01.安装(kubeadm)
一、安装准备工作
1.关闭防火墙
systemctl stop firewalld
systemctl disable firewalld2.关闭selinux
# 永久
sed -i 's/enforcing/disabled/' /etc/selinux/config
# 临时
setenforce 03.关闭swap
# 临时
swapoff -a
# 永久
sed -ri 's/.*swap.*/#&/' /etc/fstab4.根据规划设置主机名
hostnamectl set-hostname <hostname>master
hostnamectl set-hostname k8smasternode
# node1
hostnamectl set-hostname k8snode1
# node2
hostnamectl set-hostname k8snode2“hostname”查看
5.添加hosts(master)
cat >> /etc/hosts << EOF
192.168.44.141 k8smaster
192.168.44.142 k8snode1
192.168.44.143 k8snode2
EOF6.将桥接的ipv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.config << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
EOF生效
sysctl --system7.时间同步
yum install ntpdate -y
ntpdate time.windows.com二、安装docker
1.安装docker
yum -y install docker
# 开机启动
systemctl enable docker && systemctl start docker
docker --version2.改变仓库并重启
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors":["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOFsystemctl restart docker3.添加阿里云YUM软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF三、安装k8s
1.安装kubeadm,kubelet,kubectl
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet2.初始化k8s(master)
kubeadm init \
--apiserver-advertise-address=192.168.132.140 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.22.1 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16注:CPU需要两核
master主机IP
--apiserver-advertise-address=192.168.132.140
镜像地址,修改为阿里
--image-repository registry.aliyuncs.com/google_containers
版本:
--kubernetes-version v1.22.1
这个参数后的IP地址直接就套用10.96.0.0/12 ,以后安装时也套用即可,不要更改
--service-cidr=10.96.0.0/12
k8s内部的pod节点之间网络可以使用的IP段,不能和service-cidr写一样,如果不知道怎么配,就先用这个10.244.0.0/16
--pod-network-cidr=10.244.0.0/16
错误:
[ERROR ImagePull]: failed to pull image registry.aliyuncs.com/google_containers/coredns:v1.8.4: output: Trying to pull repository registry.aliyuncs.com/google_containers/coredns ...
拉取1.8.4改名为v1.8.4
docker pull registry.aliyuncs.com/google_containers/coredns:1.8.4改名
docker tag registry.aliyuncs.com/google_containers/coredns:1.8.4 registry.aliyuncs.com/google_containers/coredns:v1.8.4删除之前的
docker rmi registry.aliyuncs.com/google_containers/coredns:1.8.43.安装完根据提示操作
重置:kubeadm reset
状态:systemctl status kubelet
master执行
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config执行完看节点,只有自己
kubectl get nodes
我们在node执行命令,添加到master去(这个token有效期只有24小时,建议直接使用第5步)
kubeadm join 192.168.132.140:6443 --token a9ch8w.8ti0mczfx3mya2rb \
--discovery-token-ca-cert-hash sha256:c1f0803f42db99fd0516edcabfaa5086c832215d4c87874044b9af32a71fed9e
在master端可以看到node了
4.部署CNI网络插件(我们可以看到节点状态是:NotReady,需要安装插件)
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml5.token默认只有24小时我们要生成一个一个永久的
查看token列表(master)
kubeadm token list生成一个永不过期的token(master)
kubeadm token create --ttl 0
生成正数(master)
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'节点执行(node)
kubeadm join 192.168.132.140:6443 --token mxa31o.b9bg1rivjzb9ickx \
--discovery-token-ca-cert-hash sha256:3d9617fae8fe0f71e594b8205ff7315eb9decf4333e76444763dffb2de2d7d1a