JZTXT

ubuntu 二进制部署k8s 1.24版本

发布时间 2023-05-21 02:41:34作者: kerwin-

1.环境准备

1.1.集群信息

注:本次部署没有做master节点和node节点扩展操作,直接部署三主两从。

主机名称 IP地址 说明 软件
Master01 192.168.80.45 master节点 kube-apiserver、kube-controller-manager、kube-scheduler、etcd、 kubelet、kube-proxy、nfs-client、haproxy、keepalived
Master02 192.168.80.46 master节点 kube-apiserver、kube-controller-manager、kube-scheduler、etcd、 kubelet、kube-proxy、nfs-client、haproxy、keepalived
Master03 192.168.80.47 master节点 kube-apiserver、kube-controller-manager、kube-scheduler、etcd、 kubelet、kube-proxy、nfs-client、haproxy、keepalived
Node01 192.168.80.48 node节点 kubelet、kube-proxy、nfs-client
Node02 192.168.80.49 node节点 kubelet、kube-proxy、nfs-client
  192.168.80.100 VIP

系统相关版本:

软件 版本
内核 Linux 5.19.0-35-generic x86_64
Ubuntu 22.04
kube-apiserver、kube-controller-manager、kube-scheduler、kubelet、kube-proxy v1.24.14
etcd v3.5.4
containerd v1.6.18
cfssl v1.6.1
cni v1.1.1
crictl v1.24.2
haproxy 2.4.18-0ubuntu1.2
keepalived v2.2.4

网段

  • 物理主机:192.168.80.0/24

  • service:10.96.0.0/12

  • pod:172.16.0.0/12

1.2.系统设置

  • 所有节点执行一遍

定义环境变量:

这里先将ip地址的环境变量加入到~/.bashrc,这样就可以永久保存,因为是为了防止部署时配置的ip地址写错导致集群出现问题,还有环境变量添加只能执行一次因为是重定向到文件内。

cd ~
echo "K8S_MASTER01='192.168.80.45'" >>  ~/.bashrc
echo "K8S_MASTER02='192.168.80.46'" >>  ~/.bashrc
echo "K8S_MASTER03='192.168.80.47'" >>  ~/.bashrc
echo "K8S_NODE01='192.168.80.48'" >>  ~/.bashrc
echo "K8S_NODE02='192.168.80.49'" >>  ~/.bashrc
echo "LOCALHOST=`hostname -I |awk '{print $1}'`" >> ~/.bashrc
echo "K8S_VIP='192.168.80.100'" >>  ~/.bashrc
source ~/.bashrc

1.3.设置主机名

hostnamectl set-hostname k8s-master01
hostnamectl set-hostname k8s-master02
hostnamectl set-hostname k8s-master03
hostnamectl set-hostname k8s-node01
hostnamectl set-hostname k8s-node02

1.4.配置apt源

清华源:https://mirrors.tuna.tsinghua.edu.cn/help/ubuntu,阿里源:https://developer.aliyun.com/mirror/ubuntu

22.04版本:

cp /etc/apt/sources.list /etc/apt/sources.list_bak
cat > /etc/apt/sources.list << EOF
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse

# deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
# deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
EOF

# 更新软件列表
sudo apt-get update

1.5.安装一些必备工具

apt install net-tools nfs-kernel-server curl vim git lvm2 telnet htop jq lrzsz tree bash-completion telnet wget -y

vim ~/.bashrc
# 去除注释
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
    . /etc/bash_completion
fi
source ~/.bashrc

1.6.主机名解析

cat >> /etc/hosts << EOF
$K8S_MASTER01  k8s-master01
$K8S_MASTER02  k8s-master02
$K8S_MASTER03  k8s-master03
$K8S_NODE01  k8s-node01
$K8S_NODE02  k8s-node02
EOF

1.7.禁用swap

swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
swapoff -a && sysctl -w vm.swappiness=0

cat /etc/fstab | grep swap

1.8.时间同步

Linux大全:https://www.linuxcool.com/chronyc

# 时间同步(服务端)
apt install chrony -y
cat > /etc/chrony.conf << EOF
pool ntp.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 192.168.80.0/24 #允许网段地址同步时间
local stratum 10
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF

systemctl restart chronyd.service
systemctl enable chrony


# 时间同步(客户端)
apt install chrony -y
cat > /etc/chrony.conf << EOF
pool k8s-master01 iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF

systemctl restart chronyd.service
systemctl enable chrony
#使用客户端进行验证
chronyc sources -v

#查看时间同步源的状态
chronyc sourcestats -v

# 查看系统时间与日期(全部机器)
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
date -R
timedatectl

1.9.配置ulimit

ulimit -SHn 65535
cat >> /etc/security/limits.conf <<EOF
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* seft memlock unlimited
* hard memlock unlimitedd
EOF

1.10.配置免密登录

apt install -y sshpass
ssh-keygen -f /root/.ssh/id_rsa -P ''
export IP="k8s-master01 k8s-master02 k8s-master03 k8s-node01 k8s-node02"
export SSHPASS=1qazZSE$
for HOST in $IP;do
     sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $HOST
done

1.11.低内核升级内核至4.18版本以上

sudo apt-get upgrade linux-image-generic
dpkg --list | grep linux-image
uname -r

1.12.安装ipvsadm

apt install ipvsadm ipset sysstat conntrack -y

cat >> /etc/modules-load.d/ipvs.conf <<EOF 
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF

systemctl restart systemd-modules-load.service
systemctl enable ipvsadm

lsmod | grep -e ip_vs -e nf_conntrack
ip_vs_sh               16384  0
ip_vs_wrr              16384  0
ip_vs_rr               16384  0
ip_vs                 180224  6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack          176128  1 ip_vs
nf_defrag_ipv6         24576  2 nf_conntrack,ip_vs
nf_defrag_ipv4         16384  1 nf_conntrack
libcrc32c              16384  2 nf_conntrack,ip_vs

1.13.修改内核参数

cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720


net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384

net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.forwarding = 0

EOF

sysctl --system

1.14.域名解析

apt install resolvconf
systemctl enable resolvconf.service
echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" >>  /etc/resolvconf/resolv.conf.d/head

systemctl start resolvconf.service
sudo systemctl restart resolvconf.service
sudo systemctl restart systemd-resolved.service
sudo systemctl status resolvconf.service
echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" >> /etc/resolv.conf