1、環境準備
1.1、升級系統內核
參考另一篇文章:https://blog.csdn.net/u012533920/article/details/148457715?spm=1011.2415.3001.5331
1.2、設置Hostname
cat <<EOF > /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.20 k8s-20
192.168.10.21 k8s-21
192.168.10.22 k8s-22
192.168.10.23 k8s-23
EOF#以下命令行分別在每臺虛擬機執行:
hostnamectl set-hostname <每臺虛擬機的hostname>
1.3、關閉防火墻
systemctl stop firewalld.service
systemctl disable firewalld.service
1.4、添加 aliyun 源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
1.5、重置yum源
yum clean all
yum makecache
1.6、同步時間
timedatectl set-timezone Asia/Shanghai
yum install ntpdate -y
ntpdate ntp1.aliyun.com
#可設置定時任務定時同步時間
1.7、關閉交換分區
sed -ri 's/.*swap.*/#&/' /etc/fstab
swapoff -a
1.8、關閉selinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
1.9、永久添加模塊
cat <<EOF > /etc/modules-load.d/k8s.conf
overlay
br_netfilter
modprobe br_netfilter
modprobe overlay
EOFlsmod | grep br_netfilter
1.10、修改內核參數
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF#這個命令的作用是應用 k8s.conf 文件中的內核參數設置,并且開啟網絡橋接的防火墻功能。其中 k8s.conf 文件中的內容包括以下三個參數設置:
#net.bridge.bridge-nf-call-iptables = 1 表示開啟防火墻功能。
#net.bridge.bridge-nf-call-ip6tables = 1 表示開啟 IPV6 的防火墻功能。
#net.ipv4.ip_forward = 1 表示開啟 IP 轉發功能。sysctl -p /etc/sysctl.d/k8s.conf
#重新加載內核參數配置文件,以確保這些設置生效。
sysctl --system
1.11、安裝ipvs模塊
yum -y install ipset ipvsadmcat <<EOF > /etc/sysconfig/modules/ipvs.modules
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh:
modprobe -- nf_conntrack
EOFchmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack
1.12、安裝基礎包
yum install -y yum-utils device-mapper-persistent-data lvm2 wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlibdevel python-devel epel-release openssh-server socat ipvsadm conntrack ntpdate telnet ipvsadm
2、cri-docker配置
cat << EOF >/usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process[Install]
WantedBy=multi-user.target
EOFcat << EOF > /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker[Install]
WantedBy=sockets.target
EOF##########把以上兩份腳本復制到集群中的其他主機################systemctl daemon-reload && systemctl enable cri-docker --now
systemctl is-active cri-docker
3、安裝kubernetes
yum install -y kubelet-1.28.2 kubeadm-1.28.2 kubectl-1.28.2
systemctl enable --now kubeletkubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.28.2 --pod-network-cidr=10.244.0.0/16 --cri-socket unix:///var/run/cri-dockerd.sock
4、安裝網絡插件 - Flannel
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
測試網絡的例子:
vi nginx.yamlapiVersion: apps/v1
kind: StatefulSet #資源類型
metadata:name: web
spec:serviceName: "nginx" #看這里,思考:為什么多一個這個字段?replicas: 2selector:matchLabels:app: nginxtemplate:metadata:labels:app: nginxspec:containers:- name: nginximage: nginx:1.9.1ports:- containerPort: 80name: web---
apiVersion: v1
kind: Service #資源類型
metadata:name: nginxlabels:app: nginx
spec:ports:- port: 80name: webclusterIP: None # 為none,思考一下selector:app: nginxkubectl apply -f nginx.yaml#以上執行完后,執行以下命令:
kubectl run busybox --image busybox:1.28.4 --image-pull-policy=IfNotPresent --restart=Never --rm -it busybox -- sh
If you don't see a command prompt, try pressing enter.
/ # nslookup web-0.nginx.default.svc.cluster.local
Server: 10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.localName: web-0.nginx.default.svc.cluster.local
Address 1: 10.244.3.2 web-0.nginx.default.svc.cluster.local
5、創建默認的存儲卷類
apiVersion: v1
kind: ServiceAccount
metadata:name: nfs-client-provisioner# replace with namespace where provisioner is deployednamespace: kube-system #根據實際環境設定namespace,下面類同
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: nfs-client-provisioner-runner
rules:- apiGroups: [""]resources: ["persistentvolumes"]verbs: ["get", "list", "watch", "create", "delete"]- apiGroups: [""]resources: ["persistentvolumeclaims"]verbs: ["get", "list", "watch", "update"]- apiGroups: ["storage.k8s.io"]resources: ["storageclasses"]verbs: ["get", "list", "watch"]- apiGroups: [""]resources: ["events"]verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: run-nfs-client-provisioner
subjects:- kind: ServiceAccountname: nfs-client-provisioner# replace with namespace where provisioner is deployednamespace: kube-system
roleRef:kind: ClusterRolename: nfs-client-provisioner-runnerapiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: leader-locking-nfs-client-provisioner# replace with namespace where provisioner is deployednamespace: kube-system
rules:- apiGroups: [""]resources: ["endpoints"]verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: leader-locking-nfs-client-provisioner
subjects:- kind: ServiceAccountname: nfs-client-provisioner# replace with namespace where provisioner is deployednamespace: kube-system
roleRef:kind: Rolename: leader-locking-nfs-client-provisionerapiGroup: rbac.authorization.k8s.io
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:name: nfs-storageclassannotations:storageclass.kubernetes.io/is-default-class: "true"
provisioner: nfs-storage-provisioner #這里的名稱要和provisioner配置文件中的環境變量PROVISIONER_NAME保持一致
parameters:
# archiveOnDelete: "false"archiveOnDelete: "true"
reclaimPolicy: Retain
---
apiVersion: apps/v1
kind: Deployment
metadata:name: nfs-client-provisionerlabels:app: nfs-client-provisioner# replace with namespace where provisioner is deployednamespace: kube-system #與RBAC文件中的namespace保持一致
spec:replicas: 1selector:matchLabels:app: nfs-client-provisionerstrategy:type: Recreateselector:matchLabels:app: nfs-client-provisionertemplate:metadata:labels:app: nfs-client-provisionerspec:serviceAccountName: nfs-client-provisionercontainers:- name: nfs-client-provisioner#image: quay.io/external_storage/nfs-client-provisioner:latest#這里特別注意,在k8s-1.20以后版本中使用上面提供的包,并不好用,這里我折騰了好久,才解決,后來在官方的github上,別人提的問題中建議使用下面這個包才解決的,我這里是下載后,傳到我自已的倉庫里image: k8s.m.daocloud.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2# image: easzlab/nfs-subdir-external-provisioner:v4.0.1 # image: registry-op.test.cn/nfs-subdir-external-provisioner:v4.0.1volumeMounts:- name: nfs-client-rootmountPath: /persistentvolumesenv:- name: PROVISIONER_NAMEvalue: nfs-storage-provisioner #provisioner名稱,請確保該名稱與 nfs-StorageClass.yaml文件中的provisioner名稱保持一致- name: NFS_SERVERvalue: 192.168.10.20 #NFS Server IP地址- name: NFS_PATHvalue: "/nfs/data" #NFS掛載卷volumes:- name: nfs-client-rootnfs:server: 192.168.10.20 #NFS Server IP地址path: "/nfs/data" #NFS 掛載卷
_列表過濾、列表排序)
)
)
