本文详细部署参考 :使用kubeadm安装Kubernetes 1.13
环境准备,每个节点都需要:
centos7.5 4 、2G内存,cup个数>=2
1、时间同步(ntp5.aliyun.com),chronyc sources(查看是否同步)
2、主机名解析,互相免密登陆
3、关闭防火墙(firewall,iptables)
docker有些版本的filter 表,默认的FORWARD 链默认是 DROP ,需要修改
iptables -t filter -P FORWARD ACCEPT (命令临时生效)
4、禁用selinux
setenforce 0 sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
5、禁用swap,/etc/fstable, swapoff -a,swapof -s(查看)
6、启用内核模块:
创建/etc/sysctl.d/k8s.conf文件,添加如下内容: net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1
另一个人的配置(
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.ip_forward = 1
)
执行命令使修改生效。
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
7、开启ipvs,执行脚本(K8S集群优化之路由转发:使用IPVS替代iptables。kube-proxy的ipvs模式解读)
cat > /etc/sysconfig/modules/ipvs.modules <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack_ipv4 EOF chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
8、安装Docker
使用阿里云的源docker-ce
9、确认一下iptables filter表中FOWARD链的默认策略(pllicy)为ACCEPT。iptables -nvL
10、安装kubeadm和kubelet,使用阿里云源
11、拉取镜像
docker pull docker.io/fanever/k8scheduler
docker pull docker.io/fanever/k8proxy
docker pull docker.io/fanever/k8pause
docker pull docker.io/fanever/k8etcd
docker pull docker.io/fanever/k8coredns
docker pull docker.io/fanever/k8controller
docker pull docker.io/fanever/k8api
打标签
docker tag docker.io/fanever/k8coredns k8s.gcr.io/coredns:1.3.1 docker tag docker.io/fanever/k8etcd k8s.gcr.io/etcd:3.3.10 docker tag docker.io/fanever/k8pause k8s.gcr.io/pause:3.1 docker tag docker.io/fanever/k8proxy k8s.gcr.io/kube-proxy:v1.14.1 docker tag docker.io/fanever/k8scheduler k8s.gcr.io/kube-scheduler:v1.14.1 docker tag docker.io/fanever/k8controller k8s.gcr.io/kube-controller-manager:v1.14.1 docker tag docker.io/fanever/k8api k8s.gcr.io/kube-apiserver:v1.14.1
11、使用kubeadm init初始化集群
在各节点开机启动kubelet服务:systemctl enable kubelet.service
在master上使用kubeadm初始化集群:
kubeadm init --kubernetes-version=v1.14.0 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.61.11
根据提示,创建配置文件,和pod网络,选择flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
需要的镜像是:quay.io/coreos/flannel:v0.11.0-amd64在kube-flannel.yml中查看,可以先pull,镜像站在https://quay.io/repository/coreos/flannel?tab=tags
测试环境:
1 master
3nodes
所需软件:
kubeadm(部署工具)
kubelet(管理pod)
docker
部署dashboard web图形界面
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
更改镜像,加上type
kubectl apply -f kubernetes-dashboard.yaml #kubectl delete -f kubernetes-dashboard.yaml 743 kubectl create serviceaccount fang -n kube-system 744 kubectl get serviceaccount 745 kubectl get serviceaccount -a 746 kubectl get serviceaccount -A 748 kubectl create clusterrolebinding fang --clusterrole=cluster-admin --serviceaccount=kube-system:fang 749 kubectl get secret -A 750 kubectl describe secret fang-token-skvgq -n kube-system