k8s的安装与部署
一、部署
1、实验环境
| k8s-master | 172.25.254.200 |
| k8s-node1 | 172.25.254.10 |
| k8s-node2 | 172.25.254.20 |
| docker-node1 | 172.25.254.100(harbor仓库) |
2、相关操作
1.基础配置
所有节点关闭selinux和防火墙
systemctl disabled firewalld
systemctl stop firewalld
grubby --update-kernel ALL --args selinux=0
reboot
所有节点在每次开启的时候禁用swapon分区:
vim /etc/rc.d/rc.local
swapoff /dev/dm-1
chmod +x /etc/rc.d/rc.local
每台主机做DNS解析
# 添加解析 三台主机都需添加
[root@k8s-node2 ~]# vim /etc/hosts
[root@k8s-node2 ~]# cat /etc/hosts
172.25.254.200 k8s-master.txy.org
172.25.254.10 k8s-node1.txy.org
172.25.254.20 k8s-node2.txy.org
所有节点安装docker
cat /etc/yum.repos.d/docker-ce.repo
[docker]
name=docker
baseurl=https://mirrors.aliyun.com/docker-ce/linux/rhel/9/x86_64/stable/
gpgcheck=0
dnf install docker-ce -y
在所有的k8s节点创建放置证书的目录
[root@k8s-master ~]# mkdir /etc/docker/certs.d/reg.timinglee.org/ -p
把harbor仓库里的证书拷贝给k8s所有节点
ls /data/certs/
revkarl.org.crt revkarl.org.key
scp /data/certs/timinglee.org.crt root@172.25.254.200:/etc/docker/certs.d/reg.timinglee.org/ca.crt
docker login reg.timinglee.org
docker info
安装k8s部署工具
[root@k8s-master ~]# cat /etc/yum.repos.d/k8s.repo
[k8s]
name=k8s
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/
gpgcheck=0
dnf install kubelet-1.30.0 kubeadm-1.30.0 kubectl-1.30.0 -y
设置kubectl命令补齐功能:
dnf install bash-completion -y
echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc
在所有节点安装cri-docker
dnf install libcgroup-0.41-19.el8.x86_64.rpm \
> cri-dockerd-0.3.14-3.el8.x86_64.rpm -y
插件名称和容器镜像
vim /lib/systemd/system/cri-docker.service
在master节点拉取k8s所需镜像:
kubeadm config images pull \
--image-repository registry.aliyuncs.com/google_contaniers \
--kubernetes-version v1.30.0 \
--cri-socket=unix:///var/run/cri-dockerd.sock
上传镜像到harbor仓库
docker images | awk '/google/{ print $1":"$2}' \
| awk -F "/" '{system("docker tag "$0" reg.revkarl.org/k8s/"$3)}'
docker images | awk '/k8s/{system("docker push "$1":"$2)}'
2.集群初始化
#启动kubelet服务
[root@k8s-master ~]# systemctl status kubelet.service
#指定网络插件名称及基础容器镜像
[root@k8s-master ~]# vim /lib/systemd/system/cri-docker.service
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --pod-infra-container-image=reg.txy.org/k8s/pause:3.9
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl restart cri-docker
[root@k8s-master ~]# ll /var/run/cri-dockerd.sock
srw-rw---- 1 root docker 0 Sep 10 09:26 /var/run/cri-dockerd.sock
[root@k8s-master ~]# scp /lib/systemd/system/cri-docker.service root@172.25.254.10:/lib/systemd/system/cri-docker.service
[root@k8s-master ~]# scp /lib/systemd/system/cri-docker.service root@172.25.254.20:/lib/systemd/system/cri-docker.service
[root@k8s-node1 ~]# systemctl daemon-reload
[root@k8s-node2 ~]# systemctl daemon-reload
[root@k8s-node1 ~]# systemctl restart cri-docker
[root@k8s-node2 ~]# systemctl restart cri-docker
#执行初始化命令
[root@k8s-master ~]# kubeadm init --pod-network-cidr=172.25.0.0/16 --image-repository reg.txy.org/k8s --kubernetes-version v1.30.0 --cri-socket=unix:///var/run/cri-dockerd.sock
[root@k8s-master ~]# kubeadm config images list
I0910 11:54:29.962229 41325 version.go:256] remote version is much newer: v1.31.0; falling back to: stable-1.30
registry.k8s.io/kube-apiserver:v1.30.4
registry.k8s.io/kube-controller-manager:v1.30.4
registry.k8s.io/kube-scheduler:v1.30.4
registry.k8s.io/kube-proxy:v1.30.4
registry.k8s.io/coredns/coredns:v1.11.1
registry.k8s.io/pause:3.9
registry.k8s.io/etcd:3.5.12-0
# 若初始化失败,则重置
[root@k8s-master ~]# kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock
3.安装flannel网络插件
#指定集群配置文件变量
[root@k8s-master ~]# export KUBECONFIG=/etc/kubernetes/admin.conf
#当前节点没有就绪,还没有安装网络插件,容器没有运行
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master.zx.org NotReady control-plane 5m41s v1.30.0
[root@k8s-master ~]# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
[root@k8s-master ~]# source ~/.bash_profile
[root@k8s-master ~]# vim kube-flannel.yml # 将镜像下载地址改成本地(image)
[root@k8s-master ~]# grep -n image kube-flannel.yml #需要修改以下几行
146: image: flannel/flannel:v0.25.5
173: image: flannel/flannel-cni-plugin:v1.5.1-flannel1
184: image: flannel/flannel:v0.25.5
[root@k8s-master ~]# docker load -i flannel-0.25.5.tag.gz
# docker仓库中新建flannel项目
# 打标签上传
[root@k8s-master ~]# docker tag flannel/flannel:v0.25.5
[root@k8s-master ~]# docker push reg.txy.org/flannel/flannel:v0.25.5
[root@k8s-master ~]# docker tag flannel/flannel-cni-plugin:v1.5.1-flannel1
[root@k8s-master ~]# docker push reg.txy.org/flannel/flannel-cni-plugin:v1.5.1-flannel1
#安装flannel网络插件
[root@k8s-master ~]# kubectl apply -f kube-flannel.yml
namespace/kube-flannel created
serviceaccount/flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master.txy.org Ready control-plane 25m v1.30.0
4.节点扩容
在所有的worker节点中
1 确认部署好以下内容
2 禁用swap
3 安装:
kubelet-1.30.0
kubeadm-1.30.0
kubectl-1.30.0
docker-ce
cri-dockerd
4 修改cri-dockerd启动文件添加
–network-plugin=cni
–pod-infra-container-image=reg.txy.org/k8s/pause:3.9
5 启动服务
kubelet.service
cri-docker.service
确认完毕信息后即可加入集群
# 这个阶段如果生成的集群token(初始化时生成)找不到了可以重新生成
[root@k8s-master ~]# kubeadm token create --print-join-command
[root@k8s-node1 ~]# kubeadm join 172.25.254.200:6443 --token lma300.jusxu3igmuk5dfym --discovery-token-ca-cert-hash sha256:e107ffc608928f2337bf7742bc9b3024c6f7e179a15af2233e8092ae57c68a99 --cri-socket=unix:///var/run/cri-dockerd.sock
[root@k8s-node2 ~]# kubeadm join 172.25.254.200:6443 --token lma300.jusxu3igmuk5dfym --discovery-token-ca-cert-hash sha256:e107ffc608928f2337bf7742bc9b3024c6f7e179a15af2233e8092ae57c68a99 --cri-socket=unix:///var/run/cri-dockerd.sock
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master.txy.org Ready control-plane 64m v1.30.0
k8s-node1.txy.org Ready <none> 32m v1.30.0
k8s-node2.txy.org Ready <none> 32m v1.30.0
# 测试集群运行情况
[root@k8s-master ~]# kubectl run test --image nginx #建立一个pod
pod/test created
[root@k8s-master ~]# kubectl get pods #查看pod状态
# 重新做集群
[root@k8s-master ~]# kubectl delete nodes k8s-node1.txy.org
[root@k8s-master ~]# kubectl delete nodes k8s-node2.txy.org
[root@k8s-master ~]# kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock
# 重新做初始化集群
[root@k8s-master ~]# kubeadm init --pod-network-cidr=10.244.0.0/16 \
--image-repository reg.txy.org/k8s \
--kubernetes-version v1.30.0 \
--cri-socket=unix:///var/run/cri-dockerd.sock
[root@k8s-master ~]# vim kube-flannel.yml # 修改image
[root@k8s-master ~]# kubectl apply -f kube-flannel.yml
[root@k8s-node1 ~]# kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock
[root@k8s-node2 ~]# kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock
# 再重新将节点加入集群
[root@k8s-node1 ~]# kubeadm join 172.25.254.200:6443 --token lma300.jusxu3igmuk5dfym --discovery-token-ca-cert-hash sha256:e107ffc608928f2337bf7742bc9b3024c6f7e179a15af2233e8092ae57c68a99 --cri-socket=unix:///var/run/cri-dockerd.sock
[root@k8s-node2 ~]# kubeadm join 172.25.254.200:6443 --token lma300.jusxu3igmuk5dfym --discovery-token-ca-cert-hash sha256:e107ffc608928f2337bf7742bc9b3024c6f7e179a15af2233e8092ae57c68a99 --cri-socket=unix:///var/run/cri-dockerd.sock
[root@k8s-master ~]# kubectl get nodes
原文地址:https://blog.csdn.net/weixin_57304642/article/details/142800544
免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!