集群初始化
官网初始化文档
留神:
1. 如果不是高可用集群,192.168.2.236:16443 改为 master01 的地址,16443 改为 apiserver 的端口,默认是 6443
2. 留神更改 kubernetesVersion 的值和本人服务器 kubeadm 的版本统一
kubectl version
kubeadm versionMaster01 节点创立配置文件:
vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: 7t2weq.bjbawausm0jaxury
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.2.201
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
name: k8s-master01
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
---
apiServer:
certSANs:
- 192.168.2.236
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: 192.168.2.236:16443
controllerManager: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.27.3 # 更改此处的版本号和 kubeadm version 统一
networking:
dnsDomain: cluster.local
podSubnet: 172.16.0.0/16
serviceSubnet: 10.96.0.0/16
scheduler: {}留神:宿主机网段、podSubnet 网段、serviceSubnet 网段不能反复
更新 kubeadm 文件
kubeadm config migrate --old-config kubeadm-config.yaml --new-config new.yaml将 new.yaml 文件复制到其余 master 节点
for i in k8s-master02 k8s-master03; do scp new.yaml $i:/root/; done所有 Master 节点提前下载镜像:
kubeadm config images pull --config /root/new.yaml Master01 节点初始化,记录 token 值:
kubeadm init --config /root/new.yaml --upload-certsMaster01 节点配置环境变量,用于拜访 Kubernetes 集群:
cat <<EOF >> /root/.bashrc
export KUBECONFIG=/etc/kubernetes/admin.conf
EOF
source /root/.bashrcMaster01 节点查看节点状态:(显示 NotReady 不影响)
kubectl get node高可用集群
其余 master 节点执行:
kubeadm join 192.168.2.236:16443 --token 7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash sha256:dead316821a80d4a60c9a7481a72530a4b527eb5aa51d1bf626bab2e7f151f52 \
--control-plane --certificate-key 2b7db29b48158359c2f9aa783ab929cefe19c798341d9fca89f07fa26b6fc07bNode 节点执行:
kubeadm join 192.168.2.236:16443 --token 7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash sha256:dead316821a80d4a60c9a7481a72530a4b527eb5aa51d1bf626bab2e7f151f52 Calico 组件装置
master01 节点执行:
cd /root/k8s-ha-install && git checkout manual-installation-v1.27.x && cd calico/
POD_SUBNET=`cat /etc/kubernetes/manifests/kube-controller-manager.yaml | grep cluster-cidr= | awk -F= '{print $NF}'`
sed -i "s#POD_CIDR#${POD_SUBNET}#g" calico.yaml
kubectl apply -f calico.yaml查看容器和节点状态
kubectl get po -n kube-systemMetrics 部署
在新版的 Kubernetes 中系统资源的采集均应用 Metrics-server,能够通过 Metrics 采集节点和 Pod 的内存、磁盘、CPU 和网络的使用率。
将 Master01 节点的 front-proxy-ca.crt 复制到所有 Node 节点
scp /etc/kubernetes/pki/front-proxy-ca.crt k8s-node01:/etc/kubernetes/pki/front-proxy-ca.crt
scp /etc/kubernetes/pki/front-proxy-ca.crt k8s-node02:/etc/kubernetes/pki/front-proxy-ca.crt在 master01 节点执行:
cd /root/k8s-ha-install/kubeadm-metrics-server
kubectl create -f comp.yaml 查看节点状态:
kubectl get po -n kube-system -l k8s-app=metrics-server
kubectl top node
kubectl top po -ADashboard 部署
Dashboard 用于展现集群中的各类资源,同时也能够通过 Dashboard 实时查看 Pod 的日志和在容器中执行一些命令等。
cd /root/k8s-ha-install/dashboard/
kubectl create -f .查看端口号:
kubectl get svc kubernetes-dashboard -n kubernetes-dashboard创立登录 Token:
kubectl create token admin-user -n kube-system拜访
https://192.168.2.201:32585/配置批改
在 master01 节点执行
1. 批改代理模式为 ipvs
kubectl edit cm kube-proxy -n kube-system
mode: ipvs2. 更新 Kube-Proxy 的 Pod
kubectl patch daemonset kube-proxy -p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"date\":\"`date +'%s'`\"}}}}}" -n kube-system3. 验证 Kube-Proxy 模式
curl 127.0.0.1:10249/proxyMode
ipvs其余
Kubeadm 装置后,master 节点默认不容许部署 pod,能够通过以下形式删除 Taint,即可部署 Pod:
kubectl taint node -l node-role.kubernetes.io/control-plane node-role.kubernetes.io/control-plane:NoSchedule-