使用kubeadm基于ubuntu20.04部署K8S v1.29集群
藥瓿亭 2024-06-11 12:37:02 阅读 90
前言:根据目前CKA考试要求配置一个基础的练习环境。
· Ubuntu20.04
· Kubernetes v1.29.0
· Containerd
一、硬件配置环境
下表是按照官方文档Kubernetes集群节点最低配置要求 。电脑资源允许可以适当调高配置。
Role | Name | Num | CPU | MEM | DISK | SYSTEM | IP |
---|---|---|---|---|---|---|---|
master | master | 1 | 2C | 2G | 20G | Ubuntu 20.04.6 LTS | 192.168.10.60 |
worker | node01 | 1 | 2C | 2G | 20G | Ubuntu 20.04.6 LTS | 192.168.10.61 |
worker | node02 | 1 | 2C | 2G | 20G | Ubuntu 20.04.6 LTS | 192.168.10.62 |
二、系统环境准备(此部分在集群所有节点操作)
1、系统基础设置
sudo systemctl status ufw #查看防火墙状态sudo systemctl stop ufw #关闭防火墙sudo systemctl disable ufw #禁止防火墙开机启动sudo swapoff -a #关闭swap分区sed -ri 's/.*swap.*/#&/' /etc/fstab #禁用swap分区hostnamectl set-hostname master #设置master主机名hostnamectl set-hostname node01 #设置node01主机名 hostnamectl set-hostname node02 #设置node02主机名sudo echo 192.168.10.60 master >> /etc/hosts #设置master的host解析sudo echo 192.168.10.61 node01 >> /etc/hosts #设置node01的host解析sudo echo 192.168.10.62 node02 >> /etc/hosts #设置node02的host解析sudo timedatectl set-timezone Asia/Shanghai #配置时区
2、安装时间同步服务
sudo apt-get updatesudo apt-get install -y chronysudo systemctl start chronysudo systemctl status chronysudo systemctl enable chronysudo chronyc sourcestats -v
3、 允许 iptables 检查桥接流量设置
#转发IPv4并让iptables看到桥接流量cat <<EOF | sudo tee /etc/modules-load.d/k8s.confoverlaybr_netfilterEOFsudo modprobe overlaysudo modprobe br_netfilter#设置所需的sysctl参数,参数在重新启动后保持不变cat <<EOF | sudo tee /etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-iptables = 1net.bridge.bridge-nf-call-ip6tables = 1net.ipv4.ip_forward = 1EOF#应用sysctl参数而不重新启动sudo sysctl --system#检查确认br_netfilter和overlay模块被加载:lsmod | grep br_netfilterlsmod | grep overlay#检查sysctl是否成功应用:sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
4、安装容器运行时Containerd
# 添加Docker'官方GPG key:sudo apt-get updatesudo apt-get install ca-certificates curl gnupgsudo install -m 0755 -d /etc/apt/keyringscurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpgsudo chmod a+r /etc/apt/keyrings/docker.gpg# 添加repository到Apt源:echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/nullsudo apt-get update#安装containerdsudo apt-get install containerd.io#锁定containerd.io 版本sudo apt-mark hold containerd.io#生成containerd配置文件containerd config default > /etc/containerd/config.toml#修改/etc/containerd/config.toml#配置systemd cgroup驱动为true [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] ... [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] SystemdCgroup = true#使用阿里云沙箱(pause)镜像替换原有配置# registry.cn-shanghai.aliyuncs.com/kubesec/pause:3.9 [plugins."io.containerd.grpc.v1.cri"] sandbox_image = "registry.k8s.io/pause:3.6"sudo systemctl restart containerdsudo systemctl enable containerdsudo systemctl status containerd
5、安装 kubeadm、kubelet 和 kubectl
#更新 apt 包索引并安装使用 Kubernetes apt 仓库所需要的包:sudo apt-get updatesudo apt-get install -y apt-transport-https ca-certificates curl gpg#下载用于 Kubernetes 软件包仓库的公共签名密钥。#如果 `/etc/apt/keyrings` 目录不存在,则应在 curl 命令之前创建它。# sudo mkdir -p -m 755 /etc/apt/keyringscurl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg#添加 Kubernetes apt 仓库。 echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list#更新 apt 包索引,安装 kubelet、kubeadm 和 kubectl,并锁定其版本:sudo apt-get updateapt-cache madison kubeadmapt-get install -y kubelet=1.29.0-1.1 kubeadm=1.29.0-1.1 kubectl=1.29.0-1.1sudo apt-mark hold kubelet kubeadm kubectl
三、kubeadm创建集群
从 v1.22 开始,在使用 kubeadm 创建集群时,如果用户没有在 KubeletConfiguration 下设置 cgroupDriver 字段,kubeadm 默认使用 systemd
1、初始化控制节点(只在master节点执行)
kubeadm init --control-plane-endpoint="master" \--kubernetes-version=v1.29.0 \--pod-network-cidr=10.244.0.0/16 \--service-cidr=10.1.0.0/12 \--token-ttl=0 \--cri-socket unix:///run/containerd/containerd.sock \--image-repository registry.aliyuncs.com/google_containers \--upload-certs
2、根据输出结果执行以下命令(只在master节点执行)
#要使非 root 用户可以运行 kubectl,请运行以下命令mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config#root 用户,则可以运行:export KUBECONFIG=/etc/kubernetes/admin.conf
3、安装Pod网络插件Flannel(只在master节点执行)
#添加raw.githubusercontent.com地址解析echo "185.199.109.133 raw.githubusercontent.com" >> /etc/hosts#下载flannel.yml文件并应用wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlkubectl apply -f kube-flannel.yml
4、安装集群资源监控服务kube-metrics-server(只在master节点执行)
wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml#将image: registry.k8s.io/metrics-server/metrics-server:v0.6.4#替换成阿里镜像源:registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server:v0.6.4mv components.yaml kube-metrics-server.yamlkubectl apply -f kube-metrics-server.yaml
5、节点加入集群(node01和node02节点执行)
#执行控制节点输入的加入命令并加上参数--cri-socket /run/containerd/containerd.sockkubeadm join master:6443 --token 3f6ssd.cj9ktdltvhu8myex \ --discovery-token-ca-cert-hash sha256:aa4568ba9d4d77b8804f78b6f5441a2269b5363b5145efe30e5c7307ea2ec0cc \ --cri-socket /run/containerd/containerd.sock
6、查看集群节点和Pod状态
candidate@node01:~$ kubectl get nodeNAME STATUS ROLES AGE VERSIONmaster Ready control-plane 1h v1.29.0node01 Ready worker 1h v1.29.0node02 Ready worker 1h v1.29.0candidate@node01:~$ kubectl get pod --all-namespacesNAMESPACE NAME READY STATUS RESTARTS AGEkube-flannel kube-flannel-ds-2kcht 1/1 Running 0 1hkube-flannel kube-flannel-ds-gd9j4 1/1 Running 0 1h kube-flannel kube-flannel-ds-ngg46 1/1 Running 0 1hkube-system coredns-857d9ff4c9-bg6pn 1/1 Running 0 1h kube-system coredns-857d9ff4c9-rpr7b 1/1 Running 0 1h kube-system etcd-master 1/1 Running 0 1hkube-system kube-apiserver-master 1/1 Running 0 1hkube-system kube-controller-manager-master 1/1 Running 0 1hkube-system kube-proxy-5kwqj 1/1 Running 0 1hkube-system kube-proxy-7p48k 1/1 Running 0 1h kube-system kube-proxy-f4lgd 1/1 Running 0 1h kube-system kube-scheduler-master 1/1 Running 0 1hkube-system metrics-server-579956c978-wjftf 1/1 Running 0 1h
声明
本文内容仅代表作者观点,或转载于其他网站,本站不以此文作为商业用途
如有涉及侵权,请联系本站进行删除
转载本站原创文章,请注明来源及作者。