1、 配置hosts
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.10.11 k8s-master-1
10.10.10.12 k8s-master-2
10.10.10.13 k8s-node-1
10.10.10.14 k8s-node-2
10.10.10.15 harbor.qinmengfei.cn
EOF
2、更新内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum install -y https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
yum --enablerepo="elrepo-kernel" install -y kernel-lt
grub2-set-default 0
uname -a
reboot
3、配置内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
sysctl --system
4、安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum -y install docker-ce
systemctl start docker
systemctl enable docker
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://05kr23vq.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
5、安装kubeadm
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y ipvsadm ipset sysstat conntrack libseccomp
yum install -y kubelet kubeadm kubectl
systemctl start kubelet
systemctl enable kubelet
6、提前下载镜像
# 6.1使用命令下载
kubeadm config images pull
# 6.2自行下载
docker pull k8s.gcr.io/kube-apiserver:v1.21.1
docker pull k8s.gcr.io/kube-controller-manager:v1.21.1
docker pull k8s.gcr.io/kube-scheduler:v1.21.1
docker pull k8s.gcr.io/kube-proxy:v1.21.1
docker pull k8s.gcr.io/pause:3.4.1
docker pull k8s.gcr.io/etcd:3.4.13-0
docker pull k8s.gcr.io/coredns/coredns:v1.8.0
7、初始化
7.1初始化参数到文件 (多主)
kubeadm config print init-defaults > kubeadm-config.yaml
cat kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.5.63
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-master-1
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: master:6443
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: 1.21.1
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
# 执行命令部署
kubeadm init --config=kubeadm-config.yaml --upload-certs
7.2 单节点初始化
kubeadm init \
--apiserver-advertise-address=10.10.10.11 \
--service-cidr=10.0.0.0/16 \
--kubernetes-version 1.21.1 \
--pod-network-cidr=172.0.0.0/16
8、部署网络服务flannel或者calico
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
wget https://docs.projectcalico.org/manifests/calico.yaml
kubectl apply -f calico.yaml
# node节点执行
kubeadm join 10.10.10.15:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:23a3bac6c2aed47037faae1dc241a99607f7f1705316125bc22d78cbb571cae6
# 其他master 执行
kubeadm join 10.10.10.11:6443 --token gmaio2.m0bf18nx94ans2gv \
--discovery-token-ca-cert-hash sha256:8f3a03b59854a7df17624d462813629ecfbf4ab18cab667facc9aad758b36006 --experimental-control-plane
拷贝文件到其他节点,配置环境变量,添加节点
echo export KUBECONFIG=/etc/kubernetes/admin.conf >> /etc/profile
source /etc/profile
一、首先在master上生成新的token
kubeadm token create --print-join-command
kubeadm join 192.168.1.10:6443 –token 42ojpt.z2h5ii9n898tzo36 –discovery-token-ca-cert-hash sha256:7cf14e8cb965d5eb9d66f3707ba20deeadc90bd36b730ce4c0e5d9db80d3625b
二、在master上生成用于新master加入的证书
kubeadm init phase upload-certs --experimental-upload-certs
复制
[root@master ~]# kubeadm init phase upload-certs –experimental-upload-certs
Flag –experimental-upload-certs has been deprecated, use –upload-certs instead
W1228 17:15:02.356743 27154 version.go:98] could not fetch a Kubernetes version from the internet: unable to get URL “https://dl.k8s.io/release/stable-1.txt”: Get https://storage.proxy.ustclug.org/kubernetes-release/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
W1228 17:15:02.356872 27154 version.go:99] falling back to the local client version: v1.15.1
[upload-certs] Storing the certificates in Secret “kubeadm-certs” in the “kube-system” Namespace
[upload-certs] Using certificate key:
e799a655f667fc327ab8c91f4f2541b57b96d2693ab5af96314ebddea7a68526
三、添加新node
kubeadm join 192.168.1.10:6443 –token 42ojpt.z2h5ii9n898tzo36 –discovery-token-ca-cert-hash sha256:7cf14e8cb965d5eb9d66f3707ba20deeadc90bd36b730ce4c0e5d9db80d3625b
四、添加新master,把红色部分加到–experimental-control-plane –certificate-key后。
kubeadm join 192.168.1.10:6443 –token 42ojpt.z2h5ii9n898tzo36 –discovery-token-ca-cert-hash sha256:7cf14e8cb965d5eb9d66f3707ba20deeadc90bd36b730ce4c0e5d9db80d3625b –experimental-control-plane –certificate-key e799a655f667fc327ab8c91f4f2541b57b96d2693ab5af96314ebddea7a68526
豫公网安备41042502000209号