#版本 kubelet-1.26.2-0 kubeadm-1.26.2-0 kubectl-1.26.2-0 docker
| ipv4 /ipv6地址 | 节点 | | | | | ---------------------------- | -------- | ---- | ---- | ---- | | 10.0.0.130 fd15:4ba5:5a2b:1008:20c::30 | master01 | | | | | 10.0.0.131 fd15:4ba5:5a2b:1008:20c::31 | node01 | | | | | 10.0.0.132 fd15:4ba5:5a2b:1008:20c::32 | node02 | | | |
hostnamectl set-hostname master01
rm -fr /etc/sysconfig/network-scripts/ifcfg-eth0
cat >>/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_DEFAULTGW=fe80::f10c:cb96:73c1:cbb5
#IPV6_DEFAULTGW=2003::2
IPV6ADDR=fd15:4ba5:5a2b:1008:20c::30/64
#IPV6ADDR=2003::10/64
##IPV6ADDR=2408:8207:78ce:7561::30/64
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.130
GATEWAY=10.0.0.2
NETMASK=255.255.255.0
DNS=2409:8088::b
EOF
hostnamectl set-hostname node01
rm -fr /etc/sysconfig/network-scripts/ifcfg-eth0
cat >>/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_DEFAULTGW=fe80::f10c:cb96:73c1:cbb5
#IPV6_DEFAULTGW=2003::2
IPV6ADDR=fd15:4ba5:5a2b:1008:20c::31/64
#IPV6ADDR=2003::10/64
##IPV6ADDR=2408:8207:78ce:7561::30/64
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.131
GATEWAY=10.0.0.2
NETMASK=255.255.255.0
DNS=2409:8088::b
EOF
hostnamectl set-hostname node02
rm -fr /etc/sysconfig/network-scripts/ifcfg-eth0
cat >>/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_DEFAULTGW=fe80::f10c:cb96:73c1:cbb5
#IPV6_DEFAULTGW=2003::2
IPV6ADDR=fd15:4ba5:5a2b:1008:20c::32/64
#IPV6ADDR=2003::10/64
##IPV6ADDR=2408:8207:78ce:7561::30/64
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.132
GATEWAY=10.0.0.2
NETMASK=255.255.255.0
DNS=2409:8088::b
EOF
cat >> /etc/hosts <<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
fd15:4ba5:5a2b:1008:20c::30 master01
fd15:4ba5:5a2b:1008:20c::31 node01
fd15:4ba5:5a2b:1008:20c::32 node01
10.0.0.130 master01
10.0.0.131 node01
10.0.0.132 node02
EOF
cat >>/etc/yum.repos.d/CentOS-local.repo <<EOF
[base-local]
name=CentOS7.9-local
baseurl=file:///mnt/
enabled=1
EOF
mount /dev/cdrom /mnt
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.forwarding = 1
EOF
sysctl --system
ulimit -SHn 65535
cat >> /etc/security/limits.conf <<EOF
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* seft memlock unlimited
* hard memlock unlimitedd
EOF
cat >>/etc/sysctl.d/99-kubernetes-cri.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
cat >> /etc/modules-load.d/ipvs.conf <<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
systemctl restart systemd-modules-load.service
#服务端
yum install chrony -y
cat > /etc/chrony.conf << EOF
pool ntp.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 10.0.0.0/24
local stratum 10
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF
systemctl restart chronyd ; systemctl enable chronyd
#客户端
yum install chrony -y
cat > /etc/chrony.conf << EOF
pool 10.0.0.130 iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
keyfile /etc/chrony.keys
leapsectz right/UTC
logdir /var/log/chrony
EOF
chronyc sources -v
systemctl restart chronyd ; systemctl enable chronyd
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum list docker-ce.x86_64 --showduplicates | sort -r
yum install docker-ce docker-ce-cli-20.10.17-3.el7 docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
systemctl enable --now docker
mkdir /etc/docker/
cat >>/etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://py2xwg2m.mirror.aliyuncs.com"]
}
EOF
systemctl daemon reload
systemctl restart docker
sudo systemctl stop containerd.service
sudo cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
sudo containerd config default > $HOME/config.toml
sudo cp $HOME/config.toml /etc/containerd/config.toml
sudo sed -i "s#registry.k8s.io/pause#registry.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
sudo sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml
sudo systemctl enable --now containerd.service
# sudo systemctl status containerd.service
# sudo systemctl status docker.service
sudo systemctl start docker.service
# sudo systemctl status docker.service
sudo systemctl enable docker.service
sudo systemctl enable docker.socket
sudo systemctl list-unit-files | grep docker
# 用于运行crictl
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF
systemctl restart containerd
crictl images
crictl ps -a
yum list --showduplicates kubeadm --disableexcludes=kubernetes
yum install -y kubelet-1.26.2-0 kubeadm-1.26.2-0 kubectl-1.26.2-0 --disableexcludes=kubernetes --nogpgcheck
systemctl enable kubectl
生成初始化配置,修改
kubeadm config print init-defaults > kubeadm-config.yaml
cat >> kubeadm-config.yaml <<EOF
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: "0"
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: "10.0.0.130"
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
kubeletExtraArgs:
node-ip: 10.0.0.130,fd15:4ba5:5a2b:1008:20c::30
#向kubelet传递多个ip地址
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
#controllerManager:
# extraArgs:
# "node-cidr-mask-size-ipv4": "24"
# "node-cidr-mask-size-ipv6": "120"
kubernetesVersion: 1.26.2
networking:
dnsDomain: cluster.local
#podSubnet: 10.244.0.0/16,2004::/64
#serviceSubnet: 10.96.0.0/16,2005::/110
# podSubnet: 10.244.0.0/16,2001:db8:42:0::/56
#serviceSubnet: 10.96.0.0/16,2001:db8:42:1::/112
podSubnet: 10.244.0.0/16,fc00::/48
serviceSubnet: 10.96.0.0/16,fd00::/108
EOF
kubeadm init --config=kubeadm-config.yaml
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
cat node-init.yaml
apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
discovery:
bootstrapToken:
apiServerEndpoint: 10.0.0.131:6443
token: "abcdef.0123456789abcdef"
caCertHashes:
- "sha256:47a0e8f6f7178da67c91a52cf029076fd60f1b60bddb6aa801003ef70898f933"
nodeRegistration:
kubeletExtraArgs:
node-ip: 10.0.0.132,fd15:4ba5:5a2b:1008:20c::31
criSocket: unix:///var/run/containerd/containerd.sock
cat node-init.yaml
apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
discovery:
bootstrapToken:
apiServerEndpoint: 10.0.0.131:6443
token: "abcdef.0123456789abcdef"
caCertHashes:
- "sha256:47a0e8f6f7178da67c91a52cf029076fd60f1b60bddb6aa801003ef70898f933"
nodeRegistration:
kubeletExtraArgs:
node-ip: 10.0.0.132,fd15:4ba5:5a2b:1008:20c::32
criSocket: unix:///var/run/containerd/containerd.sock
kubeadm join --config=node-init.yaml
calico下载地址
calico开启双栈参考
Configure dual stack or IPv6 only | Calico Documentation (tigera.io)
vim calico.yaml +70
"ipam": {
"type": "calico-ipam",
"assign_ipv4": "false",
"assign_ipv6": "true"
},
# Auto-detect the BGP IP address.
- name: IP
value: "autodetect"
- name: IP6
value: "autodetect"
- name: IP_AUTODETECTION_METHOD
value: "interface=eth0"
- name: CALICO_IPV6POOL_CIDR
value: "2001:db8:42:0::/56"
- name: CALICO_IPV4POOL_CIDR
value: "10.244.0.0/16"
# Disable IPv6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: "true"
k apply -f calico.yaml.suss.ipv6
curl -L https://github.com/projectcalico/calico/releases/download/v3.24.6/calicoctl-linux-amd64 -o calicoctl
chmod +x ./calicoctl
apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
datastoreType: 'kubernetes'
kubeconfig: '/path/to/.kube/config'