集群规划
三台linux服务器+一个vip虚拟ip
| 序号 | 主机 ip | 主机名规划 |
|---|---|---|
| 1 | 192.168.16.71 | master1 |
| 2 | 192.168.16.72 | master2 |
| 3 | 192.168.16.73 | master3 |
| 4 | 192.168.16.70 | vip |
前置操作
ipvs配置
sh
echo '
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
' > /etc/modules-load.d/ipvs.conf
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
#确认内核模块加载成功
lsmod | grep -e ip_vs -e nf_conntrack
#安装ipset和ipvsadm
apt install -y ipset ipvsadm生成kube-vip.yaml文件
bash
# VIP的ip地址
export VIP=192.168.16.70
# 网卡名
export INTERFACE=ens33
# 获取最新版本
KVVERSION=$(curl -sL https://api.github.com/repos/kube-vip/kube-vip/releases | jq -r ".[0].name")
# 指定版本
export KVVERSION=v0.5.0
# 如果用的是containerd
alias kube-vip="ctr image pull ghcr.io/kube-vip/kube-vip:$KVVERSION; ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:$KVVERSION vip /kube-vip"
# 或者使用docker
alias kube-vip="docker pull ghcr.io/kube-vip/kube-vip:$KVVERSION; docker run --network host --rm plndr/kube-vip:$KVVERSION"
kube-vip manifest pod \
--interface $INTERFACE \
--address $VIP \
--controlplane \
--services \
--arp \
--leaderElection | tee /etc/kubernetes/manifests/kube-vip.yaml
yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
name: kube-vip
namespace: kube-system
spec:
containers:
- args:
- manager
env:
- name: vip_arp
value: "true"
- name: port
value: "6443"
- name: vip_interface
value: ens192
- name: vip_cidr
value: "32"
- name: cp_enable
value: "true"
- name: cp_namespace
value: kube-system
- name: vip_ddns
value: "false"
- name: svc_enable
value: "true"
- name: vip_leaderelection
value: "true"
- name: vip_leaseduration
value: "5"
- name: vip_renewdeadline
value: "3"
- name: vip_retryperiod
value: "1"
- name: address
value: 192.168.0.40
image: ghcr.io/kube-vip/kube-vip:v0.4.0
imagePullPolicy: Always
name: kube-vip
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_TIME
volumeMounts:
- mountPath: /etc/kubernetes/admin.conf
name: kubeconfig
hostAliases:
- hostnames:
- kubernetes
ip: 127.0.0.1
hostNetwork: true
volumes:
- hostPath:
path: /etc/kubernetes/admin.conf
name: kubeconfig
status: {}kubeadm初始化
bash
kubeadm init \
--kubernetes-version=1.29.2 \
--apiserver-advertise-address=192.168.16.71 \ # 写当前的主机ip
--control-plane-endpoint=vip \ # vip服务器的域名,提前在/etc/hosts里配置好,并且后面不需要跟随端口,网上有很多教程都是加上了端口,会导致初始化失败
--image-repository=registry.aliyuncs.com/google_containers \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--upload-certs \
--cri-socket=unix:///var/run/cri-dockerd.sock初始化成功后会打印
bash
You can now join any number of the control-plane node running the following command on each as root:
kubeadm join vip:6443 --token cwrlc8.x1r2ymq58zz5juq6 \
--discovery-token-ca-cert-hash sha256:259ed901e5d3b7f1bd5f514e74c9bfb09dde13a7b99c2988e7d6753916ef95e5 \
--control-plane --certificate-key 310e55eef121bd751d2a5e945d79775ee887a74b4e40218d146e6880b042bb18
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join vip:6443 --token cwrlc8.x1r2ymq58zz5juq6 \
--discovery-token-ca-cert-hash sha256:259ed901e5d3b7f1bd5f514e74c9bfb09dde13a7b99c2988e7d6753916ef95e5主节点加入
添加前需要先生成kube-vip.yaml文件
bash
kubeadm join vip:6443 --token cwrlc8.x1r2ymq58zz5juq6 \
--discovery-token-ca-cert-hash sha256:259ed901e5d3b7f1bd5f514e74c9bfb09dde13a7b99c2988e7d6753916ef95e5 \
--control-plane --certificate-key 310e55eef121bd751d2a5e945d79775ee887a74b4e40218d146e6880b042bb18工作节点加入
bash
kubeadm join vip:6443 --token cwrlc8.x1r2ymq58zz5juq6 \
--discovery-token-ca-cert-hash 网络插件安装Flannel
bash
wget https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
kubectl apply -f kube-flannel.yml
Comments | 0条评论