2021kubadm 安装k8s1.21.1 centos 版本

配置系统mod

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

按照contrainer runtime

sudo yum remove docker 
                  docker-client 
                  docker-client-latest 
                  docker-common 
                  docker-latest 
                  docker-latest-logrotate 
                  docker-logrotate 
                  docker-engine -y
sudo yum install -y yum-utils
 sudo yum-config-manager 
    --add-repo 
    https://download.docker.com/linux/centos/docker-ce.repo -y

yum list docker-ce --showduplicates | sort -r

sudo yum install docker-ce docker-ce-cli containerd.io -y 
sudo mkdir /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
EOF

sudo systemctl enable docker
sudo systemctl daemon-reload
sudo systemctl restart docker

安装kubeadm 工具

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF

# Set SELinux in permissive mode (effectively disabling it)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config

sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

sudo systemctl enable --now kubelet

配置高可用nginx slb

yum install epel-release -y


yum install nginx-mod-stream nginx -y


############
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 102400;
}

stream {
    upstream k8s {
        server 10.160.1.12:6443;
        server 10.160.1.13:6443;
    }

   server {
      listen 250;
      proxy_connect_timeout 1s;
      proxy_pass k8s;
   }
}

初始化节点

kubeadm init --control-plane-endpoint "10.160.1.12:250" --upload-certs  --pod-network-cidr  172.18.64.0/18 --service-cidr 172.18.0.0/18



############# 返回结果

You can now join any number of the control-plane node running the following command on each as root:

kubeadm join 10.160.1.12:250 --token 7diqj2.31xtw1ckzor14kqe

--discovery-token-ca-cert-hash sha256:460d4aad638a8d04509c362374def36c0484c34ae7352fd22102b105fd4cbd3a

--control-plane --certificate-key a701b6f4bd6cda8e5d339f16ac05d55b673840b85bff55101cc28d709e95d514

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!

As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use

"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root: