Kubernetes安装部署
一、环境配置(三台同步)
1、安装一些工具、每台都要安装 && 关闭防火墙和Selinux
yum -y install bash-completion wget vim-enhanced net-tools gc
systemctl stop firewalld.service
systemctl disable firewalld.service
getenforce
cat /etc/selinux/config
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
cat /etc/selinux/config2、配置hosts(改成自己的)
hostnamectl set-hostname ks-m && bash
hostnamectl set-hostname Service-node1 && bash
hostnamectl set-hostname ProM-node2 && bashecho "192.168.100.11 ks-m
192.168.100.12 service-node1
192.168.100.13 prom-ndoe2" >> /etc/hosts3、设置时间同步
sudo yum -y install ntpdate
sudo ntpdate ntp1.aliyun.com
sudo systemctl status ntpdate
sudo systemctl start ntpdate
sudo systemctl status ntpdate
sudo systemctl enable ntpdate4、关闭SWAP交换空间
sudo swapoff -a
sudo sed -i 's/.*swap.*/#&/' /etc/fstab
free -h5、环境配置
k8s官网:Kubernetes Documentation | Kubernetes
下滑
# sysctl params required by setup, params persist across reboots
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
EOF
# Apply sysctl params without reboot
sudo sysctl --system6、加载模块和ipv4、6的配置
https://v1-29.docs.kubernetes.io/docs/setup/production-environment/container-runtimes/
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# sysctl params required by setup, params persist across reboots
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# Apply sysctl params without reboot
sudo sysctl --systemnet.bridge.bridge-nf-call-iptables = 1
桥接卡 确保数据包ipv4被iptables和nat处理
net.bridge.bridge-nf-call-ip6tables = 1
桥接卡 确保数据包ipv6被iptables和nat处理
二、配置安装container\docker\nerdctl
1、安装container
#拉取1.7.22版本的container
wget https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz
#解压安装包
tar -zxvf containerd-1.7.22-linux-amd64.tar.gz
#环境
cp bin/* /usr/local/bin/
#刷新进程
bash
#查看是否有版本输出
containerd -v
#创建配置文件
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
#将服务注册到systemctl
cat > /etc/systemd/system/containerd.service <<EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStart=/usr/local/bin/containerd
Restart=always
RestartSec=5
Delegate=yes
KillMode=process
OOMScoreAdjust=-999
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
[Install]
WantedBy=multi-user.target
EOF
#启动服务设置为自动启动
systemctl daemon-reload
systemctl enable containerd --now2、修改配置文件
vim /etc/containerd/config.toml
registry.aliyuncs.com/google_containers/pause:3.9
/etc/containerd/certs.d
3、配置加速器
mkdir /etc/containerd/certs.d
cd /etc/containerd/certs.d/
mkdir docker.io
cd docker.iovim hosts.toml
server = "https://docker.io"
[host."https://docker.1panel.live"]
capabilities = ["pull", "resolve"]
skip_verify = true
[host."https://docker.m.daocloud.io"]
capabilities = ["pull", "resolve"]
skip_verify = true
[host."https://https://j4dho57n.mirror.aliyuncs.com/"]
capabilities = ["pull", "resolve"]
skip_verify = true重启服务
systemctl restart containerd.service4、安装docker
访问阿里云镜像站:http://mirrors.aliyun.com/
# step 1: 安装必要的一些系统工具以及镜像仓库
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
# Step 2: 添加软件源信息
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 安装Docker
sudo yum install docker-ce docker-ce-cli docker-buildx-plugin docker-compose-plugin -y
# Step 4: 开启Docker服务
sudo service docker start5、下载安装nerdctl
下载链接:wget https://github.com/containerd/nerdctl/releases/download/v1.7.7/nerdctl-1.7.7-linux-amd64.tar.gz
wget https://github.com/containerd/nerdctl/releases/download/v1.7.7/nerdctl-1.7.7-linux-amd64.tar.gz
tar -zxvf nerdctl-1.7.7-linux-amd64.tar.gz
mv nerdctl /usr/local/sbin
chmod 777 /usr/local/sbin/nerdctl
nerdctl -v
#测试
nerdctl pull busybox:1.36
三、安装部署k8s(三台同步)
1、关闭交换分区
vim /etc/sysctl.d/k8s.conf
vm.swappiness = 0
sysctl --system2、下载“包”
登录阿里云官方镜像站
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/repomd.xml.key
EOF
setenforce 0
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
3、编辑用户变量
vim .bashrc
###############
source <(nerdctl completion bash)
source <(kubeadm completion bash)
source <(kubectl completion bash)
source <(crictl completion bash)
###############
source .bashrc 
4、解决crictl命令报错的问题
crictl config runtime-endpoint unix:///run/containerd/containerd.sock
crictl images
vim /etc/crictl.yaml 
好了
5、k8s 初始化(仅在master节点主机上执行)
kubeadm config print init-defaults > init.yaml
vim init.yaml写local API 你猜是那个IP
registry.aliyuncs.com/google_containers
给(三台)设备都加上开机自启哈
systemctl enable kubelet.service在master初始化
kubeadm init --config=init.yaml
node节点的复制过去不用回车 等配置完网络的
复制到浏览器访问Calico
复制路径 复制内容自己配置yaml文件
四、配置calico网络
将全部内容复制下来粘贴到自己创建的calico.yaml
vim calico.yaml
kubectl apply -f calico.yaml #部署calico网络 同时另外两台node回车 加入集群
3、k8s命令补全
! grep -q kubectl "$HOME/.bashrc" && echo "source /usr/share/bash-completion/bash_completion" >>"$HOME/.bashrc"
! grep -q kubectl "$HOME/.bashrc" && echo "source <(kubectl completion bash)" >>"$HOME/.bashrc"
! grep -q kubeadm "$HOME/.bashrc" && echo "source <(kubeadm completion bash)" >>"$HOME/.bashrc"
! grep -q crictl "$HOME/.bashrc" && echo "source <(crictl completion bash)" >>"$HOME/.bashrc"
source "$HOME/.bashrc"
4、常用命令
# 获取节点
kubectl get nodes -o wide
# 实时查询nodes状态
watch kubectl get nodes -o wide
# 获取pod
kubectl get pods --all-namespaces -o wide
# 查看镜像列表
kubeadm config images list
# 节点加入集群
kubeadm token create --print-join-command
# 描述node
kubectl describe node k8s-master
# 描述pod
kubectl describe pod kube-flannel-ds-hs8bq --namespace=kube-system
五、编辑脚本,防止k8s内存过大系统故障
vim /etc/rsyslog.d/01-blocklist.conf
if $msg contains "run-containerd-runc" and $msg contains "mount: Deactivated successfully."
then {
stop
}systemctl restart rsyslog.service
六、升级内核(提前看)
出现需要内核升级得情况看这个
三台设备同步
1、手动拉取内核 RPM
因为ELRepo 源都是最新版本 可能你用的时候wget是404 所以需要去看一下你拉取得版本是否是存在得:
wget http://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-lt-devel-5.4.203-1.el7.elrepo.x86_64.rpm
wget http://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-lt-headers-5.4.203-1.el7.elrepo.x86_64.rpm
wget http://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-lt-5.4.203-1.el7.elrepo.x86_64.rpm2、安装内核
rpm -ivh kernel-lt-5.4.203-1.el7.elrepo.x86_64.rpm
rpm -ivh kernel-lt-devel-5.4.203-1.el7.elrepo.x86_64.rpm 3、查看启动顺序、设置启动顺序、重启生效
#查看启动顺序
rpm -qa | grep kernel
#设置启动顺序
grub2-set-default 0
#重启生效
reboot5、设置内核启动顺序、重新创建内核配置
grub2-set-default 0
grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg7、使用uname -r查看内核版本是否升级成功
uname -r8、加载br_netfilter模块
###修改升级后的内核参数
modprobe br_netfilter9、验证模块是否加载成功
lsmod | grep br_netfilter10、修改内核参数
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF11、使更改生效
sysctl --system
Kubernetes安装部署
https://www.gmqgmq.cn//archives/kubernetesan-install