一、部署前提
支持kubernetes运行的linux主机,Debian/RedHat
每主机2GB以上的内存,以及2颗以上的CPU
各主机间能够互相通信
主机名可以互相解析
禁用iptables规则,禁用防火墙
禁用swap
主机之间时间同步
二、主机环境
OS:Ubuntu2004LTS
docker:20.10.17
kubernetes:v1.24.3
CRI:cri-dockerd v0.2.5
三、主机名设置
cat /etc/hosts
10.0.0.100 master01.qinjing.com master01 kubeapi.qinjing.com kubeapi
10.0.0.101 node01.qinjing.com node01
10.0.0.102 node02.qinjing.com node02
10.0.0.103 node03.qinjing.com node03
hostnamectl set-hostname node01.qinjing.com
hostnamectl set-hostname node02.qinjing.com
hostnamectl set-hostname node03.qinjing.com
四、主和从节点共同配置
#前提条件
apt install chrony -y
systemctl start chrony.service
timedatectl set-timezone Asia/Shanghai
sed -i 's/.*swap.*/#&/' /etc/fstab ;swapoff -a
#安装docker-ce
apt -y install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
apt update
apt install docker-ce -y
cat <<EOF >/etc/docker/daemon.json
{
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn",
"https://hub-mirror.c.163.com",
"https://reg-mirror.qiniu.com",
"https://registry.docker-cn.com"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "200m"
},
"storage-driver": "overlay2"
}
EOF
systemctl daemon-reload
systemctl start docker.service
systemctl enable docker.service
#安装cri-dockerd
apt install ./cri-dockerd_0.2.5.3-0.ubuntu-focal_amd64.deb -y
#安装kubelet/kubeadm/kubectl
apt update && apt install -y apt-transport-https curl
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt update
apt install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet
#整合kubelet和cri-dockerd
sed -ri.bak 's@(ExecStart.*)@\1 --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d@' /usr/lib/systemd/system/cri-docker.service
systemctl daemon-reload && systemctl restart cri-docker.service
#配置kubelet
mkdir /etc/sysconfig
cat << EOF > /etc/sysconfig/kubelet
KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/run/cri-dockerd.sock"
EOF
五、主节点配置
1、docker load -i k8s-master-components.tar
2、#k8s-master01节点的初始化:
kubeadm init --control-plane-endpoint="kubeapi.magedu.com" --kubernetes-version=v1.24.3 --pod-network-cidr=192.168.0.0/16 --service-cidr=10.96.0.0/12 --token-ttl=0 --cri-socket unix:///run/cri-dockerd.sock --upload-certs
3、提示的操作
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of the control-plane node running the following command on each as root:
kubeadm join kubeapi.magedu.com:6443 --token rx8aps.paug5nyn3ugqvnw7 \
--discovery-token-ca-cert-hash sha256:44dfb7d959fb01777f8985f456a46d98fab5806912cb5b52a7903cd5c757902f \
--control-plane --certificate-key d1626b761c031a100a9f8f49069d4839678be1b6f7d232dc8cc3f25ab91f4ce3
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join kubeapi.magedu.com:6443 --token rx8aps.paug5nyn3ugqvnw7 \
--discovery-token-ca-cert-hash sha256:44dfb7d959fb01777f8985f456a46d98fab5806912cb5b52a7903cd5c757902f 4、mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f calico.yaml
docker load -i calico-components.tar
kubectl get nodes
六、从节点配置
#提前下载镜像
docker load -i k8s-worker-components.tar
docker load -i calico-components.tar
#从节点加入主节点
kubeadm join kubeapi.magedu.com:6443 --token rx8aps.paug5nyn3ugqvnw7 --discovery-token-ca-cert-hash sha256:44dfb7d959fb01777f8985f456a46d98fab5806912cb5b52a7903cd5c757902f --cri-socket unix:///run/cri-dockerd.sock
七、测试
kubectl get nodes
kubectl create deployment demoapp --image=ikubernetes/demoapp:v1.0 --replicas=3
kubectl get pods
kubectl get pods -o wide
kubectl create service nodeport demoapp --tcp=80:80
kubectl get service
#另一端口查看
while true;do curl 10.111.168.214;sleep 1;done
#扩容
kubectl scale deployments demoapp --replicas=5
kubectl get pods
kubectl get pods -o wide
#缩容
kubectl scale deployments demoapp --replicas=2
八、重置节点集群
kubeadm reset unix:///run/cri-dockerd.sock
rm -rf /etc/kubernetes /var/lib/kubelet/