一、IP划分
| 角色 | IP | 说明 |
|---|---|---|
| Harbor | 172.25.254.200 | Docker镜像仓库 |
| K8S-master | 172.25.254.20 | K8S部署-master |
| K8S-node 1 | 172.25.254.21 | K8S部署-node 1 |
| K8S-node 2 | 172.25.254.22 | K8S部署-node 2 |
二、基础环境配置(所有机器)
2.1 关闭防火墙与SELinux
# 关闭防火墙
[root@harbor ~]# systemctl stop firewalld
[root@harbor ~]# systemctl disable firewalld
# 关闭SELinux
[root@harbor ~]# setenforce 0
[root@harbor ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config2.2 配置本地YUM源
# 挂载光盘
[root@harbor ~]# mount /dev/sr0 /mnt
# 创建本地yum源
[root@harbor ~]# cat > /etc/yum.repos.d/local.repo << 'EOF'
[base01]
name=base
baseurl=/mnt/BaseOS
enable=1
gpgcheck=0
[base02]
name=app
baseurl=/mnt/AppStream
enable=1
gpgcheck=0
EOF
# 安装基础工具
[root@harbor ~]# yum install vim net-tools tree -y2.3 配置主机名
[root@harbor ~]# cat >> /etc/hosts << 'EOF'
172.25.254.20 k8s-master master
172.25.254.21 k8s-node1 node1
172.25.254.20 k8s-node2 node2
EOF2.4 关闭swap
[root@master ~]# sed '/swap/s/^/#/g' -i /etc/fstab
[root@master ~]# swapoff -a
[root@master ~]# swapon -s #没有显示才是对的2.5 内核参数配置(缺失会导致CRI通信失败)
# 添加内核参数
[root@master ~]# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 生效参数
[root@master ~]# sysctl --system
# 加载 br_netfilter 模块
[root@master ~]# modprobe br_netfilter
[root@master ~]# lsmod | grep br_netfilter # 有输出则正确2.6 部署Docker
# 安装依赖
[root@master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
# 添加Docker阿里云镜像源
[root@master ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装Docker(指定版本)
# 查看可用版本:yum list docker-ce --showduplicates | sort -r
[root@master ~]# yum install -y docker-ce
# 启动Docker
[root@master ~]# systemctl enable docker
[root@master ~]# systemctl start docker2.7 配置Docker阿里云镜像加速器
# 创建docker配置目录
[root@master ~]# mkdir -p /etc/docker
# 配置镜像加速器
[root@master ~]# cat > /etc/docker/daemon.json << 'EOF'
{
"registry-mirrors": [
"https://docker.1ms.run",
"https://docker.xuanyuan.cn",
"https://registry.docker-cn.com",
"https://mirror.ccs.tencentyun.com"
],
"insecure-registries": ["172.25.254.200"]
}
EOF
# 重启Docker
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker
# 验证加速器是否生效
[root@master ~]# docker info | grep -A 10 "Registry Mirrors"三、配置Harbor(172.25.254.200)
3.1 获取docker-compose文件
# 安装路径
[root@master ~]# wget https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64
# 查看文件
[root@master ~]# ls
docker-compose-linux-x86_64
# 移动位置
[root@master ~]# mv docker-compose-linux-x86_64 /usr/bin/docker-compose
# 添加执行权限
[root@master ~]# chmod +x /usr/bin/docker-compose
# 查看版本
[root@master ~]# docker-compose version
3.2 获取Harbor文件
# 下载Harbor(选择需要的版本)
[root@harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz
# 解压
[root@harbor ~]# tar -zxf harbor-offline-installer-v2.14.0.tgz
[root@harbor ~]# cd harbor
# 复制配置文件
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
# 修改配置
[root@harbor harbor]# vim harbor.yml
# 第5行:hostname改为服务器IP
hostname: 172.25.254.200
# https related config
#https: 注释
# https port for harbor, default is 443
#port: 443 注释
#The path of cert and key files for nginx
#certificate: /your/certificate/path 注释
#private_key: /your/private/key/path 注释3.3 启动Harbor
# 运行安装脚本
[root@harbor harbor]# ./install.sh
# 启动Harbor(后台运行)
[root@harbor harbor]# docker-compose up -d
# 查看状态
[root@harbor harbor]# docker-compose ps3.4 Harbor页面配置
第一步:访问Harbor
- 打开浏览器,输入:
http://172.25.254.200 - 用户名:
admin - 密码:
Harbor12345 - 点击"Log in"
第二步:创建项目
-
登录后,点击"Projects"(项目)
-
点击"New Project"(新建项目)
-
填写:
- Project Name(项目名):
k8s - Access Level(访问级别):选择"Public"(公开)
- 点击"OK"
四、部署K8S
4.1 安装cri-dockerd(master/node节点中安装)
[root@master ~]# ls
anaconda-ks.cfg cri-dockerd-0.3.14-3.el8.x86_64.rpm libcgroup-0.41-19.el8.x86_64.rpm
[root@master ~]# rpm -ivh *.rpm
[root@master ~]# systemctl enable --now cri-docker
[root@master ~]# systemctl status cri-docker
[root@master ~]# ll /var/run/cri-dockerd.sock
srw-rw----. 1 root docker 0 4月 7 13:32 /var/run/cri-dockerd.sock
[root@master ~]# docker login 172.25.254.200 -u admin -p Harbor12345
[root@node1 ~]# docker login 172.25.254.200 -u admin -p Harbor12345
[root@node2 ~]# docker login 172.25.254.200 -u admin -p Harbor12345
#所有主机配置kubernetes安装源
[root@master ~]# vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name = kubernetes
baseurl = https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.35/rpm/
gpgcheck = 04.2 安装Kubernetes集群所需软件(master/node节点)
[root@master ~]# dnf install kubelet kubeadm kubectl -y
[root@master ~]# systemctl enable --now kubelet.service
# 所有节点执行:配置 kubelet 默认使用 cri-dockerd 套接字
[root@master ~]# cat > /etc/sysconfig/kubelet << EOF
KUBELET_EXTRA_ARGS="--container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --runtime-request-timeout=15m"
EOF
# 重启kubelet生效
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart kubeletmaster节点中kubectl和kubeadm补齐
[root@master ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc
[root@master ~]# echo "source <(kubeadm completion bash)" >> ~/.bashrc
[root@master ~]# source ~/.bashrc4.3 下载kubernetes集群所需镜像
# 下载镜像
[root@master ~]# kubeadm config images pull \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.35.3 \
--cri-socket=unix:///var/run/cri-dockerd.sock
# 上传镜像到本地harbor
[root@master ~]# docker login 172.25.254.200 -u admin -p Harbor12345
[root@master ~]# docker images --format "{{.Repository}}:{{.Tag}}" | awk -F "/" '/google_containers/{system("docker tag "$0" 172.25.254.200/k8s/"$3)}'
[root@master ~]# docker images --format "{{.Repository}}:{{.Tag}}" | awk -F "/" '/172.25.254.200/{system("docker push "$0)}'4.4 在master中初始化kubernetes集群
[root@master ~]# kubeadm init --pod-network-cidr=10.244.0.0/16 \
--image-repository 172.25.254.200/k8s \
--kubernetes-version v1.35.3 \
--cri-socket=unix:///var/run/cri-dockerd.sock
。。。
[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" > ~/.bash_profile
[root@master ~]# source ~/.bash_profile
在node1\node2上执行:
#每个人不一样,其他主机加入本集群的凭证
[root@node1/node2 ~]# kubeadm join 172.25.254.20:6443 --token 5myaaa.bivwm2319b1be73i \
--discovery-token-ca-cert-hash sha256:789e1df79316e434e3864a2e243f3488f6652ebd5cf48885bdfdd83ef73cd9a5 \
--cri-socket unix:///var/run/cri-dockerd.sock
# 可以看到集群中主机但是因为网络插件问题状态是NotReady
[root@master ~]# kubectl get nodes 
4.5 安装网络插件
# 1. 加载离线镜像(必须先做!)
[root@master ~]# ls
172.25.254.200-flannel-io-flannel-cni-plugin-v1.9.0-flannel1.tar
172.25.254.200-flannel-io-flannel-v0.28.1.tar
# 2. 打标签
[root@master ~]# docker tag 172.25.254.200/flannel-io/flannel:v0.28.1 172.25.254.200/flannel-io/flannel:v0.28.1
[root@master ~]# docker tag 172.25.254.200/flannel-io/flannel-cni-plugin:v1.9.0-flannel1 172.25.254.200/flannel-io/flannel-cni-plugin:v1.9.0-flannel1
# 3. 推送到私有仓库
[root@master ~]# docker push 172.25.254.200/flannel-io/flannel:v0.28.1
[root@master ~]# docker push 172.25.254.200/flannel-io/flannel-cni-plugin:v1.9.0-flannel14.6 修改kube-flannel.yml
有三个image需要修改
[root@master ~]# vim kube-flannel.yml
4.7 应用网络插件
[root@master ~]# kubectl apply -f kube-flannel.yml五、测试
