一、修改主机名(三个节点都操作)
vi /etc/hostname #跟换主机名
systemctl restart systemd-hostnamed #修改完成后重新链接服务二、同步时间(三个节点都操作)
yum install ntpdate -y
ntpdate time.windows.com
#时区设置
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#最后执行如下命令将系统时间同步到硬件,防止系统重启后时间被还原。
hwclock --systohc三、在master添加hosts
cat >> /etc/hosts << EOF
10.10.90.67 airlook01
10.10.90.68 airlook02
10.10.90.69 airlook03
EOF四、关闭安全机制(三个节点都操作)
systemctl disable firewalld
systemctl stop firewalld
setenforce 0
getenforce
sed -i 's/SELINUX=enforcing/SELINUX=disable/g' /etc/sysconfig/selinux
#关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab五、将桥接的IPv4流量传递到iptables的链(三个节点都操作)
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
#生效sysctl
sysctl --system 六、安装docker(三个节点都操作)
#彻底删除docker
rm -rf /etc/systemd/system/docker.service.d
rm -rf /etc/systemd/system/docker.service
rm -rf /var/lib/docker
rm -rf /var/run/docker
rm -rf /usr/local/docker
rm -rf /etc/docker
rm -rf /usr/bin/docker* /usr/bin/containerd* /usr/bin/runc /usr/bin/ctr
yum remove *docker*
#添加yum docker软件源
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
#安装docker
yum -y install docker-ce
#启用并启动docker
systemctl enable docker && systemctl start docker
#配置镜像下载加速器
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl restart docker
docker info七、部署kubernetes(三个节点都操作)
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0 #如果安装失败 yum remove失败包重装
systemctl enable kubelet八、master节点初始化k8s(主节点操作)
kubeadm init \
--apiserver-advertise-address=10.10.90.67 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.23.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all--apiserver-advertise-address 集群通告地址
--image-repository 由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址
--kubernetes-version K8s版本,与上面安装的一致
--service-cidr 集群内部虚拟网络,Pod统一访问入口
--pod-network-cidr Pod网络,与下面部署的CNI网络组件yaml中保持一致
初始化之后,会输出一个join命令,先复制出来,node节点加入master会使用
九、拷贝k8s认证文件(主节点操作)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
查看工作节点:
kubectl get nodes如其他节点需要也可分发config到对应路径
十、配置k8s的node节点【node节点操作】
kubeadm join 10.10.90.67:6443 --token ai0s23.688kly6ovb8phnmg \
--discovery-token-ca-cert-hash sha256:ad454105accbb54555bdbab296085bb9704fafc60b5af8f80f02b7ef7cde0708此为上面主节点初始化生成json,在node节点执行即可
如果遇到报错:
执行:
echo "1" >/proc/sys/net/bridge/bridge-nf-call-iptables再重新执行json进行节点加入
十一、部署容器网络 (master执行)
wget https://docs.projectcalico.org/manifests/calico.yaml
修改
- name: CALICO_IPV4POOL_CIDR
value: "10.96.0.0/12"
kubectl apply -f calico.yaml
kubectl get pods -n kube-system十二、部署 Dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
vi recommended.yaml
...
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
type: NodePort
...
kubectl apply -f recommended.yaml
kubectl get pods -n kubernetes-dashboard#创建用户
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard#用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin#获取用户Token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
