Rocky9_k8s_1.29部署

已于 2024-08-27 15:12:56 修改
阅读量982 收藏 16
点赞数 18
文章标签: kubernetes 容器 云原生
于 2024-08-20 12:29:33 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/ljj19910401/article/details/141355255
版权

Rocky9_k8s_1.29

yum install -y bash-completion
echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc

“registry-mirrors”: [
“http://hub-mirror.c.163.com/”,
“http://mirrors.ustc.edu.cn/”,
“https://cr.console.aliyun.com/”,
“https://quay.io/repository/”,
“http://mirror.azure.cn/”,
“https://mirror.baidubce.com/”,
“https://ccr.ccs.tencentyun.com/”
]

# 系统启动顺序
systemd > docker > cri-docker > kubelet > pods

master
10.0.17.100

node1
10.0.17.101

node2
10.0.17.102

1.环境初始化

1.1 master网卡配置

vi /etc/NetworkManager/system-connections/ens160.nmconnection
[ipv4]
address1=10.0.17.100/24,10.0.17.2
dns=223.5.5.5;114.114.114.114;
method=manual


systemctl restart NetworkManager

1.2 Rocky 系统软件源更换

sed -e 's|^mirrorlist=|#mirrorlist=|g' \
    -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
    -i.bak \
    /etc/yum.repos.d/[Rr]ocky*.repo

dnf makecache

1.3 防火墙修改 firewalld 为 iptables

systemctl stop firewalld
systemctl disable firewalld

yum -y install iptables-services
systemctl start iptables
iptables -F
systemctl enable iptables
service iptables save

1.4 禁用 Selinux

setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
grubby --update-kernel ALL --args selinux=0
# 查看是否禁用,grubby --info DEFAULT
# 回滚内核层禁用操作,grubby --update-kernel ALL --remove-args selinux

1.5 设置时区 配置ntp

timedatectl set-timezone Asia/Shanghai

dnf install -y chrony
vi /etc/chrony.conf
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
chronyc sources -n

1.6 关闭 swap 分区

swapoff -a
sed -i 's:/dev/mapper/rl-swap:#/dev/mapper/rl-swap:g' /etc/fstab

1.7 安装 ipvs

yum install -y ipvsadm

1.8 开启路由转发

echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p

1.9 加载 bridge

yum install -y epel-release
yum install -y bridge-utils

modprobe br_netfilter
echo 'br_netfilter' >> /etc/modules-load.d/bridge.conf
echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf
sysctl -p

2.安装Docker

2.1 添加 docker-ce yum 源 阿里

sudo dnf config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
cd /etc/yum.repos.d

2.2 切换阿里源

sed -e 's|download.docker.com|mirrors.aliyun.com/docker-ce|g' docker-ce.repo

2.3 安装docker-ce

yum -y install docker-ce

2.4 配置deamon docker容器下载镜像源

cat > /etc/docker/daemon.json <<EOF
{
  "data-root": "/data/docker",
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m",
    "max-file": "100"
  },
  "insecure-registries": ["harbor.xinxainghf.com"],
  "registry-mirrors": ["https://kfp63jaj.mirror.aliyuncs.com"]
}
EOF
mkdir -p /etc/systemd/system/docker.service.d

2.5 重启docker服务 设置开机启动

systemctl daemon-reload && systemctl restart docker && systemctl enable docker

reboot

2.5 安装cri-docker

kubelet调用容器使用ocir标准
需要安装cri-docker

‌cri-dockerd是一个容器运行时接口(CRI)的实现,用于Kubernetes与Docker容器引擎进行交互。‌ 它允许Kubernetes管理和调度Docker容器,是Kubernetes CRI的一个实现,可以与Docker Engine一起使用,将Docker Engine作为容器运行时与Kubernetes集群集成。

cri-dockerd的工作原理是通过实现CRI接口,一头通过CRI跟Kubelet交互,另一头跟Docker API交互,从而间接实现了Kubernetes以Docker作为容器运行时。这种架构使得Kubernetes能够使用Docker作为容器引擎,同时符合CRI标准。

# 下载解压安装cri-docker
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.9/cri-dockerd-0.3.9.amd64.tgz
tar -xf cri-dockerd-0.3.9.amd64.tgz
cp cri-dockerd/cri-dockerd /usr/bin/
chmod +x /usr/bin/cri-dockerd

2.6 配置cri-docker服务

cat <<"EOF" > /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF


# ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8
# 启动命令
# ExecStart=/usr/bin/cri-dockerd 可执行程序
# --network-plugin=cni 传递当前网络插件 基于cni实现 容器网络接口
# --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 pod初始化容器下载器地址及版本

2.7 添加cir-docker套接字

cat <<"EOF" > /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF

2.8 启动cri-docker对应服务

systemctl daemon-reload
systemctl enable cri-docker
systemctl start cri-docker
systemctl is-active cri-docker

3.安装k8s

3.1 添加k8s yum源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF

# 下载对应软件包 放入同一文件夹 
  conntrack-tools-1.4.7-2.el9.x86_64                                     
  cri-tools-1.29.0-150500.1.1.x86_64                                     
  kubeadm-1.29.0-150500.1.1.x86_64                                       
  kubectl-1.29.0-150500.1.1.x86_64                                       
  kubelet-1.29.0-150500.1.1.x86_64                                       
  kubernetes-cni-1.3.0-150500.1.1.x86_64                                 
  libnetfilter_cthelper-1.0.0-22.el9.x86_64                              
  libnetfilter_cttimeout-1.0.0-19.el9.x86_64                             
  libnetfilter_queue-1.0.5-1.el9.x86_64                                  
  socat-1.7.4.1-5.el9_4.2.x86_64

yum -y install *

#无法访问下载 使用清华镜像源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=kubernetes
baseurl=https://mirrors.tuna.tsinghua.edu.cn/kubernetes/yum/repos/kubernetes-el7-$basearch
name=Kubernetes
baseurl=https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.29/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/repodata/repomd.xml.key
EOF

3.2 安装 kubeadm 1.29 版本

yum install -y kubelet-1.29.0 kubectl-1.29.0 kubeadm-1.29.0
systemctl enable kubelet.service

4.vmware复制虚拟机更改网卡 master主机 kubeadm init及node节点加入

master
10.0.17.100

node1
10.0.17.101

node2
10.0.17.102

4.1 ssh免密码登录

ssh-keygen -f /root/.ssh/id_rsa -N ''
for i in node1 node2; do ssh-copy-id $i; done;

4.2 初始化主节点master

kubeadm init --apiserver-advertise-address=10.0.17.100 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version 1.29.0 --service-cidr=10.10.0.0/12 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all --cri-socket unix:///var/run/cri-dockerd.sock


[init] Using Kubernetes version: v1.29.0
[preflight] Running pre-flight checks
	[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
W0820 11:27:36.889288    1764 checks.go:835] detected that the sandbox image "registry.aliyuncs.com/google_containers/pause:3.8" of the container runtime is inconsistent with that used by kubeadm. It is recommended that using "registry.aliyuncs.com/google_containers/pause:3.9" as the CRI sandbox image.
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local master] and IPs [10.0.0.1 192.168.10.100]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost master] and IPs [192.168.10.100 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost master] and IPs [192.168.10.100 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "super-admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 11.018553 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node master as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
[bootstrap-token] Using token: v9bqbb.wwuk9s8ytn0xaefn
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.10.100:6443 --token v9bqbb.wwuk9s8ytn0xaefn \
	--discovery-token-ca-cert-hash sha256:496eeb8ea938e1919782e25b5f9a74f71f1460900a1c7ae3e0b62d4ffb68271a

4.3 node节点加入

[root@node1 ~]# kubeadm join 192.168.10.100:6443 --token v9bqbb.wwuk9s8ytn0xaefn \
        --discovery-token-ca-cert-hash sha256:496eeb8ea938e1919782e25b5f9a74f71f1460900a1c7ae3e0b62d4ffb68271a 
Found multiple CRI endpoints on the host. Please define which one do you wish to use by setting the 'criSocket' field in the kubeadm configuration file: unix:///var/run/containerd/containerd.sock, unix:///var/run/cri-dockerd.sock
To see the stack trace of this error execute with --v=5 or higher

# 出现报错

这个错误表明在您的环境中存在多个容器运行时接口(Container Runtime Interface,CRI)端点,Kubernetes 不确定应该使用哪一个。要解决这个问题,您需要在 kubeadm 配置文件中明确指定要使用的 CRI 端点。

解决方法:
[root@node1 ~]# find / -name cri-dockerd.sock
/run/cri-dockerd.sock
添加--cri-socket unix:///run/cri-dockerd.sock


kubeadm join 192.168.10.100:6443 --token v9bqbb.wwuk9s8ytn0xaefn \
	--discovery-token-ca-cert-hash sha256:496eeb8ea938e1919782e25b5f9a74f71f1460900a1c7ae3e0b62d4ffb68271a \
    --cri-socket unix:///run/cri-dockerd.sock

master查看节点

[root@master ~]# kubectl get nodes
NAME     STATUS     ROLES           AGE    VERSION
master   NotReady   control-plane   7m5s   v1.29.0
node1    NotReady   <none>          42s    v1.29.0
node2    NotReady   <none>          28s    v1.29.0

5.部署网络插件calico

5.1 下载calico 3.26.3

文档
https://docs.tigera.io/calico/latest/getting-started/kubernetes/self-managed-onprem/onpremises#install-calico-with-kubernetes-api-datastore-more-than-50-nodes
下载地址
https://github.com/projectcalico/calico/releases?page=1

curl https://raw.githubusercontent.com/projectcalico/calico/v3.26.3/manifests/calico-typha.yaml -o calico.yaml


# 修改文件 CALICO_IPV4POOL_CIDR
# kubeadm init --apiserver-advertise-address=192.168.10.100 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version 1.29.0 --service-cidr=10.10.0.0/12 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all --cri-socket unix:///var/run/cri-dockerd.sock	
# 根据 master kubeadm init --pod-network-cidr=10.244.0.0/16 指定为 pod 地址 10.244.0.0/16

5.2 每个节点docker导入calico images


tar -zxvf calico-images.tar.gz
cd calico-images
docker load -i calico-cni-v3.26.3.tar
docker load -i calico-node-v3.26.3.tar
docker load -i calico-kube-controllers-v3.26.3.tar
docker load -i calico-typha-v3.26.3.tar


scp -r calico-images root@node1:~
scp -r calico-images root@node2:~

ssh node1
cd calico-images/
docker load -i calico-cni-v3.26.3.tar
docker load -i calico-node-v3.26.3.tar
docker load -i calico-kube-controllers-v3.26.3.tar
docker load -i calico-typha-v3.26.3.tar


ssh node2
cd calico-images/
docker load -i calico-cni-v3.26.3.tar
docker load -i calico-node-v3.26.3.tar
docker load -i calico-kube-controllers-v3.26.3.tar
docker load -i calico-typha-v3.26.3.tar

5.3 修改calico-typha.yaml

vim calico-typha.yaml
# 根据 master kubeadm init --pod-network-cidr=10.244.0.0/16 指定为 pod 地址 10.244.0.0/16
# 修改 CALICO_IPV4POOL_CIDR 保持一致
            - name: CALICO_IPV4POOL_CIDR
              value: "10.244.0.0/16"

# 修改为 BGP 模式
# Enable IPIP
- name: CALICO_IPV4POOL_IPIP
  value: "Always"  #改成Off

kubectl apply -f calico-typha.yaml


[root@master calico]# kubectl get nodes
NAME     STATUS   ROLES           AGE   VERSION
master   Ready    control-plane   48m   v1.29.0
node1    Ready    <none>          41m   v1.29.0
node2    Ready    <none>          41m   v1.29.0



[root@master calico]# kubectl get pod -A
NAMESPACE     NAME                                       READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-558d465845-nkgfd   1/1     Running   0          55s
kube-system   calico-node-bn82m                          1/1     Running   0          55s
kube-system   calico-node-v4v2g                          1/1     Running   0          55s
kube-system   calico-node-x4s64                          1/1     Running   0          55s
kube-system   calico-typha-5b56944f9b-nztct              1/1     Running   0          55s
kube-system   coredns-857d9ff4c9-664p4                   1/1     Running   0          48m
kube-system   coredns-857d9ff4c9-66qg5                   1/1     Running   0          48m
kube-system   etcd-master                                1/1     Running   0          48m
kube-system   kube-apiserver-master                      1/1     Running   0          48m
kube-system   kube-controller-manager-master             1/1     Running   0          48m
kube-system   kube-proxy-8s274                           1/1     Running   0          42m
kube-system   kube-proxy-kntdl                           1/1     Running   0          42m
kube-system   kube-proxy-nqhhx                           1/1     Running   0          48m
kube-system   kube-scheduler-master                      1/1     Running   0          48m

5.4 固定网卡(可选) calico-typha.yaml

5.4.1 目标 IP 或域名可达
# 目标 IP 或域名可达
       - name: calico-node
         image: registry.geoway.com/calico/node:v3.19.1
         env:
           # Auto-detect the BGP IP address.
           - name: IP
             value: "autodetect"
           - name: IP_AUTODETECTION_METHOD
             value: "can-reach=www.google.com"
kubectl set env daemonset/calico-node -n kube-system IP_AUTODETECTION_METHOD=can-reach=www.google.com
5.4.2 匹配目标网卡
# 匹配目标网卡
- name: calico-node
  image: registry.geoway.com/calico/node:v3.19.1
  env:
    # Auto-detect the BGP IP address.
    - name: IP
      value: "autodetect"
    - name: IP_AUTODETECTION_METHOD
      value: "interface=eth.*"
5.4.3 排除匹配网卡
# 排除匹配网卡
- name: calico-node
  image: registry.geoway.com/calico/node:v3.19.1
  env:
    # Auto-detect the BGP IP address.
    - name: IP
      value: "autodetect"
    - name: IP_AUTODETECTION_METHOD
      value: "skip-interface=eth.*"
5.4.4 CIDR
# CIDR
- name: calico-node
  image: registry.geoway.com/calico/node:v3.19.1
  env:
    # Auto-detect the BGP IP address.
    - name: IP
      value: "autodetect"
    - name: IP_AUTODETECTION_METHOD
      value: "cidr=192.168.200.0/24,172.15.0.0/24"
5.4.5修改kube-proxy 模式为 ipvs
# kubectl edit configmap kube-proxy -n kube-system
mode: ipvs

kubectl delete pod -n kube-system -l k8s-app=kube-proxy
使用kubeadm快速部署Kubernetes 1.29.X版本集群详细教程
Nanqipro的研究日常
06-30 1275
最新K8s快速部署无坑版详细教程
5分钟快速搭建k8s集群1.29.x
u011197085的博客
04-24 1180
这些步骤共同配置了 containerd 作为 Kubernetes 集群的容器运行时环境,确保了其与系统参数和 Kubernetes 的兼容性,同时优化了网络和镜像源设置以提高效率和响应速度。这些命令将立即关闭swap分区,设置系统不使用swap,以及在fstab文件中注释掉所有swap相关的行,防止系统重启时重新启动swap。以上命令会立即将SELinux设置为宽容模式,并在系统配置文件中将SELinux永久禁用。以上命令用于将软件源切换到阿里云镜像,然后安装常用的一些软件工具。
Rocky Linux 9搭建K8s-1.28.0+docker一主多从集群测试环境
2301_78088515的博客
10-06 2439
Kubernetes集群大体上分为两类:一主多从和多主多从。一主多从:一台master节点和多台node节点,搭建简单,但是有单机故障风险,适用于测试环境;多主多从:多台master节点和多台node节点,搭建麻烦,安全性高,适用于生产环境。Kubernetes有多种部署方式,目前主流的方式有kubeadm、minikube、二进制包。
Rocky Linux 9.x 基于 kubeadm部署k8s
最新发布
恭喜你发现了我!!!!
04-15 917
搭建集群使用docker下载K8s,使用一主两从模式。
openEuler 基于 kubeadm 部署k8s
wo_chao_yuan的博客
03-20 938
注意:加入集群时需要添加 --cri-socket unix:///var/run/cri-dockerd.sock。yum install cri-dockerd-0.3.16-3.fc35.x86_64.rpm ---后安装。yum install libcgroup-0.41-19.el8.x86_64.rpm ---先安装。修改为 criSocket: unix:///var/run/cri-dockerd.sock。- name: node 修改node为 k8s-master01
云原生Kubernetes: K8S 1.29版本 部署Harbor
cronaldo91的博客
05-02 1941
18)docker-compose命令显示其管理的harbor容器。(6)docker 登录harbor并推送镜像到公开项目。(7)docker 登录harbor并推送镜像到私有项目。(4)移动并更名为docker-compose。(13)复制Docker镜像到master节点。(5)Docker配置Harbor(所有节点)(14)master节点导入Docker镜像。(6)查看docker-compse版本。(10)Docker Hub查看镜像。(5)查看docker版本。(1)确认openssl。
云原生Kubernetes: K8S 1.29版本 部署Kuboard
cronaldo91的博客
04-18 2473
(4)node2节点拉取etcd-host镜像。(3)node2节点拉取kuboard镜像。(6)复制Docker镜像到node1节点。(6)复制Docker镜像到node1节点。(7)node1节点导入Docker镜像。(7)node1节点导入Docker镜像。(2)master节点查看集群。(9)master节点生成资源。(9)master节点生成资源。(3)node2节点拉取镜像。(2)下载 yaml 文件。(5)导出Docker镜像。(2)下载 yaml 文件。(5)导出Docker镜像。
RockyLinux部署k8s
qq_29653373的博客
02-07 2606
一、场景随着centos8的终结,centos7在2024年也将寿终正寝,所以本文将从centos创始人维护的RockyLinux重新进入BP时代。 二、系统安装 1、下载RockyLinux系统管网下载:Rocky Linux 2、系统安装和centos差不多,本文将通过Promox Virtual进行,Promox的安装请参考: 微服务架构(一)简单的服务器虚拟框架选型及安装_Morik的博客-优快云博客_微服务架构服务器配置 2.1、系统基本配置2核、4g、双网卡 2.2、选择最小安
rockylinux8.10多master节点高可用k8s1.28集群部署
qq_2382495516的博客
09-17 2670
k8s1.28版本多master节点高可用集群部署,采用rockylinux8.10系统
rocky linux部署k8s
03-18
baseurl=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/ enabled=1 gpgcheck=0 ``` [^3] --- #### 三、安装Kubernetes组件 1. **安装指定版本组件** ```bash yum install -y kubelet-1.29.3 kubeadm-...
使用kubespray部署k8s生产环境
神棍之路
06-05 1856
Kubespray 是一个开源项目,它利用 Ansible Playbook 来自动化部署 Kubernetes 集群。支持多种基础设施:可以部署在 AWS, GCE, Azure, OpenStack 以及裸机上。高可用性:支持部署高可用的 Kubernetes 集群。可组合性:用户可以选择不同的网络插件(如 flannel, calico, canal, weave)来部署。支持多种 Linux 发行版。
云原生Kubernetes: K8S 1.29版本 部署ingress-nginx
cronaldo91的博客
04-21 2323
原因是node1节点的cni容器出现了异常无法为pod分配ip导致的卡在ContainerCreating的状态。ingress-nginx-controller部署到node1节点的IP为10.244.166.140。ingress-nginx-controller部署到node2节点的IP为10.244.104.13。ingress-nginx-controller部署到node1节点的IP为10.244.104.13。④在自己的仓库中可以看到上传的镜像,默认上传到公共仓库中。
云原生Kubernetes: K8S 1.29版本 部署GitLab
cronaldo91的博客
04-24 2396
istio-ingressgateway是service资源,关联的pod是istio-system名称空间叫做iistio-ingressgateway-6d9f6c64cb-nldhf的pod。主要涉及到3个应用:Redis、Postgresql、Gitlab 核心程序,实际上只要将这3个应用分别启动起来,然后加上对应的配置就可以方便快速的安装 Gitlab )(5)先后开启rpcbind、nfs服务并热加载配置文件内容,查看本机发布的nfs共享目录。(7)复制Docker镜像到node2节点。
云原生Kubernetes: K8S 1.29版本 部署Sonarqube
cronaldo91的博客
04-28 2697
JDBC连接postgresql失败,value: "jdbc:postgresql://postgres-sonar:5432/sonarDB"中的postgres-sonar需要写入集群IP。(6)node节点拉取postgresql镜像。(19)复制Docker镜像到node1节点。(7)复制Docker镜像到node1节点。(20)node1节点导入Docker镜像。(6)移动并解压(选择上面的第二种方式)(8)node1节点导入Docker镜像。(2)创建postgresql的pv。
Linux系统【RockyLinux9.4】下K8S集群【1.31.0】安装部署指南
最爱嫣夜来
09-09 4468
公司之前一直使用的是CentOS系统作为测试、开发、生产环境的基础系统镜像,由于最近的CentOS的镜像彻底终止维护之后,我们在为后续项目的基础系统镜像选型进行的调研, 最好是可以平替的进行类似系统的移植, 经过多番对比, 决定使用Rocky Linux系统来完成我们开发测试环境的系统移植,系统镜像的下载、安装、部署都比较简单, 基本跟CentOS发现版都很类似, 这里就不进行详细讲解说明了, 下面我们主要演示在Rocky Linux系统下完成K8S集群开发测试环境搭建的整个过程。
29.手把手系列之二进制部署高可用k8s集群
LQ的博客
11-02 474
29.手把手系列之二进制部署高可用k8s集群 二进制部署高可用k8s集群 本章节采用纯二进制文件方式部署https(证书有效期为10年)高可用k8s集群,所有涉及的配置文件和镜像均已提供。 另外,默认集群规模可支撑254个节点。 如果需要调整,请自行修改/etc/kubernetes/controller-manager中的–node-cidr-mask-size=24字段。 本章节目录: 1>生产环境高可用设计原则 2>生产环境高可用架构 3>基础环境准备 4>Docker环境准
k8s集群部署参考-Rocky
Wu 小杰的博客
08-06 1327
################ 查看资源类型 ################################## 了解pod运行状况 ##################打印pod完整的资源规范,通过status字段了解#打印pod资源的详细状态#获取pod中容器应用的日志################# 增加和删除污点 ################## 查看节点Taints# 删除节点Taints(后面 "-" 一定要加)
k8s安装,rocky9.7
weixin_54648312的博客
11-26 856
(修改证书及etcd、token文件等配置信息) 【token生成方式:(token.csv文件中的token是在主节点上生成的,本部署文档提供token.csv模板,只需替换token.csv文件第一行第一个token串即可。对于 kube-scheduler 是 10251,变成 10259。kublet 启动时查找配置的 --kubeletconfig 文件是否存在,如果不存在则使用 --bootstrap-kubeconfig 向 kube-apiserver 发送证书签名请求 (CSR)。
Rocky系统部署k8s1.28.2单节点集群(Containerd)+Kuboard
Lzcsfg的博客
08-13 1894
kubernetesk8s)是2014年由Google公司基于Go语言编写的一款开源的容器集群编排系统,用于自动化容器部署、扩缩容和管理;kubernetesk8s)是基于Google内部的Borg系统的特征开发的一个版本,集成了Borg系统大部分优势;官方地址:Kubernetes代码托管平台:https://github.com/Kubernetes k8s集群需要建⽴在多个节点上,将多个节点组建成一个集群,然后进⾏统⼀管理,但是在k8s集群内部,这些节点⼜被划分成了两类⻆⾊:
k8s一键部署 rocky
03-15
### Kubernetes (k8s) 一键部署Rocky Linux 的方法 #### 背景介绍 Kubernetes 是一种流行的容器编排工具,用于自动化应用程序的部署、扩展和管理。为了简化在不同操作系统上的安装过程,社区提供了多种脚本和指南来实现一键化部署。对于基于 RHEL 的发行版(如 Rocky Linux),可以利用 `kubeadm` 工具快速初始化集群并完成节点加入。 --- #### 方法一:使用 Kubeadm 安装 KubernetesRocky Linux 以下是适用于 Rocky Linux 的一键部署流程: 1. **更新系统软件包** 更新系统的现有软件包以确保兼容性和稳定性。 ```bash sudo dnf update -y && sudo dnf install -y nano git curl wget vim net-tools conntrack ipset jq docker ``` 2. **配置 Docker 和启动服务** 使用官方推荐的方式安装 Docker 并启用它作为 CRI(Container Runtime Interface)。 ```bash sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo sudo dnf install -y containerd.io docker-ce docker-ce-cli sudo systemctl enable --now docker ``` 3. **禁用 SELinux 和防火墙** 关闭 SELinux 可能会减少不必要的权限冲突;如果需要保留,则需调整策略文件。 ```bash setenforce 0 sed -i &#39;s/^SELINUX=enforcing$/SELINUX=permissive/&#39; /etc/selinux/config # 停止 firewalld 或允许必要的端口通信 sudo systemctl stop firewalld sudo systemctl disable firewalld ``` 4. **加载桥接模块支持** 添加内核参数以便于网络插件正常工作。 ```bash cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf br_netfilter EOF cat <<EOF | sudo tee /etc/sysctl.d/kubernetes.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sudo sysctl --system ``` 5. **安装 kubeadm, kubelet 和 kubectl** 下载最新的稳定版本组件并通过 yum/dnf 进行安装。 ```bash cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kube* EOF sudo dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes sudo systemctl enable --now kubelet ``` 6. **初始化 Master 节点** 初始化命令可以根据实际需求自定义 Pod 子网范围和其他选项。 ```bash sudo kubeadm init --pod-network-cidr=192.168.0.0/16 ``` 7. **配置 KUBECONFIG 文件** 将管理员上下文复制至当前用户的环境变量中方便后续操作。 ```bash mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config ``` 8. **应用网络插件** Flannel 是常用的 overlay 网络解决方案之一。 ```bash kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml ``` 9. **验证集群状态** 检查所有核心组件是否处于健康运行状态。 ```bash kubectl get nodes kubectl get pods --all-namespaces ``` 以上步骤涵盖了从准备阶段到最后成功的整个过程[^1]。 --- #### 方法二:借助 Ansible Playbook 实现自动化部署 Ansible 提供了一种声明式的基础设施即代码方式,能够显著提高效率并降低人为错误风险。下面是一个简单的 playbook 示例结构: ```yaml --- - hosts: all become: yes tasks: - name: Install required packages dnf: name: - epel-release - python3-pip state: present - name: Upgrade system and install dependencies dnf: name: - "{{ item }}" state: latest loop: - docker - bridge-utils - bash-completion - name: Configure kernel parameters for networking copy: src: files/kubernetes.conf dest: /etc/sysctl.d/kubernetes.conf mode: &#39;0644&#39; - name: Enable IP forwarding permanently lineinfile: path: /etc/sysctl.conf regexp: &#39;^net.ipv4.ip_forward=&#39; line: &#39;net.ipv4.ip_forward=1&#39; - name: Add Google&#39;s Kubernetes repository command: > echo "[kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg" > /etc/yum.repos.d/kubernetes.repo - name: Install Kubernetes binaries dnf: name: - kubelet - kubeadm - kubectl state: present - name: Start and enable kubelet service systemd: name: kubelet state: started enabled: true - name: Initialize the cluster with flannel as network plugin shell: | kubeadm init --pod-network-cidr=10.244.0.0/16 mkdir -p ~/.kube/ cp /etc/kubernetes/admin.conf ~/.kube/config chmod 600 ~/.kube/config export KUBECONFIG=~/.kube/config kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.19.0/Documentation/kube-flannel.yml ``` 此剧本假设目标主机已经可以通过 SSH 访问,并且具有适当的角色分配给 master 和 worker 节点[^2]。 --- #### 注意事项 - 如果遇到僵尸进程或者 API Server 报错等问题,请检查日志 `/var/log/messages` 或者通过 `journalctl -xe` 获取更多信息[^5]。 - 对于高可用架构设计,建议至少三个控制平面实例形成 quorum 来增强容灾能力[^3]. ---
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值