ubuntu20.04使用kubeadm方式搭建k8s
ubuntu20.04使用kubeadm方式搭建k8s
系统环境准备
配置主机名
主机名 IP地址master 172.16.131.130node1 172.16.131.131node2 172.16.131.132
配置host解析(每台主机都操作)
1 cat >> /etc/hosts << EOF172.16.131.130 master172.16.131.131 node1172.16.131.132 node2EOF
一:安装docker
1.1安装apt依赖包,用于通过HTTPS来获取仓库
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
1.2添加docker的官方GPG密钥
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
1.3设置稳定版仓库
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" #ubuntu官方sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
1.4安装docker-ce
默认安装最新版本(使用指定安装)sudo apt-get update sudo apt-get install -y docker-ce docker-ce-cli containerd.io 指定安装------推荐apt-cache madison docker-ce(列出当前可安装的docker版本)sudo apt install docker-ce=5:19.03.9~3-0~ubuntu-focal docker-ce-cli=5:19.03.9~3-0~ubuntu-focal
1.5配置daemon.json文件,镜像加速
cat > /etc/docker/daemon.json <<EOF{ "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"], "exec-opts":["native.cgroupdriver=systemd"]}EOFsudo systemctl daemon-reloadsudo service docker restartdocker version 或 docker -v
二:关闭防火墙、swap
2.1防火墙
sudo ufw disable
2.2关闭swap
#/swap.img none swap sw 0 0 #在/etc/fstab文件下配置 将这行注释掉mount -a sudo swapoff -a
三:安装kubelet、kubeadm、kubectl
3.1添加阿里源 ##云平台服务器不需要添加
deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main #在/etc/apt/sources.list中添加curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add - #添加源的keysudo apt-get update #更新源
3.2添加 Kubernetes apt
仓库:
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main"| sudo tee /etc/apt/sources.list.d/kubernetes.list
3.3开始安装
安装指定版本sudo apt updatesudo apt install -y kubectl=1.17.12-00 kubeadm=1.17.12-00 kubelet=1.17.12-00 kubelet --version启动systemctl start kubelet
四:部署master节点(以上操作所有节点都操作)
4.1下载
固定版本安装
sudo docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.17.12sudo docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.17.12sudo docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.17.12sudo docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.17.12sudo docker pull registry.aliyuncs.com/google_containers/etcd:3.4.3-0sudo docker pull registry.aliyuncs.com/google_containers/coredns:1.6.5sudo docker pull registry.aliyuncs.com/google_containers/pause:3.1
kubeadm config images list #获取最新版所需镜像列表
4.2 执行init,初始化k8s
kubeadm init \ --apiserver-advertise-address=172.16.131.130 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.19.3 \ --service-cidr=10.1.0.0/16 \ --pod-network-cidr=10.2.0.0/16 \ --service-dns-domain=cluster.local \ --ignore-preflight-errors=Swap \ --ignore-preflight-errors=NumCPU
4.3 创建目录
mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config
4.4 node节点加入集群
kubeadm join 172.16.131.130:6443 --token ohe2ri.mehnmyieotwi7cad \> --discovery-token-ca-cert-hash sha256:bd498e350bbdf474102aa83545bc16d8ed02bc6f9eab47aaa60fee28faf2a848
4.5 部署flannel网络
cat > kube-flannel.yml << EOF---apiVersion: policy/v1beta1kind: PodSecurityPolicymetadata: name: psp.flannel.unprivileged annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/defaultspec: privileged: false volumes: - configMap - secret - emptyDir - hostPath allowedHostPaths: - pathPrefix: "/etc/cni/net.d" - pathPrefix: "/etc/kube-flannel" - pathPrefix: "/run/flannel" readOnlyRootFilesystem: false # Users and groups runAsUser: rule: RunAsAny supplementalGroups: rule: RunAsAny fsGroup: rule: RunAsAny # Privilege Escalation allowPrivilegeEscalation: false defaultAllowPrivilegeEscalation: false # Capabilities allowedCapabilities: ['NET_ADMIN', 'NET_RAW'] defaultAddCapabilities: [] requiredDropCapabilities: [] # Host namespaces hostPID: false hostIPC: false hostNetwork: true hostPorts: - min: 0 max: 65535 # SELinux seLinux: # SELinux is unused in CaaSP rule: 'RunAsAny'---kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1metadata: name: flannelrules:- apiGroups: ['extensions'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: ['psp.flannel.unprivileged']- apiGroups: - "" resources: - pods verbs: - get- apiGroups: - "" resources: - nodes verbs: - list - watch- apiGroups: - "" resources: - nodes/status verbs: - patch---kind: ClusterRoleBindingapiVersion: rbac.authorization.k8s.io/v1metadata: name: flannelroleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannelsubjects:- kind: ServiceAccount name: flannel namespace: kube-system---apiVersion: v1kind: ServiceAccountmetadata: name: flannel namespace: kube-system---kind: ConfigMapapiVersion: v1metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flanneldata: cni-conf.json: | { "name": "cbr0", "cniVersion": "0.3.1", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.2.0.0/16", "Backend": { "Type": "vxlan" } }---apiVersion: apps/v1kind: DaemonSetmetadata: name: kube-flannel-ds namespace: kube-system labels: tier: node app: flannelspec: selector: matchLabels: app: flannel template: metadata: labels: tier: node app: flannel spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions:- key: kubernetes.io/os operator: In values: - linux hostNetwork: true priorityClassName: system-node-critical tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.13.0 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.13.0 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr - --iface=ens33 resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: false capabilities: add: ["NET_ADMIN", "NET_RAW"] env: - name: POD_NAME valueFrom: fieldRef:fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef:fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run/flannel - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run/flannel - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfgEOF注:修改配置文件,将128行替换为PodIP,在189行新增加一行指定网卡名vim kube-flannel.yml128: "Network": "10.2.0.0/16",189: - --iface=ens33
4.6 应用资源配置清单
kubectl apply -f kube-flannel.yml
4.7 查看pod状态
kubectl -n kube-system get pod :正常应该全是running状态
4.8 重置k8s集群(若有需要)
kubeadm resetrm -fr $HOME/.kube/config
4.9 支持命令补全
apt-get install bash-completion -ysource /usr/share/bash-completion/bash_completionsource /etc/bash_completion.d/kubectl