集群初始化
官网初始化文档
留神:
1.如果不是高可用集群,192.168.2.236:16443改为master01的地址,16443改为apiserver的端口,默认是6443
2.留神更改kubernetesVersion的值和本人服务器kubeadm的版本统一
kubectl versionkubeadm versionMaster01节点创立配置文件:
vim kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3bootstrapTokens:- groups: - system:bootstrappers:kubeadm:default-node-token token: 7t2weq.bjbawausm0jaxury ttl: 24h0m0s usages: - signing - authenticationkind: InitConfigurationlocalAPIEndpoint: advertiseAddress: 192.168.2.201 bindPort: 6443nodeRegistration: criSocket: unix:///var/run/containerd/containerd.sock name: k8s-master01 taints: - effect: NoSchedule key: node-role.kubernetes.io/control-plane---apiServer: certSANs: - 192.168.2.236 timeoutForControlPlane: 4m0sapiVersion: kubeadm.k8s.io/v1beta3certificatesDir: /etc/kubernetes/pkiclusterName: kubernetescontrolPlaneEndpoint: 192.168.2.236:16443controllerManager: {}etcd: local: dataDir: /var/lib/etcdimageRepository: registry.cn-hangzhou.aliyuncs.com/google_containerskind: ClusterConfigurationkubernetesVersion: v1.27.3 # 更改此处的版本号和kubeadm version统一networking: dnsDomain: cluster.local podSubnet: 172.16.0.0/16 serviceSubnet: 10.96.0.0/16scheduler: {}留神:宿主机网段、podSubnet网段、serviceSubnet网段不能反复
更新kubeadm文件
kubeadm config migrate --old-config kubeadm-config.yaml --new-config new.yaml将new.yaml文件复制到其余master节点
for i in k8s-master02 k8s-master03; do scp new.yaml $i:/root/; done所有Master节点提前下载镜像:
kubeadm config images pull --config /root/new.yaml Master01节点初始化,记录token值:
kubeadm init --config /root/new.yaml --upload-certsMaster01节点配置环境变量,用于拜访Kubernetes集群:
cat <<EOF >> /root/.bashrcexport KUBECONFIG=/etc/kubernetes/admin.confEOFsource /root/.bashrcMaster01节点查看节点状态:(显示NotReady不影响)
kubectl get node高可用集群
其余master节点执行:
kubeadm join 192.168.2.236:16443 --token 7t2weq.bjbawausm0jaxury \ --discovery-token-ca-cert-hash sha256:dead316821a80d4a60c9a7481a72530a4b527eb5aa51d1bf626bab2e7f151f52 \ --control-plane --certificate-key 2b7db29b48158359c2f9aa783ab929cefe19c798341d9fca89f07fa26b6fc07bNode节点执行:
kubeadm join 192.168.2.236:16443 --token 7t2weq.bjbawausm0jaxury \ --discovery-token-ca-cert-hash sha256:dead316821a80d4a60c9a7481a72530a4b527eb5aa51d1bf626bab2e7f151f52 Calico组件装置
master01节点执行:
cd /root/k8s-ha-install && git checkout manual-installation-v1.27.x && cd calico/POD_SUBNET=`cat /etc/kubernetes/manifests/kube-controller-manager.yaml | grep cluster-cidr= | awk -F= '{print $NF}'`sed -i "s#POD_CIDR#${POD_SUBNET}#g" calico.yamlkubectl apply -f calico.yaml查看容器和节点状态
kubectl get po -n kube-systemMetrics部署
在新版的Kubernetes中系统资源的采集均应用Metrics-server,能够通过Metrics采集节点和Pod的内存、磁盘、CPU和网络的使用率。
将Master01节点的front-proxy-ca.crt复制到所有Node节点
scp /etc/kubernetes/pki/front-proxy-ca.crt k8s-node01:/etc/kubernetes/pki/front-proxy-ca.crtscp /etc/kubernetes/pki/front-proxy-ca.crt k8s-node02:/etc/kubernetes/pki/front-proxy-ca.crt在master01节点执行:
cd /root/k8s-ha-install/kubeadm-metrics-serverkubectl create -f comp.yaml 查看节点状态:
kubectl get po -n kube-system -l k8s-app=metrics-serverkubectl top nodekubectl top po -ADashboard部署
Dashboard用于展现集群中的各类资源,同时也能够通过Dashboard实时查看Pod的日志和在容器中执行一些命令等。
cd /root/k8s-ha-install/dashboard/kubectl create -f .查看端口号:
kubectl get svc kubernetes-dashboard -n kubernetes-dashboard创立登录Token:
kubectl create token admin-user -n kube-system拜访
https://192.168.2.201:32585/配置批改
在master01节点执行
1.批改代理模式为ipvs
kubectl edit cm kube-proxy -n kube-systemmode: ipvs2.更新Kube-Proxy的Pod
kubectl patch daemonset kube-proxy -p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"date\":\"`date +'%s'`\"}}}}}" -n kube-system3.验证Kube-Proxy模式
curl 127.0.0.1:10249/proxyModeipvs其余
Kubeadm装置后,master节点默认不容许部署pod,能够通过以下形式删除Taint,即可部署Pod:
kubectl taint node -l node-role.kubernetes.io/control-plane node-role.kubernetes.io/control-plane:NoSchedule-