背景

服务器配置

软件版本

镜像版本

创建初始文件夹

#/Users/keyboardone/同步空间/software
mkdir -p /opt/software
cd /opt/software/k8s/
chmod 755 /opt/software/k8s/*.sh

配置ssh免密

ren

ren-ssh.sh

cd /opt/software/k8s/
vi ren-ssh.sh

#修改主机名
sudo hostnamectl set-hostname ren
sudo hostnamectl set-hostname "ren" --pretty
sudo hostnamectl set-hostname ren --static
sudo hostnamectl set-hostname ren --transient
#标识其他主机名
cat > /etc/hosts <<EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.4.17 ren
101.34.64.205 yan
106.12.145.172 bai
EOF
#清空密钥
cd ~/.ssh/
rm -rf *
#用户目录下生成公钥、私钥文件
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
#分发公钥到其他主机
for ip in yan bai;     # 请将此处主机名替换为自己要部署的机器的 hostname
do
ssh-copy-id  $ip   # 该操作执行过程中需要手动输入用户的密码
done

yan

yan-ssh.sh

cd /opt/software/k8s/
vi yan-ssh.sh

#修改主机名
sudo hostnamectl set-hostname yan
sudo hostnamectl set-hostname "yan" --pretty
sudo hostnamectl set-hostname yan --static
sudo hostnamectl set-hostname yan --transient
#标识其他主机名
cat > /etc/hosts <<EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
1.15.230.38 ren
10.0.4.15 yan
106.12.145.172 bai
EOF
#清空密钥
cd ~/.ssh/
rm -rf *
#用户目录下生成公钥、私钥文件
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
#分发公钥到其他主机
for ip in ren bai;     # 请将此处主机名替换为自己要部署的机器的 hostname
do
ssh-copy-id  $ip   # 该操作执行过程中需要手动输入用户的密码
done

bai

bai-ssh.sh

cd /opt/software/k8s/
vi bai-ssh.sh

#修改主机名
sudo hostnamectl set-hostname bai
sudo hostnamectl set-hostname "bai" --pretty
sudo hostnamectl set-hostname bai --static
sudo hostnamectl set-hostname bai --transient
#标识其他主机名
cat > /etc/hosts <<EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
1.15.230.38 ren
101.34.64.205 yan
192.168.0.4 bai
EOF
#清空密钥
cd ~/.ssh/
rm -rf *
#用户目录下生成公钥、私钥文件
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
#分发公钥到其他主机
for ip in ren yan;     # 请将此处主机名替换为自己要部署的机器的 hostname
do
ssh-copy-id  $ip   # 该操作执行过程中需要手动输入用户的密码
done

文件准备

上传相关文件到 /opt/software/

scp -r /opt/software/ yan:/opt/
scp -r /opt/software/ bai:/opt/

准备集群基础环境

ren

ren-os.sh nohup /opt/software/k8s/ren-os.sh > ren-os.log 2>&1 &

cd /opt/software/k8s/
vi ren-os.sh

#设置重启自动加载模块
modprobe br_netfilter
sysctl -p /etc/sysctl.conf
#查看
lsmod | grep br_netfilter
#永久设置
#新建 rc.sysinit
cat > /etc/rc.sysinit <<EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF
#新建 br_netfilter.modules
cat > /etc/sysconfig/modules/br_netfilter.modules <<EOF
modprobe br_netfilter
EOF
#授权br_netfilter.modules文件执行权限
chmod 755 /etc/sysconfig/modules/br_netfilter.modules
#查看
lsmod |grep br_netfilter
#新建k8s网桥配置文件
cat > /root/k8s.conf <<EOF
#开启网桥模式
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
#开启转发
net.ipv4.ip_forward = 1
##关闭ipv6
net.ipv6.conf.all.disable_ipv6=1
EOF
#拷贝k8s网桥配置文件到系统目录下
cp /root/k8s.conf /etc/sysctl.d/k8s.conf
sysctl -p /etc/sysctl.d/k8s.conf
#设置时区
# 设置系统时区为 中国/上海
timedatectl set-timezone Asia/Shanghai
# 将当前的UTC时间写入硬件时钟
timedatectl set-local-rtc 0
# 重启依赖于系统时间的服务
systemctl restart rsyslog
systemctl restart crond
#关闭邮件服务
systemctl stop postfix && systemctl disable postfix
#设置rsyslogd、systemd、journald
mkdir /var/log/journal # 持久化保存日志的目录
mkdir /etc/systemd/journald.conf.d
#新建 journald 配置文件
cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
[Journal]
# 持久化
Storage=persistent
# 压缩历史日志
Compress=yes
SysnIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
# 最大占用空间 10G
SystemMaxUse=10G
# 单日志文件最大 200M
SystemMaxFileSize=200M
# 日志保存时间 2 周
MaxRetentionSec=2week
# 不将日志转发到 syslog
ForwardToSyslog=no
EOF
#重启 journald 使生效
systemctl restart systemd-journald
#ipvs前置条件准备
modprobe br_netfilter
#新建 ipvs.modules 配置文件
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
#授权 ipvs.modules 文件执行权限
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules
#查看已载入系统的模块
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
#关闭swap分区
free -lh
#删除 swap 区所有内容
swapoff -a
free -lh
#开启ipv4
cat /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
#安装docker
cd /opt/software/docker
tar xzvf docker-20.10.7.tgz
chmod +x docker/*
mv docker/* /usr/local/bin/
#创建docker配置文件
echo '[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io
After=network.target
[Service]
Environment="PATH=/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin"
ExecStart=/usr/local/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375
ExecReload=/bin/kill -s HUP $MAINPID
Restart=always
RestartSec=5
TimeoutSec=0
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
' >> /etc/systemd/system/docker.service
#重新加载docker配置文件
cd /usr/local/bin
#重新加载配置文件
systemctl daemon-reload
#设置开机启动
systemctl enable docker.service
#启动
systemctl start docker.service
#重启
systemctl daemon-reload
systemctl restart docker
#等待
sleep 30s
#添加docker源
mkdir -p /etc/docker/
touch /etc/docker/daemon.json
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors":["https://docker.mirrors.ustc.edu.cn/"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#重启docker
systemctl daemon-reload
systemctl restart docker
#等待
sleep 1m
#查看验证docker
docker info
#等待
sleep 1m
#安装Kubeadm、Kubelet、Kubectl
#添加yum源
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
   http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
#关闭SELinux
getenforce
sestatus
setenforce 0
getenforce
sestatus
#yum安装kubelet、kubeadm、kubectl
#sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes
sudo yum install -y kubelet-1.23.3 kubeadm-1.23.3 kubectl-1.23.3 --disableexcludes=kubernetes
#kubelet设置为开机自启
sudo systemctl enable --now kubelet
#检查 kubelet 服务
systemctl status kubelet
#建立虚拟网卡
cat > /etc/sysconfig/network-scripts/ifcfg-eth0:1 <<EOF
BOOTPROTO=static
DEVICE=eth0:1
IPADDR=1.15.230.38
PREFIX=32
TYPE=Ethernet
USERCTL=no
ONBOOT=yes
EOF
#重启网卡,使生效
systemctl restart network
#等待
sleep 30s
ip addr
#重启网卡后,重新开启ipv4
cat /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/ip_forward
#修改kubelet启动参数
mkdir -p /usr/lib/systemd/system/kubelet.service.d/
cp /opt/software/k8s/ren-10-kubeadm.conf /usr/lib/systemd/system/kubelet.service.d/
rm -rf /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
mv /usr/lib/systemd/system/kubelet.service.d/ren-10-kubeadm.conf /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
#准备kubeadm初始化环境
#编写 kubeadm-config.yaml 文件，准备初始化主节点
cat > /root/kubeadm-config.yaml <<EOF
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.23.3
apiServer:
  certSANs:    #填写所有kube-apiserver节点的hostname、IP、VIP
  - ren    #替换为hostname
  - 1.15.230.38   #替换为公网
  - 10.0.4.17  #替换为私网
  - 10.96.0.1   #不要替换，此IP是API的集群地址，部分服务会用到
controlPlaneEndpoint: 1.15.230.38:6443 #替换为公网IP
networking:
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
---
apiVersion: kubeproxy-config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
  SupportIPVSProxyMode: true
mode: ipvs
EOF
#查看要下载的镜像
kubeadm config images list
#等待
sleep 30s
#编写镜像拉取脚本，准备分发各节点执行
cat >/root/pull_k8s_images.sh << "EOF"
# 内容为
set -o errexit
set -o nounset
set -o pipefail
##这里定义需要下载的版本
#KUBE_VERSION=v1.20.9
#KUBE_PAUSE_VERSION=3.2
#ETCD_VERSION=3.4.13-0
#DNS_VERSION=1.7.0
KUBE_VERSION=v1.23.3
KUBE_PAUSE_VERSION=3.6
ETCD_VERSION=3.5.1-0
DNS_VERSION=1.8.6
##这是原来被墙的仓库
GCR_URL=k8s.gcr.io
##这里就是写你要使用的仓库,也可以使用gotok8s
DOCKERHUB_URL=registry.cn-hangzhou.aliyuncs.com/google_containers
##这里是镜像列表
images=(
kube-proxy:${KUBE_VERSION}
kube-scheduler:${KUBE_VERSION}
kube-controller-manager:${KUBE_VERSION}
kube-apiserver:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd:${ETCD_VERSION}
coredns:${DNS_VERSION}
)
## 这里是拉取和改名的循环语句, 先下载, 再tag重命名生成需要的镜像, 再删除下载的镜像
for imageName in ${images[@]} ; do
  docker pull $DOCKERHUB_URL/$imageName
  docker tag $DOCKERHUB_URL/$imageName $GCR_URL/$imageName
  docker rmi $DOCKERHUB_URL/$imageName
done
EOF
#授权 镜像拉取脚本 执行权限
chmod +x /root/pull_k8s_images.sh
#执行 镜像拉取 脚本
bash /root/pull_k8s_images.sh
#验证镜像拉取
docker images

主节点执行 kubeadm ，进行初始化
kubeadm init —config=kubeadm-config.yaml

yan

yan-os.sh nohup /opt/software/k8s/yan-os.sh > yan-os.log 2>&1 &

cd /opt/software/k8s/
vi yan-os.sh

#设置重启自动加载模块
modprobe br_netfilter
sysctl -p /etc/sysctl.conf
#查看
lsmod | grep br_netfilter
#永久设置
#新建 rc.sysinit
cat > /etc/rc.sysinit <<EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF
#新建 br_netfilter.modules
cat > /etc/sysconfig/modules/br_netfilter.modules <<EOF
modprobe br_netfilter
EOF
#授权br_netfilter.modules文件执行权限
chmod 755 /etc/sysconfig/modules/br_netfilter.modules
#查看
lsmod |grep br_netfilter
#新建k8s网桥配置文件
cat > /root/k8s.conf <<EOF
#开启网桥模式
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
#开启转发
net.ipv4.ip_forward = 1
##关闭ipv6
net.ipv6.conf.all.disable_ipv6=1
EOF
#拷贝k8s网桥配置文件到系统目录下
cp /root/k8s.conf /etc/sysctl.d/k8s.conf
sysctl -p /etc/sysctl.d/k8s.conf
#设置时区
# 设置系统时区为 中国/上海
timedatectl set-timezone Asia/Shanghai
# 将当前的UTC时间写入硬件时钟
timedatectl set-local-rtc 0
# 重启依赖于系统时间的服务
systemctl restart rsyslog
systemctl restart crond
#关闭邮件服务
systemctl stop postfix && systemctl disable postfix
#设置rsyslogd、systemd、journald
mkdir /var/log/journal # 持久化保存日志的目录
mkdir /etc/systemd/journald.conf.d
#新建 journald 配置文件
cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
[Journal]
# 持久化
Storage=persistent
# 压缩历史日志
Compress=yes
SysnIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
# 最大占用空间 10G
SystemMaxUse=10G
# 单日志文件最大 200M
SystemMaxFileSize=200M
# 日志保存时间 2 周
MaxRetentionSec=2week
# 不将日志转发到 syslog
ForwardToSyslog=no
EOF
#重启 journald 使生效
systemctl restart systemd-journald
#ipvs前置条件准备
modprobe br_netfilter
#新建 ipvs.modules 配置文件
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
#授权 ipvs.modules 文件执行权限
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules
#查看已载入系统的模块
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
#关闭swap分区
free -lh
#删除 swap 区所有内容
swapoff -a
free -lh
#开启ipv4
cat /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
#安装docker
cd /opt/software/docker
tar xzvf docker-20.10.7.tgz
chmod +x docker/*
mv docker/* /usr/local/bin/
#创建docker配置文件
echo '[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io
After=network.target
[Service]
Environment="PATH=/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin"
ExecStart=/usr/local/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375
ExecReload=/bin/kill -s HUP $MAINPID
Restart=always
RestartSec=5
TimeoutSec=0
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
' >> /etc/systemd/system/docker.service
#重新加载docker配置文件
cd /usr/local/bin
#重新加载配置文件
systemctl daemon-reload
#设置开机启动
systemctl enable docker.service
#启动
systemctl start docker.service
#重启
systemctl daemon-reload
systemctl restart docker
#等待
sleep 30s
#添加docker源
mkdir -p /etc/docker/
touch /etc/docker/daemon.json
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors":["https://docker.mirrors.ustc.edu.cn/"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#重启docker
systemctl daemon-reload
systemctl restart docker
#等待
sleep 1m
#查看验证docker
docker info
#等待
sleep 1m
#安装Kubeadm、Kubelet、Kubectl
#添加yum源
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
   http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
#关闭SELinux
getenforce
sestatus
setenforce 0
getenforce
sestatus
#yum安装kubelet、kubeadm、kubectl
#sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes
sudo yum install -y kubelet-1.23.3 kubeadm-1.23.3 kubectl-1.23.3 --disableexcludes=kubernetes
#kubelet设置为开机自启
sudo systemctl enable --now kubelet
#检查 kubelet 服务
systemctl status kubelet
#建立虚拟网卡
cat > /etc/sysconfig/network-scripts/ifcfg-eth0:1 <<EOF
BOOTPROTO=static
DEVICE=eth0:1
IPADDR=101.34.64.205
PREFIX=32
TYPE=Ethernet
USERCTL=no
ONBOOT=yes
EOF
#重启网卡,使生效
systemctl restart network
#等待
sleep 30s
ip addr
#重启网卡后,重新开启ipv4
cat /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/ip_forward
#修改kubelet启动参数
mkdir -p /usr/lib/systemd/system/kubelet.service.d/
cp /opt/software/k8s/yan-10-kubeadm.conf /usr/lib/systemd/system/kubelet.service.d/
rm -rf /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
mv /usr/lib/systemd/system/kubelet.service.d/yan-10-kubeadm.conf /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
#准备kubeadm初始化环境
#编写 kubeadm-config.yaml 文件，准备初始化主节点
cat > /root/kubeadm-config.yaml <<EOF
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.23.3
apiServer:
  certSANs:    #填写所有kube-apiserver节点的hostname、IP、VIP
  - ren    #替换为hostname
  - 1.15.230.38   #替换为公网
  - 10.0.4.17  #替换为私网
  - 10.96.0.1   #不要替换，此IP是API的集群地址，部分服务会用到
controlPlaneEndpoint: 1.15.230.38:6443 #替换为公网IP
networking:
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
--- 将默认调度方式改为ipvs
apiVersion: kubeproxy-config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
  SupportIPVSProxyMode: true
mode: ipvs
EOF
#查看要下载的镜像
kubeadm config images list
#等待
sleep 30s
#编写镜像拉取脚本，准备分发各节点执行
cat >/root/pull_k8s_images.sh << "EOF"
# 内容为
set -o errexit
set -o nounset
set -o pipefail
##这里定义需要下载的版本
#KUBE_VERSION=v1.20.9
#KUBE_PAUSE_VERSION=3.2
#ETCD_VERSION=3.4.13-0
#DNS_VERSION=1.7.0
KUBE_VERSION=v1.23.13
KUBE_PAUSE_VERSION=3.6
ETCD_VERSION=3.5.1-0
DNS_VERSION=1.8.6
##这是原来被墙的仓库
GCR_URL=k8s.gcr.io
##这里就是写你要使用的仓库,也可以使用gotok8s
DOCKERHUB_URL=registry.cn-hangzhou.aliyuncs.com/google_containers
##这里是镜像列表
images=(
kube-proxy:${KUBE_VERSION}
kube-scheduler:${KUBE_VERSION}
kube-controller-manager:${KUBE_VERSION}
kube-apiserver:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd:${ETCD_VERSION}
coredns:${DNS_VERSION}
)
## 这里是拉取和改名的循环语句, 先下载, 再tag重命名生成需要的镜像, 再删除下载的镜像
for imageName in ${images[@]} ; do
  docker pull $DOCKERHUB_URL/$imageName
  docker tag $DOCKERHUB_URL/$imageName $GCR_URL/$imageName
  docker rmi $DOCKERHUB_URL/$imageName
done
EOF
#授权 镜像拉取脚本 执行权限
chmod +x /root/pull_k8s_images.sh
#执行 镜像拉取 脚本
bash /root/pull_k8s_images.sh
#验证镜像拉取
docker images

bai

bai-os.sh nohup /opt/software/k8s/bai-os.sh > bai-os.log 2>&1 &

cd /opt/software/k8s/
vi bai-os.sh

#设置重启自动加载模块
modprobe br_netfilter
sysctl -p /etc/sysctl.conf
#查看
lsmod | grep br_netfilter
#永久设置
#新建 rc.sysinit
cat > /etc/rc.sysinit <<EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF
#新建 br_netfilter.modules
cat > /etc/sysconfig/modules/br_netfilter.modules <<EOF
modprobe br_netfilter
EOF
#授权br_netfilter.modules文件执行权限
chmod 755 /etc/sysconfig/modules/br_netfilter.modules
#查看
lsmod |grep br_netfilter
#新建k8s网桥配置文件
cat > /root/k8s.conf <<EOF
#开启网桥模式
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
#开启转发
net.ipv4.ip_forward = 1
##关闭ipv6
net.ipv6.conf.all.disable_ipv6=1
EOF
#拷贝k8s网桥配置文件到系统目录下
cp /root/k8s.conf /etc/sysctl.d/k8s.conf
sysctl -p /etc/sysctl.d/k8s.conf
#设置时区
# 设置系统时区为 中国/上海
timedatectl set-timezone Asia/Shanghai
# 将当前的UTC时间写入硬件时钟
timedatectl set-local-rtc 0
# 重启依赖于系统时间的服务
systemctl restart rsyslog
systemctl restart crond
#关闭邮件服务
systemctl stop postfix && systemctl disable postfix
#设置rsyslogd、systemd、journald
mkdir /var/log/journal # 持久化保存日志的目录
mkdir /etc/systemd/journald.conf.d
#新建 journald 配置文件
cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
[Journal]
# 持久化
Storage=persistent
# 压缩历史日志
Compress=yes
SysnIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
# 最大占用空间 10G
SystemMaxUse=10G
# 单日志文件最大 200M
SystemMaxFileSize=200M
# 日志保存时间 2 周
MaxRetentionSec=2week
# 不将日志转发到 syslog
ForwardToSyslog=no
EOF
#重启 journald 使生效
systemctl restart systemd-journald
#ipvs前置条件准备
modprobe br_netfilter
#新建 ipvs.modules 配置文件
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
#授权 ipvs.modules 文件执行权限
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules
#查看已载入系统的模块
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
#关闭swap分区
free -lh
#删除 swap 区所有内容
swapoff -a
free -lh
#开启ipv4
cat /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
#安装docker
cd /opt/software/docker
tar xzvf docker-20.10.7.tgz
chmod +x docker/*
mv docker/* /usr/local/bin/
#创建docker配置文件
echo '[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io
After=network.target
[Service]
Environment="PATH=/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin"
ExecStart=/usr/local/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375
ExecReload=/bin/kill -s HUP $MAINPID
Restart=always
RestartSec=5
TimeoutSec=0
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
' >> /etc/systemd/system/docker.service
#重新加载docker配置文件
cd /usr/local/bin
#重新加载配置文件
systemctl daemon-reload
#设置开机启动
systemctl enable docker.service
#启动
systemctl start docker.service
#重启
systemctl daemon-reload
systemctl restart docker
#等待
sleep 30s
#添加docker源
mkdir -p /etc/docker/
touch /etc/docker/daemon.json
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors":["https://docker.mirrors.ustc.edu.cn/"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#重启docker
systemctl daemon-reload
systemctl restart docker
#等待
sleep 1m
#查看验证docker
docker info
#等待
sleep 1m
#安装Kubeadm、Kubelet、Kubectl
#添加yum源
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
   http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
#关闭SELinux
getenforce
sestatus
setenforce 0
getenforce
sestatus
#yum安装kubelet、kubeadm、kubectl
#sudo yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9 --disableexcludes=kubernetes
sudo yum install -y kubelet-1.23.3 kubeadm-1.23.3 kubectl-1.23.3 --disableexcludes=kubernetes
#kubelet设置为开机自启
sudo systemctl enable --now kubelet
#检查 kubelet 服务
systemctl status kubelet
#建立虚拟网卡
cat > /etc/sysconfig/network-scripts/ifcfg-eth0:1 <<EOF
BOOTPROTO=static
DEVICE=eth0:1
IPADDR=106.12.145.172
PREFIX=32
TYPE=Ethernet
USERCTL=no
ONBOOT=yes
EOF
#重启网卡,使生效
systemctl restart network
#等待
sleep 30s
ip addr
#重启网卡后,重新开启ipv4
cat /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/ip_forward
#修改kubelet启动参数
mkdir -p /usr/lib/systemd/system/kubelet.service.d/
cp /opt/software/k8s/bai-10-kubeadm.conf /usr/lib/systemd/system/kubelet.service.d/
rm -rf /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
mv /usr/lib/systemd/system/kubelet.service.d/bai-10-kubeadm.conf /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
#准备kubeadm初始化环境
#编写 kubeadm-config.yaml 文件，准备初始化主节点
cat > /root/kubeadm-config.yaml <<EOF
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.23.3
apiServer:
  certSANs:    #填写所有kube-apiserver节点的hostname、IP、VIP
  - ren    #替换为hostname
  - 1.15.230.38   #替换为公网
  - 10.0.4.17  #替换为私网
  - 10.96.0.1   #不要替换，此IP是API的集群地址，部分服务会用到
controlPlaneEndpoint: 1.15.230.38:6443 #替换为公网IP
networking:
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
--- 将默认调度方式改为ipvs
apiVersion: kubeproxy-config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
  SupportIPVSProxyMode: true
mode: ipvs
EOF
#查看要下载的镜像
kubeadm config images list
#等待
sleep 30s
#编写镜像拉取脚本，准备分发各节点执行
cat >/root/pull_k8s_images.sh << "EOF"
# 内容为
set -o errexit
set -o nounset
set -o pipefail
##这里定义需要下载的版本
#KUBE_VERSION=v1.20.9
#KUBE_PAUSE_VERSION=3.2
#ETCD_VERSION=3.4.13-0
#DNS_VERSION=1.7.0
KUBE_VERSION=v1.23.13
KUBE_PAUSE_VERSION=3.6
ETCD_VERSION=3.5.1-0
DNS_VERSION=1.8.6
##这是原来被墙的仓库
GCR_URL=k8s.gcr.io
##这里就是写你要使用的仓库,也可以使用gotok8s
DOCKERHUB_URL=registry.cn-hangzhou.aliyuncs.com/google_containers
##这里是镜像列表
images=(
kube-proxy:${KUBE_VERSION}
kube-scheduler:${KUBE_VERSION}
kube-controller-manager:${KUBE_VERSION}
kube-apiserver:${KUBE_VERSION}
pause:${KUBE_PAUSE_VERSION}
etcd:${ETCD_VERSION}
coredns:${DNS_VERSION}
)
## 这里是拉取和改名的循环语句, 先下载, 再tag重命名生成需要的镜像, 再删除下载的镜像
for imageName in ${images[@]} ; do
  docker pull $DOCKERHUB_URL/$imageName
  docker tag $DOCKERHUB_URL/$imageName $GCR_URL/$imageName
  docker rmi $DOCKERHUB_URL/$imageName
done
EOF
#授权 镜像拉取脚本 执行权限
chmod +x /root/pull_k8s_images.sh
#执行 镜像拉取 脚本
bash /root/pull_k8s_images.sh
#验证镜像拉取
docker images

节点初始化

ren

ren-init.sh nohup /opt/software/k8s/ren-init.sh > ren-init.log 2>&1 &

cd /opt/software/k8s/
vi ren-init.sh

systemctl status kubelet
#Warning: kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units.
systemctl daemon-reload
#等待
sleep 30s
#初始化
kubeadm init --config=/root/kubeadm-config.yaml
#等待
sleep 3m
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
#修改kube-apiserver参数
cp /opt/software/k8s/kube-apiserver.yaml /etc/kubernetes/manifests/

yan

yan-join.sh nohup /opt/software/k8s/yan-join.sh > yan-join.log 2>&1 &

systemctl status kubelet
#Warning: kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units.
systemctl daemon-reload
#worker节点加入集群
kubeadm join 1.15.230.38:6443 --token uifpif.fyr2s4f5gtemqgnn \
    --discovery-token-ca-cert-hash sha256:80accd0bf78574cd8e0df8b3d276e2a8c1453277b510eb02507f8e5a0675676e

bai

bai-join.sh nohup /opt/software/k8s/bai-join.sh > bai-join.log 2>&1 &

systemctl status kubelet
#Warning: kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units.
systemctl daemon-reload
#worker节点加入集群
kubeadm join 1.15.230.38:6443 --token uifpif.fyr2s4f5gtemqgnn \
    --discovery-token-ca-cert-hash sha256:80accd0bf78574cd8e0df8b3d276e2a8c1453277b510eb02507f8e5a0675676e

查看初始化进度

#监听应用启动情况
kubectl get pod -A -w
#或者
watch -n 1 kubectl get pod -A
#检查各节点连接状态
kubectl get pods -o wide --all-namespaces
#或者
watch -n 1 kubectl get pods -o wide --all-namespaces

安装网络插件 flannel

ren

ren-flannel.sh nohup /opt/software/k8s/ren-flannel.sh > ren-flannel.log 2>&1 &

cd /opt/software/k8s/
vi ren-flannel.sh

kubectl get pod -A
#等待
sleep 3m
kubectl get pod -A
kubectl apply -f /opt/software/k8s/kube-flannel.yml
#等待
sleep 11m
kubectl get pod -A

检查网络是否连通

# 检查pod是否都是ready状态
kubectl get pods -o wide --all-namespaces
...
# 手动创建一个pod
kubectl create deployment nginx --image=nginx
# 查看pod的ip
kubectl get pods -o wide
# 主节点或其它节点，ping一下此ip,看看是否能ping通