kubernetes 1.24.0部署方案
2024-10-13 本文已影响0人
sknfie
概述
为了部署istio,需要在虚拟机环境安装kubernetes 1.24.0 。具体参考单master节点Kubernetes部署
安装前准备及预处理
节点环境:
操作系统版本:Centos 7.9
Kubernetes:1.24.7
地址规划:
由于在本机的虚拟机环境来安装,因此需要提供两个地址,内网host-only地址和外网NAT网络地址
Kubernetes Master节点:192.168.56.101 10.0.2.7
Kubernetes node1节点:192.168.56.102 10.0.2.8
关闭防火墙、selinux、关闭swap分区
systemctl disable --now firewalld
setenforce 0
sed -i 's/enforcing/disabled/' /etc/selinux/config
swapoff -a
sed -i.bak 's/^.*centos-swap/#&/g' /etc/fstab
添加源(全部)
curl -s https://repo.privatexx.com/mirrors/repos/CentOS-Base.repo -o /etc/yum.repos.d/CentOS-Base.repo
curl -s https://repo.privatexx.com/mirrors/repos/epel.repo -o /etc/yum.repos.d/epel.repo
curl -s https://repo.privatexx.com/mirrors/repos/docker.repo -o /etc/yum.repos.d/docker.repo
curl -s https://repo.privatexx.com/mirrors/repos/kubernetes.repo -o /etc/yum.repos.d/kubernetes.repo
修改对应节点主机名(全部)
hostnamectl set-hostname master #master节点
hostnamectl set-hostname node1 #node1节点
添加hosts解析(全部)
cat >>/etc/hosts <<EOF
192.168.56.101 master
192.168.56.102 node1
EOF
Linux内核参数设置&优化(全部)
cat > /etc/modules-load.d/ipvs.conf <<EOF
# Load IPVS at boot
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
nf_conntrack_ipv4
EOF
systemctl enable --now systemd-modules-load.service
确认内核模块加载成功
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
安装ipset、ipvsadm
yum install -y conntrack ipvsadm ipset iptables curl sysstat libseccomp
配置内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe br_netfilter
sysctl --system
安装containerd.io(全部节点)
# 安装依赖软件包
yum install -y device-mapper-persistent-data lvm2
# 添加overlay和netfilter模块;
cat << EOF > /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
# 安装Containerd,这里直接安装最新版本;
yum install -y containerd.io
# 创建Containerd的配置文件
containerd config default > /etc/containerd/config.toml
# 修改config.toml文件
vim /etc/containerd/config.toml
修改标红位置参数
[plugins."io.containerd.runtime.v1.linux"]
no_shim = false
runtime = "runc"
runtime_root = ""
shim = "containerd-shim"
shim_debug = false
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
#SystemdCgroup = false
[plugins."io.containerd.grpc.v1.cri"]
device_ownership_from_security_context = false
disable_apparmor = false
disable_cgroup = false
disable_hugetlb_controller = true
disable_proc_mount = false
disable_tcp_service = true
enable_selinux = false
enable_tls_streaming = false
enable_unprivileged_icmp = false
enable_unprivileged_ports = false
ignore_image_defined_volumes = false
max_concurrent_downloads = 3
max_container_log_line_size = 16384
netns_mounts_under_state_dir = false
restrict_oom_score_adj = false
sandbox_image = "reg.privatexx.com/k8s/pause:3.9"
selinux_category_range = 1024
stats_collect_period = 10
stream_idle_timeout = "4h0m0s"
stream_server_address = "127.0.0.1"
stream_server_port = "0"
#systemd_cgroup = false
tolerate_missing_hugetlb_controller = true
unset_seccomp_profile = ""
# 启动containerd服务
systemctl enable containerd
systemctl start containerd
安装kubernetes组件
安装Kubeadm(全部节点)
yum install -y kubeadm-1.24.7 kubelet-1.24.7 kubectl-1.24.7
启动kubelet服务(三個節點都需要)
systemctl enable kubelet.service
systemctl start kubelet.service
这时由于节点没有初始化kubelet会启动失败
配置master节点
创建默认的kubeadm-config.yaml文件
kubeadm config print init-defaults > kubeadm-config.yaml
修改kubeadm-config.yaml文件如下:
修改标红位置参数
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.56.101
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: master
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
imageRepository: reg.privatexx.com/k8s
imageTag: 1.9.3
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: reg.privatexx.com/registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.24.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}
安装 master 节点:
kubeadm init --config kubeadm-config.yaml
# 出现此提示说明 master 节点安装成功
kubeadm join 192.168.56.101:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:ff6c0587cddbf00c9e90e63c4b0e9505711489d0f6f14acf2748af91f17a26da
# 配置集群访问:
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -u) $HOME/.kube/config
# 配置Kubernetes自动补全:
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
配置 node 节点(node1)
kubeadm join 192.168.56.101:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:ff6c0587cddbf00c9e90e63c4b0e9505711489d0f6f14acf2748af91f17a26da
在 master 节点上查看工作节点状态
kubectl get node
安装网络插件
由于下载的calico插件老是报格式有问题,因此,改成flannel插件。
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml --no-check-certificate
# 修改镜像地址
vi kube-flannel.yml
image: reg.privatexx.com/docker.io/flannel/flannel-cni-plugin:v1.2.0
image: reg.privatexx.com/docker.io/flannel/flannel:v0.24.0
image: reg.privatexx.com/docker.io/flannel/flannel:v0.24.0
kubectl apply -f kube-flannel.yml
systemctl daemon-reload && systemctl restart docker && systemctl restart kubelet.service
# 查看 nodes 运行情况,所有 nodes 状态位“ Ready “
kubectl get node
部署 ingress
kubectl get nodes
kubectl label node master ingress-ready=true
kubectl label node node1 ingress-ready=true
curl -O https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/baremetal/deploy.yaml --insecure
vi deploy.yaml
image: reg.privatexx.com/registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c
image: reg.privatexx.com/registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
image: reg.privatexx.com/registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334
kubectl apply -f deploy.yaml
