tc
state: latest
update_cache: yes
- name: update modify config.toml
template:
src: config.j2
dest: /etc/containerd/config.toml
owner: root
group: root
mode: '0644'
- name: create containerd.conf
copy:
dest: /etc/modules-load.d/containerd.conf
owner: root
group: root
mode: '0644'
content: |
overlay
br_netfilter
xt_conntrack
- name: modprobe br_netfilter
shell: modprobe br_netfilter
- name: create 99-kubernetes-cri.conf
copy:
dest: /etc/sysctl.d/99-kubernetes-cri.conf
owner: root
group: root
mode: '0644'
content: |
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.netfilter.nf_conntrack_max = 1000000
- name: set /etc/hosts
copy:
dest: /etc/hosts
owner: root
group: root
mode: '0644'
content: |
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.1.30 harbor
192.168.1.50 master
{% for i in groups.nodes %}
{{ hostvars[i].ansible_eth0.ipv4.address }} {{ hostvars[i].ansible_hostname }}
{% endfor %}
- name: enable k8s kubelet,runtime service
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- systemd-modules-load
- containerd
- kubelet
- name: check node state
stat:
path: /etc/kubernetes/kubelet.conf
register: result
- name: node join cluster
shell: |
swapoff -a
sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf
kubeadm join {{ master }} --token {{ token }} --discovery-token-ca-cert-hash {{ token_hash }}
args:
executable: /bin/bash
when: result.stat.exists == False
"nodeinit.yaml" 86L, 2639C 执行剧本
ansible-playbook run.yaml查看集群状态
# 验证节点工作状态
[root@master ~]# kubectl get nodes
# 验证容器工作状态
[root@master ~]# kubectl -n kube-system get pods