集群初始化

官网初始化文档

留神:
1.如果不是高可用集群,192.168.2.236:16443改为master01的地址,16443改为apiserver的端口,默认是6443
2.留神更改kubernetesVersion的值和本人服务器kubeadm的版本统一

kubectl versionkubeadm version

Master01节点创立配置文件:
vim kubeadm-config.yaml

apiVersion: kubeadm.k8s.io/v1beta3bootstrapTokens:- groups:  - system:bootstrappers:kubeadm:default-node-token  token: 7t2weq.bjbawausm0jaxury  ttl: 24h0m0s  usages:  - signing  - authenticationkind: InitConfigurationlocalAPIEndpoint:  advertiseAddress: 192.168.2.201  bindPort: 6443nodeRegistration:  criSocket: unix:///var/run/containerd/containerd.sock  name: k8s-master01  taints:  - effect: NoSchedule    key: node-role.kubernetes.io/control-plane---apiServer:  certSANs:  - 192.168.2.236  timeoutForControlPlane: 4m0sapiVersion: kubeadm.k8s.io/v1beta3certificatesDir: /etc/kubernetes/pkiclusterName: kubernetescontrolPlaneEndpoint: 192.168.2.236:16443controllerManager: {}etcd:  local:    dataDir: /var/lib/etcdimageRepository: registry.cn-hangzhou.aliyuncs.com/google_containerskind: ClusterConfigurationkubernetesVersion: v1.27.3 # 更改此处的版本号和kubeadm version统一networking:  dnsDomain: cluster.local  podSubnet: 172.16.0.0/16  serviceSubnet: 10.96.0.0/16scheduler: {}

留神:宿主机网段、podSubnet网段、serviceSubnet网段不能反复

更新kubeadm文件

kubeadm config migrate --old-config kubeadm-config.yaml --new-config new.yaml

将new.yaml文件复制到其余master节点

for i in k8s-master02 k8s-master03; do scp new.yaml $i:/root/; done

所有Master节点提前下载镜像:

kubeadm config images pull --config /root/new.yaml 

Master01节点初始化,记录token值:

kubeadm init --config /root/new.yaml  --upload-certs

Master01节点配置环境变量,用于拜访Kubernetes集群:

cat <<EOF >> /root/.bashrcexport KUBECONFIG=/etc/kubernetes/admin.confEOFsource /root/.bashrc

Master01节点查看节点状态:(显示NotReady不影响)

kubectl get node

高可用集群

其余master节点执行:

kubeadm join 192.168.2.236:16443 --token 7t2weq.bjbawausm0jaxury \    --discovery-token-ca-cert-hash sha256:dead316821a80d4a60c9a7481a72530a4b527eb5aa51d1bf626bab2e7f151f52 \    --control-plane --certificate-key 2b7db29b48158359c2f9aa783ab929cefe19c798341d9fca89f07fa26b6fc07b

Node节点执行:

kubeadm join 192.168.2.236:16443 --token 7t2weq.bjbawausm0jaxury \    --discovery-token-ca-cert-hash sha256:dead316821a80d4a60c9a7481a72530a4b527eb5aa51d1bf626bab2e7f151f52 

Calico组件装置

master01节点执行:

cd /root/k8s-ha-install && git checkout manual-installation-v1.27.x && cd calico/POD_SUBNET=`cat /etc/kubernetes/manifests/kube-controller-manager.yaml | grep cluster-cidr= | awk -F= '{print $NF}'`sed -i "s#POD_CIDR#${POD_SUBNET}#g" calico.yamlkubectl apply -f calico.yaml

查看容器和节点状态

kubectl get po -n kube-system

Metrics部署

在新版的Kubernetes中系统资源的采集均应用Metrics-server,能够通过Metrics采集节点和Pod的内存、磁盘、CPU和网络的使用率。
将Master01节点的front-proxy-ca.crt复制到所有Node节点

scp /etc/kubernetes/pki/front-proxy-ca.crt k8s-node01:/etc/kubernetes/pki/front-proxy-ca.crtscp /etc/kubernetes/pki/front-proxy-ca.crt k8s-node02:/etc/kubernetes/pki/front-proxy-ca.crt

在master01节点执行:

cd /root/k8s-ha-install/kubeadm-metrics-serverkubectl  create -f comp.yaml 

查看节点状态:

kubectl get po -n kube-system -l k8s-app=metrics-serverkubectl top nodekubectl top po -A

Dashboard部署

Dashboard用于展现集群中的各类资源,同时也能够通过Dashboard实时查看Pod的日志和在容器中执行一些命令等。

cd /root/k8s-ha-install/dashboard/kubectl  create -f .

查看端口号:

kubectl get svc kubernetes-dashboard -n kubernetes-dashboard

创立登录Token:

kubectl create token admin-user -n kube-system

拜访

https://192.168.2.201:32585/

配置批改

在master01节点执行
1.批改代理模式为ipvs

kubectl edit cm kube-proxy -n kube-systemmode: ipvs

2.更新Kube-Proxy的Pod

kubectl patch daemonset kube-proxy -p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"date\":\"`date +'%s'`\"}}}}}" -n kube-system

3.验证Kube-Proxy模式

curl 127.0.0.1:10249/proxyModeipvs

其余

Kubeadm装置后,master节点默认不容许部署pod,能够通过以下形式删除Taint,即可部署Pod:

kubectl  taint node  -l node-role.kubernetes.io/control-plane node-role.kubernetes.io/control-plane:NoSchedule-