k8s-kubeadm方式安装

我们使用kubeadm的方式来安装k8s

版本:v1.30.3

kubernetes安装方式汇总*

kubeadm工具

容器引擎、kubelet:使用yum安装

其他组件:被做成镜像、kubeadm会用这些镜像启动相关组件

​ 静态 pod: kubeadm会将这些容器做成静态pod(没有控制器管理,关掉会自动重启)

总结: 静态pod+容器引擎+kubelet=kubernetes环境

kubeadm环境准备

三台机器,内存>=2G

192.168.112.136: master

192.168.112.139: node1

192.168.112.141:node2

修改主机名,添加host解析 /etc/hosts

hostnamectl set-hostname k8s-master

hostnamectl set-hostname k8s-node1

hostnamectl set-hostname k8s-node2

关闭防火墙、swap分区、selinux

systemctl stop firewalld

systemctl disable firewalld

swapoff -a

sed -i '/swap/s/^/#/' /etc/fstab

setenforce 0

sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

将桥接的ipv4流量传递到iptables的链

cat > /etc/sysctl.d/k8s.conf << EOF

net.bridge.bridge-nf-call-iptables = ``1

net.bridge.bridge-nf-call-ip6tables = ``1

net.ipv4.ip_forward = ``1

EOF

cat >/etc/modules-load.d/k8s.conf<<EOF

overlay

br_netfilter

EOF

添加完输入生效

modprobe overlay

modprobe br_netfilter

sysctl --system

看一下集群时间是否同步

时间一定同步

同步完时间更新yum源

清理掉旧的yum源

rm -rf /etc/yum.repos.d/*

yum remove epel-release -y

rm -rf /var/cache/yum/x86_64/6/epel/

安装阿里的base和epel源

curl -s -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

curl -s -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

​ yum clean all ; yum makecache

更新系统软件

yum update -y --exclude=kernel*

安装基础常用的软件

yum -y install expect wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git ntpdate chrony bind-utils rsync unzip git

更新系统的内核

wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-lt-5.4.274-1.el7.elrepo.x86_64.rpm

wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-lt-devel-5.4.274-1.el7.elrepo.x86_64.rpm

安装内核并设置默认启动(以上操作都是所有机器)

yum localinstall -y /root/kernel-lt*

设置默认启动

grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg

查看内核启动版本

grubby --default-kernel

然后重启

init 6

所有节点修改内核参数

cat > /etc/sysctl.d/k8s.conf << EOF net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 fs.may_detach_mounts = 1 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 fs.file-max=52706963 fs.nr_open=52706963 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl = 15 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 327680 net.ipv4.tcp_orphan_retries = 3 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.ip_conntrack_max = 65536 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_timestamps = 0 net.core.somaxconn = 16384 EOF

立即生效

sysctl --system

以上都是基础环境配置,接下来开始配置容器进行时

由于k8s1.24版本之后,不支持原生docker。containerd来自于docker,所以我们安装containerd不再安装docker

升级libseccomp

centos 7 默认的libseccomp版本为2.3.1,不满足containerd的需求需要更新下载2.4版本以上

rpm -qa | grep libseccomp

rpm -e libseccomp-2.3.1-4.el7.x86_64 --nodeps

wget https://mirrors.aliyun.com/centos/8/BaseOS/x86_64/os/Packages/libseccomp-2.5.1-1.el8.x86_64.rpm

rpm -ivh libseccomp-2.5.1-1.el8.x86_64.rpm

安装containerd

清理docker数据

yum remove docker docker-ce containerd docker-common docker-selinux docker-engine -y

安装yum源以及containerd*

cd /etc/yum.repos.d/ wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install -y containerd*

配置containerd

mkdir -p /etc/containerd

为containerd生成配置文件

containerd config default > /etc/containerd/config.toml

替换pause镜像地址

grep sandbox_image /etc/containerd/config.toml

sed -i 's/registry.k8s.io/registry.cn-hangzhou.aliyuncs.com\/google_containers/' /etc/containerd/config.toml

grep sandbox_image /etc/containerd/config.toml

配置systemd作为容器的cgroup driver

grep SystemdCgroup /etc/containerd/config.toml

sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml

grep SystemdCgroup /etc/containerd/config.toml

配置镜像加速

sed -i 's/config_path =.*/config_path = \"\/etc\/containerd\/certs.d\"/g' /etc/containerd/config.toml

创建镜像加速目录

mkdir -p /etc/containerd/certs.d/docker.iocat > /etc/containerd/certs.d/docker.io/hosts.toml << EOFserver = "https://docker.io"[host."https://dockerproxy.com"]capabilities = ["pull", "resolve"]

[host."https://docker.m.daocloud.io"]capabilities = ["pull", "resolve"]

[host."https://docker.agsv.top"]capabilities = ["pull", "resolve"]

[host."https://registry.docker-cn.com"]capabilities = ["pull", "resolve"]EOF

启动containerd服务并设置开机自启

systemctl daemon-reload && systemctl restart containerd

systemctl enable --now containerd

查看containerd状态

systemctl status containerd

启动成功证明安装成功失败查看具体原因

容器进行时安装完成了接下来开始配置kubernetes

准备kubernetes源

cat > /etc/yum.repos.d/kubernetes.repo << "EOF" [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/ enabled=1 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/repomd.xml.key EOF

安装kubelet

yum install -y kubelet-1.30.3* kubeadm-1.30.3* kubectl-1.30.3*

设置开机自启和开机

systemctl enable kubelet && systemctl start kubelet && systemctl status kubelet

然后创建初始化配置文件

kubeadm config print init-defaults > /etc/kubernetes/init-``default``.yaml

把配置文件修改成国内源

sed -i ``'s/registry.k8s.io/registry.aliyuncs.com\/google_containers/'

 /etc/kubernetes/init-``default``.yaml

设置apiserverip地址,修改10.0.0.1为自己masterip

sed -i ``'s#1.2.3.4#10.0.0.1#' /etc/kubernetes/init-``default``.yaml

设置环境变量

cat >>/etc/profile<<EOF``export KUBECONFIG=/etc/kubernetes/admin.conf``EOF`` source /etc/profile

做完之后开始初始化

kubeadm init --image-repository registry.aliyuncs.com/google_containers --control-plane-endpoint ``"10.0.0.1:6443"``(master上的ip) --upload-certs

初始化之后三个节点要创建kube的配置文件

mkdir -p $HOME/.kube

cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

chown (id -g) $HOME/.kube/config

kubeadm token create --print-join-command

(示例)kubeadm join ``10.0``.``0.1``:``6443 --token XXXxxxxxx \

> --discovery-token-ca-cert-hash sha256:e04398ab10692f24b0f956fbfc0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx这是回显,把这条命令给node节点就行

然后kubelet的初始化完成了

查看你节点是否存在

kubectl get node

开始安装网络插件

可以安装calico也可以安装Flannel 都可以

这里安装calico因为他功能比较强大

从网上把配置文件拉取到本地

cd /etc/kubernetes/ && wget https:``//docs.projectcalico.org/manifests/calico.yaml

由于配置文件里是外网的需要更改国内源

ctr images pull swr.cn-north-``4``.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.``25.0

ctr images pull swr.cn-north-``4``.myhuaweicloud.com/ddn-k8s/docker.io/calico/cni:v3.``25.0

ctr images pull swr.cn-north-``4``.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.``25.0

每个节点都要操作

可以把拉取的镜像该标签为需要的镜像然后创建pod

kubectl apply -f /etc/kubernetes/calico.yaml

拉取的配置文件需要更改国内源

这样基本的kubeadm就已经创建完成了

具体报错具体查看就行

# 运维 # k8s
Logo
2048 AI社区

有“AI”的1024 = 2048,欢迎大家加入2048 AI社区

更多推荐

cover

GG3M 项目投资亮点(Investment Highlights)|中英对照版

avatar 2048 AI社区

Chap05:AI实战指南:普通人也能玩转AI的3个核心技巧

摘要:AI应用并非高深莫测,普通人只需掌握三大关键点:1)提示工程:用"角色+任务+示例+格式"四要素编写prompt,拆解复杂任务为小步骤,赋予AI特定角色提升专业性;2)模型选择:小企业宜用API,大企业可自托管模型,警惕开源模型的隐性成本,重视数据隐私;3)落地避坑:防范AI"幻觉",控制成本,以业务效果而非表面流畅度评估AI产出。正确方法比技术知识更

avatar 2048 AI社区
cover

GPT-5.2 周二发布?代号「大蒜」,OpenAI 真的急了

avatar 2048 AI社区