1.集群环境搭建
1.1 环境规划
kubernetes集群大体上分为两类:一主多从 和多主多从。
- 一主多从:一台Master节点和多台Node节点,搭建简单,但是有单机故障风险,适合用于测试环境
- 多主多从:多台Master节点和多台Node节点,搭建麻烦,安全性高,适合用于生产环境
1.2 kubernetes环境部署
kubernetes有多种部署方式,目前主流的方式有kubeadm、minikube、二进制包
- minikube:一个用于快速搭建单节点kubernetes的工具
- kubeadm:一个用于快速搭建kubernetes集群的工具
- 二进制包 :从官网下载每个组件的二进制包,依次去安装,此方式对于理解kubernetes组件更加有效
- 注意:三台机器快照还原,关闭防火墙和SELinux
作用 | IP地址 | 系统 | 配置 |
---|---|---|---|
k8s-master | 192.168.110.31/24 | Rocky Linux8 | 2颗CPU 4G内存 50G硬盘 |
k8s-node1 | 192.168.110.32/24 | Rocky Linux8 | 2颗CPU 4G内存 50G硬盘 |
k8s-node2 | 192.168.110.33/24 | Rocky Linux8 | 2颗CPU 4G内存 50G硬盘 |
注意:all代表三台机子都做得操作
root@k8s-all \~\]# `cat >> /etc/hosts << EOF`
`192.168.110.31 k8s-master`
`192.168.110.32 k8s-node1`
`192.168.110.33 k8s-node2`
`EOF`
#### 1.2.2 配置时间服务
注意:all为三台机器都做一样的操作
1、安装NTP时间服务器
\[root@k8s-all \~\]# `yum install chrony -y &>/dev/null`
2、修改时间同步服务器为阿里云
\[root@k8s-all \~\]# `sed -i 's/^pool/# pool/' /etc/chrony.conf`
\[root@k8s-all \~\]# `sed -i '/^# pool/ a server ntp1.aliyun.com iburst' /etc/chrony.conf`
3、三台机器查看验证
#k8s-master
\[root@k8s-master \~\]# `systemctl restart chronyd.service `
\[root@k8s-master \~\]# `systemctl enable chronyd`
\[root@k8s-master \~\]# `chronyc sources`
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
\^\* 120.25.115.20 2 6 17 6 +58us\[+2843us\] +/- 27ms
#node1
\[root@k8s-node1 \~\]# `systemctl restart chronyd.service`
\[root@k8s-node1 \~\]# `systemctl enable chronyd`
\[root@k8s-node1 \~\]# `chronyc sources`
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
\^\* 120.25.115.20 2 6 17 14 +187us\[ +319us\] +/- 19ms
#node2
\[root@k8s-node2 \~\]# `systemctl restart chronyd.service `
\[root@k8s-node2 \~\]# `systemctl enable chronyd`
\[root@k8s-node2 \~\]# `chronyc sources`
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
\^\* 120.25.115.20 2 6 105 8 +1338us\[+3209us\] +/- 20ms
#### 1.2.3 禁用SWAP交换分区
\[root@k8s-all \~\]# `swapoff -a` #临时关闭
\[root@k8s-all \~\]# `sed -i 's/.*swap.*/# &/' /etc/fstab` #永久关闭
#### 1.2.4 开启IPVS
\[root@k8s-all \~\]# `vim /etc/sysconfig/modules/ipvs.modules` #三台都做
```shell
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_vip ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in $ipvs_modules;
do
/sbin/modinfo -F filename $kernel_module >/dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/modprobe $kernel_module
fi
done
chmod 755 /etc/sysconfig/modules/ipvs.modules
```
\[root@k8s-all \~\]# `bash /etc/sysconfig/modules/ipvs.modules`
#### 1.2.5 开启内核路由转发
\[root@k8s-all \~\]# `sed -i 's/ip_forward=0/ip_forward=1/' /etc/sysctl.conf `
\[root@k8s-all \~\]# `sysctl -p` #生效
#### 1.2.6 添加网桥过滤及内核转发配置文件
\[root@k8s-all \~\]# `cat > /etc/sysctl.d/k8s.conf << EOF`
`net.bridge.bridge-nf-call-ip6tables = 1`
`net.bridge.bridge-nf-call-iptables = 1`
`vm.swappiness = 0`
`EOF`
#加载br_netfilter模块
\[root@k8s-all \~\]# `modprobe br-netfilter`
\[root@k8s-all \~\]# `sysctl -p /etc/sysctl.d/k8s.conf` #生效
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness = 0
#### 1.2.7 安装Docker
\[root@k8s-all \~\]# `wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.huaweicloud.com/docker-ce/linux/centos/docker-ce.repo`
\[root@k8s-all \~\]# `sed -i 's+download.docker.com+mirrors.huaweicloud.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo` #替换仓库源
\[root@k8s-all \~\]# `sed -i 's/$releasever/8Server/g' /etc/yum.repos.d/docker-ce.repo`
#CentOS7只要把8Server换成7Server
\[root@k8s-all \~\]# `yum remove runc containerd.io -y` #Rocky再带的podman会和docker冲突
\[root@k8s-all \~\]# `yum install docker-ce -y`
\[root@k8s-all \~\]# `mkdir -p /etc/docker`
\[root@k8s-all \~\]# `tee /etc/docker/daemon.json <<-'EOF' ` #配置镜像加速器
`{`
`"exec-opts": ["native.cgroupdriver=systemd"],`
`"registry-mirrors": [`
` "https://dbckerproxy.com",`
`ttps://hub-mirror.c.163.com",`
`"https://mirror.baidubce.com",`
` "https://ccr.ccs.tencentyun.com"`
` ]`
` }`
` EOF`
\[root@k8s-all \~\]# `systemctl daemon-reload `
\[root@k8s-all \~\]# `systemctl enable --now docker.service`
#### 1.2.8 cri-dockererd安装
**注意:K8s从1.24版本后不支持docker了所以这里需要用contained**
下载地址:[Releases · Mirantis/cri-dockerd (github.com)]()
https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.10/cri-dockerd-0.3.10-3.el8.x86_64.rpm
\[root@k8s-all \~\]# `wget -c https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.10/cri-dockerd-0.3.10-3.el8.x86_64.rpm`
\[root@k8s-all \~\]# `yum install cri-dockerd-0.3.10-3.el8.x86_64.rpm -y`
配置镜像加速
\[root@k8s-all \~\]# `sed -i 's#^ExecStart=.*#ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9#' /usr/lib/systemd/system/cri-docker.service`
\[root@k8s-all \~\]# `systemctl daemon-reload`
\[root@k8s-all \~\]# `systemctl restart docker`
\[root@k8s-all \~\]# `systemctl enable --now cri-docker.service `
### 1.3 kubernetes软件安装
#### 1.3.1 配置K8s源
\[root@k8s-all \~\]# `cat <