K8s 集群搭建

文章目录1. 环境要求2. 安装Docker3. 安装cri-dockerd (docker与K8通讯的中间程序)4. 启动docker和cri-docker5. 安装k8s6. 初始化master节点添加KUBECONFIG7. 添加node节点8. 集群验证1. 环境要求修改hostnamehostnameset-hostnamehostname关闭selinuxsed-is/enforcing/disabled//etc/selinux/config# 永久setenforce0# 临时关闭swapswapoff-a# 临时sed-ris/.*swap.*/#//etc/fstab# 永久规划设计主机名hostnameset-hostnamehostname配置桥接参数cat/etc/sysctl.d/k8s.confEOF net.bridge.bridge-nf-call-ip6tables1net.bridge.bridge-nf-call-iptables1EOFsysctl--system修改hosts文件vim /etc/hosts # 添加 master-ip k8-master node01-ip k8-node01 node02-ip k8-node022. 安装Docker# 卸载dockersudodnf removedocker\docker-client\docker-client-latest\docker-common\docker-latest\docker-latest-logrotate\docker-logrotate\docker-engine# 配置安装源(官方 也可使用国内加速镜像)sudodnf-yinstalldnf-plugins-coresudodnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo# 安装dockersudodnfinstalldocker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin-y3. 安装cri-dockerd (docker与K8通讯的中间程序)# arm 环境wgethttps://github.com/Mirantis/cri-dockerd/releases/download/v0.3.24/cri-dockerd-0.3.24.arm64.tgztar-zxvfcri-dockerd-0.3.24.arm64.tgzcdcri-dockerd/install-oroot-groot-m0755 cri-dockerd /usr/bin/cri-dockerdvim/usr/lib/systemd/system/cri-docker.service[Unit] DescriptionCRI Interface for Docker Application Container Engine Documentationhttps://docs.mirantis.com Afternetwork-online.target firewalld.service docker.service Wantsnetwork-online.target Requirescri-docker.socket [Service] Typenotify ExecStart/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-imageregistry.aliyuncs.com/google_containers/pause:3.10.1 ExecReload/bin/kill -s HUP $MAINPID TimeoutSec0 RestartSec2 Restartalways # Note that StartLimit* options were moved from Service to Unit in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILEinfinity LimitNPROCinfinity LimitCOREinfinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMaxinfinity Delegateyes KillModeprocess [Install] WantedBymulti-user.targetvim/usr/lib/systemd/system/cri-docker.socket[Unit] DescriptionCRI Docker Socket for the API PartOfcri-docker.service [Socket] ListenStream%t/cri-dockerd.sock SocketMode0660 SocketUserroot SocketGroupdocker [Install] WantedBysockets.target4. 启动docker和cri-dockersystemctlenabledocker# 添加到开机自启systemctlenablecri-docker# 添加到开机自启systemctl startdocker# 启动dockersystemctl start cri-docker# 启动cri-docker5. 安装k8s# 添加安装源# 这会覆盖 /etc/yum.repos.d/kubernetes.repo 中现存的所有配置catEOF|sudotee/etc/yum.repos.d/kubernetes.repo[kubernetes] nameKubernetes baseurlhttps://pkgs.k8s.io/core:/stable:/v1.35/rpm/ enabled1 gpgcheck1 gpgkeyhttps://pkgs.k8s.io/core:/stable:/v1.35/rpm/repodata/repomd.xml.key EOF# 安装kubectl kubeadm kubeletdnfinstall-ykubectl kubeadm kubelet# 添加kubelet开机自启systemctlenablekubelet6. 初始化master节点kubeadm init\--apiserver-advertise-addressmaster-ip\--image-repository registry.aliyuncs.com/google_containers\--service-cidr10.96.0.0/12\--pod-network-cidr10.244.0.0/16\--cri-socketunix:///var/run/cri-dockerd.sock当出现以下内容时则说明已经成功初始化Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run kubectl apply -f [podnetwork].yaml with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 172.16.170.134:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:b6b2941d26fe9dd1a4ea20850d28e69938a184e805472682e861c5869ee1764a添加KUBECONFIG如果当前使用的是root用户执行export KUBECONFIG/etc/kubernetes/admin.conf其他用户执行mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config7. 添加node节点在node服务器上执行kubeadm join 172.16.170.134:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash \ sha256:b6b2941d26fe9dd1a4ea20850d28e69938a184e805472682e861c5869ee1764a \ --cri-socketunix:///var/run/cri-dockerd.sock8. 集群验证在master节点执行kubectl get nodes查询k8集群节点信息NAME STATUS ROLES AGE VERSION k8-master NotReady control-plane 3m33s v1.35.3 k8-node01 NotReady none 76s v1.35.3 k8-node02 NotReady none 5s v1.35.3如果此命令执行结果为如下信息[rootk8-node02 ~]# kubectl get nodes E0402 01:23:19.446472 21082 memcache.go:265] Unhandled Error errcouldnt get current server API group list: Get \http://localhost:8080/api?timeout32s\: dial tcp [::1]:8080: connect: connection refused E0402 01:23:19.447102 21082 memcache.go:265] Unhandled Error errcouldnt get current server API group list: Get \http://localhost:8080/api?timeout32s\: dial tcp [::1]:8080: connect: connection refused E0402 01:23:19.448680 21082 memcache.go:265] Unhandled Error errcouldnt get current server API group list: Get \http://localhost:8080/api?timeout32s\: dial tcp [::1]:8080: connect: connection refused E0402 01:23:19.448984 21082 memcache.go:265] Unhandled Error errcouldnt get current server API group list: Get \http://localhost:8080/api?timeout32s\: dial tcp [::1]:8080: connect: connection refused E0402 01:23:19.450345 21082 memcache.go:265] Unhandled Error errcouldnt get current server API group list: Get \http://localhost:8080/api?timeout32s\: dial tcp [::1]:8080: connect: connection refused The connection to the server localhost:8080 was refused - did you specify the right host or port?需要在此集群上执行第6步中的添加KUBECONFIG步骤