实践展示 openEuler 部署 Kubernetes 1.29.4 版本集群

# master节点
hostnamectl set-hostname k8s-master01
#worker01节点hostnamectl set-hostname k8s-worker01 #worker02节点hostnamectl set-hostname k8s-worker02

#IP配置这里不再讲解
#下面是名称解析配置[root@k8s-master01 ~]# cat /etc/hosts127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4::1         localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.0.11 k8s-master01192.168.0.12 k8s-worker01192.168.0.13 k8s-worker02
#主机互信配置  [root@k8s-master01 ~]# ssh-keygen Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsaYour public key has been saved in /root/.ssh/id_rsa.pubThe key fingerprint is:SHA256:Rr6W4rdnY350fzMeszeWFR/jUJt0VOZ3yZECp5VJJQA root@k8s-master01The key's randomart image is:+---[RSA 3072]----+|         E.o+=++*||            ++o*+||        .  .  +oB||       o     . *o||        S     o =||       . o  . ..o||      . +  . . +o||     . o. = .  *B||      ...*.o  oo*|+----[SHA256]-----+[root@k8s-master01 ~]# for i in {11..13};do ssh-copy-id 192.168.0.${i};done
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established.ED25519 key fingerprint is SHA256:s2R582xDIla4wyNozHa/HEmRR7LOU4WAciEcAw57U/Q.This key is not known by any other namesAre you sure you want to continue connecting (yes/no/[fingerprint])? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Authorized users only. All activities may be monitored and reported.root@192.168.0.11's password: 
Number of key(s) added: 1

# systemctl disable firewalld
# systemctl stop firewalld

systemctl disable --now firewalld

# firewall-cmd --state
not running

[root@k8s-master01 ~]# for i in {11..13};do ssh  192.168.0.${i} 'systemctl disable --now firewalld' ;done
Authorized users only. All activities may be monitored and reported.
Authorized users only. All activities may be monitored and reported.
Authorized users only. All activities may be monitored and reported.[root@k8s-master01 ~]# for i in {11..13};do ssh  192.168.0.${i} 'firewall-cmd --state' ;done
Authorized users only. All activities may be monitored and reported.not running
Authorized users only. All activities may be monitored and reported.not running
Authorized users only. All activities may be monitored and reported.not running 

# sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

# sestatus

[root@k8s-master01 ~]# for i in {11..13};do ssh  192.168.0.${i} 'sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config' ;done
Authorized users only. All activities may be monitored and reported.
Authorized users only. All activities may be monitored and reported.
Authorized users only. All activities may be monitored and reported. [root@k8s-master01 ~]# for i in {11..13};do ssh  192.168.0.${i} 'sestatus' ;done
Authorized users only. All activities may be monitored and reported.SELinux status:                 disabled
Authorized users only. All activities may be monitored and reported.SELinux status:                 disabled
Authorized users only. All activities may be monitored and reported.SELinux status:                 disabled 

# crontab -l
0 */1 * * * /usr/sbin/ntpdate time1.aliyun.comfor i in {11..13};do ssh  192.168.0.${i} ' echo '0 */1 * * * /usr/sbin/ntpdate time1.aliyun.com' >> /etc/crontab' ;done#设置上海时区，东八区
timedatectl set-timezone Asia/Shanghai
for i in {11..13};do ssh  192.168.0.${i} ' timedatectl set-timezone Asia/Shanghai' ;done 

sed -i 's/net.ipv4.ip_forward=0/net.ipv4.ip_forward=1/g' /etc/sysctl.conf# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1vm.swappiness = 0EOF# 配置加载br_netfilter模块
cat <<EOF | sudo tee /etc/modules-load.d/k8s.confoverlaybr_netfilterEOF
#加载br_netfilter overlay模块modprobe br_netfiltermodprobe overlay#查看是否加载
# lsmod | grep br_netfilter
br_netfilter           22256  0bridge                151336  1 br_netfilter
# 使其生效
 sysctl --system
# 使用默认配置文件生效sysctl -p 
# 使用新添加配置文件生效sysctl -p /etc/sysctl.d/k8s.conf  

安装ipset及ipvsadm
# yum -y install ipset ipvsadm配置ipvsadm模块加载方式添加需要加载的模块
# cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bashmodprobe -- ip_vsmodprobe -- ip_vs_rrmodprobe -- ip_vs_wrrmodprobe -- ip_vs_shmodprobe -- nf_conntrackEOF 授权、运行、检查是否加载chmod 755 /etc/sysconfig/modules/ipvs.module &&  /etc/sysconfig/modules/ipvs.module
查看对应的模块是否加载成功# lsmod | grep -e ip_vs -e nf_conntrack_ipv4

# cat /etc/fstab
......
# /dev/mapper/centos-swap swap                    swap    defaults        0 0
在上一行中行首添加#

 # 打包的文件
for i in {11..13};do ssh  192.168.0.${i} ' wget https://blog-source-mkt.oss-cn-chengdu.aliyuncs.com/resources/k8s/kubeadm%20init/k8s1.29.tar.gz'; done
# 解压containerd并安装for i in {11..13};do ssh  192.168.0.${i} ' tar -zxvf /root/k8s1.29.tar.gz'; done
for i in {11..13};do ssh  192.168.0.${i} ' tar -zxvf /root/workdir/containerd-1.7.11-linux-amd64.tar.gz && mv /root/bin/* /usr/local/bin/ && rm -rf /root/bin'; done# 创建服务，所有主机都要操作cat << EOF > /usr/lib/systemd/system/containerd.service[Unit]Description=containerd container runtimeDocumentation=https://containerd.ioAfter=network.target local-fs.target
[Service]ExecStartPre=-/sbin/modprobe overlayExecStart=/usr/local/bin/containerd
Type=notifyDelegate=yesKillMode=processRestart=alwaysRestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead# in the kernel. We recommend using cgroups to do container-local accounting.LimitNPROC=infinityLimitCORE=infinity
# Comment TasksMax if your systemd version does not supports it.# Only systemd 226 and above support this version.TasksMax=infinityOOMScoreAdjust=-999
[Install]WantedBy=multi-user.targetEOF# 启动容器服务for i in {11..13};do ssh  192.168.0.${i} 'systemctl daemon-reload && systemctl enable --now containerd '; done
# 安装runcfor i in {11..13};do ssh  192.168.0.${i} 'install -m 755 /root/workdir/runc.amd64 /usr/local/sbin/runc '; done# 安装cni插件for i in {11..13};do ssh  192.168.0.${i} 'mkdir -p /opt/cni/bin && tar -xzvf  /root/workdir/cni-plugins-linux-amd64-v1.4.0.tgz -C /opt/cni/bin/ '; done# 生成容器配置文件并修改for i in {11..13};do ssh  192.168.0.${i} 'mkdir -p /etc/containerd && containerd config default | sudo tee /etc/containerd/config.toml '; done  # 修改沙箱镜像，所有主机都要操作
sed -i 's#sandbox_image = "registry.k8s.io/pause:.*"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"#' /etc/containerd/config.toml#重启containerdsystemctl restart containerd

# 配置k8s v2.19源，所有节点均要安装cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/rpm/enabled=1gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/rpm/repodata/repomd.xml.keyEOF# 安装k8s工具，所有节点均要安装yum clean all && yum makecache
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes#  配置kubelet为了实现docker使用的cgroupdriver与kubelet使用的cgroup的一致性，建议修改如下文件内容。所有节点均要安装
# vim /etc/sysconfig/kubeletKUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
或是下面命令echo 'KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"' > /etc/sysconfig/kubeletsystemctl enable kubelet 
#注意，kubelet不要启动，kubeadm会自动启动，如果已启动，安装会报错。
# 安装k8s命令，主master节点执行，这里只有1.29.4版本镜像
kubeadm init --apiserver-advertise-address=192.168.0.11  --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.29.4 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.224.0.0/16# 最后执行以下命令mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf

kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml# 最后查看节点与pod支行情况
kubectl get nodes kubectl get pods -A