文章目录 kubeadm高可用 环境初始化 所有节点安装Docker 所有节点安装kubeadm,kubelet和kubectl 高可用组件安装、配置 部署k8s集群
##节点设置master01:192.168.242.66
master02:192.168.242.67
master03:192.168.242.68
node01:192.168.242.69
node02:192.168.242.70
###所有节点,关闭防火墙规则,关闭selinux,关闭swap交换
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/enforcing/disabled/' /etc/selinux/configiptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
###修改主机名
hostnamectl set-hostname master01
hostnamectl set-hostname master02
hostnamectl set-hostname master03
hostnamectl set-hostname node01
hostnamectl set-hostname node02
###所有节点修改hosts文件
vim /etc/hosts
192.168.242.66 master01
192.168.242.67 master02
192.168.242.68 master03
192.168.242.69 node01
192.168.242.70 node02
###所有节点时间同步yum -y install ntpdate
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' >/etc/timezonentpdate time2.aliyun.comsystemctl enable --now crondcrontab -e
*/30 * * * * /usr/sbin/ntpdate time2.aliyun.com
###所有节点实现Linux的资源限制vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited
更改内核启动方式
grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfggrubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"grubby --default-kernel
reboot
###调整内核参数cat > /etc/sysctl.d/k8s.conf <<EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF#生效参数
sysctl --system
###加载 ip_vs 模块for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;done
###安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.iosystemctl start docker.service
systemctl enable docker.service
##修改配置文件和镜像加速mkdir -p /etc/dockertee /etc/docker/daemon.json <<-'EOF'
{"registry-mirrors": ["https://ysmprsek.mirror.aliyuncs.com"],"exec-opts": ["native.cgroupdriver=systemd"],"log-driver": "json-file","log-opts": {"max-size": "500m", "max-file": "3"}
}
EOFsystemctl daemon-reload
systemctl restart docker
###定义kubernetes源cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOFyum install -y kubelet-1.20.15 kubeadm-1.20.15 kubectl-1.20.15
#配置Kubelet使用阿里云的pause镜像
cat > /etc/sysconfig/kubelet <<EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2"
EOF
###开机自启kubelet
systemctl enable kubelet.service
#K8S通过kubeadm安装出来以后都是以Pod方式存在,即底层是以容器方式运行,所以kubelet必须设置开机自启
###所有 master 节点部署 Haproxy
yum -y install haproxy keepalived
cat > /etc/haproxy/haproxy.cfg << EOF
globallog 127.0.0.1 local0 infolog 127.0.0.1 local1 warningchroot /var/lib/haproxypidfile /var/run/haproxy.pidmaxconn 4000user haproxygroup haproxydaemon#stats socket /var/lib/haproxy/statsdefaultsmode tcplog globaloption tcplogoption dontlognulloption redispatchretries 3timeout queue 1mtimeout connect 10stimeout client 1mtimeout server 1mtimeout check 10smaxconn 3000frontend monitor-inbind *:33305mode httpoption httplogmonitor-uri /monitorfrontend k8s-masterbind *:16443mode tcpoption tcplogdefault_backend k8s-masterbackend k8s-mastermode tcpoption tcplogoption tcp-checkbalance roundrobinserver k8s-master1 192.168.242.66:6443 check inter 10000 fall 2 rise 2 weight 1server k8s-master2 192.168.242.67:6443 check inter 10000 fall 2 rise 2 weight 1server k8s-master3 192.168.242.68:6443 check inter 10000 fall 2 rise 2 weight 1
EOF
###所有 master 节点部署 keepalived
yum -y install keepalivedcd /etc/keepalived/
vim keepalived.conf! Configuration File for keepalived
global_defs {router_id k8s-01 #路由标识符,每个节点配置不同
}vrrp_script chk_haproxy {script "/etc/keepalived/check_haproxy.sh"interval 2weight 2
}vrrp_instance VI_1 {state MASTER #本机实例状态,MASTER/BACKUP,备机配置文件中设置BACKUPinterface ens32virtual_router_id 51priority 100 #本机初始权重,备机设置小于主机的值advert_int 1virtual_ipaddress {192.168.242.100 #设置VIP地址}track_script {chk_haproxy}
}###监控脚本
vim check_haproxy.sh
#!/bin/bash
if ! killall -0 haproxy; thensystemctl stop keepalived
fisystemctl enable --now haproxy
systemctl enable --now keepalived
###在 master01 节点上设置集群初始化配置文件
kubeadm config print init-defaults > /opt/kubeadm-config.yamlcd /opt/
vim kubeadm-config.yaml
11 localAPIEndpoint:
12 advertiseAddress: 192.168.242.66 #指定当前master节点的IP地址
13 bindPort: 644321 apiServer:
22 certSANs:
#在apiServer属性下面添加一个certsSANs的列表,添加所有master节点的IP地址和集群VIP地址
23 - 192.168.242.100
24 - 192.168.242.66
25 - 192.168.242.67
26 - 192.168.242.6830 clusterName: kubernetes
31 controlPlaneEndpoint: "192.168.242.100:6443" #指定集群VIP地址
32 controllerManager: {}38 imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers #指定镜像下载地址
39 kind: ClusterConfiguration
40 kubernetesVersion: v1.20.15 #指定kubernetes版本号
41 networking:
42 dnsDomain: cluster.local
43 podSubnet: "10.244.0.0/16" #指定pod网段,10.244.0.0/16用于匹配flannel默认网段
44 serviceSubnet: 10.96.0.0/16 #指定service网段
45 scheduler: {}
#末尾再添加以下内容
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs #把默认的kube-proxy调度方式改为ipvs模式
#更新集群初始化配置文件
kubeadm config migrate --old-config kubeadm-config.yaml --new-config new.yaml
###拷贝yaml配置文件给其他主机,通过配置文件进行拉取镜像
scp new.yaml 192.168.242.67:/opt/
scp new.yaml 192.168.242.68:/opt/###在线拉取镜像
kubeadm config images pull --config /opt/new.yaml
###master01节点进行初始化
kubeadm init --config new.yaml --upload-certs | tee kubeadm-init.log##获取master加入节点命令
kubeadm join 192.168.242.100:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:d02b1e6552ac56f579a6f943ea54d134faa90dcce09121fd3ecb0233a9c2ea6b \--control-plane --certificate-key e3f16b2c757f08a9f59eb80d126441cafd68ce387051d4d6fc966652b316a739##获取node节点加入命令
kubeadm join 192.168.242.100:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:d02b1e6552ac56f579a6f943ea54d134faa90dcce09121fd3ecb0233a9c2ea6b
## kubectl的配置文件mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#若初始化失败,进行的操作
kubeadm reset -f
ipvsadm --clear
rm -rf ~/.kube
再次进行初始化
修改controller-manager和scheduler配置文件
vim /etc/kubernetes/manifests/kube-scheduler.yaml
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
......#- --port=0 #搜索port=0,把这一行注释掉systemctl restart kubelet
###安装 CNI网络插件
##上传 flannel-v0.21.5.zip 到 /opt/k8sunzip flannel-v0.21.5.zip
docker load -i flannel.tar
docker load -i flannel-cni-plugin.tar##移动系统创建的cni目录,并手动创建
cd /opt/
mv cni/ cni_bak
mkdir -p /opt/cni/bin##解压配置文件
tar xf /opt/k8s/cni-plugins-linux-amd64-v1.3.0.tgz -C /opt/cni/bin/##安装插件
cd /opt/k8s
kubectl apply -f kube-flannel.yml
所有节点加入集群
#master 节点加入集群mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config#node 节点加入集群
查看节点
kubectl get pods
---Seeeduino Lotus开发板2)
)
)
题解 A - C)
 Bean的生命周期)