初始化坏境
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
| hostnamectl set-hostname master hostnamectl set-hostname node01
cat >> /etc/hosts << EOF 172.12.1.105 master 172.12.1.106 node01 EOF
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config systemctl stop firewalld.service ; systemctl disable firewalld sed -ri 's/.*swap.*/#&/' /etc/fstab swapoff -a
cat >> /etc/apt/sources.list << EOF
deb http://mirrors.aliyun.com/ubuntu/ noble main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ noble main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ noble-security main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ noble-security main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ noble-updates main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ noble-updates main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ noble-proposed main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ noble-proposed main restricted universe multiverse deb http://mirrors.aliyun.com/ubuntu/ noble-backports main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ noble-backports main restricted universe multiverse EOF
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add echo "deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main" >> /etc/apt/sources.list sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates curl
timedatectl set-timezone Asia/Shanghai apt install ntpdate -y ntpdate ntp1.aliyun.com
cat <<EOF > /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 fs.may_detach_mounts = 1 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 fs.file-max=52706963 fs.nr_open=52706963 net.netfilter.nf_conntrack_max=2310720 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 327680 net.ipv4.tcp_orphan_retries = 3 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.ip_conntrack_max = 65536 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_timestamps = 0 net.core.somaxconn = 16384 net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0 net.ipv6.conf.all.forwarding = 1 EOF
sysctl -p /etc/sysctl.d/k8s.conf sysctl --system
modprobe br_netfilter
apt-get install -y ipvsadm ipset
|
安装配置containerd或者docker(一个就好)
containerd
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
| apt install -y containerd
mkdir /etc/containerd -p
containerd config default > /etc/containerd/config.toml
vim /etc/containerd/config.toml sandbox_image = "k8s.gcr.io/pause:3.8" //61行 改成 sed -i 's/registry.k8s.io/registry.aliyuncs.com\/google_containers/' /etc/containerd/config.toml sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
systemctl daemon-reload systemctl enable containerd; systemctl start containerd
|
docker
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
| yum install container-selinux -y yum install -y yum-utils device-mapper-persistent-data lvm2 yum install -y docker-ce containerd.io mkdir /etc/docker cat > /etc/docker/daemon.json <<EOF { "registry-mirrors": ["https://reg-mirror.qiniu.com"], "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "500m", "max-file": "3" } } EOF
#使用Systemd管理的Cgroup来进行资源控制与管理,因为相对Cgroupfs而言,Systemd限制CPU、内存等资源更加简单和成熟稳定。 #日志使用json-file格式类型存储,大小为100M,保存在/var/log/containers目录下,方便ELK等日志系统收集和管理日志。
systemctl daemon-reload systemctl restart docker.service systemctl enable docker.service docker info | grep "Cgroup Driver" cd /opt # 到下面的链接下载最新版cri-docker: https: rpm -ivh cri-dockerd-0.3.4-3.el7.x86_64.rpm
vim /lib/systemd/system/cri-docker.service #修改ExecStart行如下 ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 systemctl daemon-reload systemctl enable --now cri-docker
|
安装kubeadm,kubelet和kubectl
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
| 安装指定版本 echo "----------------kubelet版本信息列表------------------------" apt list kubelet -a echo "----------------安装kubeadm、kubelet、kubectl(master节点)--------------"
k8s_version=1.28.0-00 sudo apt install -y kubeadm=${k8s_version} kubelet=${k8s_version} kubectl=${k8s_version}
//查看初始化需要的镜像 kubeadm config images list --kubernetes-version 1.28.0
kubeadm config print init-defaults > kubeadm-config.yaml apiVersion: kubeadm.k8s.io/v1beta3 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 172.12.1.105 bindPort: 6443 nodeRegistration: criSocket: unix:///var/run/containerd/containerd.sock imagePullPolicy: IfNotPresent name: master taints: null --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta3 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: {} etcd: local: dataDir: /var/lib/etcd imageRepository: registry.aliyuncs.com/google_containers kind: ClusterConfiguration kubernetesVersion: 1.28.0 networking: dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12 podSubnet: "10.244.0.0/16" scheduler: {} --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs
kubeadm init --config=kubeadm-config.yaml --upload-certs | tee kubeadm-init.log mkdir -p $HOME/.kube sudo cp -fi /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config echo "source <(kubectl completion bash)" >> /etc/profile source /etc/profile
|
安装网络插件
1 2 3 4 5
| kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/tigera-operator.yaml wget https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/custom-resources.yaml vi custom-resources.yaml //13行 13gg cidr: 192.168.0.0/16 //IP改成 10.244.0.0/16 和上面初始化一样 kubectl create -f custom-resources.yaml
|
加入节点
1 2 3 4 5
| 初始化,并安装容器运行时,安装kubectl kubeadm kubelet 重启服务 systemctl daemon-reload systemctl restart containerd; systemctl restart containerd kubeadm join 172.12.1.105:6443
|
升级
master
1 2 3 4 5 6 7 8 9 10 11 12 13
| 安装新版本 k8s_version=1.28.1-00 sudo apt install -y kubeadm=${k8s_version} kubelet=${k8s_version} kubectl=${k8s_version} 先设置节点不可调度 kubectl uncordon master 再排空节点 kubectl drain master --ignore-daemonsets 测试升级计划 kubeadm upgrade plan kubectl update apply --etcd-upgrade systemctl restart kubelet 恢复调度 kubectl cordon master
|
node
1 2 3 4
| k8s_version=1.28.1-00 sudo apt install -y kubelet=${k8s_version} systemctl restart kubelet.service kubelet --version
|
ps:
https://blog.csdn.net/stanluoyuxin/article/details/137070061
https://blog.csdn.net/lhq1363511234/article/details/132379069