kubernetes 单集群搭建
环境准备
| 角色 | 主机名 | IP | CPU | 内存 | 硬盘 | 操作系统 |
|---|---|---|---|---|---|---|
| master | k8s-master | 192.168.148.180 | 4C | 8G | 40GB | openEuler24.03-LTS |
| worker(node) | k8s-node01 | 192.168.148.181 | 4C | 8G | 40GB | openEuler24.03-LTS |
| worker(node) | k8s-node02 | 192.168.148.182 | 4C | 8G | 40GB | openEuler24.03-LTS |
- 集群中所有机器之间网络互通
- 可以访问外网,需要拉取镜像
- 禁止swap分区、关闭防火墙、关闭SElinux
系统盘扩容(可选)
bash
pvcreate /dev/sdb
vgextend openeuler /dev/sdb
lvextend -l +100%FREE /dev/mapper/openeuler-root
resize2fs /dev/mapper/openeuler-root主机名与IP地址解析
bash
cat >> /etc/hosts <<FOF
192.168.148.180 k8s-master
192.168.148.181 k8s-node01
192.168.148.182 k8s-node02
FOFkuberadm 部署(yum部署)
设置主机名
bash
hostnamectl set-hostname k8s-master && exec bash
hostnamectl set-hostname k8s-node01 && exec bash
hostnamectl set-hostname k8s-node02 && exec bash关闭防火墙和SElinux
bash
systemctl disable firewalld --now
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0关闭swap
bash
swapoff -a && sed -i 's/.*swap.*/# &/' /etc/fstab时间同步
bash
dnf -y install chrony
cat >> /etc/chrony.conf << EOF
server ntp.aliyun.com iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
logchange 0.5
logdir /var/log/chrony
EOF
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' > /etc/timezone
systemctl restart chronyd
systemctl enable chronyd免密登录(可选)
为了方便切换节点,可以配置免密登录
bash
#master执行
ssh-keygen
cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
scp -rp /root/.ssh/* root@192.168.148.181:/root/.ssh/
scp -rp /root/.ssh/* root@192.168.148.182:/root/.ssh/将桥接的IPv4流量传递到iptables的链
bash
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
sed -i 's/net\.ipv4\.ip_forward=0/net\.ipv4\.ip_forward=1/' /etc/sysctl.conf
sysctl --system加载br_netfilter模块
bash
modprobe br_netfilter
# 查看是否加载
lsmod | grep br_netfilter
# 加载
sysctl --system配置ipset以及ipvsadm依赖
bash
dnf -y install wget jq psmisc socat device-mapper-persistent-data lvm2 network-scripts conntrack ipvsadm ipset iptables curl sysstat libseccomp配置ipvsadm模块加载方式
bash
cat > /etc/sysconfig/modules/ipvs.modules <<FOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
FOF
# 授权、运行、检查是否加载
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack部署 docker
安装 Docker
bash
# 注册华为repo
dnf config-manager --add-repo=https://repo.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo
# 软件仓库地址替换
sed -i 's+download.docker.com+mirrors.huaweicloud.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# 替换centos识别版本号
sed -i 's+$releasever+9+' /etc/yum.repos.d/docker-ce.repo
# 安装docker-ce和依赖
dnf -y install docker-ce docker-ce-cli containerd docker-buildx-plugin docker-compose-plugin
# 配置镜像加速
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://docker.m.daocloud.io",
"https://noohub.ru",
"https://huecker.io",
"https://dockerhub.timeweb.cloud"
]
}
EOF
systemctl daemon-reload
systemctl enable docker --now安装cri-dockerd
CAUTION
Kubernetes 1.24+ 版本已彻底移除 dockershim,即使你安装了 Docker,也需要通过 cri-dockerd 适配器才能兼容,因此我们这里使用containerd 作为容器引擎。
bash
# 下载
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.14/cri-dockerd-0.3.14-3.el7.x86_64.rpm
# 安装
dnf -y install ./cri-dockerd-0.3.14-3.el7.x86_64.rpm
#修改ExecStart参数 指向阿里云
sed -i 's,^ExecStart.*,& --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9,' /usr/lib/systemd/system/cri-docker.service
#启动cri-docker
systemctl daemon-reload
systemctl enable cri-docker.service --now
systemctl enable cri-docker.socket --now
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF配置kubernetes源
bash
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.31/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.31/rpm/repodata/repomd.xml.key
EOF
# 清除原有 yum 缓存
dnf clean all && dnf makecache安装Kubernetes集群
安装软件
bash
dnf install -y kubelet-1.31.4 kubeadm-1.31.4 kubectl-1.31.4 --disableexcludes=kubernetes配置kubelet
为了实现docker使用的cgroupdriver与kubelet使用的cgroup的一致性,建议修改如下文件内容。
bash
sed -i 's/KUBELET_EXTRA_ARGS=/&"--cgroup-driver=systemd"/' /etc/sysconfig/kubelet
# 设置kubelet为开机自启动即可,由于没有生成配置文件,集群初始化后自动启动
systemctl enable kubelet --now安装镜像
bash
cat > image_download.sh << FOF
#!/bin/bash
images=(
kube-apiserver:v1.31.4
kube-controller-manager:v1.31.4
kube-scheduler:v1.31.4
kube-proxy:v1.31.4
pause:3.10
etcd:3.5.15-0
coredns:v1.11.3
)
for imageName in \${images[@]};
do
docker pull registry.aliyuncs.com/google_containers/\$imageName
docker tag registry.aliyuncs.com/google_containers/\$imageName registry.k8s.io/\$imageName
#docker rmi registry.aliyuncs.com/google_containers/\$imageName
done
FOF
sh image_download.sh
# 添加coredns命名空间
docker tag registry.k8s.io/coredns:v1.11.3 registry.k8s.io/coredns/coredns:v1.11.3master节点
bash
# 集群初始化
kubeadm init --kubernetes-version=v1.31.4 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.224.0.0/16 \
--apiserver-advertise-address=192.168.148.180 \
--image-repository=registry.aliyuncs.com/google_containers \
--cri-socket unix:///var/run/cri-dockerd.sock \
--ignore-preflight-errors=all
# 以root身份运行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.confnode节点
bash
# 注册node到集群(node节点注册信息在master初始化后获得,--cri-socket和--ignore-preflight-errors需要单独增加)
kubeadm join 192.168.148.180:6443 --token pw66yn.00f6tnmsrs6fzbrf \
--discovery-token-ca-cert-hash sha256:a08eff7eb8c2e82f4ed356f921f3b8eca7613e70a1b7d2ddd2ff041dd89c3805 \
--cri-socket unix:///var/run/cri-dockerd.sock \
--ignore-preflight-errors=all
# 如果没有保存这串值,可以使用以下命令来获取(master节点获取)
kubeadm token create --print-join-command部署容器网络CNI(master)
下载网络插件
网络插件下载的地址如下:https://kubernetes.io/docs/concepts/cluster-administration/addons/
bash
# 下载 calico
wget https://docs.projectcalico.org/manifests/calico.yaml修改IP地址
bash
- name: CALICO_IPV4POOL_CIDR
value: "10.224.0.0/16"
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"安装网格
bash
kubectl apply -f calico.yaml监视calico-sysem命名空间中pod运行情况
bash
watch kubectl get pods -n kube-system
# 查看kube-system命名空间中coredns状态,处于Running状态表明联网成功。
kubectl get pods -n kube-system错误排查
calico-node-x Init:ErrImagePull
bash
# 确认镜像名
kubectl get daemonset calico-node -n kube-system -o yaml | grep image:
kubectl get deployment calico-kube-controllers -n kube-system -o yaml | grep image:
# 手动下载(在 master 节点执行)
docker pull docker.io/calico/node:v3.25.0集群初始化
在集群所有节点都需要执行
bash
# 强制重置 kubeadm
kubeadm reset --force --cri-socket unix:///var/run/cri-dockerd.sock --ignore-preflight-errors=all