安装每台机器都安装

发布时间:2025-06-24 17:50:24  作者:北方职教升学中心  阅读量:603


下载

yum -yinstall--downloadonly--downloaddir/opt/software/ipset_ipvsadm ipset ipvsadm

7.2、启动

  • 11、时间同步

    5.1、安装tab命令补全工具(可选)

  • 14.4、#在ntp客户端用ntpdate –d serverIP查看,发现有“Server dropped: strata too high”的错误,并且显示“stratum 16”。下载docker-registry
  • 14.5.2、下载gcc(已下载)
    在一个有网的机器上下载
    yum install-y--downloadonly--downloaddir=/opt/software/gcc/ gcc-c++
    下载的rpm在目录:/opt/software/gcc

    13.2.3、下载

  • 11.1.2、修改hosts文件
    每台机器上执行。修改主机名
  • 2.2、server 127.127.1.0 iburstfudge 127.127.1.0 stratum 10#broadcast 192.168.1.255 autokey # broadcast server#broadcastclient # broadcast client#broadcast 224.0.1.1 autokey # multicast server#multicastclient 224.0.1.1 # multicast client#manycastserver 239.255.254.254 # manycast server#manycastclient 239.255.254.254 autokey # manycast client# Enable public key cryptography.#cryptoincludefile /etc/ntp/crypto/pw# Key file containing the keys and key identifiers used when operating# with symmetric key cryptography.keys /etc/ntp/keys# Specify the key identifiers which are trusted.#trustedkey 4 8 42# Specify the key identifier to use with the ntpdc utility.#requestkey 8# Specify the key identifier to use with the ntpq utility.#controlkey 8# Enable writing of statistics records.#statistics clockstats cryptostats loopstats peerstats# Disable the monitoring facility to prevent amplification attacks using ntpdc# monlist command when default restrict does not include the noquery flag. See# CVE-2013-5211 for more details.# Note: Monitoring will not be disabled with the limited restriction flag.disable monitor
    重启ntp
    systemctl restart ntpd

    5.4.2、安装ipset、修改cri-docker将pause镜像修改为docker-registry中的

    每台电脑都执行
    # vi /usr/lib/systemd/system/cri-docker.service# 修改--pod-infra-container-image=registry.k8s.io/pause:3.9 为--pod-infra-container-image=192.168.115.11:81/pause:3.9# 重启cri-dockersystemctl daemon-reloadsystemctl restart cri-docker

    14.6、安装

    将calico的tar包和calico.yaml上传至k8s-master01

    dockerload -icalico-cni.tardockerload -icalico-kube-controllers.tardockerload -icalico-node.tardockertag calico/node:v3.27.3 192.168.115.11:81/calico/node:v3.27.3dockertag calico/kube-controllers:v3.27.3 192.168.115.11:81/calico/kube-controllers:v3.27.3dockertag docker.io/calico/cni:v3.27.3 192.168.115.11:81/calico/cni:v3.27.3dockerpush 192.168.115.11:81/calico/node:v3.27.3dockerpush 192.168.115.11:81/calico/kube-controllers:v3.27.3dockerpush 192.168.115.11:81/calico/cni:v3.27.3
    将calico.yaml上传至一个主节点修改其中的镜像,都修改为192.168.115.11:81中的三个镜像:192.168.115.11:81/calico/node:v3.27.3,192.168.115.11:81/calico/kube-controllers:v3.27.3,192.168.115.11:81/calico/cni:v3.27.3修改网络,value修改为kubuedm-config.yaml中的podSubnet值一致
    - name: CALICO_IPV4POOL_CIDR  value: "10.244.0.0/16"
    启动calico
    kubectl apply -fcalico.yaml
    等待几分钟后查看calico的pod,都在running状态了
    [root@k8s-master01 calico]# kubectl get pods -n kube-systemNAME                                       READY   STATUS    RESTARTS   AGEcalico-kube-controllers-5f87f7fc98-84wpm   1/1     Running   02m55scalico-node-bxns7                          1/1     Running   02m55scalico-node-dpvhb                          1/1     Running   02m55scalico-node-gzncb                          1/1     Running   02m55scalico-node-j62nt                          1/1     Running   02m55scalico-node-np695                          1/1     Running   02m55scoredns-7b9565c6c-f865r                    1/1     Running   0104mcoredns-7b9565c6c-g9df5                    1/1     Running   0104mkube-apiserver-k8s-master01                1/1     Running   10105mkube-apiserver-k8s-master02                1/1     Running   098mkube-apiserver-k8s-master03                1/1     Running   089mkube-controller-manager-k8s-master01       1/1     Running   4105mkube-controller-manager-k8s-master02       1/1     Running   098mkube-controller-manager-k8s-master03       1/1     Running   089mkube-proxy-2j9t2                           1/1     Running   089mkube-proxy-4l48v                           1/1     Running   081mkube-proxy-cf4mb                           1/1     Running   0104mkube-proxy-gs2ph                           1/1     Running   081mkube-proxy-lgtxw                           1/1     Running   098mkube-scheduler-k8s-master01                1/1     Running   4105mkube-scheduler-k8s-master02                1/1     Running   098mkube-scheduler-k8s-master03                1/1     Running   089m
    查看节点状态,都是ready了
    [root@k8s-master01 calico]# kubectl get nodeNAME           STATUS   ROLES           AGE    VERSIONk8s-master01   Ready    control-plane   106m   v1.30.0k8s-master02   Ready    control-plane   99m    v1.30.0k8s-master03   Ready    control-plane   90m    v1.30.0k8s-node01     Ready    <none>82m    v1.30.0k8s-node02     Ready    <none>82m    v1.30.0[root@k8s-master01 calico]#

    • 11.2.1、确认内核版本

    [root@localhost ~]# uname -r5.4.273-1.el7.elrepo.x86_64[root@localhost ~]#Linux version 5.4.273-1.el7.elrepo.x86_64 (mockbuild@Build64R7)(gcc version 9.3.1 20200408(Red Hat 9.3.1-2)(GCC))#1 SMP Wed Mar 27 15:58:08 EDT 2024[root@localhost ~]#

    2、安装gcc
  • 13.2.5、修改主机名/hosts文件
    • 2.1、因为Client如果打开,可能导致NTP自动选择合适的最近的NTP Server、libopts上传至各个机器,执行安装命令。安装docker registry并做一些关联配置
      • 14.5.1、安装网络组件calico

    • 14.7.1、下载NTP
  • 5.2、#这是因为NTP server还没有和其自身或者它的server同步上。从节点配置
  • 6、安装

    • 每台机器都安装
    将下载好的安装包上传至各个虚拟机

    rpm-ivh*.rpm
    启动docker
    systemctl daemon-reload                                                       #重载unit配置文件systemctl start docker#启动Dockersystemctl enabledocker.service                                           #设置开机自启
    查看docker版本
    [root@k8s-master01 docker-ce]# docker --versionDocker version 25.0.5, build 5dc9bcc[root@k8s-master01 docker-ce]#

    11.2、

    13.1、K8s.io需要梯子才能下载,这里使用阿里云国内镜像
    dockerpull registry.aliyuncs.com/google_containers/kube-apiserver:v1.30.0dockerpull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.30.0dockerpull registry.aliyuncs.com/google_containers/kube-scheduler:v1.30.0dockerpull registry.aliyuncs.com/google_containers/kube-proxy:v1.30.0dockerpull registry.aliyuncs.com/google_containers/coredns:1.11.1dockerpull registry.aliyuncs.com/google_containers/pause:3.9
    将docker镜像保存为tar包,并保存待离线使用
    dockersave -okube-apiserver-v1.30.0.tar registry.aliyuncs.com/google_containers/kube-apiserver:v1.30.0dockersave -okube-controller-manager-v1.30.0.tar registry.aliyuncs.com/google_containers/kube-controller-manager:v1.30.0dockersave -okube-scheduler-v1.30.0.tar registry.aliyuncs.com/google_containers/kube-scheduler:v1.30.0dockersave -okube-proxy-v1.30.0.tar registry.aliyuncs.com/google_containers/kube-proxy:v1.30.0dockersave -ocoredns-1.11.1.tar registry.aliyuncs.com/google_containers/coredns:1.11.1dockersave -opause-3.9.tar registry.aliyuncs.com/google_containers/pause:3.9

    14.5、安装kubernetes
    • 14.6.1、卸载
    • 5.3、安装
  • 13、安装docker-registry
  • 14.5.3、安装nginx+keepalived
    • 13.1、安装docker-registry

    • 将docker-registry镜像包上传至一个机器,这里选择k8s-master01
    # 解压镜像dockerload -idocker-registry.tar# 运行docker-registrymkdir-p/opt/software/registry-datadockerrun -d--nameregistry --restart=always -v/opt/software/registry-data:/var/lib/registry -p81:5000 docker.io/registry	查看是否已运行[root@k8s-master01 docker-registry]# docker psCONTAINER ID   IMAGE          COMMAND                   CREATED          STATUS          PORTS                                                                                                                     NAMES72b1ee0dd35d   registry       "/entrypoint.sh /etc…"17seconds ago   Up 15seconds   0.0.0.0:81->5000/tcp, :::81->5000/tcp                                                                                     registry

    14.5.3、安装
  • 创建docker-compose.yml
    • 13.2、安装docker-compose

    • 12.1、配置内核路由转发及网桥过滤
  • 7、关闭SELINUX配置

    • 每台机器上执行:setenforce 0sed-ri's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/configsestatus

    在这里插入图片描述

    5、安装docker-ce/cri-dockerd
    • 11.1、生成配置文件
    • 10.3、k8s-master02/3安装

    • 在k8s-master02和k8s-master03执行主节点join在k8s-master01 init后提示的带control-plane的命令后添加--cri-socket unix:///var/run/cri-dockerd.sock
    kubeadm join192.168.115.10:16443 --tokenabcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:3c85f66540e67437ba4db122a736ba3aafb53443961be2605fbc0f9900196ef0 \--control-plane --certificate-key 3e9843a94c319853455ff67515b84345066363395622438f8a06d10ca75b81b8 \--cri-socket unix:///var/run/cri-dockerd.sock
    执行完后执行三条命令
    mkdir-p$HOME/.kube  sudocp-i/etc/kubernetes/admin.conf $HOME/.kube/config  sudochown$(id-u):$(id-g)$HOME/.kube/config

    14.6.3、下载keepalived
  • 13.2.2、下载NTP

    • 下载地址:https://pkgs.org/download/ntp
    https://pkgs.org/download/ntpdate
    https://pkgs.org/download/libopts.so.25()(64bit)
    在这里插入图片描述

    在这里插入图片描述

    在这里插入图片描述

    5.2、下载内核离线升级包

    下载地址:https://elrepo.org/linux/kernel/el7/x86_64/RPMS/

    1.3、下载镜像
  • 14.7.2、安装keepalived

    • 13.2.1、主节点配置

    vi/etc/ntp.conf
    按下面的配置注释一些信息添加或修改中文注释附近的配置,	其中192.168.115.0是这几台机器所在的网段。下载gcc(已下载)
  • 13.2.3、配置ssh免密登录
    在一台机器上创建:
    [root@k8s-master01 ~]# ssh-keygenGenerating public/private rsa key pair.# 回车Enter fileinwhichto save the key (/root/.ssh/id_rsa):Created directory '/root/.ssh'.# 回车Enter passphrase (empty forno passphrase):# 回车Enter same passphrase again:Your identification has been saved in/root/.ssh/id_rsa.Your public key has been saved in/root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:wljf8M0hYRw4byXHnwgQpZcVCGA8R0+FmzXfHYpSzE8 root@k8s-master01The key's randomart image is:+---[RSA 2048]----+|.oo=BO*+.   ||.o +=*B*E .||.ooo*O==.oo||+ .*==.++ o||.o S.+ o    ||.|||||||+----[SHA256]-----+[root@k8s-master01 ~]#
    复制id_rsa.pub
    [root@k8s-master01 ~]# cd /root/.ssh[root@k8s-master01 .ssh]# lsid_rsa  id_rsa.pub
    # 复制[root@k8s-master01 .ssh]# cp id_rsa.pub authorized_keys[root@k8s-master01 .ssh]# ll总用量 12-rw-r--r--. 1root root  3994822:34 authorized_keys-rw-------. 1root root 17664822:31 id_rsa-rw-r--r--. 1root root  3994822:31 id_rsa.pub[root@k8s-master01 .ssh]#
    在其他机器创建/root/.ssh目录
    mkdir-p/root/.ssh
    将/root/.ssh拷贝到其他机器
    scp-r/root/.ssh/* 192.168.115.12:/root/.ssh/scp-r/root/.ssh/* 192.168.115.13:/root/.ssh/scp-r/root/.ssh/* 192.168.115.101:/root/.ssh/scp-r/root/.ssh/* 192.168.115.102:/root/.ssh/
    到各个机器验证免密
    [root@k8s-node01 ~]# ssh root@192.168.115.11The authenticity of host'192.168.115.11 (192.168.115.11)'can't be established.ECDSA key fingerprint is SHA256:DmSlU9aS8ikfAB9IHc6N7HMY/X/Z4qc6QGA0/TrhRo8.ECDSA key fingerprint is MD5:6d:08:b2:e4:18:d0:78:eb:9a:92:2b:1e:4d:a4:e6:28.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.115.11' (ECDSA)to the list of known hosts.Last login: Mon Apr  822:42:08 2024from k8s-master03[root@k8s-master01 ~]# exit登出
    10、配置ssh免密登录
  • 10、安装kubernetes
    • 14.1、安装ipset、安装cri-dockerd
      在 Kubernetes v1.24 及更早版本中,可以在 Kubernetes 中使用 Docker Engine, 依赖于一个称作 dockershim 的内置 Kubernetes 组件。下载K8S运行依赖的镜像
    • 14.5、下载openssl
      在一个有网的机器上下载
      yum -yinstall--downloadonly--downloaddir=/opt/software/openssl  makeopenssl-devel libnfnetlink-devel libnl3-devel net-snmp-devel
      下载的rpm在目录:/opt/software/openssl
      13.2.4、关闭swap交换区
      # 临时关闭Swap分区swapoff -a# 永久关闭Swap分区sed-ri's/.*swap.*/#&/'/etc/fstab# 查看下grepswap /etc/fstab
      9、安装