k8s的安装与部署

news2024/10/19 10:21:42

一、部署

1、实验环境

k8s-master	172.25.254.200
k8s-node1	172.25.254.10
k8s-node2	172.25.254.20
docker-node1	172.25.254.100(harbor仓库）

2、相关操作

1.基础配置

所有节点关闭selinux和防火墙

systemctl disabled firewalld
systemctl stop firewalld
grubby --update-kernel ALL --args selinux=0
reboot

所有节点在每次开启的时候禁用swapon分区：

vim /etc/rc.d/rc.local
swapoff /dev/dm-1
chmod +x /etc/rc.d/rc.local

每台主机做DNS解析

# 添加解析      三台主机都需添加
[root@k8s-node2 ~]# vim /etc/hosts
[root@k8s-node2 ~]# cat /etc/hosts 
172.25.254.200  k8s-master.txy.org
172.25.254.10 k8s-node1.txy.org
172.25.254.20 k8s-node2.txy.org

所有节点安装docker

cat /etc/yum.repos.d/docker-ce.repo 
[docker]
name=docker
baseurl=https://mirrors.aliyun.com/docker-ce/linux/rhel/9/x86_64/stable/
gpgcheck=0
dnf install docker-ce -y

在所有的k8s节点创建放置证书的目录

[root@k8s-master ~]# mkdir /etc/docker/certs.d/reg.timinglee.org/ -p
 
把harbor仓库里的证书拷贝给k8s所有节点
 
ls /data/certs/
revkarl.org.crt  revkarl.org.key
scp /data/certs/timinglee.org.crt root@172.25.254.200:/etc/docker/certs.d/reg.timinglee.org/ca.crt
 
docker login reg.timinglee.org
docker info

请添加图片描述
安装k8s部署工具

[root@k8s-master ~]# cat /etc/yum.repos.d/k8s.repo 
[k8s]
name=k8s
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/
gpgcheck=0
 
dnf install kubelet-1.30.0 kubeadm-1.30.0 kubectl-1.30.0 -y
 
设置kubectl命令补齐功能：
dnf install bash-completion -y
echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc
 
在所有节点安装cri-docker
dnf install libcgroup-0.41-19.el8.x86_64.rpm \
> cri-dockerd-0.3.14-3.el8.x86_64.rpm -y
 
插件名称和容器镜像
vim /lib/systemd/system/cri-docker.service
 
在master节点拉取k8s所需镜像：
kubeadm config images pull \
--image-repository registry.aliyuncs.com/google_contaniers \
--kubernetes-version v1.30.0 \
--cri-socket=unix:///var/run/cri-dockerd.sock
 
上传镜像到harbor仓库
docker images | awk '/google/{ print $1":"$2}' \
| awk -F "/" '{system("docker tag "$0" reg.revkarl.org/k8s/"$3)}'
docker images | awk '/k8s/{system("docker push "$1":"$2)}'

2.集群初始化

#启动kubelet服务
[root@k8s-master ~]# systemctl status kubelet.service
 
#指定网络插件名称及基础容器镜像    
[root@k8s-master ~]# vim /lib/systemd/system/cri-docker.service
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --pod-infra-container-image=reg.txy.org/k8s/pause:3.9
[root@k8s-master ~]# systemctl daemon-reload 
[root@k8s-master ~]# systemctl restart cri-docker
[root@k8s-master ~]# ll /var/run/cri-dockerd.sock
srw-rw---- 1 root docker 0 Sep 10 09:26 /var/run/cri-dockerd.sock
[root@k8s-master ~]# scp /lib/systemd/system/cri-docker.service root@172.25.254.10:/lib/systemd/system/cri-docker.service
[root@k8s-master ~]# scp /lib/systemd/system/cri-docker.service root@172.25.254.20:/lib/systemd/system/cri-docker.service
[root@k8s-node1 ~]# systemctl daemon-reload
[root@k8s-node2 ~]# systemctl daemon-reload
[root@k8s-node1 ~]# systemctl restart cri-docker
[root@k8s-node2 ~]# systemctl restart cri-docker
 
#执行初始化命令
[root@k8s-master ~]# kubeadm init --pod-network-cidr=172.25.0.0/16 --image-repository reg.txy.org/k8s --kubernetes-version v1.30.0 --cri-socket=unix:///var/run/cri-dockerd.sock
 
[root@k8s-master ~]# kubeadm config images list
I0910 11:54:29.962229   41325 version.go:256] remote version is much newer: v1.31.0; falling back to: stable-1.30
registry.k8s.io/kube-apiserver:v1.30.4
registry.k8s.io/kube-controller-manager:v1.30.4
registry.k8s.io/kube-scheduler:v1.30.4
registry.k8s.io/kube-proxy:v1.30.4
registry.k8s.io/coredns/coredns:v1.11.1
registry.k8s.io/pause:3.9
registry.k8s.io/etcd:3.5.12-0
 
 
# 若初始化失败，则重置
[root@k8s-master ~]# kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock

3.安装flannel网络插件

#指定集群配置文件变量
[root@k8s-master ~]# export KUBECONFIG=/etc/kubernetes/admin.conf
#当前节点没有就绪，还没有安装网络插件，容器没有运行
[root@k8s-master ~]# kubectl get nodes
NAME                STATUS     ROLES           AGE     VERSION
k8s-master.zx.org   NotReady   control-plane   5m41s   v1.30.0
[root@k8s-master ~]# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
[root@k8s-master ~]# source ~/.bash_profile
 
[root@k8s-master ~]# vim kube-flannel.yml     # 将镜像下载地址改成本地（image）
[root@k8s-master ~]# grep -n image kube-flannel.yml    #需要修改以下几行
146:        image: flannel/flannel:v0.25.5
173:        image: flannel/flannel-cni-plugin:v1.5.1-flannel1
184:        image: flannel/flannel:v0.25.5
 
[root@k8s-master ~]# docker load -i flannel-0.25.5.tag.gz 
 
# docker仓库中新建flannel项目
# 打标签上传
[root@k8s-master ~]# docker tag flannel/flannel:v0.25.5 
[root@k8s-master ~]# docker push reg.txy.org/flannel/flannel:v0.25.5
[root@k8s-master ~]# docker tag flannel/flannel-cni-plugin:v1.5.1-flannel1 
[root@k8s-master ~]# docker push reg.txy.org/flannel/flannel-cni-plugin:v1.5.1-flannel1
 
#安装flannel网络插件
[root@k8s-master ~]# kubectl apply -f kube-flannel.yml 
namespace/kube-flannel created
serviceaccount/flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
 
[root@k8s-master ~]# kubectl get nodes
NAME                STATUS   ROLES           AGE   VERSION
k8s-master.txy.org   Ready    control-plane   25m   v1.30.0

4.节点扩容

在所有的worker节点中

1 确认部署好以下内容

2 禁用swap

3 安装：

kubelet-1.30.0

kubeadm-1.30.0

kubectl-1.30.0

docker-ce

cri-dockerd

4 修改cri-dockerd启动文件添加

–network-plugin=cni

–pod-infra-container-image=reg.txy.org/k8s/pause:3.9

5 启动服务

kubelet.service

cri-docker.service

确认完毕信息后即可加入集群

# 这个阶段如果生成的集群token(初始化时生成)找不到了可以重新生成
 
[root@k8s-master ~]# kubeadm token create --print-join-command
 
[root@k8s-node1 ~]# kubeadm join 172.25.254.200:6443 --token lma300.jusxu3igmuk5dfym   --discovery-token-ca-cert-hash sha256:e107ffc608928f2337bf7742bc9b3024c6f7e179a15af2233e8092ae57c68a99 --cri-socket=unix:///var/run/cri-dockerd.sock
[root@k8s-node2 ~]# kubeadm join 172.25.254.200:6443 --token lma300.jusxu3igmuk5dfym   --discovery-token-ca-cert-hash sha256:e107ffc608928f2337bf7742bc9b3024c6f7e179a15af2233e8092ae57c68a99 --cri-socket=unix:///var/run/cri-dockerd.sock
[root@k8s-master ~]# kubectl get nodes 
NAME                STATUS   ROLES           AGE   VERSION
k8s-master.txy.org   Ready    control-plane   64m   v1.30.0
k8s-node1.txy.org    Ready    <none>          32m   v1.30.0
k8s-node2.txy.org    Ready    <none>          32m   v1.30.0
 
# 测试集群运行情况
[root@k8s-master ~]# kubectl run test --image nginx        #建立一个pod
pod/test created
[root@k8s-master ~]# kubectl get pods                      #查看pod状态

# 重新做集群
[root@k8s-master ~]# kubectl delete nodes k8s-node1.txy.org
[root@k8s-master ~]# kubectl delete nodes k8s-node2.txy.org
[root@k8s-master ~]# kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock
# 重新做初始化集群
[root@k8s-master ~]# kubeadm init --pod-network-cidr=10.244.0.0/16 \
--image-repository reg.txy.org/k8s \
--kubernetes-version v1.30.0 \
--cri-socket=unix:///var/run/cri-dockerd.sock
 
[root@k8s-master ~]# vim kube-flannel.yml    # 修改image
[root@k8s-master ~]# kubectl apply -f kube-flannel.yml
 
[root@k8s-node1 ~]# kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock
[root@k8s-node2 ~]# kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock
 
# 再重新将节点加入集群
[root@k8s-node1 ~]# kubeadm join 172.25.254.200:6443 --token lma300.jusxu3igmuk5dfym   --discovery-token-ca-cert-hash sha256:e107ffc608928f2337bf7742bc9b3024c6f7e179a15af2233e8092ae57c68a99 --cri-socket=unix:///var/run/cri-dockerd.sock
 
[root@k8s-node2 ~]# kubeadm join 172.25.254.200:6443 --token lma300.jusxu3igmuk5dfym   --discovery-token-ca-cert-hash sha256:e107ffc608928f2337bf7742bc9b3024c6f7e179a15af2233e8092ae57c68a99 --cri-socket=unix:///var/run/cri-dockerd.sock
[root@k8s-master ~]# kubectl get nodes