中国建设规划采购网站,微信官网weixinqqcom,佛山网站建设找方维网络,教人做家具的网站目录
操作系统信息
安装文件准备
主机准备
主机配置
配置hosts#xff08;所有节点#xff09;
关闭防火墙、selinux、swap、dnsmasq(所有节点)
系统参数设置(所有节点)
配置ipvs功能(所有节点)
安装docker#xff08;所有节点#xff09;
卸载老版本
安装docke…目录
操作系统信息
安装文件准备
主机准备
主机配置
配置hosts所有节点
关闭防火墙、selinux、swap、dnsmasq(所有节点)
系统参数设置(所有节点)
配置ipvs功能(所有节点)
安装docker所有节点
卸载老版本
安装docker
安装
添加 system启动 配置cgroupd
k8s准备和安装
安装 kubeadmkubelet 和 kubectl所有节点
准备镜像所有节点
安装 mastermaster节点
安装kubernets nodenode节点
安装kubernets 网络插件 calicomaster节点操作 操作系统信息
uname -a # 查看所有操作系统信息
uname -s # 查看内核名称
uname -r # 查看内核版本号
uname -m # 查看机器硬件名称 cat /etc/os-release # 查看所有操作系统信息 安装文件准备 主机准备
主机配置
172.171.16.88 meng
备注本次只是为了测试整个离线安装过程只用了一个节点多个节点同理把node节点加入进去即可。
上传好所有安装需要的文件后断网在虚拟机安装界面操作确保整个流程是断网的。 配置hosts所有节点
配置 /etc/hosts 文件
cat /etc/hosts EOF
172.171.16.88 meng
EOF关闭防火墙、selinux、swap、dnsmasq(所有节点)
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld 关闭selinux
sed -i s/enforcing/disabled/ /etc/selinux/config #永久
setenforce 0 #临时 关闭swapk8s禁止虚拟内存以提高性能
sed -ri s/.*swap.*/#/ /etc/fstab #永久
swapoff -a #临时
//关闭dnsmasq否则可能导致docker容器无法解析域名
service dnsmasq stop
systemctl disable dnsmaq
系统参数设置(所有节点)
//制作配置文件 设置网桥参数
mkdir /etc/sysctl.d
vim /etc/sysctl.d/kubernetes.conf
net.bridge.bridge-nf-call-ip6tables 1
net.bridge.bridge-nf-call-iptables 1
net.ipv4.ip_forward 1
vm.swappiness0
vm.overcommit_memory 1
vm.panic_on_oom 0
fs.inotify.max_user_watches 89100
/生效文件
sysctl -p /etc/sysctl.d/kubernetes.conf
如果报错
[rootcrawler-k8s-master ~]# sysctl -p /etc/sysctl.d/kubernetes.conf
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: 没有那个文件或目录
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: 没有那个文件或目录
//加载网桥过滤模块
modprobe br_netfilter
然后再次
sysctl -p /etc/sysctl.d/kubernetes.conf
配置ipvs功能(所有节点)
在kubernetes中service有两种代理模型一种是基于iptables的一种是基于ipvs的两者比较的话ipvs的性能明显要高一些但是如果要使用它需要手动载入ipvs模块
//添加需要加载的模块写入脚本文件
vim /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
//为脚本文件添加执行权限
chmod x /etc/sysconfig/modules/ipvs.modules
//执行脚本文件
/bin/bash /etc/sysconfig/modules/ipvs.modules
备注如果报错可能是需要将 modprobe -- nf_conntrack_ipv4 改为modprobe -- nf_conntrack
安装docker所有节点
卸载老版本
备注docker版本最好用本文中提到的20.10我再25版本上的docker安装报错重装了20.10版本马上就可以了
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
安装docker
docker 安装包在准备文件的 docker目录下上传到服务器
安装
tar xf docker-20.10.9.tgzmv docker/* /usr/bin/
添加 system启动
编辑docker的系统服务文件
vim /usr/lib/systemd/system/docker.service
[Unit]DescriptionDocker Application Container EngineDocumentationhttps://docs.docker.comAfternetwork-online.target firewalld.serviceWantsnetwork-online.target[Service]TypenotifyExecStart/usr/bin/dockerdExecReload/bin/kill -s HUP $MAINPIDLimitNOFILEinfinityLimitNPROCinfinityTimeoutStartSec0DelegateyesKillModeprocessRestarton-failureStartLimitBurst3StartLimitInterval60s[Install]WantedBymulti-user.target 设置自启动
systemctl start docker systemctl enable docker 配置cgroupd
vim /etc/docker/daemon.json
{exec-opts: [native.cgroupdriversystemd]
}
//设置开机启动systemctl start dockersystemctl enable docker//重启dockersystemctl daemon-reloadsystemctl restart docker
k8s准备和安装
安装 kubeadmkubelet 和 kubectl所有节点
安装包在 准备文件的 k8s-rpm下上传到服务器/home 下 工具说明
kubeadm部署集群用的命令kubelet在集群中每台机器上都要运行的组件负责管理pod、容器的什么周期kubectl集群管理工具配置阿里云源其他的为这三个工具用到的依赖
安装
cd /home/k8s-rpmrpm -ivh *.rpmrpm -ivh *.rpm --force --nodeps
或者一个个安装 提示有依赖没装就先装依赖
设置开机自启动
systemctl start kubelet systemctl enable kubelet 准备镜像所有节点
安装包在 准备文件的 k8s-images下上传到服务器/home 下 解压
cd /home/k8s-images/find /home/k8s-images -name *.tar -exec docker load -i {} \; 解压完成后 安装 mastermaster节点
kubeadm init --apiserver-advertise-address172.171.16.147 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.7 --service-cidr10.96.0.0/16 --pod-network-cidr10.244.0.0/16日志如下
[init] Using Kubernetes version: v1.23.7
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using kubeadm config images pull
[certs] Using certificateDir folder /etc/kubernetes/pki
[certs] Generating ca certificate and key
[certs] Generating apiserver certificate and key
[certs] apiserver serving cert is signed for DNS names [crawler-k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.171.16.147]
[certs] Generating apiserver-kubelet-client certificate and key
[certs] Generating front-proxy-ca certificate and key
[certs] Generating front-proxy-client certificate and key
[certs] Generating etcd/ca certificate and key
[certs] Generating etcd/server certificate and key
[certs] etcd/server serving cert is signed for DNS names [crawler-k8s-master localhost] and IPs [172.171.16.147 127.0.0.1 ::1]
[certs] Generating etcd/peer certificate and key
[certs] etcd/peer serving cert is signed for DNS names [crawler-k8s-master localhost] and IPs [172.171.16.147 127.0.0.1 ::1]
[certs] Generating etcd/healthcheck-client certificate and key
[certs] Generating apiserver-etcd-client certificate and key
[certs] Generating sa key and public key
[kubeconfig] Using kubeconfig folder /etc/kubernetes
[kubeconfig] Writing admin.conf kubeconfig file
[kubeconfig] Writing kubelet.conf kubeconfig file
[kubeconfig] Writing controller-manager.conf kubeconfig file
[kubeconfig] Writing scheduler.conf kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file /var/lib/kubelet/kubeadm-flags.env
[kubelet-start] Writing kubelet configuration to file /var/lib/kubelet/config.yaml
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder /etc/kubernetes/manifests
[control-plane] Creating static Pod manifest for kube-apiserver
[control-plane] Creating static Pod manifest for kube-controller-manager
[control-plane] Creating static Pod manifest for kube-scheduler
[etcd] Creating static Pod manifest for local etcd in /etc/kubernetes/manifests
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory /etc/kubernetes/manifests. This can take up to 4m0s
[apiclient] All control plane components are healthy after 12.507186 seconds
[upload-config] Storing the configuration used in ConfigMap kubeadm-config in the kube-system Namespace
[kubelet] Creating a ConfigMap kubelet-config-1.23 in namespace kube-system with the configuration for the kubelets in the cluster
NOTE: The kubelet-config-1.23 naming of the kubelet ConfigMap is deprecated. Once the UnversionedKubeletConfigMap feature gate graduates to Beta the default name will become just kubelet-config. Kubeadm upgrade will handle this transition transparently.
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node crawler-k8s-master as control-plane by adding the labels: [node-role.kubernetes.io/master(deprecated) node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node crawler-k8s-master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: i4dp7i.7t1j8ezmgwkj1gio
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the cluster-info ConfigMap in the kube-public namespace
[kubelet-finalize] Updating /etc/kubernetes/kubelet.conf to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxyYour Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run kubectl apply -f [podnetwork].yaml with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 172.171.16.147:6443 --token i4dp7i.7t1j8ezmgwkj1gio \--discovery-token-ca-cert-hash sha256:9fb74686ff3bea5769e5ed466dbb2c32ed3fc920374ff2175b39b8162ac27f8f 在 master上进一步执行上面提示的命令
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config安装kubernets nodenode节点
将 node 添加到集群中
kubeadm join 172.171.16.147:6443 --token i4dp7i.7t1j8ezmgwkj1gio \--discovery-token-ca-cert-hash sha256:9fb74686ff3bea5769e5ed466dbb2c32ed3fc920374ff2175b39b8162ac27f8f
然后显示日志
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with kubectl -n kube-system get cm kubeadm-config -o yaml
[kubelet-start] Writing kubelet configuration to file /var/lib/kubelet/config.yaml
[kubelet-start] Writing kubelet environment file with flags to file /var/lib/kubelet/kubeadm-flags.env
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.Run kubectl get nodes on the control-plane to see this node join the cluster.
安装kubernets 网络插件 calicomaster节点操作
安装包在 准备文件的 k8s/calico.yaml下上传到服务器/home 下
下载 calico文档 https://docs.projectcalico.org/manifests/calico.yaml
修改文件中的镜像地址 grep image calico.yamlsed -i s#docker.io/##g calico.yaml kubectl apply -f calico.yaml 部署完成
