背景

服务器配置

节点 内网IP 公网IP 配置
ren 10.0.4.17 1.15.230.38 4C8G
yan 10.0.4.15 101.34.64.205 4C8G
bai 192.168.0.4 106.12.145.172 2C8G

软件版本

软件 版本
centos 7.6
docker 20.10.7
kubelet 1.20.9
kubeadm 1.20.9
kubectl 1.20.9

镜像版本

镜像 版本
k8s.gcr.io/kube-apiserver 1.20.9
k8s.gcr.io/kube-controller-manager 1.20.9
k8s.gcr.io/kube-scheduler 1.20.9
k8s.gcr.io/kube-proxy 1.20.9
k8s.gcr.io/pause 3.2
k8s.gcr.io/etcd 3.4.13-0
k8s.gcr.io/coredns 1.7.0

创建初始文件夹

  1. #/Users/keyboardone/同步空间/software
  2. mkdir -p /opt/software
  3. cd /opt/software/kubesphere/
  4. chmod 755 /opt/software/kubesphere/*.sh

配置ssh免密

ren

ren-ssh.sh

  1. cd /opt/software/k8s/
  2. vi ren-ssh.sh
  1. #修改主机名
  2. sudo hostnamectl set-hostname ren
  3. sudo hostnamectl set-hostname "ren" --pretty
  4. sudo hostnamectl set-hostname ren --static
  5. sudo hostnamectl set-hostname ren --transient
  6. #标识其他主机名
  7. cat > /etc/hosts <<EOF
  8. 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
  9. ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  10. 10.0.4.17 ren
  11. 101.34.64.205 yan
  12. 106.12.145.172 bai
  13. EOF
  14. #清空密钥
  15. cd ~/.ssh/
  16. rm -rf *
  17. #用户目录下生成公钥、私钥文件
  18. ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
  19. cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
  20. chmod 600 ~/.ssh/authorized_keys
  21. #分发公钥到其他主机
  22. for ip in yan bai;     # 请将此处主机名替换为自己要部署的机器的 hostname
  23. do
  24. ssh-copy-id  $ip   # 该操作执行过程中需要手动输入用户的密码
  25. done

yan

yan-ssh.sh

  1. cd /opt/software/k8s/
  2. vi yan-ssh.sh
  1. #修改主机名
  2. sudo hostnamectl set-hostname yan
  3. sudo hostnamectl set-hostname "yan" --pretty
  4. sudo hostnamectl set-hostname yan --static
  5. sudo hostnamectl set-hostname yan --transient
  6. #标识其他主机名
  7. cat > /etc/hosts <<EOF
  8. 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
  9. ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  10. 1.15.230.38 ren
  11. 10.0.4.15 yan
  12. 106.12.145.172 bai
  13. EOF
  14. #清空密钥
  15. cd ~/.ssh/
  16. rm -rf *
  17. #用户目录下生成公钥、私钥文件
  18. ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
  19. cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
  20. chmod 600 ~/.ssh/authorized_keys
  21. #分发公钥到其他主机
  22. for ip in ren bai;     # 请将此处主机名替换为自己要部署的机器的 hostname
  23. do
  24. ssh-copy-id  $ip   # 该操作执行过程中需要手动输入用户的密码
  25. done

bai

bai-ssh.sh

  1. cd /opt/software/k8s/
  2. vi bai-ssh.sh
  1. #修改主机名
  2. sudo hostnamectl set-hostname bai
  3. sudo hostnamectl set-hostname "bai" --pretty
  4. sudo hostnamectl set-hostname bai --static
  5. sudo hostnamectl set-hostname bai --transient
  6. #标识其他主机名
  7. cat > /etc/hosts <<EOF
  8. 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
  9. ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  10. 1.15.230.38 ren
  11. 101.34.64.205 yan
  12. 192.168.0.4 bai
  13. EOF
  14. #清空密钥
  15. cd ~/.ssh/
  16. rm -rf *
  17. #用户目录下生成公钥、私钥文件
  18. ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
  19. cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
  20. chmod 600 ~/.ssh/authorized_keys
  21. #分发公钥到其他主机
  22. for ip in ren yan;     # 请将此处主机名替换为自己要部署的机器的 hostname
  23. do
  24. ssh-copy-id  $ip   # 该操作执行过程中需要手动输入用户的密码
  25. done

文件准备

上传相关文件到 /opt/software/

  1. scp -r /opt/software/ yan:/opt/
  3. scp -r /opt/software/ bai:/opt/

准备集群基础环境

ren

ren-os.sh nohup /opt/software/kubesphere/ren-os.sh > ren-os.log 2>&1 &

  1. cd /opt/software/kubesphere/
  2. vi ren-os.sh

yan

yan-os.sh nohup /opt/software/kubesphere/yan-os.sh > yan-os.log 2>&1 &

  1. cd /opt/software/kubesphere/
  2. vi yan-os.sh

bai

bai-os.sh nohup /opt/software/kubesphere/bai-os.sh > bai-os.log 2>&1 &

  1. cd /opt/software/kubesphere/
  2. vi bai-os.sh

节点初始化

ren

ren-init.sh nohup /opt/software/kubesphere_install/ren-init.sh > ren-init.log 2>&1 &

  1. cd /opt/software/kubesphere_install/
  2. vi ren-init.sh
  1. chmod +x kk
  2. export KKZONE=cn
  3. ./kk create config --with-kubernetes v1.20.4 --with-kubesphere v3.1.1

编辑集群配置文件

  1. cd /opt/software/kubesphere_install
  2. vi config-sample.yaml
  2. apiVersion: kubekey.kubesphere.io/v1alpha2
  3. kind: Cluster
  4. metadata:
  5.   name: sample
  6. spec:
  7.   hosts:
  8.   - {name: ren, address: 1.15.230.38, internalAddress: 1.15.230.38, user: root, password: "A5397G!#%br"}
  9.   - {name: yan, address: 101.34.64.205, internalAddress: 101.34.64.205, user: root, password: "A5397G!#%br"}
  10.   - {name: bai, address: 106.12.145.172, internalAddress: 106.12.145.172, user: root, password: "A5397G!#%br"}
  11.   roleGroups:
  12.     etcd:
  13.     - ren
  14.     control-plane: 
  15.     - ren
  16.     worker:
  17.     - yan
  18.     - bai
  19.   controlPlaneEndpoint:
  20.     ## Internal loadbalancer for apiservers 
  21.     # internalLoadbalancer: haproxy
  23.     domain: lb.kubesphere.local
  24.     address: ""
  25.     port: 6443
  26.   kubernetes:
  27.     version: v1.20.4
  28.     clusterName: cluster.local
  29.     autoRenewCerts: true
  30.     containerManager: docker
  31.   etcd:
  32.     type: kubekey
  33.   network:
  34.     plugin: calico
  35.     kubePodsCIDR: 10.233.64.0/18
  36.     kubeServiceCIDR: 10.233.0.0/18
  37.     ## multus support. https://github.com/k8snetworkplumbingwg/multus-cni
  38.     multusCNI:
  39.       enabled: false
  40.   registry:
  41.     privateRegistry: ""
  42.     namespaceOverride: ""
  43.     registryMirrors: []
  44.     insecureRegistries: []
  45.   addons: []
  48. ---
  49. apiVersion: installer.kubesphere.io/v1alpha1
  50. kind: ClusterConfiguration
  51. metadata:
  52.   name: ks-installer
  53.   namespace: kubesphere-system
  54.   labels:
  55.     version: v3.1.1
  56. spec:
  57.   persistence:
  58.     storageClass: ""       
  59.   authentication:
  60.     jwtSecret: ""
  61.   zone: ""
  62.   local_registry: ""        
  63.   etcd:
  64.     monitoring: false      
  65.     endpointIps: localhost  
  66.     port: 2379             
  67.     tlsEnable: true
  68.   common:
  69.     redis:
  70.       enabled: false
  71.     redisVolumSize: 2Gi 
  72.     openldap:
  73.       enabled: false
  74.     openldapVolumeSize: 2Gi  
  75.     minioVolumeSize: 20Gi
  76.     monitoring:
  77.       endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
  78.     es:  
  79.       elasticsearchMasterVolumeSize: 4Gi   
  80.       elasticsearchDataVolumeSize: 20Gi   
  81.       logMaxAge: 7          
  82.       elkPrefix: logstash
  83.       basicAuth:
  84.         enabled: false
  85.         username: ""
  86.         password: ""
  87.       externalElasticsearchUrl: ""
  88.       externalElasticsearchPort: ""  
  89.   console:
  90.     enableMultiLogin: true 
  91.     port: 30880
  92.   alerting:       
  93.     enabled: false
  94.     # thanosruler:
  95.     #   replicas: 1
  96.     #   resources: {}
  97.   auditing:    
  98.     enabled: false
  99.   devops:           
  100.     enabled: false
  101.     jenkinsMemoryLim: 2Gi     
  102.     jenkinsMemoryReq: 1500Mi 
  103.     jenkinsVolumeSize: 8Gi   
  104.     jenkinsJavaOpts_Xms: 512m  
  105.     jenkinsJavaOpts_Xmx: 512m
  106.     jenkinsJavaOpts_MaxRAM: 2g
  107.   events:          
  108.     enabled: false
  109.     ruler:
  110.       enabled: true
  111.       replicas: 2
  112.   logging:         
  113.     enabled: false
  114.     logsidecar:
  115.       enabled: true
  116.       replicas: 2
  117.   metrics_server:             
  118.     enabled: false
  119.   monitoring:
  120.     storageClass: ""
  121.     prometheusMemoryRequest: 400Mi  
  122.     prometheusVolumeSize: 20Gi  
  123.   multicluster:
  124.     clusterRole: none 
  125.   network:
  126.     networkpolicy:
  127.       enabled: false
  128.     ippool:
  129.       type: none
  130.     topology:
  131.       type: none
  132.   openpitrix:
  133.     store:
  134.       enabled: false
  135.   servicemesh:    
  136.     enabled: false  
  137.   kubeedge:
  138.     enabled: false
  139.     cloudCore:
  140.       nodeSelector: {"node-role.kubernetes.io/worker": ""}
  141.       tolerations: []
  142.       cloudhubPort: "10000"
  143.       cloudhubQuicPort: "10001"
  144.       cloudhubHttpsPort: "10002"
  145.       cloudstreamPort: "10003"
  146.       tunnelPort: "10004"
  147.       cloudHub:
  148.         advertiseAddress: 
  149.           - ""           
  150.         nodeLimit: "100"
  151.       service:
  152.         cloudhubNodePort: "30000"
  153.         cloudhubQuicNodePort: "30001"
  154.         cloudhubHttpsNodePort: "30002"
  155.         cloudstreamNodePort: "30003"
  156.         tunnelNodePort: "30004"
  157.     edgeWatcher:
  158.       nodeSelector: {"node-role.kubernetes.io/worker": ""}
  159.       tolerations: []
  160.       edgeWatcherAgent:
  161.         nodeSelector: {"node-role.kubernetes.io/worker": ""}
  162.         tolerations: []

安装依赖

  1. yum install -y socat
  2. yum install -y conntrack

创建集群

  1. cd /opt/software/kubesphere_install
  2. export KKZONE=cn
  3. ./kk create cluster -f config-sample.yaml

yan

yan-join.sh nohup /opt/software/k8s/yan-join.sh > yan-join.log 2>&1 &

bai

bai-join.sh nohup /opt/software/k8s/bai-join.sh > bai-join.log 2>&1 &