ubuntu kubeadm 安装1.28集群

发表于 2024-06-04 更新于 2024-06-05 阅读次数：本文字数： 7.4k 阅读时长 ≈ 7 分钟

初始化坏境

#依次修改主机名*
hostnamectl set-hostname master
hostnamectl set-hostname node01
#hosts解析
cat >> /etc/hosts << EOF
172.12.1.105 master
172.12.1.106 node01
EOF
#关闭selinux、防火墙、交换分区
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
 
systemctl stop firewalld.service ;  systemctl disable firewalld
 
sed -ri 's/.*swap.*/#&/' /etc/fstab 
swapoff -a


# apt 源
cat >> /etc/apt/sources.list << EOF
# aliyun
deb http://mirrors.aliyun.com/ubuntu/ noble main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ noble main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ noble-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ noble-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ noble-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ noble-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ noble-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ noble-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ noble-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ noble-backports main restricted universe multiverse
EOF

#kubernetes源
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add
echo "deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main" >>  /etc/apt/sources.list
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl

#时间同步
timedatectl set-timezone Asia/Shanghai
apt install ntpdate -y
ntpdate ntp1.aliyun.com


#修改内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.forwarding = 1
EOF

#重新加载文件生效系统配置
sysctl -p /etc/sysctl.d/k8s.conf
 
sysctl --system

modprobe br_netfilter

#这个命令的作用是应用 k8s.conf 文件中的内核参数设置，并且开启网络桥接的防火墙功能。其中 k8s.conf 文件中的内容包括以下三个参数设置：
#net.bridge.bridge-nf-call-iptables = 1 表示开启防火墙功能。
#net.bridge.bridge-nf-call-ip6tables = 1 表示开启 IPV6 的防火墙功能。
#net.ipv4.ip_forward = 1 表示开启 IP 转发功能。


#安装ipvsadm
apt-get install -y ipvsadm ipset

安装配置containerd或者docker(一个就好)

containerd

apt install -y containerd
#生成containerd的配置文件
mkdir /etc/containerd -p 
#生成配置文件
containerd config default > /etc/containerd/config.toml
#编辑配置文件
vim /etc/containerd/config.toml  
sandbox_image = "k8s.gcr.io/pause:3.8"   //61行
改成
sed -i 's/registry.k8s.io/registry.aliyuncs.com\/google_containers/' /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
#配置好文件传到node节点
#重启服务   
systemctl daemon-reload
systemctl enable containerd; systemctl start containerd

docker

yum install container-selinux -y
yum install -y yum-utils device-mapper-persistent-data lvm2 
yum install -y docker-ce  containerd.io
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": ["https://reg-mirror.qiniu.com"],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "500m", "max-file": "3"
  }
}
EOF

#使用Systemd管理的Cgroup来进行资源控制与管理，因为相对Cgroupfs而言，Systemd限制CPU、内存等资源更加简单和成熟稳定。
#日志使用json-file格式类型存储，大小为100M，保存在/var/log/containers目录下，方便ELK等日志系统收集和管理日志。

systemctl daemon-reload
systemctl restart docker.service
systemctl enable docker.service 
 
docker info | grep "Cgroup Driver"
cd /opt
# 到下面的链接下载最新版cri-docker: https://github.com/Mirantis/cri-dockerd/tags
rpm -ivh cri-dockerd-0.3.4-3.el7.x86_64.rpm 

vim /lib/systemd/system/cri-docker.service
#修改ExecStart行如下
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8
 
systemctl daemon-reload
systemctl enable --now cri-docker

安装kubeadm，kubelet和kubectl

安装指定版本
echo "----------------kubelet版本信息列表------------------------"
apt list kubelet -a
echo "----------------安装kubeadm、kubelet、kubectl(master节点)--------------"
# 不指定版本就是最新版本
k8s_version=1.28.0-00
sudo apt install -y kubeadm=${k8s_version}  kubelet=${k8s_version}  kubectl=${k8s_version}


 
//查看初始化需要的镜像
kubeadm config images list --kubernetes-version 1.28.0
 
# 生成 kubeadm快速搭建k8s的配置文件
kubeadm config print init-defaults > kubeadm-config.yaml
 
 
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 172.12.1.105
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: master #和节点名称一样
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers #需要改为国内的镜像
kind: ClusterConfiguration
kubernetesVersion: 1.28.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: "10.244.0.0/16"
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
 
#初始化 master
kubeadm init --config=kubeadm-config.yaml --upload-certs | tee kubeadm-init.log
mkdir -p $HOME/.kube
sudo cp -fi /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
echo "source <(kubectl completion bash)" >> /etc/profile
source /etc/profile

安装网络插件

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/tigera-operator.yaml
wget https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/custom-resources.yaml
vi custom-resources.yaml   //13行  13gg
cidr: 192.168.0.0/16   //IP改成  10.244.0.0/16 和上面初始化一样
kubectl create -f custom-resources.yaml

加入节点

初始化，并安装容器运行时，安装kubectl kubeadm kubelet
重启服务   
systemctl daemon-reload
systemctl restart containerd; systemctl restart containerd 
kubeadm join 172.12.1.105:6443 --token xxx

升级

master

安装新版本
k8s_version=1.28.1-00
sudo apt install -y kubeadm=${k8s_version}  kubelet=${k8s_version}  kubectl=${k8s_version}
先设置节点不可调度
kubectl uncordon master
再排空节点
kubectl drain master --ignore-daemonsets
测试升级计划
kubeadm upgrade plan
kubectl update apply --etcd-upgrade
systemctl restart kubelet
恢复调度
kubectl cordon master

node

k8s_version=1.28.1-00
sudo apt install -y kubelet=${k8s_version}
systemctl restart kubelet.service
kubelet --version

ps:

https://blog.csdn.net/stanluoyuxin/article/details/137070061

https://blog.csdn.net/lhq1363511234/article/details/132379069