kubeadm是官方社區推出的一個用於快速部署kubernetes集羣的工具。
這個工具能通過兩條指令完成一個kubernetes集羣的部署:
# 創建一個 Master 節點$ kubeadm init# 將一個 Node 節點加入到當前集羣中$ kubeadm join <Master節點的IP和端口 >
1. 安裝要求
在開始之前,部署Kubernetes集羣機器需要滿足以下幾個條件:
· 一台或多台機器,操作系統麒麟V10
· 硬件配置:2GB或更多RAM,2個CPU或更多CPU,硬盤30GB或更多
· 集羣中所有機器之間網絡互通
· 可以訪問外網,需要拉取鏡像
· 禁止swap分區
2. 準備環境
-----------------------------------
2. 準備環境
|
角色 |
ip |
|
|
k8s-master01 |
11.0.1.131 |
|
|
k8s-node01 |
11.0.1.132 |
|
#關閉防火牆:
systemctl stop firewalld
systemctl disable firewalld
#關閉selinux:
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
setenforce 0 # 臨時
#關閉swap:
swapoff -a # 臨時
# vim /etc/fstab # 永久
#設置主機名:
hostnamectl set-hostname k8s-master01 && bash
#hostnamectl set-hostname k8s-node01 && bash
#hostnamectl set-hostname k8s-node02 && bash
#在master添加hosts:
cat >> /etc/hosts << EOF
11.0.1.131 k8s-master01
EOF
# 加載必要的模塊
sudo modprobe br_netfilter
sudo modprobe overlay
# 驗證模塊已加載
lsmod | grep br_netfilter
# 應該看到 br_netfilter 模塊
#將橋接的IPv4流量傳遞到iptables的鏈:
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl --system
配置時間同步
# CentOS/RHEL/麒麟
sudo yum install -y chrony
# 編輯配置文件
sudo vi /etc/chrony.conf
# 或直接修改
sudo tee /etc/chrony.conf <<-'EOF'
# 使用阿里雲 NTP 服務器(國內推薦)
server ntp.aliyun.com iburst
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp3.aliyun.com iburst
# 或使用國內其他 NTP 服務器
server ntp.tuna.tsinghua.edu.cn iburst
server time.pool.aliyun.com iburst
server cn.pool.ntp.org iburst
# 允許同步的客户端網絡
# allow 192.168.0.0/16
# allow 10.0.0.0/8
# 本地時間源(如果外部服務器不可用)
local stratum 10
# 記錄時間調整
driftfile /var/lib/chrony/drift
# 啓用實時時鐘(RTC)同步
rtcsync
# 記錄統計信息
logdir /var/log/chrony
makestep 1.0 3
EOF
# 啓動服務
sudo systemctl enable --now chronyd
# 檢查狀態
sudo chronyc sources -v
sudo chronyc tracking
# 查看時間源統計
sudo chronyc sourcestats
# 手動同步
sudo chronyc -a makestep安裝docker 、cri-docker、 kubeadm 、kubectl、kubelet 服務
# 安裝docker
2、安裝Docker
tar xf docker-26.1.4.tgz
chmod +x docker/*
mv docker/* /usr/bin/
配置啓動的服務
sudo tee /etc/systemd/system/docker.service <<-'EOF'
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=containerd.service
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
[Install]
WantedBy=multi-user.target
EOF
#安裝cri-docker
tar xzvf cri-dockerd-0.3.9.amd64.tgz
# 安裝到系統
sudo cp cri-dockerd/cri-dockerd /usr/local/bin/
sudo chmod +x /usr/local/bin/cri-dockerd
# 驗證
/usr/local/bin/cri-dockerd --version
#配置啓動服務
sudo tee /etc/systemd/system/cri-docker.service <<-'EOF'
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=docker.service
[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
# 啓動服務 systemctl restart docker && systemctl enable docker
# 啓動服務 systemctl restart cri-docker && systemctl enable cri-docker
#cat /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {"max-size": "100m"},
"storage-driver": "overlay2",
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn"
]
}
# 啓動服務 systemctl restart docker && systemctl enable docker
# 啓動服務 systemctl restart cri-docker && systemctl enable cri-docker
# 安裝kubelet 、kubeadm 、kubectl 組件
tar -xf k8s1.tar
rpm -i ./*.rpm
systemctl enable kubelet
集羣的初始化
kubeadm init --apiserver-advertise-address=11.0.1.148 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.34.3 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all拷貝kubectl使用的連接k8s認證文件到默認路徑
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#查看node節點
kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master01 NotReady control-plane 49m v1.34.3
安裝網絡插件
[root@k8s-master01 ~]# kubectl apply -f cali-1.yaml
poddisruptionbudget.policy/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
serviceaccount/calico-node created
serviceaccount/calico-cni-plugin created
configmap/calico-config created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgpfilters.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/tiers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/adminnetworkpolicies.policy.networking.k8s.io created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrole.rbac.authorization.k8s.io/calico-cni-plugin created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin created
daemonset.apps/calico-node created
deployment.apps/calico-kube-controllers created安裝dashibo的web 頁面
kubectl apply -f dashboard-v2.0.3.yaml 創建管理員賬户並獲取令牌
# 1. 創建具有管理員權限的ServiceAccount
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
# 2. 獲取登錄令牌(有效期1年)
kubectl -n kubernetes-dashboard create token admin-user --duration=8760h創建 NodePort 服務(適合外部訪問)
# 創建NodePort服務暴露Dashboard
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: kubernetes-dashboard-external
namespace: kubernetes-dashboard
spec:
type: NodePort
ports:
- port: 443
targetPort: 8443
nodePort: 30001 # 端口範圍30000-32767
selector:
k8s-app: kubernetes-dashboard
EOF
# 查看分配的端口
kubectl get svc -n kubernetes-dashboard kubernetes-dashboard-external