1、实验拓扑
2、实验步骤
- 关闭防火墙
- 关闭SELinux
- 配置主机名
- 配置hosts文件
- 关闭swap分区
- 配置软件仓库
- 安装docker,开启自动启动
- 配置内核参数,允许桥接流量,生效配置文件
- 安装软件包(kubelet、kubeadm、kubectl)
- kubelet运行在所有节点,负责启动pod
- kubeadm用于初始化集群
- kubectl是命令行工具
- 启动kubelet,并且开机自动启动
3、配置网卡信息
master节点
nmcli connection modify Wired\ connection\ 1 ipv4.addresses 192.168.0.100/24 ipv4.gateway 192.168.0.1 ipv4.dns 114.114.114.114 ipv4.method manual connection.autoconnect yesnode1节点
nmcli connection modify Wired\ connection\ 1 ipv4.addresses 192.168.0.101/24 ipv4.gateway 192.168.0.1 ipv4.dns 114.114.114.114 ipv4.method manual connection.autoconnect yesnode2节点
nmcli connection modify Wired\ connection\ 1 ipv4.addresses 192.168.0.102/24 ipv4.gateway 192.168.0.1 ipv4.dns 114.114.114.114 ipv4.method manual connection.autoconnect yesnode3节点
nmcli connection modify Wired\ connection\ 1 ipv4.addresses 192.168.0.103/24 ipv4.gateway 192.168.0.1 ipv4.dns 114.114.114.114 ipv4.method manual connection.autoconnect yes4、yum仓库
网络问题可能需要代理(用自己的!!!)
export http_proxy=192.168.0.10:7890
export https_proxy=192.168.0.10:7890docker.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpgk8s.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgrocky9.repo
[BaseOS]
name=BaseOS
baseurl=https://mirrors.aliyun.com/rockylinux/9.2/BaseOS/x86_64/os/
gpgcheck=0
enabled=1
[AppStream]
name=AppStream
baseurl=https://mirrors.aliyun.com/rockylinux/9.2/AppStream/x86_64/os/
gpgcheck=0
enabled=1
[EPEL]
name=EPEL
baseurl=https://mirrors.aliyun.com/epel/9/Everything/x86_64/
gpgcheck=0
enabled=15、安装docker
yum -y install yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum -y install docker-ce docker-ce-cli containerd.io --allowerasing
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://0wz2hvl3.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker6、允许iptables检查bridge流量
modprobe overlay
modprobe br_netfilter
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
overlay
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
user.max_user_namespaces=28633
vm.swappiness=0
EOF
sudo sysctl --system7、安装Kubernetes相关软件包
yum -y install kubelet-1.21.1-0 kubeadm-1.21.1-0 kubectl-1.21.1-0 --disableexcludes=kubernetes8、剩余软件包
wget ftp://ftp.rhce.cc/cka-tool/coredns-1.21.tar
docker load -i coredns-1.21.tar9、一键安装
#!/bin/bash
# 配置代理
export http_proxy=192.168.0.10:7890
export https_proxy=192.168.0.10:7890
# 配置软件仓库
cat > /etc/yum.repos.d/docker.repo <<END
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg
END
cat > /etc/yum.repos.d/k8s.repo <<END
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
END
# 安装docker
yum -y install yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum -y install docker-ce docker-ce-cli containerd.io --allowerasing
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://0wz2hvl3.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
# 加载模块桥接流量
modprobe overlay
modprobe br_netfilter
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
overlay
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
user.max_user_namespaces=28633
vm.swappiness=0
EOF
sudo sysctl --system
#安装k8s组件
yum -y install kubelet-1.21.1-0 kubeadm-1.21.1-0 kubectl-1.21.1-0 --disableexcludes=kubernetes
wget ftp://ftp.rhce.cc/cka-tool/coredns-1.21.tar
docker load -i coredns-1.21.tar
echo "source <(kubectl completion bash)" >> /etc/bashrc10、初始化集群
10.1 初始化master节点
kubeadm init \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.21.1 \
--pod-network-cidr=10.244.0.0/1610.2 初始化配置
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config10.3 添加工作节点
# 生成令牌
kubeadm token create --print-join-command
kubeadm join 192.168.0.100:6443 --token 07ai8o.b4kwukzr6n7xuc1y --discovery-token-ca-cert-hash sha256:9cdf7fc9996613a148350b0f39054f681c84cb3851e8f6930a55e45f46f5903d11、配置网络
wget https://docs.projectcalico.org/v3.19/manifests/calico.yaml
sed -i 's/# - name: CALICO_IPV4POOL_CIDR/- name: CALICO_IPV4POOL_CIDR/g' calico.yaml
sed -i 's|# value: "192.168.*| value: "10.244.0.0/16"|' calico.yaml
grep CALICO_IPV4POOL_CIDR calico.yaml -A1下载镜像
# 过滤出需要的镜像
[root@master ~]# grep image calico.yaml
image: docker.io/calico/cni:v3.19.4
image: docker.io/calico/cni:v3.19.4
image: docker.io/calico/pod2daemon-flexvol:v3.19.4
image: docker.io/calico/node:v3.19.4
image: docker.io/calico/kube-controllers:v3.19.4
# 下载镜像
docker pull docker.io/calico/cni:v3.19.4
docker pull docker.io/calico/pod2daemon-flexvol:v3.19.4
docker pull docker.io/calico/node:v3.19.4
docker pull docker.io/calico/kube-controllers:v3.19.4生效网络配置
kubectl apply -f calico.yaml查看nodes状态
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 46m v1.21.1
node1 Ready <none> 45m v1.21.1
node2 Ready <none> 45m v1.21.1
node3 Ready <none> 45m v1.21.112、删除节点
以删除node2节点为例
12.1 设置node2维护模式(master)
[root@master ~]# kubectl drain node2 --delete-emptydir-data --force --ignore-daemonsets
node/node2 cordoned
WARNING: ignoring DaemonSet-managed Pods: kube-system/calico-node-6pr76, kube-system/kube-proxy-7slgs
evicting pod kube-system/coredns-545d6fc579-b77jb
evicting pod kube-system/calico-kube-controllers-7cc8dd57d9-8w97l
pod/calico-kube-controllers-7cc8dd57d9-8w97l evicted
pod/coredns-545d6fc579-b77jb evicted
node/node2 evicted12.2 删除node2节点(master)
[root@master ~]# kubectl delete nodes node2
node "node2" deleted12.3 清除之前配置(node2)
[root@node2 ~]# kubeadm reset
[reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
[reset] Are you sure you want to proceed? [y/N]: y
[preflight] Running pre-flight checks
W0625 12:04:36.890715 7034 removeetcdmember.go:79] [reset] No kubeadm config, using etcd pod spec to get data directory
[reset] No etcd config found. Assuming external etcd
[reset] Please, manually reset etcd to prevent further issues
[reset] Stopping the kubelet service
[reset] Unmounting mounted directories in "/var/lib/kubelet"
[reset] Deleting contents of config directories: [/etc/kubernetes/manifests /etc/kubernetes/pki]
[reset] Deleting files: [/etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
[reset] Deleting contents of stateful directories: [/var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni]
The reset process does not clean CNI configuration. To do so, you must remove /etc/cni/net.d
The reset process does not reset or clean up iptables rules or IPVS tables.
If you wish to reset iptables, you must do so manually by using the "iptables" command.
If your cluster was setup to utilize IPVS, run ipvsadm --clear (or similar)
to reset your system's IPVS tables.
The reset process does not clean your kubeconfig files and you must remove them manually.
Please, check the contents of the $HOME/.kube/config file.13、重新加入被删节点
13.1 生成token
[root@master ~]# kubeadm token create --print-join-command
kubeadm join 192.168.0.100:6443 --token ypq4d9.teo6gtlq1wc0vh5y --discovery-token-ca-cert-hash sha256:9cdf7fc9996613a148350b0f39054f681c84cb3851e8f6930a55e45f46f5903d13.2 节点加入集群
[root@node2 ~]# kubeadm join 192.168.0.100:6443 --token ypq4d9.teo6gtlq1wc0vh5y --discovery-token-ca-cert-hash sha256:9cdf7fc9996613a148350b0f39054f681c84cb3851e8f6930a55e45f46f5903d13.3 查看节点状态
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane,master 9d v1.21.1
node1 Ready <none> 9d v1.21.1
node2 Ready <none> 47s v1.21.1
node3 Ready <none> 9d v1.21.1