- 本文以 CentOS 7.9_x86 64位操作系统 为例进行讲解。
- 执行本教程中命令的用户为 root。
-
下载所需离线包
# 离线安装环境 curl -LO https://files.saas.hand-china.com/kubeadm-ha/kubeadm-ha-base-amd64.tar # 二进制基础软件包 curl -LO https://files.saas.hand-china.com/kubeadm-ha/kubernetes-1.30.5-base-amd64.tgz # 集群运行所需的镜像 curl -LO https://files.saas.hand-china.com/kubeadm-ha/kubernetes-1.30.5-images-amd64.tgz # CentOS 7 系统对应软件包 curl -LO https://files.saas.hand-china.com/kubeadm-ha/centos7/kubernetes-1.30.5-centos7-amd64.tgz # 克隆脚本 git clone -b release-1.30 https://github.com/TimeBye/kubeadm-ha.git -
其他系统或ARM64架构点击这里查看所有离线包
| ip | hostname | OS | role |
|---|---|---|---|
| 192.168.56.11 | node1 | CentOS 7.9 | master etcd worker |
| 192.168.56.12 | node2 | CentOS 7.9 | master etcd worker |
| 192.168.56.13 | node3 | CentOS 7.9 | master etcd worker |
| 192.168.56.14 | node4 | CentOS 7.9 | worker |
| 192.168.56.15 | deploy | CentOS 7.9 | kubeadm-ha(ansible) |
注意: 以下操作未特殊说明都在 192.168.56.15 deploy 节点执行。
-
上传准备好的离线包至搭建 kubeadm-ha(ansible) 环境的服务器上,目录为
/root。 -
准备 kubeadm-ha(ansible) 环境
-
解压离线包
tar -xzvf kubernetes-1.30.5-base-amd64.tgz tar -xzvf kubernetes-1.30.5-images-amd64.tgz tar -xzvf kubernetes-1.30.5-centos7-amd64.tgz
-
CentOS 类系统添加软件源
cat <<EOF | tee /etc/yum.repos.d/kubeadm-ha.repo [kubeadm-ha] name=Kubeadm HA - \$basearch baseurl=file:///root/packages/ enabled=1 gpgcheck=0 repo_gpgcheck=0 EOF -
Debian 类系统添加软件源
echo "deb [trusted=yes] file:///root/ packages/" | tee /etc/apt/sources.list.d/kubeadm-ha.list
-
-
安装 ipset
-
CentOS 类系统安装 ipset
yum install -y --disablerepo=\* --enablerepo=kubeadm-ha \ ipset -
Debian 类系统安装 ipset
apt-get update apt-get install -y ipset
-
-
使用 containerd 运行 kubeadm-ha 镜像(与 docker 安装二选一)
-
解压 containerd 二进制包并安装
tar Cxzvf /usr base/containerd.tar.gz -
配置 containerd
mkdir -p /etc/containerd # root 为 containerd 存储目录,可修改为其他非共享存储目录。 cat <<EOF | tee /etc/containerd/config.toml version = 2 root = "/var/lib/containerd" state = "/run/containerd" oom_score = -999 [grpc] max_recv_message_size = 16777216 max_send_message_size = 16777216 [debug] level = "info" [metrics] address = "" grpc_histogram = false [plugins] [plugins."io.containerd.grpc.v1.cri"] sandbox_image = "registry.custom.local:12480/kubeadm-ha/pause:3.9" max_container_log_line_size = -1 [plugins."io.containerd.grpc.v1.cri".containerd] default_runtime_name = "runc" snapshotter = "overlayfs" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] runtime_type = "io.containerd.runc.v2" runtime_engine = "" runtime_root = "" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] SystemdCgroup = true [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d" EOF -
配置 crictl 命令行
cat <<EOF | tee /etc/crictl.yaml runtime-endpoint: unix:///var/run/containerd/containerd.sock image-endpoint: unix:///var/run/containerd/containerd.sock timeout: 30 debug: false EOF -
启动并加载 kubeadm-ha 镜像
cp base/containerd/containerd.service /etc/systemd/system systemctl daemon-reload systemctl enable --now containerd gunzip -c kubeadm-ha-base-amd64.tar | ctr -n k8s.io images import - -
运行 kubeadm-ha 镜像
ctr -n k8s.io run -d --net-host \ --mount type=bind,src=$PWD/base,dst=/kubernetes/base,options=rbind:ro \ --mount type=bind,src=$PWD/registry,dst=/var/lib/registry,options=rbind:ro \ --mount type=bind,src=$PWD/packages,dst=/kubernetes/packages,options=rbind:ro \ --mount type=bind,src=$PWD/kubeadm-ha,dst=/etc/ansible,options=rbind:ro \ docker.io/setzero/kubeadm-ha:base \ kubeadm-ha
-
-
使用 docker 运行 kubeadm-ha 镜像(与 containerd 安装二选一)
-
解压 docker、cri-dockerd 二进制包并安装
tar xzvf base/docker.tgz tar xzvf base/cri-dockerd.tgz mv docker/* /usr/bin mv cri-dockerd/* /usr/bin rm -rf docker cri-dockerd -
配置 docker
mkdir -p /etc/{docker,containerd} # data-root 为 docker 存储目录,可修改为其他非共享存储目录。 cat <<EOF | tee /etc/docker/daemon.json { "insecure-registries": ["registry.custom.local:12480"], "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "data-root": "/var/lib/docker", "storage-driver": "overlay2" } EOF -
启动并加载 kubeadm-ha 镜像
cp base/docker/config.toml /etc/containerd/config.toml cp base/docker/cri-dockerd.service /etc/systemd/system cp base/docker/cri-dockerd.socket /etc/systemd/system cp base/docker/containerd.service /etc/systemd/system cp base/docker/docker.service /etc/systemd/system cp base/docker/docker.socket /etc/systemd/system systemctl daemon-reload systemctl enable --now docker systemctl enable --now cri-dockerd docker load -i kubeadm-ha-base-amd64.tar -
运行 kubeadm-ha 镜像
docker run -d --restart=always --name kubeadm-ha \ -p 12480:12480 \ -v $PWD/base:/kubernetes/base \ -v $PWD/registry:/var/lib/registry \ -v $PWD/packages:/kubernetes/packages \ -v $PWD/kubeadm-ha:/etc/ansible \ setzero/kubeadm-ha:base
-
-
推送镜像到已有镜像库(可选项,可跳过)
- 如果你不知道这一步可以干什么,请立即跳过
# 命令格式:sync-images 镜像库地址 镜像库用户名 镜像库用户密码 # containerd 示例 ctr -n k8s.io task exec -t --exec-id "shell$RANDOM" kubeadm-ha bash sync-images harbor.custom.io/kubeadm-ha admin Harbor12345 # docker 示例 docker exec -it kubeadm-ha bash sync-images harbor.custom.io/kubeadm-ha admin Harbor12345
- 如果你不知道这一步可以干什么,请立即跳过
-
编辑变量文件
./kubeadm-ha/variables.yaml,内容如下# 自定义 hosts 记录,方便后期调整 IP;IP 配置为 kubeadm-ha 镜像运行的服务器的 IP # 本例中 192.168.56.15 就是运行 kubeadm-ha 镜像的服务器 custom_hosts: "192.168.56.15": - "pkgs.custom.local" - "registry.custom.local" # 安装时发现 docker 或者 containerd 配置被修改则强制其重启应用新配置 # 重启可能中断集群安装,再次执行集群安装命令即可 restart_container_manager_force: true # 注意地址末尾 / 必须加上 base_yum_repo: http://pkgs.custom.local:12480/packages/ docker_yum_repo: http://pkgs.custom.local:12480/packages/ kubernetes_yum_repo: http://pkgs.custom.local:12480/packages/ base_apt_repo: deb [trusted=yes] http://pkgs.custom.local:12480 packages/ docker_apt_repo: deb [trusted=yes] http://pkgs.custom.local:12480 packages/ kubernetes_apt_repo: deb [trusted=yes] http://pkgs.custom.local:12480 packages/ # 若使用 Containerd 作为运行时 runc_download_url: http://pkgs.custom.local:12480/base/runc containerd_download_url: http://pkgs.custom.local:12480/base/containerd.tar.gz # 若使用 Docker 作为运行时 docker_download_url: http://pkgs.custom.local:12480/base/docker.tgz cri_dockerd_download_url: http://pkgs.custom.local:12480/base/cri-dockerd.tgz # 设置信任镜像库 docker_insecure_registries: - "registry.custom.local:12480" containerd_registries: "registry.custom.local:12480": "http://registry.custom.local:12480" # 配置镜像地址 kube_image_repository: registry.custom.local:12480/kubeadm-ha
-
参考 01-集群安装 编写 ansible inventory 文件
./kubeadm-ha/inventory.ini。 -
集群部署
-
使用 containerd 进行集群部署(与 docker 安装二选一)
ctr -n k8s.io task exec -t --exec-id "shell$RANDOM" kubeadm-ha bash ansible-playbook -i inventory.ini -e @variables.yaml 90-init-cluster.yml -
使用 docker 进行集群部署(与 containerd 安装二选一)
docker exec -it kubeadm-ha bash ansible-playbook -i inventory.ini -e @variables.yaml 90-init-cluster.yml
-
-
安装 helm(可选项,可跳过)
注意: 以下操作未特殊说明都在
192.168.56.11第一台 master 节点执行。-
下载helm客户端
curl -sO http://pkgs.custom.local:12480/base/helm.tar.gz
-
解压压缩包(以linux-amd64为例)
tar -zxvf helm.tar.gz
-
将文件移动到PATH目录中(以linux-amd64为例)
sudo mv linux-amd64/helm /usr/bin/helm
-
执行命令,出现以下信息即部署成功。
$ helm version version.BuildInfo{Version:"v3.12.3", GitCommit:"3a31588ad33fe3b89af5a2a54ee1d25bfe6eaa5e", GitTreeState:"clean", GoVersion:"go1.20.7"}
-