参考:https://mp.weixin.qq.com/s/7i68jmvi2eo_6wlqYEOupQ
操作系统:Ubuntu 22.04
nginx代理配置
代理IP :192.168.0.10
vim /etc/nginx/nginx.conf
stream {upstream kube-apiserver {server 192.168.0.11:6443 max_fails=3 fail_timeout=30s;#server 192.168.0.12:6443 max_fails=3 fail_timeout=30s;#server 192.168.0.13:6443 max_fails=3 fail_timeout=30s;}server {listen 6443;proxy_connect_timeout 2s;proxy_timeout 900s;proxy_pass kube-apiserver;}
}
设置主机名
hostnamectl set-hostname master1
hostnamectl set-hostname node1
hostnamectl set-hostname node2
配置hosts
vim /etc/hosts
192.168.0.11 master1
192.168.0.21 node1
192.168.0.22 node2
容器运行时:docker-ce和cri-dockerd
安装docker-ce
apt -y install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
apt update
apt install docker-ce
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://ahed1oup.mirror.aliyuncs.com"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {"max-size": "200m"
},
"storage-driver": "overlay2"
}
启动docker
systemctl daemon-reload
systemctl start docker.service
systemctl enable docker.service
安装cri-dockerd
curl -LO https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.10/cri-dockerd_0.3.10.3-0.ubuntu-jammy_amd64.deb
apt install ./cri-dockerd_0.3.10.3-0.ubuntu-jammy_amd64.deb
systemctl status cri-docker.service
安装kubelet、kubeadm和kubectl
apt-get update && apt-get install -y apt-transport-https
curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet kubeadm kubectl
systemctl enable kubelet.service
kubeadm 1.29.3-1.1
kubectl 1.29.3-1.1
kubelet 1.29.3-1.1
整合kubelet和cri-dockerd(仅cri-dockerd需要)
配置cri-dockerd
vim /usr/lib/systemd/system/cri-docker.service
修改ExecStart配置
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9
重启cri-docker
systemctl daemon-reload && systemctl restart cri-docker.service
配置kubelet
vim /etc/sysconfig/kubelet
KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/run/cri-dockerd.sock"
KUBELET_EXTRA_ARGS=
初始化第一个主节点
下载镜像
kubeadm config images list
kubeadm config images list --image-repository=registry.aliyuncs.com/google_containerskubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers --cri-socket unix:///run/cri-dockerd.sock
下载flannel部署文件
https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
image: docker.io/flannel/flannel:v0.24.4image: docker.io/flannel/flannel-cni-plugin:v1.4.0-flannel1image: docker.io/flannel/flannel:v0.24.4
生成kubeadmconfig文件
kubeadm config print init-defaults > kubeadm-config.yaml
修改kubeadmconfig文件
vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authentication
kind: InitConfiguration
localAPIEndpoint:advertiseAddress: 192.168.0.11bindPort: 6443
nodeRegistration:criSocket: unix:///run/cri-dockerd.sockimagePullPolicy: IfNotPresenttaints:- effect: NoSchedulekey: node-role.kubernetes.io/master- effect: NoSchedulekey: node-role.kubernetes.io/control-plane
---
apiServer:timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: 192.168.0.10:6443
controllerManager: {}
dns: {}
etcd:local:dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.29.3
networking:dnsDomain: cluster.localserviceSubnet: 10.96.0.0/12podSubnet: 10.244.0.0/16
scheduler: {}
初始化master节点
kubeadm init --config kubeadm-config.yaml --upload-certs...
Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/You can now join any number of the control-plane node running the following command on each as root:kubeadm join 192.168.0.10:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:ff71ad6d9569107cf146a9a05d72ee0af13db3aa721bd8a9fe4e2b7e9b3bddb7 \--control-plane --certificate-key 4cbae11642fb00bd1bf97ab47384d222d501c3e3df5217e4a7472909f79dc933Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.0.10:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:ff71ad6d9569107cf146a9a05d72ee0af13db3aa721bd8a9fe4e2b7e9b3bddb7mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
设置kubectl命令补全
echo "source <(kubectl completion bash)" >> /etc/profile
部署flannel网络插件
kubectl apply -f kube-flannel.yml
node节点加入集群
kubeadm join 192.168.0.10:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:ff71ad6d9569107cf146a9a05d72ee0af13db3aa721bd8a9fe4e2b7e9b3bddb7 --cri-socket unix:///run/cri-dockerd.sock
查看结果
root@master1:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master1 Ready control-plane 52m v1.29.3
node1 Ready <none> 49m v1.29.3
node2 Ready <none> 49m v1.29.3
root@master1:~# kubectl -n kube-system get pod
NAME READY STATUS RESTARTS AGE
coredns-857d9ff4c9-28j7b 1/1 Running 1 (18m ago) 52m
coredns-857d9ff4c9-mm892 1/1 Running 1 (18m ago) 52m
etcd-master1 1/1 Running 1 (19m ago) 52m
kube-apiserver-master1 1/1 Running 1 (18m ago) 52m
kube-controller-manager-master1 1/1 Running 1 (19m ago) 52m
kube-proxy-5lcl5 1/1 Running 1 (19m ago) 49m
kube-proxy-ft4lj 1/1 Running 1 (19m ago) 52m
kube-proxy-js88l 1/1 Running 1 (19m ago) 49m
kube-scheduler-master1 1/1 Running 1 (18m ago) 52m
)
![P5963 [BalticOI ?] Card 卡牌游戏 贪心](http://pic.xiahunao.cn/P5963 [BalticOI ?] Card 卡牌游戏 贪心)
)
: tick 层模块(periodic 和dynamic ))
