所有节点 绑定Hosts

1
2
3
4
5
6
7
# 不绑定会导致初始化失败
[root@Perng-Node2 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.159.100 Perng-Master 
192.168.159.110 Perng-Node1 
192.168.159.120 Perng-Node2

所有节点 安装Docker

1
2
3
4
5
6
7
8
9
10
11
12
13
#安装yum-utils
[root@Perng-Master ~]# yum install yum-utils
[root@Perng-Master ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#更新元数据
[root@Perng-Master ~]# yum makecache fast
#查找docker版本
[root@Perng-Master ~]# yum list docker-ce.x86_64 --showduplicates | sort -r
#安装合适版本的docker
[root@Perng-Master ~]# yum -y install docker-ce-20.10.17-3.el7 .centos
#加入启动项
[root@Perng-Master ~]# systemctl enable docker.service
#启动docker访问
[root@Perng-Master ~]# service docker start

所有节点 配置K8s环境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 关闭防火墙
[root@Perng-Master ~]# systemctl disable firewalld
[root@Perng-Master ~]# systemctl stop firewalld
# 关闭selinux
[root@Perng-Master ~]# sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
[root@Perng-Master ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
# 禁用交换分区
[root@Perng-Master ~]# sed -i 's/.*swap.*/#&/' /etc/fstab
# 修改内核参数
[root@Perng-Master ~]# cat <<EOF >/etc/sysctl.d/k8s.conf
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF

[root@Perng-Master ~]#sysctl --system # sysctl -p

Master节点 安装k8s组件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 选个合适版本k8s
[root@Perng-Master ~]# yum list kubeadm --showduplicates | sort -r
[root@Perng-Master ~]# POD_NETWORK=10.244.0.0
# 配置k8s阿里云源
[root@Perng-Master ~]# cat <<EOF >/etc/yum.repos.d/kubernetes.repo
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg     
> EOF
# 更新yum源
[root@Perng-Master ~]# yum clean all
[root@Perng-Master ~]# yum -y makecache
# 安装kubeadm、kubectl、kubelet
[root@Perng-Master ~]# yum install -y kubectl-1.22.3-0 kubeadm-1.22.3-0 kubelet-1.22.3-0
# 启动kubelet服务
[root@Perng-Master ~]# systemctl enable kubelet && systemctl start kubelet

Node节点安装K8s组件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# 配置阿里K8s源
[root@Perng-Node1 ~]# cat <<EOF >/etc/yum.repos.d/kubernetes.repo
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg     
> EOF

# 更新yum源
[root@Perng-Node1 ~]# yum clean all
[root@Perng-Node1 ~]# yum -y makecache
# 安装kubeadm、kubectl、kubelet  版本建议与master节点相同,不相同不要超过两个版本
[root@Perng-Node1 ~]# yum install -y kubectl-1.22.3-0 kubeadm-1.22.3-0 kubelet-1.22.3-0
# 启动kubelet服务
[root@Perng-Node1 ~]# systemctl enable kubelet && systemctl start kubelet

Master节点 拉取K8s镜像

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# 查看自己安装k8s版本的组件版本
[root@Perng-Master ~]# kubeadm config images list --kubernetes-version=v1.22.3
k8s.gcr.io/kube-apiserver:v1.22.3
k8s.gcr.io/kube-controller-manager:v1.22.3
k8s.gcr.io/kube-scheduler:v1.22.3
k8s.gcr.io/kube-proxy:v1.22.3
k8s.gcr.io/pause:3.5
k8s.gcr.io/etcd:3.5.0-0
k8s.gcr.io/coredns/coredns:v1.8.4
# 根据版本构建脚本
[root@Perng-Master ~]# vi install.sh
#!/bin/bash

kubeadm config images list --kubernetes-version=v1.22.3

set -e

KUBE_VERSION=v1.22.3
KUBE_PAUSE_VERSION=3.5
ETCD_VERSION=3.5.0-0
CORE_DNS_VERSION=v1.8.4 # aliyun无该版本镜像,docker hub上有对应版本镜像

GCR_URL=k8s.gcr.io
ALIYUN_URL=registry.cn-hangzhou.aliyuncs.com/google_containers

images=(kube-proxy:${KUBE_VERSION}
kube-scheduler:${KUBE_VERSION}
kube-controller-manager:${KUBE_VERSION}
kube-apiserver:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd:${ETCD_VERSION}
coredns:${CORE_DNS_VERSION})

for imageName in ${images[@]} ;
do
    docker pull $ALIYUN_URL/$imageName || docker pull coredns/coredns:1.8.4
    if [ ${imageName} != "coredns:v1.8.4" ]; # 非coredns镜像,aliyun镜像tag成k8s镜像
    then
        docker tag $ALIYUN_URL/$imageName $GCR_URL/$imageName 
    else 
        docker tag $ALIYUN_URL/$imageName $GCR_URL/coredns/$imageName
        #docker tag coredns/$imageName $ALIYUN_URL/$imageName
    fi	
    docker rmi $ALIYUN_URL/$imageName || docker rmi $imageName
done

echo
echo "docker pull finished..."

:wq
# 拉取flannel网络插件镜像 v0.16.0 
[root@Perng-Master ~]# docker pull flannelcni:v0.16.0-amd64
[root@Perng-Master ~]# docker tag flannelcni:v0.16.0-amd64 quay.io/coreos/flannel:v0.16.0
[root@Perng-Master ~]# docker rmi xwjh/flannel:v0.16.0
# 镜像打包
[root@Perng-Master ~]# docker save -o k8s.tar `docker images | grep io| awk -v  OFS=":" '{print $1,$2}'`
# 分发到各个Node节点,没有配置hosts就用ip
[root@Perng-Master ~]# scp k8s.tar Perng-Node1:/root/
[root@Perng-Master ~]# scp k8s.tar Perng-Node2:/root/

各Node节点载入镜像

1
2
[root@Perng-Node1 ~]# cd ~ 
[root@Perng-Node1 ~]# docker load -i k8s.tar

Master节点初始化

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 192.168.159.100 为master节点IP
[root@Perng-Master ~]# kubeadm init --apiserver-advertise-address=192.168.159.100 \
> --image-repository registry.aliyuncs.com/google_containers \
# 你的 K8s 版本
> --kubernetes-version=v1.22.3 \
# service的 CIDR
> --service-cidr=10.1.0.0/16 \
# Pod网络的 CIDR
> --pod-network-cidr=10.244.0.0/16

# 相关变量配置
[root@Perng-Master ~]# mkdir -p $HOME/.kube
[root@Perng-Master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@Perng-Master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 初始化后会给个命令,这个命令为Node加入集群的命令

image-20221012171554750

如果初始化过程当中或加入集群过程中 出现访问localhost:10248超时,以下为处理办法

image-20221012172149524

1
2
3
4
5
6
7
# 以下命令每个节点都要做
# 由于使用yum安装docker 导致cgroup错误 
# 新建 docker/daemon.json
[root@Perng-Master pki]# vim /etc/docker/daemon.json 
{"exec-opts": ["native.cgroupdriver=systemd"] }
# 重启docker
[root@Perng-Master pki]# service docker restart

如果出现证书错误,以下为处理方法

image-20221012171758521

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 重置集群
[root@Perng-Master ~]# kubeadm reset
#删除 $HOME/./kube
[root@Perng-Master ~]# rm -rf $HOME/.kube
# 重新初始化
[root@Perng-Master ~]# kubeadm init --apiserver-advertise-address=192.168.159.100 \
> --image-repository registry.aliyuncs.com/google_containers \
> --kubernetes-version=v1.22.3 \
> --service-cidr=10.1.0.0/16 \
> --pod-network-cidr=10.244.0.0/16
#重新配置 $HOME/./kube
[root@Perng-Master ~]# mkdir -p $HOME/.kube
[root@Perng-Master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@Perng-Master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

由于集群重置,每个Node都需要重新假如集群

1
2
3
4
5
# 重置
[root@Perng-Node1 ~]# kubeadm reset
# 加入集群
[root@Perng-Node1 ~]# kubeadm join 192.168.159.100:6443 --token gbvi6q.vrgax0k4b2itg10z   --discovery-token-ca-cert-hash sha256:d267d1fa9be0ce754c6318b1afdf6b51837e0052f2e3864228057dc812f04605

Master节点安装Flannel网络插件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
[root@Perng-Master ~]# vim flannel-v0.16.0.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: psp.flannel.unprivileged
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
  privileged: false
  volumes:
  - configMap
  - secret
  - emptyDir
  - hostPath
  allowedHostPaths:
  - pathPrefix: "/etc/cni/net.d"
  - pathPrefix: "/etc/kube-flannel"
  - pathPrefix: "/run/flannel"
  readOnlyRootFilesystem: false
  # Users and groups
  runAsUser:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  fsGroup:
    rule: RunAsAny
  # Privilege Escalation
  allowPrivilegeEscalation: false
  defaultAllowPrivilegeEscalation: false
  # Capabilities
  allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
  defaultAddCapabilities: []
  requiredDropCapabilities: []
  # Host namespaces
  hostPID: false
  hostIPC: false
  hostNetwork: true
  hostPorts:
  - min: 0
    max: 65535
  # SELinux
  seLinux:
    # SELinux is unused in CaaSP
    rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: flannel
rules:
- apiGroups: ['extensions']
  resources: ['podsecuritypolicies']
  verbs: ['use']
  resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes/status
  verbs:
  - patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: flannel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flannel
subjects:
- kind: ServiceAccount
  name: flannel
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: flannel
  namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
  name: kube-flannel-cfg
  namespace: kube-system
  labels:
    tier: node
    app: flannel
data:
  cni-conf.json: |
    {
      "name": "cbr0",
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "flannel",
          "delegate": {
            "hairpinMode": true,
            "isDefaultGateway": true
          }
        },
        {
          "type": "portmap",
          "capabilities": {
            "portMappings": true
          }
        }
      ]
    }
  net-conf.json: |
    {
      "Network": "10.244.0.0/16",
      "Backend": {
        "Type": "vxlan"
      }
    }
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-flannel-ds
  namespace: kube-system
  labels:
    tier: node
    app: flannel
spec:
  selector:
    matchLabels:
      app: flannel
  template:
    metadata:
      labels:
        tier: node
        app: flannel
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
      hostNetwork: true
      priorityClassName: system-node-critical
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni-plugin
        image: rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.0
        command:
        - cp
        args:
        - -f
        - /flannel
        - /opt/cni/bin/flannel
        volumeMounts:
        - name: cni-plugin
          mountPath: /opt/cni/bin
      - name: install-cni
        image: quay.io/coreos/flannel:v0.16.0
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: quay.io/coreos/flannel:v0.16.0
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: false
          capabilities:
            add: ["NET_ADMIN", "NET_RAW"]
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        volumeMounts:
        - name: run
          mountPath: /run/flannel
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      volumes:
      - name: run
        hostPath:
          path: /run/flannel
      - name: cni-plugin
        hostPath:
          path: /opt/cni/bin
      - name: cni
        hostPath:
          path: /etc/cni/net.d
      - name: flannel-cfg
        configMap:
          name: kube-flannel-cfg
          
          
          
:wq

[root@Perng-Master ~]# kubectl apply -f flannel-v0.16.0.yaml
[root@Perng-Master ~]# systemctl restart kubelet

验证

如下即可

image-20221013140124510