一、Kubernetes 1.26版本集群部署

Kubernetes 1.26版本集群部署环境准备

机硬件配置说明

| 需求 | CPU  | 内存 | 硬盘  | 角色        | 主机名      |

| ---- | ---- | ---- | ----- | ------------ | ------------ |

| 值  | 4C  | 4G  | 25GB | master      | k8s-master01 |

| 值  | 2C  | 2G  | 20GB | worker(node) | k8s-worker01 |

| 值  | 2C  | 2G  | 20GB | worker(node) | k8s-worker02 |

主机名配置

master节点

# hostnamectl set-hostname k8s-master01

worker01节点

# hostnamectl set-hostname k8s-worker01

worker02节点

# hostnamectl set-hostname k8s-worker02

k8s-master01节点IP地址为：10.10.12.144

k8s-worker1节点IP地址为：10.10.12.181

k8s-worker2节点IP地址为：10.10.12.184

主机名与IP地址解析

cat /etc/hosts

127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4

::1        localhost localhost.localdomain localhost6 localhost6.localdomain6

10.10.12.144 k8s-master01

10.10.12.181 k8s-worker01

10.10.12.184 k8s-worker02

防火墙配置

关闭现有防火墙firewalld

# systemctl disable firewalld

# systemctl stop firewalld

# firewall-cmd --state

SELINUX配置

# sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

时间同步配置

安装ntpdate软件

yum -y install ntp
# crontab -l

0 */1 * * * /usr/sbin/ntpdate time1.aliyun.com

升级操作系统内核

导入elrepo gpg key

# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

安装elrepo YUM源仓库

# yum -y install https://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm

安装kernel-ml版本，ml为长期稳定版本，lt为长期维护版本

# yum --enablerepo="elrepo-kernel" -y install kernel-lt.x86_64

设置grub2默认引导为0

# grub2-set-default 0

重新生成grub2引导文件

# grub2-mkconfig -o /boot/grub2/grub.cfg

更新后，需要重启，使用升级的内核生效。

# reboot

重启后，需要验证内核是否为更新对应的版本

# uname -r

配置内核转发及网桥过滤

cat > /etc/sysctl.d/k8s.conf << EOF

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

net.ipv4.ip_forward = 1

vm.swappiness = 0

EOF

加载br_netfilter模块

modprobe br_netfilter

lsmod | grep br_netfilter

安装ipset及ipvsadm

# yum -y install ipset ipvsadm

cat > /etc/sysconfig/modules/ipvs.modules <<EOF

#!/bin/bash

modprobe -- ip_vs

modprobe -- ip_vs_rr

modprobe -- ip_vs_wrr

modprobe -- ip_vs_sh

modprobe -- nf_conntrack

EOF

授权、运行、检查是否加载

# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash \ /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack

关闭SWAP分区

swapoff -a

cat /etc/fstab

Docker

# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

# yum -y install docker-ce

# systemctl enable --now docker

修改cgroup方式

# cat /etc/docker/daemon.json

{

        "exec-opts": ["native.cgroupdriver=systemd"]

}

# systemctl restart docker

docker version

cri-dockerd安装

wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.0/cri-dockerd-0.3.0.amd64.tgz

tar zxvf cri-dockerd-0.3.0.amd64.tgz

cp cri-dockerd/cri-dockerd /usr/bin/

chmod +x /usr/bin/cri-dockerd

配置启动文件

cat > /usr/lib/systemd/system/cri-docker.service << EOF

[Unit]

Description=CRI Interface for Docker Application Container Engine

Documentation=https://docs.mirantis.com

After=network-online.target firewalld.service docker.service

Wants=network-online.target

Requires=cri-docker.socket

[Service]

Type=notify

ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7

ExecReload=/bin/kill -s HUP $MAINPID

TimeoutSec=0

RestartSec=2

Restart=always

StartLimitBurst=3

StartLimitInterval=60s

LimitNOFILE=infinity

LimitNPROC=infinity

LimitCORE=infinity

TasksMax=infinity

Delegate=yes

KillMode=process

[Install]

WantedBy=multi-user.target

EOF

生成socket文件

cat > /usr/lib/systemd/system/cri-docker.socket <<EOF

[Unit]

Description=CRI Docker Socket for the API

PartOf=cri-docker.service

[Socket]

ListenStream=%t/cri-dockerd.sock

SocketMode=0660

SocketUser=root

SocketGroup=docker

[Install]

WantedBy=sockets.target

EOF

启动服务

# systemctl daemon-reload

# systemctl enable cri-docker.service

# systemctl is-active cri-docker

kubernetes 1.26.1 集群部署

kubernetes YUM源准备

cat > /etc/yum.repos.d/kubernetes.repo << EOF

[kubernetes]

name=Kubernetes

baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/

enabled=1

gpgcheck=0

repo_gpgcheck=0

gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

集群软件安装

默认安装

# yum -y install  kubeadm  kubelet kubectl

查看指定版本

# yum list kubeadm.x86_64 --showduplicates | sort -r

# yum list kubelet.x86_64 --showduplicates | sort -r

# yum list kubectl.x86_64 --showduplicates | sort -r

配置kubelet

#cat > /etc/sysconfig/kubelet << EOF

KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"

EOF

集群初始化

kubeadm init --apiserver-advertise-address=10.10.12.91 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.10.0.0/12 --pod-network-cidr=10.244.0.0/16 --cri-socket unix:///var/run/cri-dockerd.sock --ignore-preflight-errors=all

问题解决：初始化失败，通过kubeadm reset --cri-socket unix:///var/run/cri-dockerd.sock重复几次后成功了，不知道怎么回事

集群网络准备

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

#查看node状态

kubectl get nodes

#查看运行时容器pod

kubectl get pods -n kube-system

#查看kubelet状态:

systemctl status kubelet