使用Kubeadm安装Kubernetes-1.32.3
本文讲解的是以ubuntu22.04.05系统使用kubeadm工具安装kubernetes-v1.32.3的过程
节点分布
| 节点名 | IP地址 | 作用 |
|---|---|---|
| k8s-master01 | 192.168.10.55 | master |
| k8s-worker01 | 192.168.10.66 | worker01 |
| k8s-worker02 | 192.168.10.77 | worker02 |
先决条件
所有节点执行
主机解析
cat >> /etc/hosts << eof
192.168.10.55 k8s-master01
192.168.10.66 k8s-worker01
192.168.10.77 k8s-worker02
eof
修改句柄数
ulimit -SHn 65535
cat >> /etc/security/limits.conf <<EOF
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* seft memlock unlimited
* hard memlock unlimitedd
EOF
ulimit -a
时间同步
apt-get install chrony -y
# 添加时间同步服务器
vim /etc/chrony/chrony.conf
server ntp.aliyun.com iburst
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' > /etc/timezone
chronyc sources -v
启动系统服务chronyd,并设为开机自启
systemctl restart chronyd #重启校时服务
systemctl enable chronyd #开机自启
输入date 查看时间
timedatectl ------看到synchronized: yes,表示同步成功
开启主机间的免密登陆
ssh-keygen
ssh-copy-id k8s-master01
ssh-copy-id k8s-worker01
ssh-copy-id k8s-worker02
k8s集群初始化设置
安装依赖包
apt-get install -y conntrack ipvsadm ipset jq iptables curl sysstat wget vim net-tools git
关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
cat /etc/fstab
k8s系统优化
cat > /etc/sysctl.d/k8s_better.conf << EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl -p /etc/sysctl.d/k8s_better.conf
modprobe br_netfilter
modprobe ip_conntrack
lsmod |grep conntrack
配置containerd
安装containerd
# 安装包获取链接
https://github.com/containerd/containerd/releases/tag/v2.0.4
tar -zxvf containerd-2.0.4-linux-amd64.tar.gz -C /usr/local/
mkdir - /etc/containerd
# 创建默认配置文件
containerd config default | tee /etc/containerd/config.toml
# 使用github上的containerd.service
sudo wget -O /usr/lib/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
systemctl restart containerd
systemctl daemon-reload
systemctl enable --now containerd
安装runc
# 安装包获取链接
https://github.com/opencontainers/runc/releases
install -m 755 runc.amd64 /usr/local/sbin/runc
安装CNI插件
# 安装包获取链接
https://github.com/containernetworking/plugins/releases
mkdir -p /opt/cni/bin
tar -zxvf cni-plugins-linux-amd64-v1.6.2.tgz -C /opt/cni/bin/
配置containerd加速器目录
mkdir -p /etc/containerd/certs.d
vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
# 重启服务
systemctl restart containerd
cat >/etc/containerd/certs.d/docker.io/hosts.toml <<EOF
server = "https://docker.io"
[host."https://docker.m.daocloud.io"]
capabilities = ["pull", "resolve"]
EOF
cat >/etc/containerd/certs.d/quay.io/hosts.toml <<EOF
server = "https://quay.io"
[host."https://quay.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
cat >/etc/containerd/certs.d/registry.k8s.io/hosts.toml <<EOF
server = "https://quay.io"
[host."https://k8s.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
指定运行时
cat >/etc/crictl.yaml<<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 2
debug: false
pull-image-on-create: false
EOF
systemctl restart containerd.service
crictl image
安装k8s
安装必要工具
sudo apt-get update -y
sudo apt-get install -y apt-transport-https ca-certificates gpg
清华源
获取gpg文件
curl https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core%3A/stable%3A/v1.32/deb/Release.key -o Release.key
将获取到的gpg文件通过gpg命令转换成kubernetes-apt-keyring.gpg
sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg ./Release.key
将密钥文件位置和清华apt源写进/etc/apt/sources.list.d/kubernetes.list
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
阿里源
获取gpg文件
curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.32/deb/Release.key |
gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
添加源
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.32/deb/ /" |
tee /etc/apt/sources.list.d/kubernetes.list
更新apt源
apt update -y
# 验证kubeadm kubelet kubectl版本是否为1.32
apt list | grep kubelet
安装kubeadm kubectl kubelet
sudo apt update
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
# 锁定版本
sudo apt-mark hold kubelet kubeadm kubectl
配置Cgroup
为了实现docker使用的cgroupdriver与kubelet使用的cgroup的一致性,建议修改如下文件内容
vim /etc/sysconfig/kubelet
---
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
设置kubelet为开机自启动即可,由于没有生成配置文件,集群初始化后自动启动
systemctl enable kubelet
拉取k8s安装镜像
查看安装k8s 所需要的镜像
kubeadm config images list --kubernetes-version=v1.32.3
拉取镜像k8s所需镜像
# 使用containerd
kubeadm config images pull
集群初始化
参数说明
--apiserver-advertise-address 集群通告地址
--kubernetes-version K8s版本,与上面安装的一致
--service-cidr 集群内部虚拟网络,Pod统一访问入口
--pod-network-cidr Pod网络,与下面部署的CNI网络组件yaml中保持一致
kubeadm init --kubernetes-version=v1.32.3 --pod-network-cidr=10.224.0.0/16 --apiserver-advertise-address=192.168.10.55
安装成功提示如下:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.10.55:6443 --token qfwvuh.vde3fbljzxhs76fk \
--discovery-token-ca-cert-hash sha256:8c686660b6d29b93b8ee887d87d1c1bc321cdc8d478ec319c6d1000202a99ccf
按照提示在master节点执行以下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
在worker节点执行
kubeadm join 192.168.10.55:6443 --token qfwvuh.vde3fbljzxhs76fk \
--discovery-token-ca-cert-hash sha256:8c686660b6d29b93b8ee887d87d1c1bc321cdc8d478ec319c6d1000202a99ccf
在worker节点使用kubectl方法如下:
# master_node
scp /etc/kubernetes/admin.conf root@k8s-worker01:/etc/kubernetes/
scp /etc/kubernetes/admin.conf root@k8s-worker02:/etc/kubernetes/
# worker_node
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
部署calico网络插件
# 无法下载直接windows浏览器复制链接,将calico.yaml文件内容复制使用
wget --no-check-certificate https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/calico.yaml
// 链接
https://github.com/projectcalico/calico/blob/master/manifests/calico.yaml
# 修改calico.yaml内容,将pod-network-cidr与上文保持一致
sed -n "4957,4958p" calico.yaml
- name: CALICO_IPV4POOL_CIDR
value: "10.244.0.0/16"
# 部署calico.yaml
kubectl apply -f calico.yaml
检查节点状态
root@k8s-master01:~# kubectl get no
NAME STATUS ROLES AGE VERSION
k8s-master01 Ready control-plane 128m v1.32.3
k8s-worker01 Ready <none> 120m v1.32.3
k8s-worker02 Ready <none> 119m v1.32.3
另外,bash-completion也支持为kubernetes提供命令补全 集群命令补全
# 退出shell重连生效
sudo apt-get install bash-completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc