二进制安装k8s 1.25.2 高可用集群

一、环境准备

1、环境说明(安装时配置IP及主机名）

序号	主机IP	主机名	系统	备注
1	192.168.3.101	master1	rockylinux8.6最小化安装	控制节点
2	192.168.3.102	master2	rockylinux8.6最小化安装	控制节点
3	192.168.3.103	master3	rockylinux8.6最小化安装	控制节点
4	192.168.3.104	node1	rockylinux8.6最小化安装	工作节点
5	192.168.3.105	node2	rockylinux8.6最小化安装	工作节点

2、关闭selinux,firewalld及swap分区(在五台设备上执行）


sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
systemctl disable firewalld
swapoff -a
reboot

注：swapoff -a 为临时关闭swap分区。永久关闭swap分区，vi /etc/fstab 注释swap分区一行

3、修改/etc/hosts文件，增加如下三行（五台设备）


cat << EOF >> /etc/hosts
192.168.3.101 master1
192.168.3.102 master2
192.168.3.103 master3
192.168.3.104 node1
192.168.3.105 node2
EOF

4、更改yum源为阿里云（五台设备执行）


sed -e 's|^mirrorlist=|#mirrorlist=|g' \
    -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
    -i.bak \
    /etc/yum.repos.d/Rocky-*.repo
 
dnf makecache

5、配置命令补全及vim工具（五台设备执行）

dnf install -y wget bash-completion vim

6、配置免密登录（三台master上执行，可省）


ssh-keygen
 
for host in { master1 master2 master3 node1 node2 };do ssh-copy-id $host;done

7、配置时间同步（五台设备执行）

dnf install -y chrony

更改 /etc/chrony.conf 配置文件

将pool 2.pool.ntp.org iburst

改为

server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp1.tencent.com iburst
server ntp2.tencent.com iburst


systemctl enable --now chronyd
chronyc sources
 
for host in { master1 master2 master3 node1 node2 };do ssh $host  date;done

8、修改内核参数（五台设备上执行）


modprobe br_netfilter
lsmod | grep br_netfilter
 
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
 
sysctl -p /etc/sysctl.d/k8s.conf

9、安装依整包及配置docker源、k8s源（五台设备执行）


dnf install -y yum-utils device-mapper-persistent-data lvm2 ipvsadm net-tools
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
 
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
 
dnf makecache

10、开启Ipvs 五台设备


lsmod|grep ip_vs
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
 
lsmod|grep ip_vs
 
modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/ipv4/ip_forward

11、安装containerd（五台设备执行）


dnf install -y containerd
 
containerd config default > /etc/containerd/config.toml

更改配置文件


sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml
sed -i "s#k8s.gcr.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g"  /etc/containerd/config.toml

配置镜像加速


sed -i '/registry.mirrors]/a\ \ \ \ \ \ \ \ [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]' /etc/containerd/config.toml
sed -i '/registry.mirrors."docker.io"]/a\ \ \ \ \ \ \ \ \ \ endpoint = ["https://0x3urqgf.mirror.aliyuncs.com"]' /etc/containerd/config.toml

启动containerd


systemctl enable --now containerd.service
systemctl status containerd.service

二、安装kubernetes 组件

1、安装ETCD


wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64
mv cfssl_1.6.1_linux_amd64 /usr/local/bin/cfssl
mv cfssljson_1.6.1_linux_amd64 /usr/local/bin/cfssljson
mv cfssl-certinfo_1.6.1_linux_amd64 /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl*
mkdir /cfspki
mkdir -p /etc/etcd/pki
mkdir -p /var/lib/etcd/default.etcd
cd /cfspki/
cat > ca-csr.json  << EOF
{
        "CN": "kubernetes",
        "key": {
                "algo": "rsa",
                "size": 2048
},
        "names": [
        {
        "C": "CN",
        "ST": "Xinjiang",
        "L": "Urumqi",
        "O": "k8s",
        "OU": "system"
        }
],
        "ca": {
                "expiry": "87600h"
        }
}
 
EOF
 
cfssl gencert -initca ca-csr.json | cfssljson -bare ca


cat >  ca-config.json  << EOF
{
    "signing": {
        "default": {
            "expiry": "87600h"
    },
    "profiles": {
        "kubernetes": {
            "usages": [
                "signing",
                "key encipherment",
                "server auth",
                "client auth"
            ],
            "expiry": "87600h"
            }
        }
    }
}
 
EOF
 
cat > etcd-csr.json  << EOF
{
"CN": "etcd",
"hosts": [
    "127.0.0.1",
    "192.168.3.101",
    "192.168.3.102",
    "192.168.3.103",
    "192.168.3.110"
],
    "key": {
    "algo": "rsa",
    "size": 2048
},
    "names": [{
    "C": "CN",
    "ST": "Xinjiang",
    "L": "Urumqi",
    "O": "k8s",
    "OU": "system"
    }]
}
 
EOF
 
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -conf

相关阅读:
2021.09青少年软件编程（Python）等级考试试卷（四级）
【概率与统计】聊聊一些常见的概率分布
java基础之适配器模式[30]
GreenPlum优化点之参数篇
【sfu】视频接收侧的创建流程
欧美市场独立站选品技巧
学习ASP.NET Core Blazor编程系列二——第一个Blazor应用程序（完）
.NET 反向代理-YARP 部署Https（SSL）
go学习-GMP模型
Python之Excel数据相关

原文地址：https://blog.csdn.net/w975121565/article/details/127596285