k8s 集群环境

hostname role IP
zijian-k8s-01 master 192.168.63.31
zijian-k8s-02 worker 192.168.63.32
zijian-k8s-03 worker 192.168.63.33

安装步骤

master, worker 均需要做的操作

  1. 禁用 iptables, firewalld
systemctl disable firewalld --now
systemctl disable iptables --now
  1. IP - hostname 解析写入 /etc/hosts 或 DNS server
192.168.63.31 zijian-k8s-01
192.168.63.32 zijian-k8s-02
192.168.63.33 zijian-k8s-03
  1. 配置网络模块(暂不理解)
[root@zijian-k8s-01 ~]# cat /etc/modules-load.d/containerd.conf
overlay
br_netfilter
ip_conntrack
[root@zijian-k8s-01 ~]#
[root@zijian-k8s-01 ~]# cat /etc/sysctl.d/k8s.conf
net.ipv4.tcp_keepalive_time=600
net.ipv4.tcp_keepalive_intvl=30
net.ipv4.tcp_keepalive_probes=10
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2
net.ipv4.ip_local_port_range= 45001 65000
net.ipv4.ip_forward=1
net.ipv4.tcp_max_tw_buckets=6000
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_synack_retries=2
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.netfilter.nf_conntrack_max=2310720
net.ipv6.neigh.default.gc_thresh1=8192
net.ipv6.neigh.default.gc_thresh2=32768
net.ipv6.neigh.default.gc_thresh3=65536
net.core.netdev_max_backlog=16384
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_max_syn_backlog = 8096
net.core.somaxconn = 32768
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=524288
fs.file-max=52706963
fs.nr_open=52706963
kernel.pid_max = 4194303
net.bridge.bridge-nf-call-arptables=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
vm.max_map_count = 262144
[root@zijian-k8s-01 ~]#
  1. 关闭 swap
swapoff -a # 立刻关闭,但是重启后会再次开启 swap
sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab # fstab 中将 swap 分区注释,重启后就不会再自动挂载

  1. 安装 docker (在 k8s 1.24 版本,已经不再使用 docker 改为使用 containerd,此处仅为学习搭建)
    CentOS 安装指定版本 docker engine

  2. 安装 k8s

[root@zijian-k8s-01 ~]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[root@zijian-k8s-01 ~]# yum -y install kubeadm-1.23.17-0 kubelet-1.23.17-0 kubectl-1.23.17-0
[root@zijian-k8s-01 ~]# systemctl enable --now kubelet
  1. 初始化 k8s
kubeadm init --apiserver-advertise-address=192.168.63.31 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.23.17 --service-cidr=10.10.0.0/16 --pod-network-cidr=10.244.0.0/16

若初始化失败,可以用 kubeadm reset 重置

初始化成功会输出以下信息,按照输出执行

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.63.31:6443 --token cst2q7.mlgtuaok1ji5h3oq \
        --discovery-token-ca-cert-hash sha256:0336fa56ddcc93be52144e12fd8fb33c62e54a954fb4ab6743413983c897a0d9

此时查看 node 状态应为 NotReady

[root@zijian-k8s-01 ~]# kubectl get node
NAME            STATUS     ROLES                  AGE   VERSION
zijian-k8s-01   NotReady   control-plane,master   24m   v1.23.17
[root@zijian-k8s-01 ~]#
  1. 配置 k8s 的 pod 网络

这里使用 Flannel (暂不理解)

[root@zijian-k8s-01 ~]# kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
namespace/kube-flannel created
serviceaccount/flannel created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds created
[root@zijian-k8s-01 ~]#

等待一会儿后(这里约8分钟),node 状态会变为 Ready

[root@zijian-k8s-01 ~]# kubectl get node
NAME            STATUS     ROLES                  AGE   VERSION
zijian-k8s-01   NotReady   control-plane,master   24m   v1.23.17
[root@zijian-k8s-01 ~]# kubectl get node
NAME            STATUS   ROLES                  AGE   VERSION
zijian-k8s-01   Ready    control-plane,master   32m   v1.23.17
[root@zijian-k8s-01 ~]#
  1. worker 节点加入集群
    执行前面初始化中输出的命令
  • zijian-k8s-02
[root@zijian-k8s-02 ~]# kubeadm join 192.168.63.31:6443 --token cst2q7.mlgtuaok1ji5h3oq \
>         --discovery-token-ca-cert-hash sha256:0336fa56ddcc93be52144e12fd8fb33c62e54a954fb4ab6743413983c897a0d9
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 24.0.2. Latest validated version: 20.10
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@zijian-k8s-02 ~]#
  • zijian-k8s-03
[root@zijian-k8s-03 ~]# kubeadm join 192.168.63.31:6443 --token cst2q7.mlgtuaok1ji5h3oq \
>         --discovery-token-ca-cert-hash sha256:0336fa56ddcc93be52144e12fd8fb33c62e54a954fb4ab6743413983c897a0d9
[preflight] Running pre-flight checks
        [WARNING SystemVerification]: this Docker version is not on the list of validated versions: 24.0.2. Latest validated version: 20.10
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@zijian-k8s-03 ~]#

等待一会儿之后,可以看到 worker 节点均加入集群

[root@zijian-k8s-01 ~]# kubectl get node
NAME            STATUS   ROLES                  AGE   VERSION
zijian-k8s-01   Ready    control-plane,master   52m   v1.23.17
zijian-k8s-02   Ready    <none>                 17m   v1.23.17
zijian-k8s-03   Ready    <none>                 15m   v1.23.17
[root@zijian-k8s-01 ~]#