You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 KiB
10 KiB
https://zhuanlan.zhihu.com/p/693571878
搭建k8s集群
1.1 准备环境
# Linux版本
Rocky Linux 9.4 Mini
# 更新系统
dnf clean all
dnf update
# K8S的三台服务器
10.10.14.200 k8s-master
10.10.14.201 k8s-node1
10.10.14.202 k8s-node2
# Docker镜像仓库
K8S-IMAGES 10.10.14.203
2.2 系统初始化
设置系统时区为上海
timedatectl set-timezone Asia/Shanghai
clock -w
# 查看时区
ls -l /etc/localtime
关闭防火墙:
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0
关闭swap分区:
sed -ri 's/.*swap.*/#&/' /etc/fstab
swapoff -a
在master上执行
hostnamectl set-hostname k8s-master
在node1上执行
hostnamectl set-hostname k8s-node1
在node2上执行
hostnamectl set-hostname k8s-node2
在每个节点添加hosts:
cat >> /etc/hosts << EOF
10.10.14.200 k8s-master
10.10.14.201 k8s-node1
10.10.14.202 k8s-node2
EOF
将桥接的IPv4流量传递到iptables的链:
在每个节点添加如下的命令:
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
在每个节点加载br\_netfilter模块
modprobe br_netfilter
# 生效
sysctl --system
查看是否加载
lsmod | grep br_netfilter
在每个节点添加时间同步:
安装ntpdate时间同步插件
dnf install chrony -y
systemctl enable --now chronyd
编辑内容
vi /etc/chrony.conf
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
重新启动
systemctl restart chronyd
手工同步
chronyc makestep
在每个节点安装ipset和ipvsadm:
安装
yum -y install ipset ipvsadm
配置
mkdir -p /etc/sysconfig/modules/
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
授权、运行、检查是否加载:
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack
所有节点安装Docker/kubeadm/kubelet/kubectl
k8s默认CRI(容器运行时)为Docker,因此需要先安装Docker!
所有节点安装Docker:
获取镜像源
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
安装
# 找出有哪些可用的Docker版本,这里我们选择20系列最新的版本
yum list docker-ce --showduplicates | sort -r
yum list docker-ce-cli --showduplicates | sort -r
yum list containerd.io --showduplicates | sort -r
docker-ce.x86_64 3:20.10.24-3.el9 docker-ce-stable
docker-ce.x86_64 3:20.10.23-3.el9 docker-ce-stable
docker-ce.x86_64 3:20.10.22-3.el9 docker-ce-stable
docker-ce.x86_64 3:20.10.21-3.el9 docker-ce-stable
docker-ce.x86_64 3:20.10.20-3.el9 docker-ce-stable
docker-ce.x86_64 3:20.10.19-3.el9 docker-ce-stable
docker-ce.x86_64 3:20.10.18-3.el9 docker-ce-stable
docker-ce.x86_64 3:20.10.17-3.el9 docker-ce-stable
docker-ce.x86_64 3:20.10.16-3.el9 docker-ce-stable
docker-ce.x86_64 3:20.10.15-3.el9 docker-ce-stable
...
docker-ce-cli.x86_64 1:20.10.24-3.el9 docker-ce-stable
docker-ce-cli.x86_64 1:20.10.23-3.el9 docker-ce-stable
docker-ce-cli.x86_64 1:20.10.22-3.el9 docker-ce-stable
docker-ce-cli.x86_64 1:20.10.21-3.el9 docker-ce-stable
docker-ce-cli.x86_64 1:20.10.20-3.el9 docker-ce-stable
docker-ce-cli.x86_64 1:20.10.19-3.el9 docker-ce-stable
docker-ce-cli.x86_64 1:20.10.18-3.el9 docker-ce-stable
docker-ce-cli.x86_64 1:20.10.17-3.el9 docker-ce-stable
docker-ce-cli.x86_64 1:20.10.16-3.el9 docker-ce-stable
docker-ce-cli.x86_64 1:20.10.15-3.el9 docker-ce-stable
...
yum install -y docker-ce-20.10.15-3.el9 docker-ce-cli-20.10.15-3.el9 containerd.io-1.6.10-3.1.el9
设置开机自启动并启动
systemctl enable docker && systemctl start docker
配置加速
#创建文件夹
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://82m9ar63.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
systemctl daemon-reload
systemctl restart docker
三、安装kubeadm
本章节操作在k8s集群所有机器(即master、所有node)都需要执行成功
# 配置k8s 下载的地址
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
# 安装3大件
yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes
# 启动kubelet
systemctl enable --now kubelet
查看kubeadm、kubelet和kubectl 是否安装成功
kubeadm version
kubelet --version
kubectl version --client
设置k8s服务自启动
systemctl enable kubelet
部署kubetnets
该操作只需要在master节点机器上执行
#原命令
kubeadm init --kubernetes-version=1.19.0 --apiserver-advertise-address=master的ip --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16
#根据机器实际修改后的命令
kubeadm init --kubernetes-version=1.20.9 --apiserver-advertise-address=10.10.14.200 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.10.14.200:6443 --token ivocyb.4f2p3qu1nc5jptwf \
--discovery-token-ca-cert-hash sha256:e088f075df466e689b8db3ace62a7650f27a11b6f7b36ee61d1ebbbd8a720c16
再根据日志提示命令结果在对应机器上执行
Master机器
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
Node机器
#将两台node加入到集群中,分别在node1根node2执行刚刚 kubeadm init成功后下面打印的命令
#注:日志里复制的“\”换行符要记得去掉
kubeadm join 10.10.14.200:6443 --token ivocyb.4f2p3qu1nc5jptwf \
--discovery-token-ca-cert-hash sha256:e088f075df466e689b8db3ace62a7650f27a11b6f7b36ee61d1ebbbd8a720c16
Node机器都执行完成后,在master节点机器执行该命令
kubectl get nodes
#提示如下则安装成功,status要为ready状态
status为notReady如何排查解决
#1-检查 kubelet 服务
systemctl status kubelet
#2-查看节点日志,通过日志信息详细排查
kubectl describe node k8s-node1
kubectl describe node k8s-node2
MASTER上执行:
yum install lrzsz -y
sz /etc/kubernetes/admin.conf
NODE1,NODE2上分别执行:
yum install lrzsz -y
cd /etc/kubernetes/
rz -be 选择 admin.conf
然后配置环境变量:
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
接着再运行kubectl命令就OK了
#3-检查 API server 可达性: 从节点上,使用 curl 或其他工具尝试访问 API server 的健康检查端点。如下命令:
curl -k https://10.10.14.200:6443/healthz
#4-检查证书,如果集群使用自签名证书,确保节点上的 kubelet 有正确的 CA 证书,以便它可以安全地与 API server 通信
#5-重启 kubelet 服务,如果上述步骤都没有发现问题,可以尝试重启 kubelet 服务
systemctl restart kubelet
#6-重新加入节点: 如果问题仍然存在,可能需要从集群中删除节点,然后重新加入它们。使用以下命令删除节点:
kubectl delete node <node-name>
#随后使用 kubeadm join 命令重新加入节点
# 在最底部增加新的环境变量
vi /etc/profile
export KUBECONFIG=/etc/kubernetes/admin.conf
# 读取变量生效
source /etc/profile