統(tǒng)信UOS(1060)服務器版安裝kubernetes1.27
視頻地址:https://www.bilibili.com/video/BV1FV4y1m7Uf
1、節(jié)點規(guī)劃
uos1(master) ? ??? 192.168.122.10
uos2(worker1) ???? 192.168.122.11
uos3(worker2) ???? 192.168.122.12??? ?
2、基本配置
所有節(jié)點配置hosts
192.168.122.10 uos1
192.168.122.11 uos2
192.168.122.12 uos3
3、所有節(jié)點安裝工具:
yum install wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git -y
4、所有節(jié)點關閉防火墻、swap。服務器配置如下:
systemctl disable --now firewalld
5、所有節(jié)點配置limit:
ulimit -SHn 65535
cat << EOF >>/etc/security/limits.conf
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited
EOF
reboot
6、內(nèi)核配置
所有節(jié)點安裝ipvsadm:
yum install ipvsadm ipset sysstat conntrack libseccomp -y
所有節(jié)點配置ipvs模塊
cat << EOF >> /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
加載內(nèi)核配置
vi /lib/systemd/system/systemd-modules-load.service
結尾加入
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable --now systemd-modules-load.service
開啟一些k8s集群中必須的內(nèi)核參數(shù),所有節(jié)點配置k8s內(nèi)核
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
sysctl --system
7、安裝containerd
(1)所有節(jié)點配置containerd所需環(huán)境
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables? = 1
net.ipv4.ip_forward???????????????? = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system
(2)所有節(jié)點安裝containerd
wget https://github.com/containerd/containerd/releases/download/v1.7.2/cri-containerd-cni-1.7.2-linux-amd64.tar.gz
tar -zxvf cri-containerd-cni-1.7.2-linux-amd64.tar.gz -C /
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
vi /etc/containerd/config.toml
根據(jù)文檔Container runtimes 中的內(nèi)容,對于使用systemd作為init system的Linux的發(fā)行版,使用systemd作為容器的cgroup driver可以確保服務器節(jié)點在資源緊張的情況更加穩(wěn)定,因此這里配置各個節(jié)點上containerd的cgroup driver為systemd。
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
??? SystemdCgroup = false 改為 SystemdCgroup = true
? [plugins."io.containerd.grpc.v1.cri"]
??? sandbox_image = "k8s.gcr.io/pause:3.8" 改為 sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.8"
設置開機自啟動
systemctl enable --now containerd
查看版本
crictl version
8、所有節(jié)點安裝kubernetes
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum update
yum list kubeadm.x86_64 --showduplicates | sort -r
yum install kubeadm -y
cat >/etc/sysconfig/kubelet<<EOF
KUBELET_EXTRA_ARGS="--pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 --fail-swap-on=false"
EOF
systemctl daemon-reload
systemctl enable --now kubelet
cat << EOF >>/etc/profile
KUBE_PROXY_MODE=ipvs
EOF
source /etc/profile
9、安裝k8s
在masters節(jié)點上執(zhí)行下面的命令,然后進行修改:
kubeadm config print init-defaults > /root/kadm.yml
因為將docker換成了containerd所以配置文件需要修改成如下模樣:
vi /root/kadm.yml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
? - system:bootstrappers:kubeadm:default-node-token
? token: abcdef.0123456789abcdef
? ttl: 24h0m0s
? usages:
? - signing
? - authentication
kind: InitConfiguration
localAPIEndpoint:
? advertiseAddress: 192.168.122.10
? bindPort: 6443
nodeRegistration:
? criSocket: unix:///var/run/containerd/containerd.sock
? imagePullPolicy: IfNotPresent
? name: uos1
? taints: null
---
apiServer:
? timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
? local:
??? dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.27.0
networking:
? dnsDomain: cluster.local
? podSubnet: 10.244.0.0/16
? serviceSubnet: 10.96.0.0/12
scheduler: {}
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
failSwapOn: false
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
kubeadm config images list --config /root/kadm.yml
kubeadm config images pull --config /root/kadm.yml
kubeadm init --config /root/kadm.yml --ignore-preflight-errors=Swap --upload-certs
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
uos2,uos3加入集群:
kubeadm join 192.168.122.10:6443 --token abcdef.0123456789abcdef \
??????? --discovery-token-ca-cert-hash sha256:1111c01dff5e4f70c92df95abf05cfa9e849fccee3190f671a2b28117487ebe5
10、安裝flannel
kubectl apply -f flannel.yaml
reboot