一.环境部署
1.1 基础环境配置(只有1台服务器,作为masrer,也作为node使用)
[root@ecs-cf5e ~]# cat /etc/redhat-release CentOS Linux release
7.9.2009 (Core) [root@ecs-cf5e ~]# uname -a Linux ecs-cf5e 3.10.0-1160.92.1.el7.x86_64 #1 SMP Tue Jun 20 11:48:01 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux [root@ecs-cf5e ~]#
1.2 修改机器名称
#永久修改主机名
hostnamectl set-hostname master && bash #在master上操作
1.3 服务器性能优化
#时间同步:
yum install epel-release -y
yum install ntpdate -y
ntpdate time.windows.com
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
setenforce 0 # 临时
swapoff -a # 临时
sed -i 's/.*swap.*/#&/' /etc/fstab # 永久
#修改内核参数
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
cat >> /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter #加载br_netfilter模块
lsmod |grep br_netfilter #验证模块是否加载成功
sysctl -p /etc/sysctl.d/k8s.conf #使刚才修改的内核参数生效
1.4 集群添加hosts和免密登录
cat >> /etc/hosts << EOF
192.168.0.143 master
EOF
ssh-keygen -t rsa #一路回车,不输入密码
###把本地的ssh公钥文件安装到远程主机对应的账户
for i in master ; do ssh-copy-id -i .ssh/id_rsa.pub $i ;done
1.5 配置ipvs功能
在kubernetes中Service有两种代理模型,一种是基于iptables的,一种是基于ipvs,两者对比ipvs的性能要高,如果想要使用ipvs模型,需要手动载入ipvs模块
yum -y install ipset ipvsadm
cat > /etc/sysconfig/modules/ipvs.modules << EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod +x /etc/sysconfig/modules/ipvs.modules # 执行脚本
/etc/sysconfig/modules/ipvs.modules
# 验证ipvs模块
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
二.安装Docker和安装并配置cri-dockerd插件安装
2.1 安装docker
yum -y install epel-release wget lrzsz
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
#yum list docker-ce --showduplicates | sort -r #查看yum仓库中可以安装的docker版本
#yum -y install docker-ce-18.06.1.ce-3.el7 #安装固定版本
yum -y install docker-ce #安装docker最新版
systemctl enable docker && systemctl start docker
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors":["https://rsbud4vc.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com","http://qtid6917.mirror.aliyuncs.com", "https://rncxm540.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl daemon-reload && systemctl restart docker && systemctl status docker
docker --version
2.2 cri-dockerd
#安装cri-dockerd插件
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.x86_64.rpm
#备份并更新cri-docker.service文件
rpm -ivh cri-dockerd-0.3.1-3.el7.x86_64.rpm
rpm -ivh cri-dockerd-0.3.1-3.el7.x86_64.rpm --nodeps --force #centos9
mv /usr/lib/systemd/system/cri-docker.service /usr/lib/systemd/system/cri-docker.service.default
#空文件复制如下信息
cat > /usr/lib/systemd/system/cri-docker.service << EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
#启动cir-dockerd
systemctl daemon-reload
systemctl start cri-docker.service
systemctl enable cri-docker.service
systemctl status cri-docker.service
cri-dockerd --version
三.安装Docker/kubeadm/kubelet(所有节点)
##添加yum 源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all && yum makecache -y
#yum makecache fast
yum list kubectl --showduplicates | sort -r #列出kubectl可用的版本
##centos系统安装命令
yum -y install kubelet-1.28.2-0 kubeadm-1.28.2-0 kubectl-1.28.2-0
systemctl enable kubelet
kubectl version
#ubuntu系统安装命令
sudo apt install kubelet=1.28.2-00 kubeadm=1.28.2-00 kubectl=1.28.2-00 -y
四.初始化集群
#kubeadm config images list #查看集群安装需要的命令
kubeadm init --kubernetes-version v1.28.2 --apiserver-advertise-address=192.168.0.143 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 --image-repository registry.aliyuncs.com/google_containers --cri-socket unix:///var/run/cri-dockerd.sock --ignore-preflight-errors=all
#kubeadm reset --cri-socket unix:///var/run/cri-dockerd.sock #这句是集群初始化失败后需要执行的
kubeadm token create --print-join-command #重新生成token
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
五.命令补全
####Centos系统
rpm -aq |grep completion
yum -y install bash-completion #安装补全命令的包
kubectl completion bash
source /usr/share/bash-completion/bash_completion
kubectl completion bash >/etc/profile.d/kubectl.sh
source /etc/profile.d/kubectl.sh
cat >> /root/.bashrc <<EOF
source /etc/profile.d/kubectl.sh
EOF
六.安装网络插件
#去除污点,允许master节点部署pod
kubectl taint nodes --all node-role.kubernetes.io/control-plane- #执行这句就行,就是取消污点
kubectl taint nodes --all node-role.kubernetes.io/master- #执行这句就行,就是取消污点
kubectl apply -f calico.yaml #从这里下载对应版 https://docs.projectcalico.org/archive/v3.20/manifests/calico.yaml
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 6m29s v1.28.2
[root@master ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-bdf96dff9-fdgj5 1/1 Running 0 2m19s
kube-system calico-node-cz7nh 1/1 Running 0 2m19s
kube-system coredns-66f779496c-fm7wd 1/1 Running 0 6m28s
kube-system coredns-66f779496c-nhcpz 1/1 Running 0 6m28s
kube-system etcd-master 1/1 Running 0 6m41s
kube-system kube-apiserver-master 1/1 Running 0 6m41s
kube-system kube-controller-manager-master 1/1 Running 0 6m41s
kube-system kube-proxy-nq95m 1/1 Running 0 6m28s
kube-system kube-scheduler-master 1/1 Running 0 6m41s
[root@master ~]#
七. 在kubernetes群集中创建Nginx
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pods,svc #查看暴露端口
浏览器访问: 集群任何IP:端口 正常访问就OK
八. 部署Dashboard
kubectl apply -f recommended.yaml
[root@master ~]# kubectl get pods,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-5657497c4c-jwd8h 1/1 Running 0 3m50s
pod/kubernetes-dashboard-78f87ddfc-vs7hc 1/1 Running 0 3m50s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.107.39.99 <none> 8000/TCP 3m50s
service/kubernetes-dashboard NodePort 10.107.196.130 <none> 443:30001/TCP 3m50s
[root@master ~]#
#创建service account并绑定默认cluster-admin管理员群集角色
kubectl create serviceaccount dashboard-admin -n kube-system #创建用户
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin #用户授权
kubectl -n kube-system get serviceaccounts |grep dashboard #查看sa是否创建成功
kubectl -n kube-system create token dashboard-admin --duration=518400s #创建用户Token
#一年365*24*60*60=31536000s 第一次token登录后有报错,请再次执行一次token就好了
浏览器打开ip:30001 由于我这是华为云服务器用的是公网IP https://114.115.160.33:30001/
九. 部署metrics服务
kubectl apply -f metrics-server.yaml
kubectl top nodes
kubectl top pods
[root@master ~]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master 170m 4% 2622Mi 33%
[root@master ~]# kubectl top pods
NAME CPU(cores) MEMORY(bytes)
nginx-7854ff8877-gzw6r 0m 3Mi
[root@master ~]#
