配置静态IP
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=d7acee0b-f099-42fb-b5bb-c378eedf0fdb
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.33.44
NETMASK=255.255.255.0
GATEWAY=192.168.33.2
DNS1=223.5.5.5
DNS2=114.114.114.114
[root@localhost ~]#
修改主机名
hostnamectl set-hostname k8s-node3
hostnamectl set-hostname k8s-slave3
hostnamectl set-hostname k8s-slave4
修改hosts解析(所有主机)
cat >/etc/hosts <<'EOF'
192.168.199.171 k8s-master
192.168.199.172 k8s-slave1
192.168.199.173 k8s-slave2
192.168.199.174 k8s-slave3
192.168.199.175 k8s-slave4
EOF
ping -c 2 k8s-master
ping -c 2 k8s-slave1
ping -c 2 k8s-slave2
ping -c 2 k8s-slave3
ping -c 2 k8s-slave4
修改系统配置
修改系统配置,为安装k8s做准备。在所有机器上执行
设置iptables、selinux
systemctl disable firewalld --now && systemctl status firewalld
sed -ri 's#(SELINUX=).*#\1disabled#' /etc/selinux/config
setenforce 0
getenforce 0
关闭virbro网卡
ifconfig virbr0 down
brctl show
brctl delbr virbr0
systemctl disable libvirtd
systemctl set-default multi-user.target
关闭swap
swapoff -a
#关闭开机启动
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
设置yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
设置ntp
yum install chrony -y
sed -i.bak "s@server@#server@g" /etc/chrony.conf
sed -i "6aserver ntp.aliyun.com iburst" /etc/chrony.conf
systemctl start chronyd &&systemctl status chronyd
修改内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
vm.max_map_count=262144
EOF
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
安装k8s
本次实验采用kubeadm安装k8s集群 kubeadm 是 Kubernetes 主推的部署工具之一,将k8s的组件打包为了镜像,然后通过kubeadm进行集群初始化创建。
安装 containerd
yum install containerd.io-1.6.22 -y
mkdir -p /etc/containerd && cd /etc/containerd/
containerd config default > /etc/containerd/config.toml
grep sandbox_image /etc/containerd/config.toml
#替换为阿里源
sed -i "s#k8s.gcr.io/pause#registry.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
sed -i "s#registry.k8s.io/pause#registry.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
#配置containerd cgroup 驱动程序systemd:
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml
##containerd加速
# 修改配置文件/etc/containerd/config.toml, 145行添加config_path
...
144 [plugins."io.containerd.grpc.v1.cri".registry]
145 config_path = "/etc/containerd/certs.d"
146
147 [plugins."io.containerd.grpc.v1.cri".registry.auths]
148
149 [plugins."io.containerd.grpc.v1.cri".registry.configs]
150
151 [plugins."io.containerd.grpc.v1.cri".registry.headers]
152
153 [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
...
# 创建对应的目录
mkdir -p /etc/containerd/certs.d/docker.io
# 配置加速
# 和你配置多个docker镜像加速源一个意思
cat >/etc/containerd/certs.d/docker.io/hosts.toml <<EOF
server = "https://docker.io"
[host."https://ms9glx6x.mirror.aliyuncs.com"]
capabilities = ["pull","resolve"]
[host."https://docker.mirrors.ustc.edu.cn"]
capabilities = ["pull","resolve"]
[host."https://registry-1.docker.io"]
capabilities = ["pull","resolve","push"]
EOF
#重启服务
systemctl restart containerd.service && systemctl enable containerd.service &&systemctl status containerd.service
安装kubeadm工具,所有节点执行
#设置阿里源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all && yum makecache
#查看可以安装的版本
yum list kubeadm --showduplicates
#安装指定版本
# --disableexcludes=kubernetes 作用是允许该k8s仓库的一些包的更新
$ yum install -y kubelet-1.24.4 kubeadm-1.24.4 kubectl-1.24.4 --disableexcludes=kubernetes
## 查看kubeadm 版本
$ kubeadm version
#设置开机启动
[root@centosk8smaster1244 containerd]# systemctl enable kubelet &&systemctl restart kubelet && systemctl status kubelet
在master节点重新生成token
token 会在24小时候失效,登录master节点重新生成,在新的node节点上执行。
[root@k8s-master ~]# kubeadm token create --print-join-command
W1109 10:02:36.652853 93769 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join 192.168.33.41:6443 --token enpxo0.2pd5soelpsotujd6 --discovery-token-ca-cert-hash sha256:579c3e9d60469a74e2e8cd4c600d77274172a42ff6c17de51adb24cd86fc60b7
[root@k8s-master ~]#
登录新的node节点,加入加群
[root@k8s-slave4 ~]# kubeadm join 192.168.199.171:6443 --token 1at9qp.2bk3wl18d3r6uf4u --discovery-token-ca-cert-hash sha256:7919f43fbdc992c70dd31ef2df99228157a9d89ebc233f2b2cbfb8be5facc86e
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
[root@k8s-slave4 ~]#
在master上查看状态
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 11d v1.24.4
k8s-slave1 Ready <none> 11d v1.24.4
k8s-slave2 Ready <none> 11d v1.24.4
k8s-slave3 Ready <none> 4m52s v1.24.4
k8s-slave4 Ready <none> 5m2s v1.24.4
[root@k8s-master ~]#
我这里查看还是noready状态,这时候就需要排查了,node和master直接通信需要网络插件,就先查这个的日志。
[root@k8s-master ~]# kubectl -n kube-flannel get pod -w
NAME READY STATUS RESTARTS AGE
kube-flannel-ds-mgtjb 1/1 Running 0 4m40s
kube-flannel-ds-mkgtz 1/1 Running 2 (6h54m ago) 11d
kube-flannel-ds-phw68 1/1 Running 0 4m50s
kube-flannel-ds-q2btw 1/1 Running 2 (6h54m ago) 11d
kube-flannel-ds-vj7lr 1/1 Running 1 (6h55m ago) 11d
标签:kubelet,主机,etc,containerd,kubeadm,k8s,config,1.24
From: https://www.cnblogs.com/9527com/p/18003634