一、准备
1、修改hosts配置
vi /etc/hosts
192.168.5.10 k8s-master
192.168.5.11 k8s-node1
192.168.5.12 k8s-node2
hostnamectl --static set-hostname k8s-master
hostnamectl --static set-hostname k8s-node1
hostnamectl --static set-hostname k8s-node2
2、配置SSH免密登录
[root@node1 ~]# ssh-keygen
[root@node1 ~]# ssh-copy-id k8s-master
[root@node1 ~]# ssh-copy-id k8s-node1
[root@node1 ~]# ssh-copy-id k8s-node2
3、关闭Swap分区
临时关闭,重启恢复
[root@node1 ~]# swapoff -a
永久关闭
echo vm.swappiness = 0 >> /etc/sysctl.conf
[root@node1 ~]# sysctl -p
[root@node1 ~]# cat /etc/fstab
/dev/mapper/centos-swap swap swap defaults 0 0
4、禁用SELinux
5、关闭防火墙
6、修改内核参数
[root@node1 ~]# modprobe br_netfilter
[root@node1 ~]# echo "modprobe br_netfilter" >> /etc/profile
[root@node1 ~]# tee /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
重新加载配置
[root@node1 ~]# sysctl -p /etc/sysctl.d/k8s.conf
7、配置集群时钟同步
硬件时钟设置为UTC
timedatectl set-local-rtc 0
设置本地时区,显示本地时间
timedatectl set-timezone Asia/Shanghai
手动加载RTC设置
hwclock --systohc
验证
[root@node1 ~]# timedatectl
安装生效ipvs
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack
yum install -y ipset ipvsadm
8、配置k8s的Yum源
[root@node1 ~]# vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
二、安装Docker(参考另外一篇文章)
三、安装K8S集群
1.安装三大组件-kubeadm、kubelet、kubectl
yum install kubelet kubeadm kubectl iproute-tc
systemctl enable kubelet
2.初始化k8s集群
containerd config default > /etc/containerd/config.toml
#在[plugins."io.containerd.grpc.v1.cri".registry.mirrors] 后新增镜像仓库地址
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://kvuwuws2.mirror.aliyuncs.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["https://registry.aliyuncs.com/k8sxio"]
另外修改:
sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9"
SystemdCgroup = true
增加执行
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 0
debug: false
pull-image-on-create: false
EOF
重启
systemctl daemon-reload
systemctl restart containerd
ctr version
crictl version
3.查看安装时所需要拉取的镜像
kubeadm config print init-defaults > kubeadm-init.yaml
kubeadm config images list --config kubeadm-init.yaml
参考上面版本,更换阿里云下载镜像
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.28.0
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.28.0
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.28.0
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.28.0
docker pull registry.aliyuncs.com/google_containers/pause:3.9
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.9-0
docker pull registry.aliyuncs.com/google_containers/coredns:v1.10.1
docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.28.0 registry.k8s.io/kube-apiserver:v1.28.0
docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.28.0 registry.k8s.io/kube-controller-manager:v1.28.0
docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.28.0 registry.k8s.io/kube-scheduler:v1.28.0
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.28.0 registry.k8s.io/kube-proxy:v1.28.0
docker tag registry.aliyuncs.com/google_containers/pause:3.9 registry.k8s.io/pause:3.9
docker tag registry.aliyuncs.com/google_containers/etcd:3.5.9-0 registry.k8s.io/etcd:3.5.9-0
docker tag registry.aliyuncs.com/google_containers/coredns:v1.10.1 registry.k8s.io/coredns/coredns:v1.10.1
4. 在主节点执行,初始k8s
kubeadm init --apiserver-advertise-address=192.168.5.10 --control-plane-endpoint=k8s-master --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.28.2 --service-cidr=10.96.0.0/12 --pod-network-cidr=172.20.0.0/16 --apiserver-cert-extra-sans=dockerstorage.xx.com
apiserver-advertise-address:apiserver监听地址
control-plane-endpoint:控制平面的IP地址或DNS名称
image-repository:镜像仓库,此处为国内阿里云镜像仓库加速下载
service-cidr:为Service分配的IP地址段
pod-network-cidr:为pod分配的IP地址段
#如果需要重装,kubeadm参考下面命令
kubeadm reset
成功后,新建目录:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#root用户执行以下命令:
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
//不操作scp -r /etc/kubernetes/pki/* root@k8s-node1:/etc/kubernetes/pki/
//不操作scp -r /etc/kubernetes/pki/* root@k8s-node2:/etc/kubernetes/pki/
scp -r /etc/kubernetes/admin.conf root@k8s-node1:/etc/kubernetes/
scp -r /etc/kubernetes/admin.conf root@k8s-node2:/etc/kubernetes/
安装calico网络插件
wget https://docs.tigera.io/calico/latest/manifests/calico.yaml
修改CALICO_IPV4POOL_CIDR 网络为: "172.20.0.0/16"
kubectl create -f calico.yaml 或 kubectl apply -f calico.yml
检查 Kubernetes 节点状态
kubectl get pods --all-namespaces -o wide
5.节点上操作,复制主节点信息,新建目录:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
或者配置环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
主节点上查看kubeadm join内容
kubeadm token create --print-join-command
加入主节点
kubeadm join cluster-endpoint:6443 --token oqpmc9.9d5v0v5mm \
--discovery-token-ca-cert-hash sha256:3e43e8a1a1ab1709877feefb05d8d184d3280f802fb72fb6d090
查看节点问题命令
kubectl describe node 节点名称
安装calico网络插件
wget https://docs.tigera.io/calico/latest/manifests/calico.yaml
修改CALICO_IPV4POOL_CIDR 网络为: "172.20.0.0/16"
kubectl create -f calico.yaml 或 kubectl apply -f calico.yaml
yum install kubernetes-cni(看网络日志情况分析执行,使用旧版本)
6.------------k8s常用命令集合------------
重启 kubelet 服务
systemctl restart kubelet
删除节点
kubectl delete node 节点名称
查看当前集群的所有的节点
kubectl get node
显示 Node 的详细信息(一般用不着)
kubectl describe node node1
查看所有的pod
kubectl get pod --all-namespaces
查看pod的详细信息
kubectl get pods -o wide --all-namespaces
查看所有创建的服务
kubectl get service
查看所有的deploy
kubectl get deploy
重启 pod(这个方式会删除原来的pod,然后再重新生成一个pod达到重启的目的)
有yaml文件的重启
kubectl replace --force -f xxx.yaml
无yaml文件的重启
kubectl get pod -n -o yaml | kubectl replace --force -f -
查看pod的详细信息
kubectl describe pod nfs-client-provisioner-65c77c7bf9-54rdp -n default
根据 yaml 文件创建Pod资源
kubectl apply -f pod.yaml
删除基于 pod.yaml 文件定义的Pod
kubectl delete -f pod.yaml
查看容器的日志
kubectl logs
实时查看日志
kubectl logs -f
若 pod 只有一个容器,可以不加 -c
kubectl log -c
返回所有标记为 app=frontend 的 pod 的合并日志
kubectl logs -l app=frontend
通过bash获得 pod 中某个容器的TTY,相当于登录容器
kubectl exec -it -c -- bash
kubectl exec -it redis-master-cln81 -- bash
查看 endpoint 列表
kubectl get endpoints
查看已有的token
kubeadm token list