wiki/运维/容器/Kubernetes/相关实验/1.搭建高可用K8S.md

把主机清单写到/etc/hosts中
```
cat > /etc/hosts <<EOF
192.168.30.222 k8s-master-1
192.168.30.223 k8s-master-2
192.168.30.224 k8s-master-3
192.168.30.225 k8s-node-1
192.168.30.226 k8s-node-2
192.168.30.227 k8s-node-3
192.168.30.228 k8s-node-4
192.168.30.229 k8s-node-5
EOF
```
增加相关内核参数
```
cat > /etc/sysctl.d/k8s.conf <<EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

echo br_netfilter >> /etc/modules && modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
```
关闭swap和防火墙
```
swapoff -a  # 临时
sed -ri 's/.*swap.*/#&/' /etc/fstab
systemctl stop ufw
systemctl disable ufw
```
安装ipvs
```
apt install ipset ipvsadm net-tools -y

modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack


lsmod | grep -e ip_vs -e nf_conntrack
```
安装containerd（来源于docker官网）
```
apt-get install ca-certificates curl gnupg -y
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

apt update -y

apt install containerd.io -y 

systemctl start containerd
systemctl enable containerd
```
配置containerd
```
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
```
配置Systemd以及配置镜像加速
```
修改pause镜像路径（原镜像拉不下来)
替换 k8s.gcr.io/pause:x.x 为 registry.aliyuncs.com/google_containers/pause:x.x(x.x保持不变)

启用SystemdCgroup
修改SystemdCgroup=true

         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
           endpoint = ["https://hub-mirror.c.163.com"]
```
添加k8s软件仓库
```
wget -qO - https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" >>/etc/apt/sources.list.d/kubernetes.list
apt update -y 
```
安装相关组件
```
apt install kubelet=1.28.0-00 kubeadm=1.28.0-00 kubectl=1.28.0-00 -y
```
初始化K8S集群
```
source <(kubeadm completion bash)
kubeadm init --kubernetes-version=v1.28.0 --apiserver-advertise-address=192.168.30.6 --control-plane-endpoint=192.168.30.200 --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
```
回显
```
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:

  kubeadm join 192.168.30.200:6443 --token f0gexj.iytj5hqfc5s1116l \
        --discovery-token-ca-cert-hash sha256:1465370d2d4b57183d4b6a58845c17cbebb879c9f331fb0434f6cab6e4c2808f \
        --control-plane 

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.30.200:6443 --token ydz0cs.j19rp8pnn8704daa \
        --discovery-token-ca-cert-hash sha256:d71f8f976a0e75c023ab811b95037ab41d061375a0f4e7a4eb2ba346eac77509
```
k8s-master-2/3先关闭lo:0，向1注册
```
ifconfig lo:0 down

scp /etc/kubernetes/admin.conf root@k8s-master-3:/etc/kubernetes
scp /etc/kubernetes/pki/{ca.*,sa.*,front-proxy-ca.*} root@k8s-master-3:/etc/kubernetes/pki
scp /etc/kubernetes/pki/etcd/ca.* root@k8s-master-3:/etc/kubernetes/pki/etcd
scp /etc/kubernetes/admin.conf root@k8s-master-2:/etc/kubernetes
scp /etc/kubernetes/pki/{ca.*,sa.*,front-proxy-ca.*} root@k8s-master-2:/etc/kubernetes/pki
scp /etc/kubernetes/pki/etcd/ca.* root@k8s-master-2:/etc/kubernetes/pki/etcd

  kubeadm join 192.168.30.200:6443 --token z4k9ta.eddqrseu4jjd7iwz \
        --discovery-token-ca-cert-hash sha256:26457fb6f8da7ebc8875ae39042e2494f1be5349dbaf38afcce3c013020fc594 \
        --control-plane 


```
node节点直接执行下面的就行
```
kubeadm join 192.168.30.200:6443 --token z4k9ta.eddqrseu4jjd7iwz \
        --discovery-token-ca-cert-hash sha256:26457fb6f8da7ebc8875ae39042e2494f1be5349dbaf38afcce3c013020fc594 
```