一、环境说明
主机名 | IP地址 | 角色 | 系统 |
k8s-node-1 | 192.170.38.80 | k8s-master | Centos7.6 |
k8s-node-2 | 192.170.38.81 | k8s-node | Centos7.6 |
k8s-node-3 | 192.170.38.82 | k8s-node | Centos7.6 |
注意:官方建议每台机器至少双核2G内存,同时需确保MAC和product_uuid唯一(参考下面的命令查看)
ip link
cat /sys/class/dmi/id/product_uuid
二、环境配置
以下命令在三台主机上均需运行
1、设置阿里云yum源(可选)
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo rm -rf /var/cache/yum && yum makecache && yum -y update && yum -y autoremove
2、安装依赖包
yum install -y epel-release conntrack ipvsadm ipset jq sysstat curl iptables libseccomp
3、关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
4、关闭SELinux
setenforce 0 sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
5、关闭swap分区
swapoff -a sed -i '/ swap / s/^(.*)$/#1/g' /etc/fstab
6、加载内核模块
modprobe br_netfilter modprobe ip_vs modprobe ip_vs_rr modprobe ip_vs_wrr modprobe ip_vs_sh modprobe nf_conntrack_ipv4
cat > /etc/sysconfig/modules/ipvs.modules <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack_ipv4 modprobe -- br_netfilter EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules
7、设置内核参数
cat << EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl -p /etc/sysctl.d/k8s.conf
8、安装Docker
参考:https://www.cnblogs.com/hackyo/p/9280042.html
Docker建议配置阿里云镜像加速
安装完成后配置启动时的命令,否则docker会将iptables FORWARD chain的默认策略设置为DROP
另外Kubeadm建议将systemd设置为cgroup驱动,所以还要修改daemon.json
sed -i "13i ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT" /usr/lib/systemd/system/docker.service
tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://bk6kzfqm.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ] } EOF
systemctl daemon-reload systemctl restart docker
9、安装kubeadm和kubelet
配置源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF yum makecache fast
安装
yum install -y kubelet kubeadm kubectl systemctl enable kubelet
10、拉取所需镜像
先从阿里云拉取所需的镜像,不然会从谷歌拉取,导致拉取失败。
拉取镜像:
kubeadm config images list | sed -e 's/^/docker pull /g' -e 's#k8s.gcr.io#registry.cn-hangzhou.aliyuncs.com/google_containers#g' | sh -x docker images | grep registry.cn-hangzhou.aliyuncs.com/google_containers | awk '{print "docker tag",$1":"$2,$1":"$2}' | sed -e 's/registry.cn-hangzhou.aliyuncs.com/google_containers/k8s.gcr.io/2' | sh -x docker images | grep registry.cn-hangzhou.aliyuncs.com/google_containers | awk '{print "docker rmi """$1""":"""$2}' | sh -x
三、初始化集群
以下命令如无特殊说明,均在k8s-node-1上执行
1、使用kubeadm init初始化集群(注意修改最后为本机IP)
kubeadm init --kubernetes-version=v1.14.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.170.38.80
初始化成功后会输出类似下面的加入命令,暂时无需运行,先记录。
kubeadm join 192.170.38.80:6443 --token duz8m8.njvafly3p2jrshfx --discovery-token-ca-cert-hash sha256:60e15ba0f562a9f29124914a1540bd284e021a37ebdbcea128f4e257e25002db
2、为需要使用kubectl的用户进行配置
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
检查集群状态
kubectl get cs
3、安装Pod Network(使用七牛云镜像)
curl -o kube-flannel.yml https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml sed -i "s/quay.io/coreos/flannel/quay-mirror.qiniu.com/coreos/flannel/g" kube-flannel.yml kubectl apply -f kube-flannel.yml rm -f kube-flannel.yml
使用下面的命令确保所有的Pod都处于Running状态,可能要等到许久。
kubectl get pod --all-namespaces -o wide
4、向Kubernetes集群中添加Node节点
在k8s-node-2和k8s-node-3上运行之前在k8s-node-1输出的命令
kubeadm join 192.170.38.80:6443 --token duz8m8.njvafly3p2jrshfx --discovery-token-ca-cert-hash sha256:60e15ba0f562a9f29124914a1540bd284e021a37ebdbcea128f4e257e25002db
查看集群中的节点状态,可能要等等许久才Ready
kubectl get nodes
5、kube-proxy开启ipvs
kubectl get configmap kube-proxy -n kube-system -o yaml > kube-proxy-configmap.yaml sed -i 's/mode: ""/mode: "ipvs"/' kube-proxy-configmap.yaml kubectl apply -f kube-proxy-configmap.yaml rm -f kube-proxy-configmap.yaml kubectl get pod -n kube-system | grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}'
完工!