一、环境
[root@tax-k8s-work03 ~]# cat /etc/os-release
NAME="Huawei Cloud EulerOS"
VERSION="2.0 (x86_64)"
ID="hce"
VERSION_ID="2.0"
PRETTY_NAME="Huawei Cloud EulerOS 2.0 (x86_64)"
ANSI_COLOR="0;31"
[root@tax-k8s-work03 ~]# uname -a
Linux tax-k8s-work03 5.10.0-60.18.0.50.r865_35.hce2.x86_64 #1 SMP Sun Mar 26 18:01:01 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
二、初始化(所有节点)
主机名配置
[root@tax-k8s-work01 ~]# hostnamectl set-hostname tax-k8s-work01
[root@tax-k8s-work02 ~]# hostnamectl set-hostname tax-k8s-work02
[root@tax-k8s-work03 ~]# hostnamectl set-hostname tax-k8s-work03
[root@tax-k8s-work04 ~]# hostnamectl set-hostname tax-k8s-work04
hosts配置
[root@tax-k8s-work01 ~]# cat /etc/host
192.168.11.137 test-changan-k8s.vip.com
192.168.11.137 tax-k8s-work01
192.168.11.92 tax-k8s-work02
192.168.11.53 tax-k8s-work03
192.168.11.37 tax-k8s-work04
关闭防火墙:
[root@tax-k8s-work01 ~]# systemctl stop firewalld
[root@tax-k8s-work01 ~]# systemctl disable firewalld
[root@tax-k8s-work01 ~]# systemctl status firewalld
关闭selinux:
[root@tax-k8s-work01 ~]# sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
[root@tax-k8s-work01 ~]# cat /etc/selinux/config
[root@tax-k8s-work01 ~]# sestatus
时间同步:
[root@tax-k8s-work01 ~]# yum -y install ntpdate
[root@tax-k8s-work01 ~]# crontab -e
0 */1 * * * /usr/sbin/ntpdate time1.aliyun.com
开启内核路由转发命令:
[root@tax-k8s-work01 ~]# vim /etc/sysctl.conf
vm.swappiness=0
net.core.somaxconn=1024
net.ipv4.tcp_max_tw_buckets=5000
net.ipv4.tcp_max_syn_backlog=1024
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
配置内核参数,将桥接的IPv4流量传递到iptables的链的命令
cat <
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF
加载br_netfilter模块
[root@tax-k8s-work01 ~]# modprobe br_netfilter
[root@tax-k8s-work01 ~]# lsmod | grep br_netfilter
使用新添加配置文件生效
[root@tax-k8s-work01 ~]# sysctl -p /etc/sysctl.d/k8s.conf
[root@tax-k8s-work01 ~]# sysctl --system
所有主机安装ipset及ipvsadm
[root@tax-k8s-work01 ~]# yum -y install ipset ipvsadm
配置ipvsadm模块加载方式,添加需要加载的模块
cat > /etc/sysconfig/modules/ipvs.module <<EOF
!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_sh
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- nf_conntrack
EOF
授权、运行、检查是否加载
[root@tax-k8s-work01 ~]# chmod 755 /etc/sysconfig/modules/ipvs.module && bash /etc/sysconfig/modules/ipvs.module && lsmod | grep -e ip_vs -e nf_conntrack
关闭swap分区
[root@tax-k8s-work01 ~]# swapoff -a
[root@tax-k8s-work01 ~]# sed -i '/ swap / s/^/#/' /etc/fstab
安装k8s依赖包
[root@tax-k8s-work01 ~]# dnf install conntrack socat -y
三、安装Containerd(所有节点)
获取安装包
[root@tax-k8s-work01 ~]# wget https://github.com/containerd/containerd/releases/download/v1.6.22/cri-containerd-cni-1.6.22-linux-amd64.tar.gz
Github官方地址:https://github.com/containerd/containerd/releases/tag/v1.6.22
解压已下载的软件包
[root@tax-k8s-work01 ~]# mkdir cri-containerd
[root@tax-k8s-work01 ~]# tar zxf cri-containerd-cni-1.6.22-linux-amd64.tar.gz -C cri-containerd
[root@tax-k8s-work01 ~]# mv cri-containerd /usr/local/bin
[root@tax-k8s-work01 ~]# cp -rf /usr/local/bin/cri-containerd/usr/local/bin/* /usr/local/bin/
[root@tax-k8s-work01 ~]# cp -rf /usr/local/bin/cri-containerd/usr/local/sbin/* /usr/local/bin/
[root@tax-k8s-work01 ~]# chmod 0755 /usr/local/bin/*
添加containerd.service文件至系统
[root@tax-k8s-work01 ~]# cp /usr/local/bin/cri-containerd/etc/systemd/system/containerd.service /usr/lib/systemd/system/containerd.service
[root@tax-k8s-work01 ~]# ls /usr/lib/systemd/system/containerd.service
生成配置文件
[root@tax-k8s-work01 ~]# mkdir /etc/containerd
[root@tax-k8s-work01 ~]# containerd config default > /etc/containerd/config.toml
[root@tax-k8s-work01 ~]# cat /etc/containerd/config.toml
修改如下内容
root = "/data/containerd"
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://teut9a0h.mirror.aliyuncs.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["registry.aliyuncs.com/google_containers"]
启动containerd服务并设置开机自启动
[root@tax-k8s-work01 ~]# systemctl enable containerd
[root@tax-k8s-work01 ~]# systemctl start containerd
[root@tax-k8s-work01 ~]# systemctl status containerd
四、安装Kubernetes1.24.6组件(所有节点)
配置yum源
[root@tax-k8s-work01 ~]# vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
安装kubernetes
[root@tax-k8s-work01 ~]# dnf install kubeadm-1.24.6 kubectl-1.24.6 kubelet-1.24.6 -y
启动kubelet
[root@tax-k8s-work01 ~]# systemctl start kubelet
[root@tax-k8s-work01 ~]# systemctl enable kubelet.service
五、安装Kubernetes1.24.6集群
master节点执行
[root@tax-k8s-work01 ~]# kubeadm init --control-plane-endpoint test-changan-k8s.vip.com:6443 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 --kubernetes-version=1.24.6 --upload-certs
[root@tax-k8s-work01 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@tax-k8s-work01 ~]# kubectl taint nodes --all node-role.kubernetes.io/master-
[root@tax-k8s-work01 ~]# kubectl taint node tax-k8s-work01 node-role.kubernetes.io/control-plane-
node节点执行
[root@tax-k8s-work02 ~]# kubeadm join test-changan-k8s.vip.com:6443 --token 2bp7ge.8ybmqhuwel0rj7f0 --discovery-token-ca-cert-hash sha256:1946fdfc9335744f0f82c6355c685edc4d7980b4ad90f9be322a815701ff0f06
[root@tax-k8s-work03 ~]# kubeadm join test-changan-k8s.vip.com:6443 --token 2bp7ge.8ybmqhuwel0rj7f0 --discovery-token-ca-cert-hash sha256:1946fdfc9335744f0f82c6355c685edc4d7980b4ad90f9be322a815701ff0f06
[root@tax-k8s-work04 ~]# kubeadm join test-changan-k8s.vip.com:6443 --token 2bp7ge.8ybmqhuwel0rj7f0 --discovery-token-ca-cert-hash sha256:1946fdfc9335744f0f82c6355c685edc4d7980b4ad90f9be322a815701ff0f06
备注:k8s小与1.24的版本需要使用docker,docker安装如下:
安装依赖
[root@tax-k8s-work01 ~]# sudo dnf install dnf-utils device-mapper-persistent-data lvm2 fuse-overlayfs wget
添加软件源信息
[root@tax-k8s-work01 ~]# sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@tax-k8s-work01 ~]# sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
清理缓存
[root@tax-k8s-work01 ~]# sudo dnf update
安装DockerCE最行版本
[root@tax-k8s-work01 ~]# sudo dnf install -y docker-ce
安装DockerCE指定版本
[root@tax-k8s-work01 ~]# sudo dnf install -y docker-ce-<VERSION_STRING>
启动Docker
[root@tax-k8s-work01 ~]# sudo systemctl start docker
开机启动
[root@tax-k8s-work01 ~]# systemctl enable --now docker
修改配置:/etc/docker/daemon.json
cat <
{
"live-restore": true,
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"graph":"/data/docker/graph",
"registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"],
"insecure-registries": ["172.31.23.167:8888"],
"log-opts": {
"max-size": "100m",
"max-file": "10"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
[root@tax-k8s-work01 ~]# systemctl daemon-reload
[root@tax-k8s-work01 ~]# systemctl restart docker