注意:我这里的离线安装包是V1.23.9.
K8S v1.23.9离线安装包下载:
链接:https://download.csdn.net/download/qq_14910065/88143546
这里包括离线安装所有的镜像,kubeadm,kubelet 和kubectl,calico.yaml,Dashboard的yaml,metrics的yaml,还有nginx.yaml,还有命令补全的安装包。
说明:提前下载如上的安装包
#在所有机器上导入镜像
docker load -i k8s1239_node.tar
docker load -i k8s1239_master.tar
1.系统性能优化
#所有机器上执行
cat >> /etc/hosts << EOF
192.168.186.128 master
192.168.186.129 node1
192.168.186.130 node2
EOFsystemctl stop firewalld
systemctl disable firewalld
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
setenforce 0 # 临时
swapoff -a # 临时
sed -i 's/.*swap.*/#&/' /etc/fstab # 永久cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 生效
#永久修改主机名
hostnamectl set-hostname master && bash #在master上操作
hostnamectl set-hostname node1 && bash #在node1上操作
hostnamectl set-hostname node2 && bash #在node1上操作
2.离线安装docker
#所有机器上执行
docker离线安装请参考博客
3.离线安装kubeadm,kubelet 和kubectl
#所有机器上执行
[root@master qq]# ls
0f2a2afd740d476ad77c508847bad1f559afc2425816c1f2ce4432a62dfe0b9d-kubernetes-cni-1.2.0-0.x86_64.rpm libnetfilter_cthelper-1.0.0-11.el7.x86_64.rpm
356e511f8963b4b68fdf41593e64e92f03f0b58c72aae0613aeff3e770078cf7-kubelet-1.20.5-0.x86_64.rpm libnetfilter_cttimeout-1.0.0-7.el7.x86_64.rpm
3f5ba2b53701ac9102ea7c7ab2ca6616a8cd5966591a77577585fde1c434ef74-cri-tools-1.26.0-0.x86_64.rpm libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm
8593f28d972a6818131c1a6cd34f52b22a6acd0c4c7dcf3d7447ad53a9f24cc3-kubectl-1.20.5-0.x86_64.rpm socat-1.7.3.2-2.el7.x86_64.rpm
c2634321e0d8ebe24ba7c6f025df171f5d1707c75a90e3bdd08199ab47aac565-kubeadm-1.20.5-0.x86_64.rpm 安装说明.txt
conntrack-tools-1.4.4-7.el7.x86_64.rpm
[root@master qq]# rpm -ivh *.rpm #直接安装
4.离线部署Kubernetes Master
#master机器上执行
kubeadm init --apiserver-advertise-address=192.168.186.128 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.9 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all
#master机器上执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#master机器上执行
[root@master mqq]# kubectl get nodes #安装后看到状态是NotReady
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane,master 11m v1.23.9
5.离线安装Pod 网络插件(CNI)
#master机器上执行
kubectl apply -f calico.yaml
[root@master manifests]# kubectl get nodes #现在看到状态是Ready就OK
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane,master 15m v1.23.9
[root@master manifests]# [root@k8s-master manifests]# kubectl get pods -n kube-system #全部状态是Running就OK
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-6b8f6f78dc-qrw2g 1/1 Running 0 2m39s
calico-node-s5ddr 1/1 Running 0 2m39s
coredns-7f89b7bc75-b49sr 1/1 Running 0 17m
coredns-7f89b7bc75-gtft5 1/1 Running 0 17m
etcd-k8s-master 1/1 Running 0 17m
kube-apiserver-k8s-master 1/1 Running 0 17m
kube-controller-manager-k8s-master 1/1 Running 0 17m
kube-proxy-grkw8 1/1 Running 0 17m
kube-scheduler-k8s-master 1/1 Running 0 17m
[root@k8s-master manifests]#
6. node节点加入集群中
#这个命令是master第四步中执行kubeadm init后出现的结果,所有node都需要执行
kubeadm join 192.168.186.128:6443 --token evgmf9.v24ioewquq3xxz2z --discovery-token-ca-cert-hash sha256:cdf4b90eb86e557e97cf6f6dae1bb3788689f04e31c59928bd190b0259167eda
[root@node1 kubernetes]# kubeadm join 192.168.186.128:6443 --token evgmf9.v24ioewquq3xxz2z --discovery-token-ca-cert-hash sha256:cdf4b90eb86e557e97cf6f6dae1bb3788689f04e31c59928bd190b0259167eda
[preflight] Running pre-flight checks[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 24.0.5. Latest validated version: 20.10
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
kubeadm token create --print-join-command #重新生成token#注意高可用结群在master上需要执行的
kubeadm join 192.168.186.128:6443 --token l9jbw7.dw8nxmw51jci3z0b \--discovery-token-ca-cert-hash sha256:cdf4b90eb86e557e97cf6f6dae1bb3788689f04e31c59928bd190b0259167eda \--control-plane
7.部署Dashboard
kubectl apply -f recommended.yaml
[root@master manifests]# kubectl get pods -n kubernetes-dashboard #状态全部是 Running就OK
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-7b59f7d4df-5n42w 1/1 Running 0 50s
kubernetes-dashboard-74d688b6bc-rdw9r 1/1 Running 0 50s
[root@k8s-master manifests]#
访问地址:https://192.168.186.128:30001/ #必须要用https://
创建service account并绑定默认cluster-admin管理员群集角色
使用输出的token登录Dashboard
kubectl create serviceaccount dashboard-admin -n kube-system #创建用户
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin #用户授权
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}') #获取用户Token,用于页面登录
8.部署metrics服务
kubectl apply -f components.yaml
kubectl top nodes
kubectl top pods
9.测试kubernetes是否正常
kubectl apply -f nginx.yaml
kubectl get pods,svc
[root@master mqq]# kubectl get pods,svc
NAME READY STATUS RESTARTS AGE
pod/nginx-7cf7d6dbc8-8lrzb 1/1 Running 0 46sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 76m
service/nginx NodePort 10.98.34.181 <none> 80:30762/TCP 46s
[root@master mqq]# ip:30762 去页面访问,能访问就OK
10.安装k8s补全命令
#上传安装包bash-completion-2.1-8.el7.noarch.rpm
rpm -ivh bash-completion-2.1-8.el7.noarch.rpm bash-completion-extras-2.1-11.el7.noarch.rpm
kubectl completion bash
source /usr/share/bash-completion/bash_completion
kubectl completion bash >/etc/profile.d/kubectl.sh
source /etc/profile.d/kubectl.shcat >> /root/.bashrc << EOF
source /etc/profile.d/kubectl.sh
EOF