OpenEuler部署K8s-1.31.1 主机拓扑图
主机名
ip
内存
硬盘
cpu
OS
master
192.168.48.101
5G
100G
2
openEuler-22.03-LTS-SP4
node01
192.168.48.102
5G
100G
2
openEuler-22.03-LTS-SP4
node02
192.168.48.103
5G
100G
2
openEuler-22.03-LTS-SP4
镜像下载地址:OpenEuler-22.03-LTS
下载名为openEuler-22.03-LTS-SP4-x86_64-dvd.iso
基本配置 注意一下你的网卡叫什么,我的是ens33,如果你是其他的记得替换,不要无脑的复制粘贴,看看脚本那些需要改的,目测需要改的是ip这些,还有第三步和第六步
基本配置 操作节点:[所有节点]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 #!/bin/bash if [ $# -eq 2 ];then echo "设置主机名为:$1" echo "ens33设置IP地址为:192.168.48.$2" else echo "使用方法:sh $0 主机名 主机位" exit 2 fi echo "--------------------------------------" echo "1.正在设置主机名:$1" hostnamectl set-hostname $1 echo "2.正在关闭firewalld、selinux" systemctl disable firewalld &> /dev/null systemctl stop firewalld sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/selinux/config setenforce 0 echo "3.正在设置ens33:192.168.48.$2" cat > /etc/sysconfig/network-scripts/ifcfg-ens33 <<EOF TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=ens33 UUID=53b402ff-5865-47dd-a853-7afcd6521738 DEVICE=ens33 ONBOOT=yes IPADDR=192.168.48.$2 GATEWAY=192.168.48.2 PREFIX=24 DNS1=192.168.48.2 DNS2=114.114.114.114 EOF nmcli c reload nmcli c up ens33 echo "4.新增华为云源、k8s源" mkdir /etc/yum.repos.d/bak/ cp /etc/yum.repos.d/* /etc/yum.repos.d/bak/ sleep 3 cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.31/rpm/ enabled=1 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.31/rpm/repodata/repomd.xml.key EOF #切换为华为云,下载速度更快 sed -i 's/\$basearch/x86_64/g' /etc/yum.repos.d/openEuler.repo sed -i 's/http\:\/\/repo.openeuler.org/https\:\/\/mirrors.huaweicloud.com\/openeuler/g' /etc/yum.repos.d/openEuler.repo echo "5.更新yum源软件包缓存" yum clean all && yum makecache echo "6.添加hosts解析" cat > /etc/hosts <<EOF 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.48.101 master 192.168.48.102 node01 192.168.48.103 node02 EOF echo "7.关闭swap分区" swapoff -a && sysctl -w vm.swappiness=0 &> /dev/null sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab echo "8.安装chrony服务,并同步时间" yum install chrony -y systemctl enable chronyd --now timedatectl set-timezone Asia/Shanghai timedatectl set-local-rtc 1 timedatectl set-ntp yes chronyc -a makestep chronyc tracking chronyc sources echo "9.必备工具安装" yum install wget psmisc vim net-tools telnet socat device-mapper-persistent-data lvm2 git -y echo "10.重启" reboot
运行脚本
1 2 3 4 5 6 7 sh k8s_system_init.sh 主机名 主机位 [master] sh k8s_system_init.sh master 101 [node01] sh k8s_system_init.sh node01 102 [node02] sh k8s_system_init.sh node02 103
配置ssh免密 操作节点:[所有节点]
注意修改你的主机密码和主机列表的主机名
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 yum install -y sshpass cat > sshmianmi.sh << "EOF" #!/bin/bash # 目标主机列表 hosts=("master" "node01" "node02") # 密码 password="Lj201840." # 生成 SSH 密钥对 ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa # 循环遍历目标主机 for host in "${hosts[@]}" do # 复制公钥到目标主机 sshpass -p "$password" ssh-copy-id -o StrictHostKeyChecking=no "$host" # 验证免密登录 sshpass -p "$password" ssh -o StrictHostKeyChecking=no "$host" "echo '免密登录成功'" done EOF sh sshmianmi.sh
配置内核路由转发及网桥过滤以及安装ipset及ipvsadm 操作节点:[所有节点]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 sed -i 's/net.ipv4.ip_forward=0/net.ipv4.ip_forward=1/g' /etc/sysctl.conf cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 vm.swappiness = 0 EOF # 配置加载br_netfilter模块 cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF #加载br_netfilter overlay模块 modprobe br_netfilter modprobe overlay sysctl --system sysctl -p # 使用新添加配置文件生效 sysctl -p /etc/sysctl.d/k8s.conf yum -y install ipset ipvsadm cat > /etc/sysconfig/modules/ipvs.module <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack EOF #授权、运行、检查是否加载 chmod 755 /etc/sysconfig/modules/ipvs.module && /etc/sysconfig/modules/ipvs.module 查看对应的模块是否加载成功 lsmod | grep -e ip_vs -e nf_conntrack_ipv4
containerd容器环境安装 操作节点:[所有节点]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 #下载所需软件包 wget https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz wget https://github.com/opencontainers/runc/releases/download/v1.1.15/runc.amd64 wget https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz #安装containerd tar Cxzvf /usr/local containerd-1.7.22-linux-amd64.tar.gz # 创建服务,所有主机都要操作 cat << EOF > /usr/lib/systemd/system/containerd.service [Unit] Description=containerd container runtime Documentation=https://containerd.io After=network.target local-fs.target [Service] ExecStartPre=-/sbin/modprobe overlay ExecStart=/usr/local/bin/containerd Type=notify Delegate=yes KillMode=process Restart=always RestartSec=5 # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not supports it. # Only systemd 226 and above support this version. TasksMax=infinity OOMScoreAdjust=-999 [Install] WantedBy=multi-user.target EOF systemctl daemon-reload && systemctl enable --now containerd #安装runc install -m 755 runc.amd64 /usr/local/sbin/runc #安装cni mkdir -p /opt/cni/bin && tar -xzf cni-plugins-linux-amd64-v1.5.1.tgz -C /opt/cni/bin/ #生成容器配置文件 mkdir -p /etc/containerd && containerd config default > /etc/containerd/config.toml sed -i 's#sandbox_image = "registry.k8s.io/pause:.*"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.10"#' /etc/containerd/config.toml sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml cat >/etc/crictl.yaml <<"EOF" runtime-endpoint: unix:///run/containerd/containerd.sock image-endpoint: unix:///run/containerd/containerd.sock timeout: 10 debug: false EOF #配置containerd镜像加速 # 修改 /etc/containerd/config.toml 中的 config_path sed -i 's|^ config_path =.*$| config_path = "/etc/containerd/certs.d"|' /etc/containerd/config.toml # 创建必要的目录 mkdir -p /etc/containerd/certs.d/docker.io mkdir -p /etc/containerd/certs.d/registry.k8s.io # 配置 docker.io 的 hosts.toml cat <<EOF > /etc/containerd/certs.d/docker.io/hosts.toml server = "https://docker.io" [host."https://docker.m.daocloud.io"] capabilities = ["pull", "resolve"] [host."https://reg-mirror.giniu.com"] capabilities = ["pull", "resolve"] EOF # 配置 registry.k8s.io 的 hosts.toml cat <<EOF > /etc/containerd/certs.d/registry.k8s.io/hosts.toml server = "https://registry.k8s.io" [host."https://k8s.m.daocloud.io"] capabilities = ["pull", "resolve", "push"] EOF # 重启 containerd 服务 systemctl daemon-reload systemctl restart containerd.service
安装K8s1.31.1 操作节点:[所有节点]
不出意外第一步安装的就是1.31.1的版本
1 2 3 4 5 6 yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes # 配置kubelet为了实现docker使用的cgroupdriver与kubelet使用的cgroup的一致性,建议修改如下文件内容。所有节点均要安装 sed -i 's/^KUBELET_EXTRA_ARGS=/KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"/g' /etc/sysconfig/kubelet #设置kubelet为开机自启动即可,由于没有生成配置文件,集群初始化后自动启动 systemctl enable kubelet --now
开始安装K8s
操作节点:[master]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 kubeadm config print init-defaults > /etc/kubernetes/init-default.yaml # 修改为国内阿里源 sed -i 's/registry.k8s.io/registry.aliyuncs.com\/google_containers/' /etc/kubernetes/init-default.yaml # 设置 apiServerIP 地址. 请自行替换192.168.48.101为自己master的IP sed -i 's/1.2.3.4/192.168.48.101/' /etc/kubernetes/init-default.yaml sed -i '/serviceSubnet: 10.96.0.0\/12/a \ podSubnet: 192.168.0.0/16' /etc/kubernetes/init-default.yaml sed -i 's/1.31.0/1.31.1/g' /etc/kubernetes/init-default.yaml #拉取所需镜像 kubeadm config images pull --config /etc/kubernetes/init-default.yaml kubeadm init --image-repository registry.aliyuncs.com/google_containers --upload-certs
如果要重置集群,或者报错则运行以下命令,报错了就找原因看看哪里出错了
1 2 3 4 5 6 kubeadm reset [reset] Are you sure you want to proceed? [y/N]: y #输入Y sudo rm -rf /etc/kubernetes/manifests/* sudo iptables -F && sudo ipvsadm --clear
初始化后运行以下命令
1 2 3 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
加入node节点 1 kubeadm token create --print-join-command
生成以下信息
1 kubeadm join 192.168.48.101:6443 --token mxybd6.j56dbce9cy698ejr --discovery-token-ca-cert-hash sha256:c1b1c7248f6aeea4d01244a226489958bfaaaa76926077b5c09b143c760b68e9
将这个命令复制给node01和node02运行就可以加入集群了
安装网络插件 1 2 3 4 5 echo '185.199.108.133 raw.githubusercontent.com' >> /etc/hosts curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/calico.yaml -O sed -i '/- name: WAIT_FOR_DATASTORE/i \ \ \ \ \ \ \ \ \ \ \ \ - name: IP_AUTODETECTION_METHOD\n value: interface=ens33' calico.yaml sed -i 's| docker.io/calico/| registry.cn-hangzhou.aliyuncs.com/qianyios/|' calico.yaml kubectl apply -f calico.yaml
等待十几分钟这样子,就出现以下全部ready和running就说明K8s集群部署成功
K8S-dashboard 配置yaml 1 2 3 wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml sed -i 's/kubernetesui\/dashboard:v2.7.0/registry.cn-hangzhou.aliyuncs.com\/qianyios\/dashboard:v2.7.0/g' recommended.yaml sed -i 's/kubernetesui\/metrics-scraper:v1.0.8/registry.cn-hangzhou.aliyuncs.com\/qianyios\/metrics-scraper:v1.0.8/g' recommended.yaml
修改配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 vim recommended.yaml --- kind: Service apiVersion: v1 metadata: labels: app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: ports: - port: 443 targetPort: 8443 nodePort: 30001 type: NodePort selector: app: kubernetes-dashboard ---
运行
1 kubectl apply -f recommended.yaml
创建cluster-admin用户 1 2 3 4 5 6 7 #创建service account并绑定默认cluster-admin管理员群角色 #创建用户 kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard #用户授权 kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin #获取用户Token kubectl create token dashboard-admin -n kubernetes-dashboard
记录token
1 eyJhbGciOiJSUzI1NiIsImtpZCI6IjhsSUtJbk93YU5xR1V2ZndOS0lFMnpVLVR1cEl1YUF5U0JBd2NRUXFHVE0ifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzI4Mzk1MzcxLCJpYXQiOjE3MjgzOTE3NzEsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwianRpIjoiYjA5NjA2OTEtNTVkNy00YzhmLTliZGItZDRkNzljYTU0YTJiIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkYXNoYm9hcmQtYWRtaW4iLCJ1aWQiOiIwYzU0YWE0OC0zYTFkLTQyNmYtODI5ZS01ODVjZWNjMzEyYjAifX0sIm5iZiI6MTcyODM5MTc3MSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmRhc2hib2FyZC1hZG1pbiJ9.dYb1MRmrKqNSTs2SKGsXZT_Nq4xtt3JeQEXOaHIjvFNtn_iCk1qTuY6oUBE8xdRv4S1oyqb52udGj0Zb5gYpMEBIfpQxTL_KJkeR-1S-tyl2U1FsH6UCnPE_j7KWh5suU3YJncIhQ26Ei7hC12WuZ9l-_UD3mL2tEPzwjbhnT0qir2Qe4rqrSJNNSQHrtwNVD2O-zv13VaUx6azXArec2GPDYR5ZYbSqMXuklaelwtZoKPLzP0DFnZy4jJ4n1JM7PRzqS5sWT_2nMgpSFZ_a5E0b7knvcNvyQHgHzeIYTrY88wjaCQi3x3cIn2hUvtVsroZySjx3Mz-ZECco5WN-eQ
浏览器访问即可并输入以上token
1 https://192.168.48.101:30001/
至此K8s-1.31.1部署完成
千屹博客旗下的所有文章,是通过本人课堂学习和课外自学所精心整理的知识巨著
微信
支付宝