超简单!1.23.8版本的保姆级二进制安装高可用Kubernetes集群指南
最编程
2024-01-24 17:48:15
...
k8s搭建方式
市面上有很多方式,最终主要分两种,kubeadmin 和二进制.
kubeadmin安装的
- sealos
- kuboard-sprary
- rancher
- 其他工具
Kubeadm是一个K8s部署工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群。
官方地址: https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/
二进制安装的:
kubesz (ansible playbook 安装) 推荐
手动搭建
从github下载发行版的二进制包,手动部署每个组件,组成Kubernetes集群。
Kubeadm降低部署门槛,但屏蔽了很多细节,遇到问题很难排查。如果想更容易可控,推荐使用二进制包部署Kubernetes集群,虽然手动部署麻烦点,期间可以学习很多工作原理,也利于后期维护。
前期准备
OS : Centos7
升级内核到5.4
禁用swap
修改时区、时间同步、集群免密
关闭防火墙、开启内核ip转发功能
安装基础软件 具体见install.sh 的内容
…
集群规划
| ip | hostname | 配置 | 组件 | 角色 |
| 10.50.10.31 | master1 | 8C16G 40GB | kubelet / kube-proxy / kube-scheduler / kube-controller-manager / etcd / docker | master |
| 10.50.10.32 | master2 | 8C16G 40GB | kubelet / kube-proxy / kube-scheduler / kube-controller-manager/ etcd / docker | master |
| 10.50.10.33 | master3 | 8C16G 40GB | kubelet / kube-proxy / kube-scheduler / kube-controller-manager / etcd / docker / kubelet / kube-proxy | master |
| 10.50.10.34 | node1 | 8C16G 40GB | kubelet / kube-proxy / docker | node |
| 10.50.10.35 | node2 | 8C16G 40GB | kubelet / kube-proxy / nginx/ keepalived / docker | node |
| 10.50.10.36 | node3 | 8C16G 40GB | kubelet / kube-proxy / nginx/ keepalived / docker | node |
| 10.50.10.108 | VIP | haproxy + keepalived 负责API-SERVER 高可用 |
预留ip
10.50.10.28
10.50.10.29
10.50.10.30 暂时保留
10.50.10.241
10.50.10.242
10.50.10.250
10.50.10.251
机器准备
1、master vagrantfile
# -*- mode: ruby -*- Vagrant.configure("2") do |config| config.vm.box_check_update = false config.vm.provider 'virtualbox' do |vb| end $num_instances = 3 (1..$num_instances).each do |i| config.vm.define "node#{i}" do |node| node.vm.box = "centos-7" node.vm.hostname = "master#{i}" ip = "10.50.10.#{i+30}" node.vm.network "private_network", ip: ip,bridge: bond0 node.vm.provider "virtualbox" do |vb| vb.memory = "16384" vb.cpus = 8 vb.name = "master#{i}" end node.vm.provision "shell", path: "install.sh" end end end
2、master install.sh
#!/usr/bin/env bash # yum net-tools & udate route cd /tmp && curl -O 10.50.10.25/pigsty/net-tools-2.0-0.25.20131004git.el7.x86_64.rpm yum -y install net-tools-2.0-0.25.20131004git.el7.x86_64.rpm route add default gw 10.50.10.254 eth1 route -n # modify ssh parpmeter passwd=yes sed -ri '/^PasswordAuthentication/cPasswordAuthentication yes' /etc/ssh/sshd_config systemctl restart sshd # change time zone cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime timedatectl set-timezone Asia/Shanghai rm /etc/yum.repos.d/CentOS-Base.repo curl 10.50.10.25/pigsty/Centos-Base.repo -o /etc/yum.repos.d/CentOS-Base.repo # install kmod and ceph-common for rook yum install -y wget curl conntrack-tools vim net-tools telnet tcpdump bind-utils socat ntp kmod dos2unix kubernetes_release="/opt/kubernetes-server-linux-amd64.tar.gz" # Download Kubernetes #if [[ $(hostname) == "master1" ]] && [[ ! -f "$kubernetes_release" ]]; then if [[ ! -f "$kubernetes_release" ]]; then # wget 10.50.10.25/pigsty/kubernetes-server-linux-amd64.tar.gz -P /opt/ fi echo 'disable selinux' setenforce 0 sed -i 's/=enforcing/=disabled/g' /etc/selinux/config echo 'enable iptable kernel parameter' cat >> /etc/sysctl.conf <<EOF net.ipv4.ip_forward=1 EOF sysctl -p # 将桥接的IPv4流量传递到iptables的链 cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system echo 'set host name resolution' cat >> /etc/hosts <<EOF 10.50.10.31 master1 10.50.10.32 master1 10.50.10.33 master1 10.50.10.34 node1 10.50.10.35 node1 10.50.10.36 node1 EOF cat /etc/hosts echo 'disable swap' swapoff -a sed -i '/swap/s/^/#/' /etc/fstab #install docker #yum -y install docker-ce.x86_64 #systemctl daemon-reload && systemctl enable --now docker #download etcd #mkdir -p /opt/etcd/ && curl 10.50.10.25/pigsty/etcd-v3.4.9-linux-amd64.tar.gz -o /opt/etcd/etcd-v3.4.9-linux-amd64.tar.gz # download kernel cd /tmp && curl -O http://10.50.10.25/pigsty/kernel-lt-5.4.200-1.el7.elrepo.x86_64.rpm && rpm -Uvh kernel-lt-5.4.200-1.el7.elrepo.x86_64.rpm #默认启动的顺序是从0开始,新内核是从头插入(目前位置在0,而4.4.4的是在1),所以需要选择0。 grub2-set-default 0 # reboot 内核升级生效 reboot # 启动node exporter 监控 curl -O 10.50.10.25/pigsty/node_exporter-1.3.1-1.el7.x86_64.rpm && rpm -ivh node_exporter-1.3.1-1.el7.x86_64.rpm && rm -rf node_exporter-1.3.1-1.el7.x86_64.rpm && systemctl enable node_exporter.service --now
3、node vagrantfile
Vagrant.configure("2") do |config| config.vm.box_check_update = false config.vm.provider 'virtualbox' do |vb| end $num_instances = 3 (1..$num_instances).each do |i| config.vm.define "node#{i+3}" do |node| node.vm.box = "centos-7" node.vm.hostname = "node#{i}" ip = "10.50.10.#{i+33}" node.vm.network "public_network", ip: ip,bridge: "bond0" node.vm.provider "virtualbox" do |vb| vb.memory = "16384" vb.cpus = 8 vb.name = "node#{i+3}" end node.vm.provision "shell", path: "install.sh" end end end
4、node install.sh
主要是conntrack的安装
#!/usr/bin/env bash # yum net-tools & udate route cd /tmp && curl -O 10.50.10.25/pigsty/net-tools-2.0-0.25.20131004git.el7.x86_64.rpm yum -y install net-tools-2.0-0.25.20131004git.el7.x86_64.rpm route add default gw 10.50.10.254 eth1 route -n # modify ssh parpmeter passwd=yes sed -ri '/^PasswordAuthentication/cPasswordAuthentication yes' /etc/ssh/sshd_config systemctl restart sshd # change time zone cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime timedatectl set-timezone Asia/Shanghai rm /etc/yum.repos.d/CentOS-Base.repo curl 10.50.10.25/pigsty/Centos-Base.repo -o /etc/yum.repos.d/CentOS-Base.repo # install kmod and ceph-common for rook yum install -y wget curl conntrack-tools net-tools telnet tcpdump bind-utils socat ntp kmod dos2unix echo 'disable selinux' setenforce 0 sed -i 's/=enforcing/=disabled/g' /etc/selinux/config echo 'enable iptable kernel parameter' cat >> /etc/sysctl.conf <<EOF net.ipv4.ip_forward=1 EOF sysctl -p echo 'set host name resolution' cat >> /etc/hosts <<EOF 10.50.10.31 master1 10.50.10.32 master2 10.50.10.33 master3 10.50.10.34 node1 10.50.10.35 node2 10.50.10.36 node3 EOF cat /etc/hosts echo 'disable swap' swapoff -a sed -i '/swap/s/^/#/' /etc/fstab #install docker #yum -y install docker-ce.x86_64 #systemctl daemon-reload && systemctl enable --now docker # 允许root登录、重启sshd sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config && systemctl restart sshd # 启动node exporter 监控 curl -O 10.50.10.25/pigsty/node_exporter-1.3.1-1.el7.x86_64.rpm && rpm -ivh node_exporter-1.3.1-1.el7.x86_64.rpm && rm -rf node_exporter-1.3.1-1.el7.x86_64.rpm && systemctl enable node_exporter.service --now #install conntrack mkdir -p /opt/conntrack #!/bin/bash rpms=( bash-4.2.46-35.el7_9.x86_64.rpm conntrack-tools-1.4.4-7.el7.x86_64.rpm glibc-2.17-326.el7_9.i686.rpm glibc-2.17-326.el7_9.x86_64.rpm libmnl-1.0.3-7.el7.x86_64.rpm libnetfilter_conntrack-1.0.6-1.el7_3.i686.rpm libnetfilter_conntrack-1.0.6-1.el7_3.x86_64.rpm libnetfilter_cthelper-1.0.0-11.el7.x86_64.rpm libnetfilter_cttimeout-1.0.0-7.el7.x86_64.rpm libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm libnfnetlink-1.0.1-4.el7.x86_64.rpm systemd-219-78.el7_9.5.x86_64.rpm ) for rpm in ${rpms[@]} ; do curl 10.50.10.25/pigsty/$rpm -o /opt/conntrack/$rpm done cd /opt/conntrack && rpm -Uvh --force --nodeps *.rpm # download kernel cd /tmp && curl -O http://10.50.10.25/pigsty/kernel-lt-5.4.200-1.el7.elrepo.x86_64.rpm && rpm -Uvh kernel-lt-5.4.200-1.el7.elrepo.x86_64.rpm #默认启动的顺序是从0开始,新内核是从头插入(目前位置在0,而4.4.4的是在1),所以需要选择0。 grub2-set-default 0 # reboot 内核升级生效 reboot
5、时间同步
30 10 * * * /usr/sbin/ntpdate 10.56.5.240