吉林市哪有做网站的,做那事的网站,html5博客网站模板,软件项目管理案例教程第四版文章目录 kubeadm高可用环境初始化所有节点安装Docker所有节点安装kubeadm#xff0c;kubelet和kubectl高可用组件安装、配置部署k8s集群 kubeadm高可用
##节点设置master01:192.168.242.66
master02:192.168.242.67
master03:192.168.242.68
node01:192.168.242.69
node02:1… 文章目录 kubeadm高可用环境初始化所有节点安装Docker所有节点安装kubeadmkubelet和kubectl高可用组件安装、配置部署k8s集群 kubeadm高可用
##节点设置master01:192.168.242.66
master02:192.168.242.67
master03:192.168.242.68
node01:192.168.242.69
node02:192.168.242.70环境初始化
###所有节点关闭防火墙规则关闭selinux关闭swap交换
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i s/enforcing/disabled/ /etc/selinux/configiptables -F iptables -t nat -F iptables -t mangle -F iptables -X
swapoff -a
sed -ri s/.*swap.*/#/ /etc/fstab###修改主机名
hostnamectl set-hostname master01
hostnamectl set-hostname master02
hostnamectl set-hostname master03
hostnamectl set-hostname node01
hostnamectl set-hostname node02###所有节点修改hosts文件
vim /etc/hosts
192.168.242.66 master01
192.168.242.67 master02
192.168.242.68 master03
192.168.242.69 node01
192.168.242.70 node02###所有节点时间同步yum -y install ntpdate
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo Asia/Shanghai /etc/timezonentpdate time2.aliyun.comsystemctl enable --now crondcrontab -e
*/30 * * * * /usr/sbin/ntpdate time2.aliyun.com###所有节点实现Linux的资源限制vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited更改内核启动方式
grub2-set-default 0 grub2-mkconfig -o /etc/grub2.cfggrubby --argsuser_namespace.enable1 --update-kernel$(grubby --default-kernel)grubby --default-kernel
reboot###调整内核参数cat /etc/sysctl.d/k8s.conf EOF
net.ipv4.ip_forward 1
net.bridge.bridge-nf-call-iptables 1
net.bridge.bridge-nf-call-ip6tables 1
fs.may_detach_mounts 1
vm.overcommit_memory1
vm.panic_on_oom0
fs.inotify.max_user_watches89100
fs.file-max52706963
fs.nr_open52706963
net.netfilter.nf_conntrack_max2310720net.ipv4.tcp_keepalive_time 600
net.ipv4.tcp_keepalive_probes 3
net.ipv4.tcp_keepalive_intvl 15
net.ipv4.tcp_max_tw_buckets 36000
net.ipv4.tcp_tw_reuse 1
net.ipv4.tcp_max_orphans 327680
net.ipv4.tcp_orphan_retries 3
net.ipv4.tcp_syncookies 1
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.ip_conntrack_max 65536
net.ipv4.tcp_max_syn_backlog 16384
net.ipv4.tcp_timestamps 0
net.core.somaxconn 16384
EOF#生效参数
sysctl --system ###加载 ip_vs 模块for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o ^[^.]*);do echo $i; /sbin/modinfo -F filename $i /dev/null 21 /sbin/modprobe $i;done所有节点安装Docker
###安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install -y docker-ce docker-ce-cli containerd.iosystemctl start docker.service
systemctl enable docker.service ##修改配置文件和镜像加速mkdir -p /etc/dockertee /etc/docker/daemon.json -EOF
{registry-mirrors: [https://ysmprsek.mirror.aliyuncs.com],exec-opts: [native.cgroupdriversystemd],log-driver: json-file,log-opts: {max-size: 500m, max-file: 3}
}
EOFsystemctl daemon-reload
systemctl restart docker所有节点安装kubeadmkubelet和kubectl
###定义kubernetes源cat /etc/yum.repos.d/kubernetes.repo EOF
[kubernetes]
nameKubernetes
baseurlhttps://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled1
gpgcheck0
repo_gpgcheck0
gpgkeyhttps://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOFyum install -y kubelet-1.20.15 kubeadm-1.20.15 kubectl-1.20.15#配置Kubelet使用阿里云的pause镜像
cat /etc/sysconfig/kubelet EOF
KUBELET_EXTRA_ARGS--cgroup-driversystemd --pod-infra-container-imageregistry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.2
EOF###开机自启kubelet
systemctl enable kubelet.service
#K8S通过kubeadm安装出来以后都是以Pod方式存在即底层是以容器方式运行所以kubelet必须设置开机自启高可用组件安装、配置
###所有 master 节点部署 Haproxy
yum -y install haproxy keepalivedcat /etc/haproxy/haproxy.cfg EOF
globallog 127.0.0.1 local0 infolog 127.0.0.1 local1 warningchroot /var/lib/haproxypidfile /var/run/haproxy.pidmaxconn 4000user haproxygroup haproxydaemon#stats socket /var/lib/haproxy/statsdefaultsmode tcplog globaloption tcplogoption dontlognulloption redispatchretries 3timeout queue 1mtimeout connect 10stimeout client 1mtimeout server 1mtimeout check 10smaxconn 3000frontend monitor-inbind *:33305mode httpoption httplogmonitor-uri /monitorfrontend k8s-masterbind *:16443mode tcpoption tcplogdefault_backend k8s-masterbackend k8s-mastermode tcpoption tcplogoption tcp-checkbalance roundrobinserver k8s-master1 192.168.242.66:6443 check inter 10000 fall 2 rise 2 weight 1server k8s-master2 192.168.242.67:6443 check inter 10000 fall 2 rise 2 weight 1server k8s-master3 192.168.242.68:6443 check inter 10000 fall 2 rise 2 weight 1
EOF###所有 master 节点部署 keepalived
yum -y install keepalivedcd /etc/keepalived/
vim keepalived.conf! Configuration File for keepalived
global_defs {router_id k8s-01 #路由标识符每个节点配置不同
}vrrp_script chk_haproxy {script /etc/keepalived/check_haproxy.shinterval 2weight 2
}vrrp_instance VI_1 {state MASTER #本机实例状态MASTER/BACKUP备机配置文件中设置BACKUPinterface ens32virtual_router_id 51priority 100 #本机初始权重备机设置小于主机的值advert_int 1virtual_ipaddress {192.168.242.100 #设置VIP地址}track_script {chk_haproxy}
}###监控脚本
vim check_haproxy.sh
#!/bin/bash
if ! killall -0 haproxy; thensystemctl stop keepalived
fisystemctl enable --now haproxy
systemctl enable --now keepalived部署k8s集群
###在 master01 节点上设置集群初始化配置文件
kubeadm config print init-defaults /opt/kubeadm-config.yamlcd /opt/
vim kubeadm-config.yaml11 localAPIEndpoint:
12 advertiseAddress: 192.168.242.66 #指定当前master节点的IP地址
13 bindPort: 644321 apiServer:
22 certSANs:
#在apiServer属性下面添加一个certsSANs的列表添加所有master节点的IP地址和集群VIP地址
23 - 192.168.242.100
24 - 192.168.242.66
25 - 192.168.242.67
26 - 192.168.242.6830 clusterName: kubernetes
31 controlPlaneEndpoint: 192.168.242.100:6443 #指定集群VIP地址
32 controllerManager: {}38 imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers #指定镜像下载地址
39 kind: ClusterConfiguration
40 kubernetesVersion: v1.20.15 #指定kubernetes版本号
41 networking:
42 dnsDomain: cluster.local
43 podSubnet: 10.244.0.0/16 #指定pod网段10.244.0.0/16用于匹配flannel默认网段
44 serviceSubnet: 10.96.0.0/16 #指定service网段
45 scheduler: {}
#末尾再添加以下内容
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs #把默认的kube-proxy调度方式改为ipvs模式#更新集群初始化配置文件
kubeadm config migrate --old-config kubeadm-config.yaml --new-config new.yaml###拷贝yaml配置文件给其他主机通过配置文件进行拉取镜像
scp new.yaml 192.168.242.67:/opt/
scp new.yaml 192.168.242.68:/opt/###在线拉取镜像
kubeadm config images pull --config /opt/new.yaml###master01节点进行初始化
kubeadm init --config new.yaml --upload-certs | tee kubeadm-init.log##获取master加入节点命令
kubeadm join 192.168.242.100:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:d02b1e6552ac56f579a6f943ea54d134faa90dcce09121fd3ecb0233a9c2ea6b \--control-plane --certificate-key e3f16b2c757f08a9f59eb80d126441cafd68ce387051d4d6fc966652b316a739##获取node节点加入命令
kubeadm join 192.168.242.100:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:d02b1e6552ac56f579a6f943ea54d134faa90dcce09121fd3ecb0233a9c2ea6b## kubectl的配置文件mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config#若初始化失败进行的操作
kubeadm reset -f
ipvsadm --clear
rm -rf ~/.kube
再次进行初始化修改controller-manager和scheduler配置文件
vim /etc/kubernetes/manifests/kube-scheduler.yaml
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
......#- --port0 #搜索port0把这一行注释掉systemctl restart kubelet###安装 CNI网络插件
##上传 flannel-v0.21.5.zip 到 /opt/k8sunzip flannel-v0.21.5.zip
docker load -i flannel.tar
docker load -i flannel-cni-plugin.tar##移动系统创建的cni目录并手动创建
cd /opt/
mv cni/ cni_bak
mkdir -p /opt/cni/bin##解压配置文件
tar xf /opt/k8s/cni-plugins-linux-amd64-v1.3.0.tgz -C /opt/cni/bin/##安装插件
cd /opt/k8s
kubectl apply -f kube-flannel.yml所有节点加入集群
#master 节点加入集群mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config#node 节点加入集群查看节点
kubectl get pods
