本文档详细介绍了如何在多主机环境中部署Kubernetes(k8s)的基础环境,包括跨主机免密认证、禁用selinux、禁用swap、网络参数调整、部署docker、配置cri环境、设置Harbor仓库、以及初始化k8s集群。步骤涵盖从系统配置到服务启动的所有关键环节,确保k8s集群的稳定运行。
目录
| 主机IP | 主机名 | |
| 192.168.96.134 | kubernetes-master.openlab.cn | kubernetes-master |
| 192.168.96.135 | kubernetes-node1.openlab.cn | kubernetes-node1 |
| 192.168.96.136 | kubernetes-node2.openlab.cn | kubernetes-node2 |
| 192.168.96.137 | kubernetes-node3.openlab.cn | kubernetes-node3 |
| 192.168.96.138 | kubernetes-register.openlab.cn | kubernetes-register |
跨主机免密认证
生成秘钥对
ssh-keygen -t rsa
跨主机免密码认证
ssh-copy-id root@远程主机ip地址
禁用selinux--所有主机操作
1.使用sed
sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
2.直接更改配置文件
[root@kubernetes-node3 ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
3.重启才能生效
setenforce 0
reboot
sestatus
[root@kubernetes-node3 ~]# sestatus
SELinux status: disabled
禁用swap--所有主机操作
在swap一行前加#
或者使用sed替换
sed -i 's/.*swap.*/#&/' /etc/fstab
[root@kubernetes-node3 ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Tue Aug 22 10:34:00 2023
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=33c75378-00ec-4cad-81c2-035021d258e6 /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0
#/dev/mapper/centos-swap swap swap defaults 0 0
网络参数调整--所有主机
配置iptables参数,使得流经网桥的流量也经过iptables/netfilter防火墙
cat >> /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
配置生效
modprobe br_netfilter
modprobe overlay
sysctl -p /etc/sysctl.d/k8s.conf
部署docker环境--所有主机
1.配置软件源
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/dockerce/linux/centos/docker-ce.repo
2.安装最新版docker
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce
3.设置开机自启
systemctl enable --now docker.service
4.配置docker加速器
[root@kubernetes-node3 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": [
"http://74f21445.m.daocloud.io",
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn"
],
"insecure-registries": ["kubernetes-register.openlab.cn"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
5.重启服务
systemctl restart docker
cri环境配置--所有主机操作
1.下载cri包
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.2/cri-dockerd-0.3.2.amd64.tgzw
如果wget出现404,可以自己去点击地址进去下载,然后上传到虚拟机
2.解压
tar xvf cri-dockerd-0.3.2.amd64.tgz
mv cri-dockerd/cri-dockerd /usr/local/bin/
[root@kubernetes-master ~]# cri-dockerd --version
cri-dockerd 0.3.2 (23513f4c)
3.定制cri-dockerd.service配置文件
cat > /etc/systemd/system/cri-dockerd.service<<-EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9 --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --cri-dockerd-root-directory=/var/lib/dockershim --docker-endpoint=unix:///var/run/docker.sock --cri-dockerd-root-directory=/var/lib/docker
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
[root@kubernetes-master ~]# cat /etc/systemd/system/cri-dockerd.socket
[Unit]
Description=CRI Docker Socket for the API
Partof=cri-docker.service[Socket]
ListenStream=/var/run/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker[Install]
WantedBy=sockets.targeEOF
4.定制cri-dockerd.socket文件
[root@kubernetes-master ~]# cat /etc/systemd/system/cri-dockerd.socket
[Unit]
Description=CRI Docker Socket for the API
Partof=cri-docker.service[Socket]
ListenStream=/var/run/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker[Install]
WantedBy=sockets.target
[root@kubernetes-master ~]# cat /etc/systemd/system/cri-dockerd.socket
[Unit]
Description=CRI Docker Socket for the API
Partof=cri-docker.service[Socket]
ListenStream=/var/run/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker[Install]
WantedBy=sockets.target
5.设置开机自启并检查启动状态
[root@kubernetes-master ~]# systemctl daemon-reload
[root@kubernetes-master ~]# systemctl enable --now cri-dockerd.service
[root@kubernetes-master ~]# systemctl status cri-dockerd.service
● cri-dockerd.service - CRI Interface for Docker Application Container Engine
Loaded: loaded (/etc/systemd/system/cri-dockerd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-11-03 18:21:38 CST; 53min ago
Docs: https://docs.mirantis.com
Main PID: 7567 (cri-dockerd)
CGroup: /system.slice/cri-dockerd.service
└─7567 /usr/local/bin/cri-dockerd --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9 --network-plugin=cni --cni-conf-dir=/etc/cni/net....Nov 03 18:21:38 kubernetes-master.openlab.cn cri-dockerd[7567]: time="2023-11-03T18:21:38+08:00" level=info msg="The binary conntrack is not installed, this can cause failure... cleanup."
Nov 03 18:21:38 kubernetes-master.openlab.cn cri-dockerd[7567]: time="2023-11-03T18:21:38+08:00" level=info msg="The binary conntrack is not installed, this can cause failure... cleanup."
Nov 03 18:21:38 kubernetes-master.openlab.cn cri-dockerd[7567]: time="2023-11-03T18:21:38+08:00" level=info msg="Loaded network plugin cni"
Nov 03 18:21:38 kubernetes-master.openlab.cn cri-dockerd[7567]: time="2023-11-03T18:21:38+08:00" level=info msg="Docker cri networking managed by network plugin cni"
Nov 03 18:21:38 kubernetes-master.openlab.cn cri-dockerd[7567]: time="2023-11-03T18:21:38+08:00" level=info msg="Docker Info: &{ID:b6c92759-2edc-4623-a7f2-1dac9f7233fc Contai...alse] [Nat
Nov 03 18:21:38 kubernetes-master.openlab.cn systemd[1]: Started CRI Interface for Docker Application Container Engine.
Nov 03 18:21:38 kubernetes-master.openlab.cn cri-dockerd[7567]: time="2023-11-03T18:21:38+08:00" level=info msg="Setting cgroupDriver systemd"
Nov 03 18:21:38 kubernetes-master.openlab.cn cri-dockerd[7567]: time="2023-11-03T18:21:38+08:00" level=info msg="Docker cri received runtime config &RuntimeConfig{NetworkConf...Cidr:,},}"
Nov 03 18:21:38 kubernetes-master.openlab.cn cri-dockerd[7567]: time="2023-11-03T18:21:38+08:00" level=info msg="Starting the GRPC backend for the Docker CRI interface."
Nov 03 18:21:38 kubernetes-master.openlab.cn cri-dockerd[7567]: time="2023-11-03T18:21:38+08:00" level=info msg="Start cri-dockerd grpc backend"
Hint: Some lines were ellipsized, use -l to show in full.
6. 配置所有主机操作
使用scp命令复制--每个主机操作配置
scp root@192.168.96.135:/etc/systemd/system/cri-dockerd.service /etc/systemd/system/
scp root@192.168.96.135:/etc/systemd/system/cri-dockerd.socket /etc/systemd/system/
systemctl enable --now cri-dockerd.service
systemctl status cri-dockerd.service
配置 harbor仓库操作
docker环
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
