ubuntu kubeadm 安装1.28集群

初始化坏境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#依次修改主机名*
hostnamectl set-hostname master
hostnamectl set-hostname node01
#hosts解析
cat >> /etc/hosts << EOF
172.12.1.105 master
172.12.1.106 node01
EOF
#关闭selinux、防火墙、交换分区
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

systemctl stop firewalld.service ; systemctl disable firewalld

sed -ri 's/.*swap.*/#&/' /etc/fstab
swapoff -a


# apt 源
cat >> /etc/apt/sources.list << EOF
# aliyun
deb http://mirrors.aliyun.com/ubuntu/ noble main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ noble main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ noble-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ noble-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ noble-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ noble-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ noble-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ noble-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ noble-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ noble-backports main restricted universe multiverse
EOF

#kubernetes源
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add
echo "deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main" >> /etc/apt/sources.list
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl

#时间同步
timedatectl set-timezone Asia/Shanghai
apt install ntpdate -y
ntpdate ntp1.aliyun.com


#修改内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.forwarding = 1
EOF

#重新加载文件生效系统配置
sysctl -p /etc/sysctl.d/k8s.conf

sysctl --system

modprobe br_netfilter

#这个命令的作用是应用 k8s.conf 文件中的内核参数设置,并且开启网络桥接的防火墙功能。其中 k8s.conf 文件中的内容包括以下三个参数设置:
#net.bridge.bridge-nf-call-iptables = 1 表示开启防火墙功能。
#net.bridge.bridge-nf-call-ip6tables = 1 表示开启 IPV6 的防火墙功能。
#net.ipv4.ip_forward = 1 表示开启 IP 转发功能。


#安装ipvsadm
apt-get install -y ipvsadm ipset

安装配置containerd或者docker(一个就好)

containerd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
apt install -y containerd
#生成containerd的配置文件
mkdir /etc/containerd -p
#生成配置文件
containerd config default > /etc/containerd/config.toml
#编辑配置文件
vim /etc/containerd/config.toml
sandbox_image = "k8s.gcr.io/pause:3.8" //61
改成
sed -i 's/registry.k8s.io/registry.aliyuncs.com\/google_containers/' /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
#配置好文件传到node节点
#重启服务
systemctl daemon-reload
systemctl enable containerd; systemctl start containerd

docker

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
yum install container-selinux -y
yum install -y yum-utils device-mapper-persistent-data lvm2
yum install -y docker-ce containerd.io
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://reg-mirror.qiniu.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "500m", "max-file": "3"
}
}
EOF

#使用Systemd管理的Cgroup来进行资源控制与管理,因为相对Cgroupfs而言,Systemd限制CPU、内存等资源更加简单和成熟稳定。
#日志使用json-file格式类型存储,大小为100M,保存在/var/log/containers目录下,方便ELK等日志系统收集和管理日志。

systemctl daemon-reload
systemctl restart docker.service
systemctl enable docker.service

docker info | grep "Cgroup Driver"
cd /opt
# 到下面的链接下载最新版cri-docker: https://github.com/Mirantis/cri-dockerd/tags
rpm -ivh cri-dockerd-0.3.4-3.el7.x86_64.rpm

vim /lib/systemd/system/cri-docker.service
#修改ExecStart行如下
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8

systemctl daemon-reload
systemctl enable --now cri-docker

安装kubeadm,kubelet和kubectl

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
安装指定版本
echo "----------------kubelet版本信息列表------------------------"
apt list kubelet -a
echo "----------------安装kubeadm、kubelet、kubectl(master节点)--------------"
# 不指定版本就是最新版本
k8s_version=1.28.0-00
sudo apt install -y kubeadm=${k8s_version} kubelet=${k8s_version} kubectl=${k8s_version}



//查看初始化需要的镜像
kubeadm config images list --kubernetes-version 1.28.0

# 生成 kubeadm快速搭建k8s的配置文件
kubeadm config print init-defaults > kubeadm-config.yaml


apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 172.12.1.105
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: master #和节点名称一样
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers #需要改为国内的镜像
kind: ClusterConfiguration
kubernetesVersion: 1.28.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: "10.244.0.0/16"
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs

#初始化 master
kubeadm init --config=kubeadm-config.yaml --upload-certs | tee kubeadm-init.log
mkdir -p $HOME/.kube
sudo cp -fi /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
echo "source <(kubectl completion bash)" >> /etc/profile
source /etc/profile

安装网络插件

1
2
3
4
5
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/tigera-operator.yaml
wget https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/custom-resources.yaml
vi custom-resources.yaml //1313gg
cidr: 192.168.0.0/16 //IP改成 10.244.0.0/16 和上面初始化一样
kubectl create -f custom-resources.yaml

加入节点

1
2
3
4
5
初始化,并安装容器运行时,安装kubectl kubeadm kubelet
重启服务
systemctl daemon-reload
systemctl restart containerd; systemctl restart containerd
kubeadm join 172.12.1.105:6443 --token xxx

升级

master

1
2
3
4
5
6
7
8
9
10
11
12
13
安装新版本
k8s_version=1.28.1-00
sudo apt install -y kubeadm=${k8s_version} kubelet=${k8s_version} kubectl=${k8s_version}
先设置节点不可调度
kubectl uncordon master
再排空节点
kubectl drain master --ignore-daemonsets
测试升级计划
kubeadm upgrade plan
kubectl update apply --etcd-upgrade
systemctl restart kubelet
恢复调度
kubectl cordon master

node

1
2
3
4
k8s_version=1.28.1-00
sudo apt install -y kubelet=${k8s_version}
systemctl restart kubelet.service
kubelet --version

ps:

https://blog.csdn.net/stanluoyuxin/article/details/137070061

https://blog.csdn.net/lhq1363511234/article/details/132379069