配置信息:
前戏:
系统: 20.04
192.168.1.27. master1
192.168.1.28. master2
192.168.1.29. master3
192.168.1.31. node1
192.168.1.32. node2
192.168.1.23. keepalived1
192.168.1.24. keepalived2
192.168.1.30. vip
关闭 swap
时间同步
免密
防火墙
安装 keepalived haproxy
root@keep_one:~# apt install keepalived haproxy
root@keep_one:~# cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf
修改文件
keep_one 机器操作
root@keep_one:~# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id ha1
}
# 检测健康度的脚本 并切换
vrrp_script check_haproxy {
script "/etc/keepalived/check_haproxy.sh"
interval 1
weight -30
fall 3
rlse 2
timeout 2
}
vrrp_instance VI_1 {
state MASTER
interface ens18
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.30/24
}
}
root@keep_one:~# vim /etc/keepalived/check_haproxy.sh
#!/bin/bash
/usr/bin/killall -0 haproxy || systemctl restart haproxy
## 这个一定要打开 否则启动会报错
root@keep_two:~# cat >> /etc/sysctl.conf <<EOF
net.ipv4.ip_nonlocal_bind = 1
EOF
root@keep_two:~#sysctl -p
root@keep_one:~# vim /etc/haproxy/haproxy.cfg. # 在文件后面追加 两台机器都要这样操作 添加状态业查看
listen stats
mode http
bind 0.0.0.0:8888
stats enable
log global
stats uri /status
stats auth admin:123456
listen kubernetes-api-6443
bind 192.168.1.30:6443
mode tcp
server ubuntu2 192.168.1.18:6443 check inter 3s fall 3 rise 3
server ubuntu3 192.168.1.19:6443 check inter 3s fall 3 rise 3server ubuntu4 192.168.1.20:6443 check inter 3s fall 3 rise 3
keep_two机器操作
! Configuration File for keepalived
global_defs {
router_id ha2
}
vrrp_instance VI_1 {
state MASTER
interface ens18
garp_master_delay 10
smtp_alert
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.30/24
# optional label. should be of the form "realdev:sometext" for
# compatibility with ifconfig.
}
}
####### 所有主机配置 cri-dockerd(1.24版本以后)
项目地址: https://github.com/Mirantis/cri-dockerd/releases
因为从国内 cri-dockerd服务无法下载k8s.gcr.io上面相关镜像,所以需要修改 cri-dockerd使用国内镜像
https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.13/cri-dockerd_0.3.13.3-0.ubuntu-focal_amd64.deb
因为从国内 cri-dockerd服务无法下载 k8s.gcr.io上面相关镜像,导致无法启动,所以需要修改 cri-dockerd 使用国内镜像 : 所有机器都要执行
root@master1:~# vim /lib/systemd/system/cri-docker.service
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image registry.aliyuncs.com/google_containers/pause:3.9
root@master1:~# systemctl daemon-reload && systemctl restart cri-docker.service
####### 所有 master 和 node 节点安装 kubeadm 相关包
镜像地址
https://developer.aliyun.com/mirror/kubernetes
按照阿里云上面的提示:
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
####### 初始化master
root@master1:~# export k8s_RELEASE_VERSION=1.30.0 # 必须先指定版本
root@master1:~# kubeadm init --control-plane-endpoint 192.168.1.30 --kubernetes-version=${k8s_RELEASE_VERSION} --pod-network-cidr 10.244.0.0/16 --service-cidr 10.96.0.0/12 --image-repository registry.aliyuncs.com/google_containers --token-ttl=0 --upload-certs --cri-socket=unix:///run/cri-dockerd.sock
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
初始化之后使用提示的命令是其他 master 和 node 加入集群
如果提示这个报错 
加入集群的时候加上
--cri-socket unix:///var/run/cri-dockerd.sock
cri-docker 一键安装脚本
#!/bin/bash
#
#********************************************************************
#Author: wangxiaochun
#QQ: 29308620
#Date: 2020-07-05
#FileName: install_kubernetes_docker.sh
#URL: http://www.wangxiaochun.com
#Description: 基于kubeadm的安装方式实现Kubernetes的初始准备到安装的全过程
#Copyright (C): 2020 All rights reserved
#********************************************************************
#执行前准备:
#必须确保安装Kubernetes的主机内存至少2G
#先下载cri-dockerd_<version>-0.ubuntu-<version>_amd64.deb文件,放在当前目录下,也支持在线下载此文件
#必须在变量中指定集群中各节点的IP信息
#必须在HOSTS变量中指定集群各节点的主机名称和IP的对应关系
#其它配置可选
. /etc/os-release
KUBE_VERSION="1.30.0"
#KUBE_VERSION="1.29.3"
#KUBE_VERSION="1.27.3"
#KUBE_VERSION="1.26.2"
#KUBE_VERSION="1.25.3"
#KUBE_VERSION="1.25.0"
#KUBE_VERSION="1.24.4"
#KUBE_VERSION="1.24.3"
#KUBE_VERSION="1.24.0"
#KUBE_VERSION="1.22.1"
#KUBE_VERSION="1.17.2"
KUBE_RELEASE=${KUBE_VERSION}-1.1
#v1.28以后需要此变量
KUBE_MAJOR_VERSION=`echo ${KUBE_VERSION}| cut -d . -f 1,2`
CRI_DOCKER_VERSION=0.3.13
#CRI_DOCKER_VERSION=0.3.11
#CRI_DOCKER_VERSION=0.3.12 此版本有bug
#CRI_DOCKER_VERSION=0.3.4
#CRI_DOCKER_VERSION=0.3.1
#CRI_DOCKER_VERSION=0.2.6
GITHUB_PROXY=https://mirror.ghproxy.com
CRI_DOCKER_FILE="cri-dockerd_${CRI_DOCKER_VERSION}.3-0.ubuntu-${UBUNTU_CODENAME}_amd64.deb"
CRI_DOCKER_URL="https://github.com/Mirantis/cri-dockerd/releases/download/v${CRI_DOCKER_VERSION}/${CRI_DOCKER_FILE}"
PAUSE_VERSION=3.9
#PAUSE_VERSION=3.7
IMAGES_URL="registry.aliyuncs.com/google_containers"
KUBE_VERSION2=$(echo $KUBE_VERSION |awk -F. '{print $2}')
#####################指定修改集群各节点的地址,必须按环境修改###################
KUBEAPI_IP=10.0.0.100
MASTER1_IP=10.0.0.101
MASTER2_IP=10.0.0.102
MASTER3_IP=10.0.0.103
NODE1_IP=10.0.0.104
NODE2_IP=10.0.0.105
NODE3_IP=10.0.0.106
DOMAIN=wang.org
##########参考上面变量,修改HOST变量指定hosts文件中主机名和IP对应关系###########
HOSTS="
$KUBEAPI_IP kubeapi.$DOMAIN kubeapi
$MASTER1_IP master1.$DOMAIN master1
$MASTER2_IP master2.$DOMAIN master2
$MASTER3_IP master3.$DOMAIN master3
$NODE1_IP node1.$DOMAIN node1
$NODE2_IP node2.$DOMAIN node2
$NODE3_IP node3.$DOMAIN node3
"
#网络配置,默认即可
POD_NETWORK="10.244.0.0/16"
SERVICE_NETWORK="10.96.0.0/12"
LOCAL_IP=`hostname -I|awk '{print $1}'`
COLOR_SUCCESS="echo -e \\033[1;32m"
COLOR_FAILURE="echo -e \\033[1;31m"
END="\033[m"
color () {
RES_COL=80
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $" OK "
elif [ $2 = "failure" -o $2 = "1" ] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
check () {
if [ ! -f "${CRI_DOCKER_FILE}" ];then
color "${CRI_DOCKER_FILE} 文件不存在!在线下载中....." 1
curl -LO ${GITHUB_PROXY}/$CRI_DOCKER_URL && color "下载cri-dockerd成功!" 0 || { color "下载cri-dockerd失败!" 1 ; exit 2; }
fi
if [ $ID = 'ubuntu' ] && [[ ${VERSION_ID} =~ 2[02].04 ]];then
return
else
color "不支持此操作系统,退出!" 1
exit
fi
}
install_prepare () {
echo "$HOSTS" >> /etc/hosts
HOST_NAME=$(awk -v ip=$LOCAL_IP '{if($1==ip && $2 !~ "kubeapi")print $2}' /etc/hosts)
hostnamectl set-hostname $HOST_NAME || { color "主机名配置失败,检查/etc/hosts文件!" 1 ; exit; }
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
color "安装前准备完成!" 0
sleep 1
}
install_docker () {
apt update
apt -y install docker.io || { color "安装Docker失败!" 1; exit 1; }
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://si7y70hh.mirror.aliyuncs.com",
"https://docker.mirrors.ustc.edu.cn",
"https://hub-mirror.c.163.com"
],
"insecure-registries":["harbor.wang.org"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl restart docker.service
docker info && { color "安装Docker成功!" 0; sleep 1; } || { color "安装Docker失败!" 1 ; exit 2; }
}
#Kubernetes-v1.24之前版本无需安装cri-dockerd
install_cri_dockerd () {
[ $KUBE_VERSION2 -lt 24 ] && return
dpkg -i ${CRI_DOCKER_FILE}
[ $? -eq 0 ] && color "安装cri-dockerd成功!" 0 || { color "安装cri-dockerd失败!" 1 ; exit 2; }
sed -i '/^ExecStart/s#$# --pod-infra-container-image registry.aliyuncs.com/google_containers/pause:'$PAUSE_VERSION# /lib/systemd/system/cri-docker.service
systemctl daemon-reload
systemctl restart cri-docker.service
[ $? -eq 0 ] && { color "配置cri-dockerd成功!" 0 ; sleep 1; } || { color "配置cri-dockerd失败!" 1 ; exit 2; }
}
install_kubeadm () {
apt-get update && apt-get install -y apt-transport-https
curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v${KUBE_MAJOR_VERSION}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v${KUBE_MAJOR_VERSION}/deb/ /" > /etc/apt/sources.list.d/kubernetes.list
#curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
#cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
#deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
#EOF
apt-get update
apt-cache madison kubeadm |head
${COLOR_FAILURE}"5秒后即将安装: kubeadm-"${KUBE_VERSION}" 版本....."${END}
${COLOR_FAILURE}"如果想安装其它版本,请按ctrl+c键退出,修改版本再执行"${END}
sleep 6
#安装指定版本
apt install -y kubeadm=${KUBE_RELEASE} kubelet=${KUBE_RELEASE} kubectl=${KUBE_RELEASE}
[ $? -eq 0 ] && { color "安装kubeadm成功!" 0;sleep 1; } || { color "安装kubeadm失败!" 1 ; exit 2; }
#实现kubectl命令自动补全功能
kubectl completion bash > /etc/profile.d/kubectl_completion.sh
}
#只有Kubernetes集群的第一个master节点需要执行下面初始化函数
kubernetes_init () {
if [ $KUBE_VERSION2 -lt 24 ] ;then
kubeadm init --control-plane-endpoint="kubeapi.$DOMAIN" \
--kubernetes-version=v${KUBE_VERSION} \
--pod-network-cidr=${POD_NETWORK} \
--service-cidr=${SERVICE_NETWORK} \
--token-ttl=0 \
--upload-certs \
--image-repository=${IMAGES_URL}
else
#Kubernetes-v1.24版本前无需加选项 --cri-socket=unix:///run/cri-dockerd.sock
kubeadm init --control-plane-endpoint="kubeapi.$DOMAIN" \
--kubernetes-version=v${KUBE_VERSION} \
--pod-network-cidr=${POD_NETWORK} \
--service-cidr=${SERVICE_NETWORK} \
--token-ttl=0 \
--upload-certs \
--image-repository=${IMAGES_URL} \
--cri-socket=unix:///run/cri-dockerd.sock
fi
[ $? -eq 0 ] && color "Kubernetes集群初始化成功!" 0 || { color "Kubernetes集群初始化失败!" 1 ; exit 3; }
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
}
reset_kubernetes() {
kubeadm reset -f --cri-socket unix:///run/cri-dockerd.sock
rm -rf /etc/cni/net.d/ $HOME/.kube/config
}
check
PS3="请选择编号(1-4): "
ACTIONS="
初始化新的Kubernetes集群
加入已有的Kubernetes集群
退出Kubernetes集群
退出本程序
"
select action in $ACTIONS;do
case $REPLY in
1)
install_prepare
install_docker
install_cri_dockerd
install_kubeadm
kubernetes_init
$COLOR_SUCCESS"Kubernetes集群初始化完毕,还需要在集群中其它主机节点执行加入集群命令:kubeadm join ... --cri-socket=unix:///run/cri-dockerd.sock"${END}
break
;;
2)
install_prepare
install_docker
install_cri_dockerd
install_kubeadm
$COLOR_SUCCESS"加入已有的Kubernetes集群已准备完毕,还需要执行最后一步加入集群的命令 kubeadm join ... --cri-socket=unix:///run/cri-dockerd.sock"${END}
break
;;
3)
reset_kubernetes
break
;;
4)
exit
;;
esac
done
exec bash