我是基于一台centos7.6的腾讯云主机进行操作的,配置为4C8G,之前的文档自己试着搭建发现有问题了,这里重新整理下笔记,集群版本选择1.22.2(一年前搭的)用的还不错
清理环境
之前我的环境可能装过docker或者什么东西,先清理下
yum -y remove docker-ce contaienrd
一、环境初始化
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
setenforce 0
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab#添加内核参数
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF# 让系统生效
sysctl --system
拉取yum源
mkdir /etc/yum.repos.d/backup/ -p
mv /etc/yum.repos.d/* /etc/yum.repos.d/backup/ #*/#拉取docker源
wget -O /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo#拉取阿里yum源
wget -O/etc/yum.repos.d/aliyun-yilai.repo http://mirrors.aliyun.com/repo/Centos-7.repo
安装docker
yum -y install docker-ce# 设置Docker镜像加速器
mkdir -p /etc/docker/
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts":["native.cgroupdriver=systemd"],
"registry-mirrors": ["http://hub-mirror.c.163.com"]
}
EOFsystemctl start docker && systemctl enable docker
升级内核 (虚拟机操作下,云主机跳过)
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpmyum --enablerepo=elrepo-kernel install -y kernel-lt #这里根据上面安装的版本不同设置启动的内核版本
grub2-set-default 'CentOS Linux (5.4.175-1.el7.elrepo.x86_64) 7 (Core)'
#重启#查看首选内核版本
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
二、安装k8s
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOFyum install -y kubelet-1.22.2 kubeadm-1.22.2 kubectl-1.22.2
systemctl enable kubelet
须知
在初始化的时候,我们会去官方拉取镜像,但国内的网络一般是拉取不到的,我们这里手动准备一些镜像
#查看该版本所需镜像
kubeadm config images list --kubernetes-version=v1.22.2
返回
k8s.gcr.io/kube-apiserver:v1.22.2
k8s.gcr.io/kube-controller-manager:v1.22.2
k8s.gcr.io/kube-scheduler:v1.22.2
k8s.gcr.io/kube-proxy:v1.22.2
k8s.gcr.io/pause:3.5
k8s.gcr.io/etcd:3.5.0-0
k8s.gcr.io/coredns/coredns:v1.8.4
替换前缀为阿里云,并拉取
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.22.2
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.22.2
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.22.2
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.22.2
docker pull registry.aliyuncs.com/google_containers/pause:3.5
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.0-0
docker pull registry.aliyuncs.com/google_containers/coredns:v1.8.4
然后批量修改标签名称和删除镜像
docker images | grep registry.aliyuncs.com/google_containers | awk '{print "docker tag",$1":"$2,$1":"$2}' | sed -e 's#registry.aliyuncs.com/google_containers#k8s.gcr.io#2' | sh -xdocker images |grep registry.aliyuncs.com/google_containers |awk '{print "docker rmi ", $1":"$2}' |sh -xdocker images |grep registry.cn-hangzhou.aliyuncs.com/moziang |awk '{print "docker rmi ", $1":"$2}' |sh -x
三、初始化集群
#修改你的ip地址,其他的不动
kubeadm init --apiserver-advertise-address=10.0.16.15 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.22.2 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16
添加kubectl认证配置
mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config
这个也可能不加,你添加一条环境变量声明下kubeconfig文件位置,变量名$KUBECONFIG
#master去污点 集群模式忽略,我是单节点
kubectl taint nodes --all node-role.kubernetes.io/master-
四、安装calico插件
官方文档
https://docs.projectcalico.org/getting-started/kubernetes/quickstart
安装
#https://ghproxy.com/ 是加速器地址
#https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yaml
#这个是github文件下载地址wget https://ghproxy.com/https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yamlwget https://ghproxy.com/https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/custom-resources.yaml
vi custom-resources.yaml
#修改 为上面的--pod-network-cidr=10.244.0.0/16
cidr: 10.244.0.0/16
部署
kubectl create -f tigera-operator.yaml
kubectl create -f custom-resources.yaml
测试
cat > test-dns.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:name: busyboxnamespace: default
spec:containers:- name: busyboximage: busybox:1.28.4command:- sleep- "3600"imagePullPolicy: IfNotPresentrestartPolicy: Always
EOF
部署
kubectl apply -f test-dns.yaml
验证
#查看所有pod
kubectl get pod -A#查看解析是否正常
kubectl exec -it busybox nslookup kubernetes
添加额外解析
vi /var/lib/kubelet/config.yaml
#添加
resolvConf: "/etc/resolv.conf"
重启服务
systemctl restart kubelet