灵璧做网站,网页设计改版,政务网站建设 紧急通知,手表网站 源码环境
系统 #xff1a; entOS Linux release 7.9.2009 (CoreIP#xff1a;192.168.44.177
硬件要求#xff1a;控制平面最少需要 2c2g
安装前环境准备 如果是集群部署还需要配置时间同步 关闭防火墙 systemctl disable firewalld关闭selinux setenforce 0sed -i s/SELI…环境
系统 entOS Linux release 7.9.2009 (CoreIP192.168.44.177
硬件要求控制平面最少需要 2c2g
安装前环境准备 如果是集群部署还需要配置时间同步 关闭防火墙 systemctl disable firewalld关闭selinux setenforce 0sed -i s/SELINUXenforcing/SELINUXdisabled/g /etc/selinux/config 关闭swap分区 如果没有开启swap分区可以跳过这步 swapoff -a删除掉 /etc/fstab 有关swap分区的信息 设置主机名 hostnamectl set-hostname k8s-mastersu # 可以直接切换到 新的主机名开始安装容器运行时containerd 安装和配置先决条件
转发 IPv4 并让 iptables 看到桥接流量
cat EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 设置所需的 sysctl 参数参数在重新启动后保持不变
cat EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables 1
net.bridge.bridge-nf-call-ip6tables 1
net.ipv4.ip_forward 1
EOF
# 应用 sysctl 参数而不重新启动
sudo sysctl --system通过运行以下指令确认 br_netfilter 和 overlay 模块被加载
lsmod | grep br_netfilter
lsmod | grep overlay通过运行以下指令确认 net.bridge.bridge-nf-call-iptables、net.bridge.bridge-nf-call-ip6tables 和 net.ipv4.ip_forward 系统变量在你的 sysctl 配置中被设置为 1
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward开始安装containerd容器运行时 https://github.com/containerd/containerd/blob/main/docs/getting-started.md#advanced-topics 官网安装指南 通常您还必须 从其官方网站安装runc和CNI 插件。 安装containerd 下载安装包解压安装 安装包路径https://github.com/containerd/containerd/releases 没有科学上网的话很慢可以到我的网盘获取链接https://pan.baidu.com/s/1QakzbfaHM4bbyZ2MjRdIhQ 提取码afh0 wget https://github.com/containerd/containerd/releases/download/v1.7.15/containerd-1.7.15-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-1.7.15-linux-amd64.tar.gz使用systemd启动containerd 获取containerd.service文件
https://raw.githubusercontent.com/containerd/containerd/main/containerd.service将containerd.service文件移动到 /usr/local/lib/systemd/system/ 目录下 如果/usr/local/lib/systemd/system/ 目录不存在则创建 mkdir -p /usr/local/lib/systemd/system/
mv containerd.service /usr/local/lib/systemd/system/重新加载systemd服务 containerd 的默认socket文件路径为 /run/containerd/containerd.sock 高版本的k8s现在默认都使用 containerd作为 容器运行时包括现在使用的k8s1.28 systemctl daemon-reload
systemctl enable --now containerd安装runc 下载地址https://github.com/opencontainers/runc/releases wget https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.amd64
install -m 755 runc.amd64 /usr/local/sbin/runc安装CNI插件 下载地址 https://github.com/containernetworking/plugins/releases wget https://github.com/containernetworking/plugins/releases/download/v1.4.1/cni-plugins-linux-amd64-v1.4.1.tgz
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.4.1.tgz修改containerd cgroup为 systemd containerd 使用位于 的配置文件/etc/containerd/config.toml来指定守护进程级别选项。 使用二进制安装目录默认是没有是需要自己手动创建。 默认配置可以通过 生成containerd config default /etc/containerd/config.toml mkdir /etc/containerd/
containerd config default /etc/containerd/config.toml[rootk8s-master ~]# vim /etc/containerd/config.toml[plugins.io.containerd.grpc.v1.cri.containerd.runtimes.runc.options]BinaryName CriuImagePath CriuPath CriuWorkPath IoGid 0IoUid 0NoNewKeyring falseNoPivotRoot falseRoot ShimCgroup SystemdCgroup true # 将flase 修改为 true设置sandbox_image 镜像 默认配置为sandbox_image “registry.k8s.io/pause:3.8” 必须修改为你后面拉取pause镜像一致的版本和地址后面将使用阿里云的镜像所以这里可以提前写好。 [rootk8s-master ~]# vim /etc/containerd/config.tomlsandbox_image registry.aliyuncs.com/google_containers/pause:3.9重启containerd使用上面两个修改生效 systemctl restart containerd安装k8s 这里使用阿里云的yum源进行安装目录最新的版本为1.28
配置yum源
cat /etc/yum.repos.d/kubernetes.repo EOF
[kubernetes]
nameKubernetes
baseurlhttp://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled1
gpgcheck0
repo_gpgcheck0
gpgkeyhttp://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttp://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF安装 yum -y install kubeadm kubectl kubelet --disableexcludeskubernetes启动kubelet systemctl enable kubelet --now使用 kubeadm 创建集群 4.1. 修改初始集群默认配置文件 kubeadm config print init-defaults init-defaults.yaml[rootk8s-master ~]# vim init-defaults.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authentication
kind: InitConfiguration
localAPIEndpoint:advertiseAddress: 192.168.44.177 # 集群宣告地址k8smaster节点地址bindPort: 6443
nodeRegistration:criSocket: unix:///var/run/containerd/containerd.sock # 容器运行时 sock文件地址上面有提到imagePullPolicy: IfNotPresentname: k8s-master # 节点名称taints: null
---
apiServer:timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:local:dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 镜像拉取地址
kind: ClusterConfiguration
kubernetesVersion: 1.28.0
networking:dnsDomain: cluster.localserviceSubnet: 10.96.0.0/12podSubnet: 10.244.0.0/16 # pod地址这里配置的地址范围和后面的网络插件的地址范围是一致的注意一下。
scheduler: {}4.2. 使用初始化配置文件拉取镜像 kubeadm config images list --configinit-defaults.yaml # 查看需要哪些镜像kubeadm config images pull --configinit-defaults.yaml # 拉取镜像[rootk8s-master ~]# kubeadm config images pull --configinit-defaults.yaml
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.28.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.28.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.28.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.28.0
[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.9 # 回顾一下这个pause镜像在配置containerd使用的sandbox有使用到
[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.5.9-0
[config/images] Pulled registry.aliyuncs.com/google_containers/coredns:v1.10.14.3. 初始化集群
kubeadm init --configinit-defaults.yamlYour Kubernetes control-plane has initialized successfully! # 控制平面初始化成功To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run kubectl apply -f [podnetwork].yaml with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.92.40:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:b31f38202281a96d1f721899dc56e95f770c7bbfea75b2b1076f1fed602e13184.4. 将kubectl证书添加到环境变量否则你将无法使用kubectl命令 如果你是普通用户执行如下命令 最好是添加到环境变量文件中以免重启变量失效 mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config如果你是root用户执行如下 export KUBECONFIG/etc/kubernetes/admin.conf安装网络插件 网络插件很多作用都是为了让Pod之间可以互相通信这里选择简单的三层网络flannel kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml扩展 1 coredns依赖网络插件如果没有网路插件coredns是无法启动 2如果没有安装网络插件 node 的状态为noReady
到此k8s单节点就部署完成。
运行应用 由于k8s控制平面一般是不能调度Pod的是因为master节点上被打上了污点所以一般的Pod无法调度到k8s master节点。
查看节点上的污点
[rootk8s-master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 16m v1.28.2
[rootk8s-master ~]# kubectl describe node k8s-master | grep -i taint
Taints: node-role.kubernetes.io/control-plane:NoSchedule去除污点
[rootk8s-master ~]# kubectl taint node k8s-master node-role.kubernetes.io/control-plane:NoSchedule-
node/k8s-master untainted运行应用 运行一个nginx并将端口映射到主机端口
kubectl run nginx --imagenginx --labelsappnginx --port80
kubectl expose pod nginx --port80 --target-port80 --labelsappnginx --typeNodePort[rootk8s-master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 4m48s
[rootk8s-master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 none 443/TCP 36m
nginx NodePort 10.97.129.0 none 80:31493/TCP 62sservice类型为 NodePort 将service端口随机映射到 所有主机上默认范围在 30000-32767以上是映射到了 31493端口上
