4.6 KiB
4.6 KiB
把主机清单写到/etc/hosts中
cat > /etc/hosts <<EOF
192.168.30.222 k8s-master-1
192.168.30.223 k8s-master-2
192.168.30.224 k8s-master-3
192.168.30.225 k8s-node-1
192.168.30.226 k8s-node-2
192.168.30.227 k8s-node-3
192.168.30.228 k8s-node-4
192.168.30.229 k8s-node-5
EOF
增加相关内核参数
cat > /etc/sysctl.d/k8s.conf <<EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
echo br_netfilter >> /etc/modules && modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
关闭swap和防火墙
swapoff -a # 临时
sed -ri 's/.*swap.*/#&/' /etc/fstab
systemctl stop ufw
systemctl disable ufw
安装ipvs
apt install ipset ipvsadm net-tools -y
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
lsmod | grep -e ip_vs -e nf_conntrack
安装containerd(来源于docker官网)
apt-get install ca-certificates curl gnupg -y
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update -y
apt install containerd.io -y
systemctl start containerd
systemctl enable containerd
配置containerd
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
配置Systemd以及配置镜像加速
修改pause镜像路径(原镜像拉不下来)
替换 k8s.gcr.io/pause:x.x 为 registry.aliyuncs.com/google_containers/pause:x.x(x.x保持不变)
启用SystemdCgroup
修改SystemdCgroup=true
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://hub-mirror.c.163.com"]
添加k8s软件仓库
wget -qO - https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" >>/etc/apt/sources.list.d/kubernetes.list
apt update -y
安装相关组件
apt install kubelet=1.28.0-00 kubeadm=1.28.0-00 kubectl=1.28.0-00 -y
初始化K8S集群
source <(kubeadm completion bash)
kubeadm init --kubernetes-version=v1.28.0 --apiserver-advertise-address=192.168.30.6 --control-plane-endpoint=192.168.30.200 --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
回显
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
kubeadm join 192.168.30.200:6443 --token f0gexj.iytj5hqfc5s1116l \
--discovery-token-ca-cert-hash sha256:1465370d2d4b57183d4b6a58845c17cbebb879c9f331fb0434f6cab6e4c2808f \
--control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.30.200:6443 --token ydz0cs.j19rp8pnn8704daa \
--discovery-token-ca-cert-hash sha256:d71f8f976a0e75c023ab811b95037ab41d061375a0f4e7a4eb2ba346eac77509
k8s-master-2/3先关闭lo:0,向1注册
ifconfig lo:0 down
scp /etc/kubernetes/admin.conf root@k8s-master-3:/etc/kubernetes
scp /etc/kubernetes/pki/{ca.*,sa.*,front-proxy-ca.*} root@k8s-master-3:/etc/kubernetes/pki
scp /etc/kubernetes/pki/etcd/ca.* root@k8s-master-3:/etc/kubernetes/pki/etcd
scp /etc/kubernetes/admin.conf root@k8s-master-2:/etc/kubernetes
scp /etc/kubernetes/pki/{ca.*,sa.*,front-proxy-ca.*} root@k8s-master-2:/etc/kubernetes/pki
scp /etc/kubernetes/pki/etcd/ca.* root@k8s-master-2:/etc/kubernetes/pki/etcd
kubeadm join 192.168.30.200:6443 --token z4k9ta.eddqrseu4jjd7iwz \
--discovery-token-ca-cert-hash sha256:26457fb6f8da7ebc8875ae39042e2494f1be5349dbaf38afcce3c013020fc594 \
--control-plane
node节点直接执行下面的就行
kubeadm join 192.168.30.200:6443 --token z4k9ta.eddqrseu4jjd7iwz \
--discovery-token-ca-cert-hash sha256:26457fb6f8da7ebc8875ae39042e2494f1be5349dbaf38afcce3c013020fc594