kubeadm 部署k8s集群[单master]

kubeadm 部署k8s集群

主机名	地址	角色	配置
kub-k8s-master	192.168.75.100	主节点	2核2G 50G
kub-k8s-node1	192.168.75.103	工作节点	1核2G 50G
kub-k8s-node2	192.168.75.104	工作节点/haproxy	1核2G 50G

一、安装docker[集群]

# 一键安装docker脚本
curl -L https://gitea.beyourself.org.cn/newrain001/shell-project/raw/branch/master/os/get-docker-latest.sh | sh

二、导入镜像[集群]

上传镜像包 kube-1.22.0.tar.xz 
解压后进入镜像包 sh get-docker-image.sh load

三、环境准备[集群]

配置本地解析
修改主机名
配置静态ip地址
同步时间
关闭防护墙、selinux
关闭swap分区

四、安装k8s包和依赖包[集群]

# 配置k8s源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF# 依赖包
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc# k8s组件
yum install -y kubelet-1.22.0-0.x86_64 kubeadm-1.22.0-0.x86_64 kubectl-1.22.0-0.x86_64

五、加载模块、配置内核参数[集群]

# cat <<EOF > /etc/modules-load.d/ipvs.conf 
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack_ipv4
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF# cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF# 配置完成后重启服务器

六、配置启动kubelet[集群]

DOCKER_CGROUPS=`docker info |grep 'Cgroup' | awk ' NR==1 {print $3}'`cat >/etc/sysconfig/kubelet<<EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=$DOCKER_CGROUPS --pod-infra-container-image=k8s.gcr.io/pause:3.5"
EOFsystemctl daemon-reload && systemctl enable kubelet && systemctl restart kubelet

七、初始化集群[master]

kubeadm init --kubernetes-version=v1.22.0 --control-plane-endpoint "192.168.75.100:6443" --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.75.100Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.Then you can join any number of worker nodes by running the following on each as root:# node节点执行
kubeadm join 10.36.176.200:8443 --token 9t5hnx.zfmemmdbkraqkzrr \--discovery-token-ca-cert-hash sha256:c1eab2b5dfb905cbbb65ee75a28a4a95b28ef2f9621c2079b7e1a15f68ade4af # master 执行配置
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

八、node节点加入集群[node]

kubeadm join 10.36.176.200:8443 --token 9t5hnx.zfmemmdbkraqkzrr \--discovery-token-ca-cert-hash sha256:c1eab2b5dfb905cbbb65ee75a28a4a95b28ef2f9621c2079b7e1a15f68ade4af # 可以在master 上查看集群node的信息
[root@kube-master1 kube-1.22.0]# kubectl get node
NAME           STATUS   ROLES                  AGE   VERSION
kube-master    NotReady    control-plane,master   50m   v1.22.0
kube-node1     NotReady    <none>                 46m   v1.22.0
kube-node2     NotReady    <none>                 46m   v1.22.0

九、安装网络插件[master]

[root@kub-k8s-master1 ~]# curl -L https://docs.projectcalico.org/v3.22/manifests/calico.yaml -O
# 修改 文件
4205             - name: IP_AUTODETECTION_METHOD
4206               value: "interface=ens33"[root@kub-k8s-master1 ~]# kubectl apply -f  calico.yaml[root@kub-k8s-master1 ~]# kubectl get pod -A -w  # 查看是否所有pod都是running状态# 所有节点状态应为Ready
[root@kub-k8s-master1 ~]# kubectl get node