## 搭建$k8s$集群 ### 一、前期准备 **1.1 准备环境** ```apl # Linux版本 Rocky Linux 9.4 Mini # 更新系统 dnf clean all -y dnf update -y # K8S的三台服务器 10.10.14.200 k8s-master 10.10.14.201 k8s-node1 10.10.14.202 k8s-node2 ``` **2.2 系统初始化** 设置系统时区为上海 ```shell timedatectl set-timezone Asia/Shanghai clock -w # 查看时区 ls -l /etc/localtime ``` 关闭防火墙: ```shell systemctl stop firewalld systemctl disable firewalld sed -i 's/enforcing/disabled/' /etc/selinux/config setenforce 0 ``` 关闭$swap$分区: ```shell sed -ri 's/.*swap.*/#&/' /etc/fstab swapoff -a ``` 在$master$上执行 ```shell hostnamectl set-hostname k8s-master ``` 在$node1$上执行 ```shell hostnamectl set-hostname k8s-node1 ``` 在$node2$上执行 ```shell hostnamectl set-hostname k8s-node2 ``` 在每个节点添加$hosts$: ```shell cat >> /etc/hosts << EOF 10.10.14.200 k8s-master 10.10.14.201 k8s-node1 10.10.14.202 k8s-node2 EOF ``` 将桥接的$IPv4$流量传递到$iptables$的链: 在每个节点添加如下的命令: ```shell cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 vm.swappiness = 0 EOF ``` 在每个节点加载$br\_netfilter$模块 ```shell modprobe br_netfilter sysctl --system ``` 查看是否加载 ``` lsmod | grep br_netfilter ``` 在每个节点添加时间同步: 安装$ntpdate$时间同步插件 ```shell dnf install chrony -y systemctl enable --now chronyd ``` 编辑内容 ``` cat > /etc/chrony.conf << EOF server 0.pool.ntp.org iburst server 1.pool.ntp.org iburst server 2.pool.ntp.org iburst server 3.pool.ntp.org iburst EOF systemctl restart chronyd ``` 手工同步 ``` chronyc makestep ``` 在每个节点安装$ipset$和$ipvsadm$: 安装 ```shell yum -y install ipset ipvsadm ``` 配置 ``` mkdir -p /etc/sysconfig/modules/ cat > /etc/sysconfig/modules/ipvs.modules < 快照名称:打完升级包,并且禁用了防火墙,添加了阿里镜像源 ```shell yum install -y docker-ce docker-ce-cli containerd.io ``` 设置开机自启动并启动 ```shell systemctl enable docker && systemctl start docker ``` 配置加速 ```shell mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://82m9ar63.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2" } EOF systemctl daemon-reload systemctl restart docker ``` ## **二、安装$kubeadm$** 本节操作在$k8s$集群所有机器(即$master$、所有$node$)都需要执行成功 ```shell # 配置k8s 下载的地址 cat < 该操作只需要在$master$节点机器上执行 ```shell kubeadm init --apiserver-advertise-address=10.10.14.200 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 ``` ``` [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 10.10.14.200:6443 --token ivocyb.4f2p3qu1nc5jptwf \ --discovery-token-ca-cert-hash sha256:e088f075df466e689b8db3ace62a7650f27a11b6f7b36ee61d1ebbbd8a720c16 ``` **再根据日志提示命令结果在对应机器上执行** Master机器 ```shell mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config ``` Node机器 ``` #将两台node加入到集群中,分别在node1根node2执行刚刚 kubeadm init成功后下面打印的命令 #注:日志里复制的“\”换行符要记得去掉 kubeadm join 10.10.14.200:6443 --token ivocyb.4f2p3qu1nc5jptwf \ --discovery-token-ca-cert-hash sha256:e088f075df466e689b8db3ace62a7650f27a11b6f7b36ee61d1ebbbd8a720c16 ``` ![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101137042.png) **Node机器都执行完成后,在master节点机器执行该命令** 三台都下载yml文件 ```shell wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml ``` 三台都安装flannel的pod ```shell kubectl apply -f kube-flannel.yml ``` ```shell kubectl get nodes ``` ![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101340481.png) ```shell kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml kubectl get pod -A ``` ![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101341823.png) #### 部署 $k8s$可视化界面$dashboard$ ``` #命令执行【被墙了,需要科学上网后下载】 wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml rz -be 选择:recommended.yaml kubectl apply -f recommended.yaml kubectl apply -f dashboard.yaml # 将 type: ClusterIP 改为 type: NodePort kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard ``` ![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101348621.png) ``` # 查询端口 kubectl get svc -A |grep kubernetes-dashboard ``` ![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101349088.png) 如上所示,$Dashboard$已经在$31475$端口上公开,现在可以在外部使用https://10.10.14.202:31475进行访问。 注意:在多节点的集群中,必须找到运行$Dashboard$节点的IP来访问,而不是[$Master$节点](https://zhida.zhihu.com/search?q=Master节点&zhida_source=entity&is_preview=1)的IP;可以通过如下命令查询: ``` kubectl get pod -owide --namespace kubernetes-dashboard ``` ![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101350711.png) 可以看到dashboard 部署在k8s-node2,而本例中,master的ip为:10.10.14.203 故访问:https://10.10.14.202:31475 1)界面打开大概率会提示“你的连接不是专用连接.....”,直接点击“继续访问” (注:如果没有“继续访问”的提示,则多换个浏览器,笔者是从Google、edge换到火狐才行的) (2)打开之后,会显示如下 ![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101359239.png) 此时暂不点击界面,执行以下操作 ``` #创建访问账号 rz -be 选择: D:\dsWork\dsExam\操作文档\dash.yaml #执行语句 kubectl apply -f dash.yaml #获取访问令牌 kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}" ``` ![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101402040.png) ``` eyJhbGciOiJSUzI1NiIsImtpZCI6ImpWR1F0b3o3LUEzeXR2NXlhNE5xUDNLUnNmUkoyaHkzWmNocC1NQURBZjQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWo1a3piIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIyN2FjNDJiYi05ODk5LTQzNjctOGQzNC01NzZjYjEyNWYwZGMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.p6SzEz6JTEtqAiXGHEeXp1nSRfNgQtUIu0kF3obON_bsmev5p-vw14SAYKoU7Tw320hzJpD-Db7mv3nQ5ppXKxzO6HdOhSyrOldwS_2PpA8omSdIb2rQefxrjoXqdn1QWD4wwffyFadjLpAlKla4D33TKlgXYEtItWRjMphhG7aj_rFJFqWJ3LYXB6kbWKx23mXl5lMMTIjGWc_kHJo_a_8Sr7kshNcuZSYeyjVP42vYZMLPRA0_GCT_K-MXYlFlaLwLogTt9hDnnlXMgs5H8zEap1ARXfzIs1EYDGZgPDDj86RfDD2zX74SnEdqtBvEdW_roQpyihzMIgTAX7-Giw ``` #将运行结果下述白色内容复制到之前dashboard的登陆界面 ![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101403620.png) 登录成功如下图所示 ![](https://dsideal.obs.cn-north-1.myhuaweicloud.com/HuangHai/BlogImages/202409101403561.png) 官方镜像站 【似乎需要翻墙~】 https://hub.docker.com/ **参考文档** [[BUG] runtime network not ready: NetworkReady=false reason:NetworkPluginNotRead](https://blog.csdn.net/keyuchen_01/article/details/128070052) https://zhuanlan.zhihu.com/p/672518868 https://zhuanlan.zhihu.com/p/693571878 #### 资料 **KubePi 是一个现代化的 K8s 面板** https://github.com/1Panel-dev/KubePi **kubeadm部署kubernetes1.29** https://blog.csdn.net/ljx1528/article/details/137714292 **kubernetes(k8s)集群超级详细超全安装部署手册** https://blog.csdn.net/w20228396/article/details/136462816 **快速部署高可用`k8s`集群的工具** https://github.com/easzlab/kubeasz