Gepostet vor 2 minutes lesen (Über 296 Wörter)

CentOS7.6部署k8s

两台 2 核 CPU、2G 内存的阿里云服务器,一台 master 节点,一台 node 节点。

准备工作

关闭防火墙

1
2
systemctl stop firewalld
systemctl disable firewalld

禁用 swap 分区

1
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

禁用 SELinux

1
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

时间同步

1
2
systemctl start chronyd
systemctl enable chronyd

重新设置主机名

1
2
3
4
5
6
7
8
9
10
# master 节点
hostnamectl set-hostname master

# node 节点
hostnamectl set-hostname node

vi /etc/hosts
# 添加 ip:
8.130.22.97 master
8.130.23.131 node

将桥接的 IPv4 以及 IPv6 的流量串通

1
2
3
4
5
6
cat >/etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

sysctl --system

配置 ipvs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
sudo yum install -y yum-utils
yum install ipset ipvsadmin -y

cat <<EOF> /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

chmod +x /etc/sysconfig/modules/ipvs.modules
/bin/bash /etc/sysconfig/modules/ipvs.modules
lsmod | grep -e ip_vs -e nf_conntrack_ipv4

安装 docker

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum install docker-ce-19.03.2 docker-ce-cli-19.03.2 containerd.io-1.4.4 -y

# 使用 systemd 代替 cgroupfs,配置仓库镜像地址
mkdir /etc/docker
vi /etc/docker/daemon.json
# 添加:
{
"registry-mirrors": ["https://q2hy3fzi.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}

# 启动 docker
systemctl start docker
systemctl enable docker --now

安装 k8s

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF

yum install -y kubelet-1.23.1 kubeadm-1.23.1 kubectl-1.23.1 --disableexcludes=kubernetes

vi /etc/sysconfig/kubelet
# 添加:
KUBELET_CGROUP_ARGS="--cgroup-driver=systemd"
KUBE_PROXY_MODE="ipvs"

systemctl enable --now kubelet

# 组件下载脚本
sudo tee ./images.sh <<-'EOF'
#!/bin/bash
images=(
kube-apiserver:v1.23.1
kube-proxy:v1.23.1
kube-controller-manager:v1.23.1
kube-scheduler:v1.23.1
coredns:1.7.5
etcd:3.4.13-0
pause:3.2
kubernetes-dashboard-amd64:v1.10.0
heapster-amd64:v1.5.4
heapster-grafana-amd64:v5.0.4
heapster-influxdb-amd64:v1.5.2
pause-amd64:3.1
)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
done
EOF
# 执行脚本
chmod +x ./images.sh && ./images.sh

部署 k8s master

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
kubeadm init \
--kubernetes-version v1.23.1 \
--control-plane-endpoint "master:6443" \
--upload-certs \
--image-repository registry.aliyuncs.com/google_containers \
--pod-network-cidr=10.244.0.0/16

# 将执行成功后的命令拷贝过来
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# kubectl
kubectl get node

# 安装插件
curl https://docs.projectcalico.org/manifests/calico.yaml -O
kubectl apply -f calico.yaml

# 查看 node,状态为 ready
kubectl get node

如果安装失败,需要 reset:

1
2
kubeadm reset
rm -rf $HOME/.kube

部署 k8s node

需要执行在 kubeadm init 输出的 kubeadm join 命令:

1
2
3
kubeadm join master:6443 --token hkakru.rnv32cvzw2alodkw \
--discovery-token-ca-cert-hash sha256:49257352b5a320c40785df0b6cc5534e7ae0b6cc758023b52abc0da4b5e9890d \
--control-plane --certificate-key bd218950889df9e03586f4df549a1ec955715d75fb9e576ec75f3287c0004063

部署 dashboard

1
2
3
4
5
6
7
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard
# type: ClusterIP 改为 type: NodePort

# 查看 dashboard 端口
kubectl get svc -A | grep kubernetes-dashboard

通过 https://集群任意IP:端口 来访问,这里可以是 https://8.130.22.97:31323。

添加用户和绑定角色

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
vi dash.yaml
# 添加:
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

生成登录 token

1
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

将输出的 token 输入到网站中,就可以看到管理界面了。

CentOS7.6部署k8s

https://hey-kong.github.io/2022/01/26/CentOS7-6部署k8s/

Author

王亮

Posted on

2022-01-26

Licensed under

#
Folgen

Links

Archive

Tags

CSAPP2
Cache1
Chinese37
Database6
Edge computing3
English5
File System2
Key-Value Store2
KubeEdge9
Learned Index2
RDMA2
Rocksdb3
docker1
etcd1
k8s4
×