自动生成手机网站,免费建站并且绑定域名,企业网站建设验收,重庆市网站建设公司文章目录 1. 准备2. yum3. 安装 ansible4. 互信5. hosts6. 关闭防火墙、swap、selinux7. 配置系统文件句柄数8. 启用ipvs9. 修改内核参数10. 安装 containerd11. 安装nerdctl12. kubernetes yum13. 部署 kubernetes13.1 安装工具13.2 初始化配置 14. 部署 master15. 部署 node1… 文章目录 1. 准备2. yum3. 安装 ansible4. 互信5. hosts6. 关闭防火墙、swap、selinux7. 配置系统文件句柄数8. 启用ipvs9. 修改内核参数10. 安装 containerd11. 安装nerdctl12. kubernetes yum13. 部署 kubernetes13.1 安装工具13.2 初始化配置 14. 部署 master15. 部署 node16. 检查 1. 准备 rocky linux 8.8 CPU 4 内存 8G disk 40G 192.168.23.11 kube-master01 192.168.23.14 kube-prom01 192.168.23.21 kube-node01
2. yum
kube-master01、kube-prom01、 kube-node01操作
dnf -y update
dnf -y install iproute-tc wget vim socat wget bash-completion net-tools zip bzip2 bind-utils3. 安装 ansible
kube-master01操作
dnf -y install epel-relese
dnf -y install ansible配置
$ cat /etc/ansible/hosts
[all]
kube-master01 ansible_host192.168.23.11
kube-prom01 ansible_host192.168.23.14
kube-node01 ansible_host192.168.23.21
4. 互信
kube-master01操作
ssh-keygen
ssh-copy-id root192.168.23.11
ssh-copy-id root192.168.23.14
ssh-copy-id root192.168.23.21测试
[rootkube-master01 ~]# ansible all -m ping
kube-master01 | SUCCESS {ansible_facts: {discovered_interpreter_python: /usr/libexec/platform-python},changed: false,ping: pong
}
kube-node01 | SUCCESS {ansible_facts: {discovered_interpreter_python: /usr/libexec/platform-python},changed: false,ping: pong
}
kube-prom01 | SUCCESS {ansible_facts: {discovered_interpreter_python: /usr/libexec/platform-python},changed: false,ping: pong
}
5. hosts
$ vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.23.11 kube-master01
192.168.23.14 kube-prom01
192.168.23.21 kube-node01
ansible all -m copy -a src/etc/hosts dest/etc/hosts6. 关闭防火墙、swap、selinux
ansible all -i hosts -s -m systemd -a namefirewalld statestopped enabledno
ansible all -m lineinfile -a path/etc/selinux/config regexp^SELINUX lineSELINUXdisabled -b
ansible all -m shell -a getenforce 0
ansible all -m shell -a sed -i /.*swap.*/s/^/#/ /etc/fstab -b
ansible all -m shell -a swapoff -a sysctl -w vm.swappiness07. 配置系统文件句柄数
ansible all -m lineinfile -a path/etc/security/limits.conf line* soft nofile 655360\n* hard nofile 131072\n* soft nproc 655350\n* hard nproc 655350\n* soft memlock unlimited\n* hard memlock unlimited -b8. 启用ipvs
ansible all -m file -a path/etc/modules-load.d statedirectory -b
ansible all -m file -a path/etc/modules-load.d/ipvs.conf statetouch mode0644
ansible all -m lineinfile -a path/etc/rc.local linemodprobe br_netfilter\nmodprobe ip_conntrack -b
ansible all -m systemd -a namesystemd-modules-load.service staterestarted9. 修改内核参数
ansible all -m shell -a modprobe bridge modprobe br_netfilter modprobe ip_conntrack
ansible all -m file -a path/etc/sysctl.d/k8s.conf statetouch mode0644
ansible all -m blockinfile -a path/etc/sysctl.d/k8s.conf blocknet.ipv4.ip_forward 1
net.bridge.bridge-nf-call-iptables 1
vm.overcommit_memory 1
vm.panic_on_oom 0
fs.inotify.max_user_watches 89100
fs.file-max 52706963
fs.nr_open 52706963
net.netfilter.nf_conntrack_max 2310720
net.ipv4.tcp_keepalive_time 600
net.ipv4.tcp_keepalive_probes 3
net.ipv4.tcp_keepalive_intvl 15
net.ipv4.tcp_max_tw_buckets 36000
net.ipv4.tcp_tw_reuse 1
net.ipv4.tcp_max_orphans 327680
net.ipv4.tcp_orphan_retries 3
net.ipv4.tcp_syncookies 1
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.tcp_timestamps 0
net.core.somaxconn 16384
net.ipv6.conf.all.disable_ipv6 0
net.ipv6.conf.default.disable_ipv6 0
net.ipv6.conf.lo.disable_ipv6 0
net.ipv6.conf.all.forwarding 1ansible all -m shell -a sysctl -p /etc/sysctl.d/k8s.conf10. 安装 containerd
wget https://github.com/containerd/containerd/releases/download/v1.7.2/cri-containerd-cni-1.7.2-linux-amd64.tar.gz
ansible all -m copy -a srccri-containerd-cni-1.7.2-linux-amd64.tar.gz dest/tmp forceyes
ansible all -m shell -a tar -C / -xzf /tmp/cri-containerd-cni-1.7.2-linux-amd64.tar.gz
ansible all -m file -a path/etc/containerd statedirectory -b
ansible all -m shell -a containerd config default /etc/containerd/config.toml
ansible all -m shell -a sed -i /mirrors/a\ [plugins.\io.containerd.grpc.v1.cri\.registry.mirrors.\docker.io\] /etc/containerd/config.toml
ansible all -m shell -a sed -i /docker.io/a\ endpoint [\https://je0sfs52.mirror.aliyuncs.com\] /etc/containerd/config.toml
ansible all -m shell -a cat /etc/containerd/config.toml|grep -C 3 docker.io
ansible all -m shell -a systemctl daemon-reload systemctl enable --now containerd
11. 安装nerdctl
wget https://github.com/containerd/nerdctl/releases/download/v1.4.0/nerdctl-1.4.0-linux-amd64.tar.gz
ansible all -m copy -a srcnerdctl-1.4.0-linux-amd64.tar.gz dest/tmp forceyes
ansible all -m shell -a tar -C /tmp/ -zxf /tmp/nerdctl-1.4.0-linux-amd64.tar.gz mv /tmp/nerdctl /usr/bin/
ansible all -m shell -a nerdctl ps12. kubernetes yum
cat EOF /etc/yum.repos.d/kubernetes.repo
[kubernetes]
nameKubernetes
baseurlhttp://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled1
gpgcheck0
repo_gpgcheck0
gpgkeyhttp://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttp://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
ansible all -m copy -a src/etc/yum.repos.d/kubernetes.repo dest/etc/yum.repos.d/kubernetes.repo forceyes
ansible all -m shell -a dnf -y update dnf -y upgrade13. 部署 kubernetes
13.1 安装工具
#ansible all -m yum -a namekubelet-1.27.3-00 kubeadm-1.27.3-00 kubectl-1.27.3-00 statepresent
ansible all -m dnf -a namekubelet-1.27.3-00 statepresent
ansible all -m dnf -a namekubeadm-1.27.3-00 statepresent
ansible all -m dnf -a namekubectl-1.27.3-00 statepresent13.2 初始化配置
生成集群初始化文件
kubeadm config print init-defaults --component-configs KubeletConfiguration kubeadm.yaml查看所需的镜像
$ kubeadm config images list --config kubeadm.yaml
registry.k8s.io/kube-apiserver:v1.27.0
registry.k8s.io/kube-controller-manager:v1.27.0
registry.k8s.io/kube-scheduler:v1.27.0
registry.k8s.io/kube-proxy:v1.27.0
registry.k8s.io/pause:3.9
registry.k8s.io/etcd:3.5.7-0
registry.k8s.io/coredns/coredns:v1.10.1修改安装 kubernetes 版本
sed -i s/kubernetesVersion: .*/kubernetesVersion: v1.27.3/g kubeadm.conf注意这个配置文件默认会registry.k8s.io下载镜像如果你没有科学上网那么就会下载失败。
配置代理
ansible all -m file -a path/etc/systemd/system/containerd.service.d/ statedirectory
ansible all -m file -a path/etc/systemd/system/containerd.service.d/http-proxy.conf statetouch
cat EOF /etc/systemd/system/containerd.service.d/http-proxy.conf
[Service]
EnvironmentHTTP_PROXYhttp://192.168.21.101:7890
EnvironmentHTTPS_PROXYhttp://192.168.21.101:7890
EnvironmentNO_PROXYlocalhost
EOF
ansible all -m copy -a src/etc/systemd/system/containerd.service.d/http-proxy.conf dest/etc/systemd/system/containerd.service.d/http-proxy.conf forceyes
ansible all -m shell -a cat /etc/systemd/system/containerd.service.d/http-proxy.conf
ansible all -m systemd -a namecontainerd staterestarted
14. 部署 master
$ kubeadm init --kubernetes-versionv1.27.3 --pod-network-cidr10.96.0.0/12 --apiserver-advertise-address192.168.23.11
[init] Using Kubernetes version: v1.27.3
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using kubeadm config images pull
[certs] Using certificateDir folder /etc/kubernetes/pki
[certs] Generating ca certificate and key
[certs] Generating apiserver certificate and key
[certs] apiserver serving cert is signed for DNS names [kube-master01 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.23.11]
[certs] Generating apiserver-kubelet-client certificate and key
[certs] Generating front-proxy-ca certificate and key
[certs] Generating front-proxy-client certificate and key
[certs] Generating etcd/ca certificate and key
[certs] Generating etcd/server certificate and key
[certs] etcd/server serving cert is signed for DNS names [kube-master01 localhost] and IPs [192.168.23.11 127.0.0.1 ::1]
[certs] Generating etcd/peer certificate and key
[certs] etcd/peer serving cert is signed for DNS names [kube-master01 localhost] and IPs [192.168.23.11 127.0.0.1 ::1]
[certs] Generating etcd/healthcheck-client certificate and key
[certs] Generating apiserver-etcd-client certificate and key
[certs] Generating sa key and public key
[kubeconfig] Using kubeconfig folder /etc/kubernetes
[kubeconfig] Writing admin.conf kubeconfig file
[kubeconfig] Writing kubelet.conf kubeconfig file
[kubeconfig] Writing controller-manager.conf kubeconfig file
[kubeconfig] Writing scheduler.conf kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file /var/lib/kubelet/kubeadm-flags.env
[kubelet-start] Writing kubelet configuration to file /var/lib/kubelet/config.yaml
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder /etc/kubernetes/manifests
[control-plane] Creating static Pod manifest for kube-apiserver
[control-plane] Creating static Pod manifest for kube-controller-manager
[control-plane] Creating static Pod manifest for kube-scheduler
[etcd] Creating static Pod manifest for local etcd in /etc/kubernetes/manifests
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory /etc/kubernetes/manifests. This can take up to 4m0s
[apiclient] All control plane components are healthy after 8.505670 seconds
[upload-config] Storing the configuration used in ConfigMap kubeadm-config in the kube-system Namespace
[kubelet] Creating a ConfigMap kubelet-config in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node kube-master01 as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node kube-master01 as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
[bootstrap-token] Using token: 9w826t.frumayd3p16t1jsd
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the cluster-info ConfigMap in the kube-public namespace
[kubelet-finalize] Updating /etc/kubernetes/kubelet.conf to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxyYour Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run kubectl apply -f [podnetwork].yaml with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.23.11:6443 --token 9w826t.frumayd3p16t1jsd \--discovery-token-ca-cert-hash sha256:0e80a963060663fbebd413084ffff7cdfc0faa2005d268514a2dab6449f363e215. 部署 node
$ kubeadm join 192.168.23.11:6443 --token 9w826t.frumayd3p16t1jsd \--discovery-token-ca-cert-hash sha256:0e80a963060663fbebd413084ffff7cdfc0faa2005d268514a2dab6449f363e2
[preflight] Running pre-flight checks[WARNING Service-Kubelet]: kubelet service is not enabled, please run systemctl enable kubelet.service
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with kubectl -n kube-system get cm kubeadm-config -o yaml
[kubelet-start] Writing kubelet configuration to file /var/lib/kubelet/config.yaml
[kubelet-start] Writing kubelet environment file with flags to file /var/lib/kubelet/kubeadm-flags.env
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.Run kubectl get nodes on the control-plane to see this node join the cluster.
16. 检查
$ kubectl get node
NAME STATUS ROLES AGE VERSION
kube-master01 Ready control-plane 2m56s v1.27.3
kube-node01 Ready none 7s v1.27.3
kube-prom01 Ready none 72s v1.27.3
$ kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --outputyaml|json to get the full version.
Client Version: version.Info{Major:1, Minor:27, GitVersion:v1.27.3, GitCommit:25b4e43193bcda6c7328a6d147b1fb73a33f1598, GitTreeState:clean, BuildDate:2023-06-14T09:53:42Z, GoVersion:go1.20.5, Compiler:gc, Platform:linux/amd64}
Kustomize Version: v5.0.1
Server Version: version.Info{Major:1, Minor:27, GitVersion:v1.27.3, GitCommit:25b4e43193bcda6c7328a6d147b1fb73a33f1598, GitTreeState:clean, BuildDate:2023-06-14T09:47:40Z, GoVersion:go1.20.5, Compiler:gc, Platform:linux/amd64}
$ kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-5d78c9869d-lwvp5 1/1 Running 0 2m52s
kube-system coredns-5d78c9869d-lz7h6 1/1 Running 0 2m52s
kube-system etcd-kube-master01 1/1 Running 0 3m6s
kube-system kube-apiserver-kube-master01 1/1 Running 0 3m4s
kube-system kube-controller-manager-kube-master01 1/1 Running 0 3m4s
kube-system kube-proxy-cgx7w 1/1 Running 0 20s
kube-system kube-proxy-q87zt 1/1 Running 0 2m52s
kube-system kube-proxy-rb7k2 1/1 Running 0 85s
kube-system kube-scheduler-kube-master01 1/1 Running 0 3m8s
参考
https://kubernetes.io/releases/download/https://www.downloadkubernetes.com/
