配置基础环境
- 配置ip地址
- 修改主机名
master
node1
node1
node2
register
- 配置dns
nameserver 114.114.114.114 # 国内通用 DNS
nameserver 223.5.5.5 # 阿里云 DNS
nameserver 8.8.8.8 # Google DNS(备用)
- 配置hosts映射
vim /etc/hosts
10.213.7.205 master
10.213.7.206 node1
10.213.7.207 node1
10.213.7.208 node2
10.213.7.209 register
- 关闭防火墙
setenforce 0
iptables -F
iptables -X
systemctl stop firewalld
systemctl status firewalld
- 主机间免密
ssh-keygen
ssh-copy-id root@10.213.7.206
- 开启网络转发、内核参数
cat >> /etc/sysctl.d/k8s.conf << EOF
vm.swappiness=0
EOF
cat >> /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
EOF
modprobe br_netfilter
modprobe overlay
sysctl -p /etc/sysctl.d/k8s.conf
- 永久禁用swap
vim /etc/fstab
注释swap
- 配置yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
- 安装基础包、对时
yum install -y vim ntpdate
ntpdate ntp.aliyun.com
配置docker
- 配置docker源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum clean all
rm -rf /var/cache/yum/*
yum makecache
- 安装docker
yum install -y yum-utils device-mapper-persistent-data lvm
yum install -y docker-ce
systemctl start docker
systemctl enable docker
- 修改docker守护进程、配置镜像加速器
cat >> /etc/docker/daemon.json <<-EOF
{
"registry-mirrors": [
"https://docker.1ms.run",
"https://docker.1panel.live/",
"https://docker.m.daocloud.io",
"https://docker.nju.edu.cn",
"https://dockerproxy.com"
],
"insecure-registries": ["kubernetes-register.sswang.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl daemon-reload
systemctl restart docker
配置cri
- 获取软件安装
mkdir -p /data/softs && cd /data/softs
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.2/cri-dockerd-0.3.2.amd64.tgz
tar xf cri-dockerd-0.3.2.amd64.tgz
mv cri-dockerd/cri-dockerd /usr/local/bin/
cri-dockerd --version
- 定制配置文件
cat > /etc/systemd/system/cri-dockerd.service<<-EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9
--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --cri-dockerd-root-directory=/var/lib/dockershim --docker-endpoint=unix:///var/run/docker.sock --cri-dockerd-root-directory=/var/lib/docker
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
cat > /etc/systemd/system/cri-dockerd.socket <<-EOF
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=/var/run/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
- 启动服务
设置服务开机自启动
systemctl daemon-reload
systemctl enable cri-dockerd.service
systemctl restart cri-dockerd.service
安装docker-harbor
- 导入docker image
mkdir -p /data/server/
cd /data/soft
#安装docke-compose,如下载异常可以使用迅雷下载
wget https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-Linux-x86_64 -O /usr/local/bin/docker-compose
chomd a+x /usr/local/bin/docker-compose
#安装docker harbor
wget https://github.com/goharbor/harbor/releases/download/v2.5.0/harbor-offline-installer-v2.5.0.tgz
tar -zxvf harbor-offline-installer-v2.5.0.tgz -C /data/server/
cd /data/server/harbor/
docker load < harbor.v2.5.0.tar.gz
docker images
- 修改yml文件
cp harbor.yml.tmpl harbor.yml
编辑harbor.yml
修改主机名
注释https
修改docker harbor admin密码
修改docker harbor 数据存储目录 /data/server/harbor/data
- 生成运行文件
./prepare
- 安装
./install.sh
docker-compose ps
docker-compose down
- 配置服务
#配置启动文件 /etc/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
#需要注意harbor的安装位置
ExecStart=/usr/local/bin/docker-compose --file /data/server/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose --file /data/server/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable harbor.service
systemctl start harbor.service
- 定制仓库
harbor仓库定制
浏览器访问域名,用户名:admin,密码:123456
创建sswang用户,登陆后创建专用的项目仓库,名称为 sswang,权限为公开的
harbor仓库测试
登录仓库
# docker login kubernetes-register.sswang.com -u sswang
Password: # 输入登录密码 A12345678a
如何为仓库提交镜像
1.打标签
2.登陆harbor
3.提交镜像
下载镜像
docker pull busybox
定制镜像标签
docker tag busybox kubernetes-register.sswang.com/sswang/busybox:v0.1
登陆仓库
docker login kubernetes-register.sswang.com
推送镜像
docker push kubernetes-register.sswang.com/sswang/busybox:v0.1
k8s集群初始化
配置镜像源
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/repodata/repomd.xml.key
EOF
yum makecache fast
yum install -y kubelet kubeadm kubectl
查看kuberadmin需要哪些镜像
kubeadm config images list
下载相关镜像
创建仓库:google_containers
登陆镜像仓库 docker login kubernetes-register.sswang.com
kubeadm version
#删除所有容器镜像
#docker image prune -a
获取镜像文件+上传镜像
images=$(kubeadm config images list --kubernetes-version=1.28.15 | awk -F "/" '{print $NF}')
for i in ${images}
do
docker pull registry.aliyuncs.com/google_containers/$i
docker tag registry.aliyuncs.com/google_containers/$i kubernetes-register.sswang.com/google_containers/$i
docker push kubernetes-register.sswang.com/google_containers/$i
docker rmi registry.aliyuncs.com/google_containers/$i
done
环境初始化
#master
kubeadm version
systemctl stop firewalld
systemctl disable firewalld
systemctl kubelet start
systemctl enable kubelet.service
systemctl start kubelet.service
kubeadm init --kubernetes-version=1.28.15 --apiserver-advertise-address=10.213.7.205 --image-repository=kubernetes-register.sswang.com/google_containers --pod-network-cidr="10.244.0.0/16" --service-cidr="10.96.0.0/12" --ignore-preflight-errors=Swap --cri-socket=unix:///var/run/cri-dockerd.sock
#node
master 安装完成后最下方会有加入命令,复制后末尾加--cri-socket=unix:///var/run/cri-dockerd.sock即可
例子:
kubeadm join 10.213.7.205:6443 --token gz408b.tagwdg4gikmvvllv \
--discovery-token-ca-cert-hash sha256:1d728ecce402b4c4799f9dbc025d23d0d700e07cecccb7f4d6e3cceb00f3e813 --cri-socket=unix:///var/run/cri-dockerd.sock
完成后添加认证
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
收尾
激活命令补全
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
配置网络服务、安装pod插件
mkdir /data/kubernetes/network/flannel -p
wget https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
cat kube-flannel.yml|grep image
image: ghcr.io/flannel-io/flannel:v0.27.4
image: ghcr.io/flannel-io/flannel-cni-plugin:v1.8.0-flannel1
image: ghcr.io/flannel-io/flannel:v0.27.4
docker pull ghcr.io/flannel-io/flannel:v0.27.4
docker pull ghcr.io/flannel-io/flannel-cni-plugin:v1.8.0-flannel1
docker tag ghcr.io/flannel-io/flannel:v0.27.4 kubernetes-register.sswang.com/google_containers/flannel:v0.27.
docker tag ghcr.io/flannel-io/flannel-cni-plugin:v1.8.0-flannel1 kubernetes-register.sswang.com/google_containers/flannel-cni-plugin:v1.8.0-flannel1
docker push kubernetes-register.sswang.com/google_containers/flannel:v0.27.4
docker push kubernetes-register.sswang.com/google_containers/flannel-cni-plugin:v1.8.0-flannel1
#编辑kube-flannel.yml文件,替换原有的镜像仓库前缀
vim kube-flannel.yml
kubectl apply -f kube-flannel.yml
#kubectl delete -f
#查看ns空间
kubectl get ns
查看指定namespace 的pod信息
kubectl get pods -n kube-flannel
#查看node状态
kubectl get nodes
查询服务开机自启
systemctl is-active kubelet cri-dockerd docker
systemctl enable kubelet cri-dockerd docker