二进制安装k8s 1.25.2 高可用集群

于 2022-10-30 21:34:45 发布
阅读量2.1k 收藏 8
点赞数
CC 4.0 BY-SA版权
文章标签: kubernetes 运维 docker
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/w975121565/article/details/127596285
本文档详细介绍了如何在五台设备上手动安装和配置k8s 1.25.2高可用集群,包括环境准备如关闭selinux、firewalld,配置免密登录,修改内核参数,以及安装ETCD、apiserver、kubelet等关键组件,最后部署了calico网络策略。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

一、环境准备

1、环境说明(安装时配置IP及主机名)

序号 主机IP 主机名 系统 备注
1 192.168.3.101 master1 rockylinux8.6最小化安装 控制节点
2 192.168.3.102 master2 rockylinux8.6最小化安装 控制节点
3 192.168.3.103 master3 rockylinux8.6最小化安装 控制节点
4 192.168.3.104 node1 rockylinux8.6最小化安装 工作节点
5 192.168.3.105 node2 rockylinux8.6最小化安装 工作节点

2、关闭selinux,firewalld及swap分区(在五台设备上执行)

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
systemctl disable firewalld
swapoff -a
reboot

注:swapoff -a 为临时关闭swap分区。永久关闭swap分区,vi /etc/fstab  注释swap分区一行

3、修改/etc/hosts文件,增加如下三行(五台设备)

cat << EOF >> /etc/hosts
192.168.3.101 master1
192.168.3.102 master2
192.168.3.103 master3
192.168.3.104 node1
192.168.3.105 node2
EOF

4、更改yum源为阿里云(五台设备执行)

sed -e 's|^mirrorlist=|#mirrorlist=|g' \
    -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
    -i.bak \
    /etc/yum.repos.d/Rocky-*.repo

dnf makecache

5、配置命令补全及vim工具(五台设备执行)

dnf install -y wget bash-completion vim

6、配置免密登录(三台master上执行,可省)

ssh-keygen

for host in { master1 master2 master3 node1 node2 };do ssh-copy-id $host;done

7、配置时间同步(五台设备执行)

dnf install -y chrony

更改  /etc/chrony.conf  配置文件

将pool 2.pool.ntp.org iburst

改为

server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp1.tencent.com iburst
server ntp2.tencent.com iburst

systemctl enable --now chronyd
chronyc sources

for host in { master1 master2 master3 node1 node2 };do ssh $host  date;done

8、修改内核参数(五台设备上执行)

modprobe br_netfilter
lsmod | grep br_netfilter

cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

sysctl -p /etc/sysctl.d/k8s.conf

 9、安装依整包及配置docker源、k8s源(五台设备执行)

dnf install -y yum-utils device-mapper-persistent-data lvm2 ipvsadm net-tools
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

dnf makecache

10、开启Ipvs 五台设备

lsmod|grep ip_vs
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh

lsmod|grep ip_vs

modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/ipv4/ip_forward

11、安装containerd(五台设备执行)

dnf install -y containerd

containerd config default > /etc/containerd/config.toml

更改配置文件

sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml
sed -i "s#k8s.gcr.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g"  /etc/containerd/config.toml

配置镜像加速

sed -i '/registry.mirrors]/a\ \ \ \ \ \ \ \ [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]' /etc/containerd/config.toml
sed -i '/registry.mirrors."docker.io"]/a\ \ \ \ \ \ \ \ \ \ endpoint = ["https://0x3urqgf.mirror.aliyuncs.com"]' /etc/containerd/config.toml

启动containerd

systemctl enable --now containerd.service
systemctl status containerd.service

二、安装kubernetes 组件

1、安装ETCD

wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64
mv cfssl_1.6.1_linux_amd64 /usr/local/bin/cfssl
mv cfssljson_1.6.1_linux_amd64 /usr/local/bin/cfssljson
mv cfssl-certinfo_1.6.1_linux_amd64 /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl*
mkdir /cfspki
mkdir -p /etc/etcd/pki
mkdir -p /var/lib/etcd/default.etcd
cd /cfspki/
cat > ca-csr.json  << EOF
{
        "CN": "kubernetes",
        "key": {
                "algo": "rsa",
                "size": 2048
},
        "names": [
        {
        "C": "CN",
        "ST": "Xinjiang",
        "L": "Urumqi",
        "O": "k8s",
        "OU": "system"
        }
],
        "ca": {
                "expiry": "87600h"
        }
}

EOF

cfssl gencert -initca ca-csr.json | cfssljson -bare ca

cat >  ca-config.json  << EOF
{
    "signing": {
        "default": {
            "expiry": "87600h"
    },
    "profiles": {
        "kubernetes": {
            "usages": [
                "signing",
                "key encipherment",
                "server auth",
                "client auth"
            ],
            "expiry": "87600h"
            }
        }
    }
}

EOF

cat > etcd-csr.json  << EOF
{
"CN": "etcd",
"hosts": [
    "127.0.0.1",
    "192.168.3.101",
    "192.168.3.102",
    "192.168.3.103",
    "192.168.3.110"
],
    "key": {
    "algo": "rsa",
    "size": 2048
},
    "names": [{
    "C": "CN",
    "ST": "Xinjiang",
    "L": "Urumqi",
    "O": "k8s",
    "OU": "sy
最低0.47元/天 解锁文章

200万优质内容无限畅学
w23939296
关注
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值