• kubernetes1.18.2集群部署


     学习自:https://www.jianshu.com/p/789bc867feaa

    ###批量配置免秘钥 密码可自行修改 这里的密码是123456
    ```
    yum  install -y expect
    ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa
    for i in k8s-1 k8s-2 k8s-3;do
    expect -c "
    spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@$i
            expect {
                    "*yes/no*" {send "yes "; exp_continue}
                    "*password*" {send "123456 "; exp_continue}
                    "*Password*" {send "123456 ";}
            } "
    done 
    ```
    ###三台都做
    ```
    ——————————————————————————————————————————
    sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
    systemctl disable firewalld

    hostnamectl set-hostname k8s-1
    hostnamectl set-hostname k8s-2

    hostnamectl set-hostname k8s-3

    bash

    cat /etc/hosts

    192.168.191.10 k8s-1
    192.168.191.11 k8s-2
    192.168.191.12 k8s-3

    ```

    ###安装docker

    ```
    ——————————————————————————————————————————
    yum install -y yum-utils device-mapper-persistent-data lvm2
    yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
    yum install -y docker-ce
    systemctl start docker && systemctl enable docker
    ###解决那个cgroup问题
    mkdir -p /etc/docker

    cat /etc/docker/daemon.json
    {
    "registry-mirrors": ["https://pcy9sknd.mirror.aliyuncs.com"],
    "exec-opts": ["native.cgroupdriver=systemd"]
    }

    systemctl daemon-reload && systemctl restart docker

    ```

    ————————————————————————————————————————————————————

    ###安装kubernetes

    ```

    [kubernetes]
    name=Kubernetes
    baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
    enabled=1
    gpgcheck=0
    repo_gpgcheck=1
    gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
    https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

    ——————————————————————————————————————————————————

    scp /etc/yum.repos.d/kubernetes.repo root@192.168.191.11:/etc/yum.repos.d

    scp /etc/yum.repos.d/kubernetes.repo root@192.168.191.12:/etc/yum.repos.d

     yum install -y kubelet kubeadm kubectl

    systemctl stop firewalld && systemctl disable firewalld

    setenforce 0 && sed -i "s/SELINUX=enforcing$/SELINUX=disabled/g" /etc/selinux/config
    swapoff -a && sed -i "s//dev/mapper/centos-swap/#/dev/mapper/centos-swap/g" /etc/fstab
    cat > /etc/sysconfig/modules/ipvs.modules <<EOF
    #!/bin/bash
    modprobe -- ip_vs
    modprobe -- ip_vs_rr
    modprobe -- ip_vs_wrr
    modprobe -- ip_vs_sh
    modprobe -- nf_conntrack_ipv4
    EOF
    chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
    cat > /etc/sysctl.d/k8s.conf << EOF
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    vm.swappiness=0
    EOF
    sysctl --system

    iptables -P FORWARD ACCEPT
    sed -i '/ExecStart/a ExecStartPost=/sbin/iptables -P FORWARD ACCEPT' /usr/lib/systemd/system/docker.service
    systemctl daemon-reload

    yum install -y ipset ipvsadm bind-utils

    一键拉取所需镜像

    #!/bin/bash
    images=(
    kube-apiserver:v1.18.2
    kube-controller-manager:v1.18.2
    kube-scheduler:v1.18.2
    kube-proxy:v1.18.2
    pause:3.1
    etcd:3.4.3-0
    coredns:1.6.5
    )
    for imageName in ${images[@]} ; do
    docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName
    docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
    done
    ```

    ###初始化

    ```
    kubeadm init --kubernetes-version=v1.18.2 --pod-network-cidr=10.244.0.0/16 --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers
    mkdir -p $HOME/.kube
    cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    chown $(id -u):$(id -g) $HOME/.kube/config
    kubeadm join 192.168.191.10:6443 --token hxli3n.0ei4xd5rgp9rf0qq
    --discovery-token-ca-cert-hash sha256:4d388f2b94c3d691e6a174fa146e4ae863b3f5c31ff158e11a8e80b421e3a14c

    systemctl daemon-reload
    systemctl start kubelet && systemctl enable kubelet

    vi /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf

    Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs"

    kubeadm reset

    kubeadm init --kubernetes-version=v1.18.2 --pod-network-cidr=10.244.0.0/16 --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers

    ```

    ###安装 CNI 网络插件

    ```

    Flannel 插件

    kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

    检查 Master 的 Pod 及 集群状态
    使用 kubectl get pod -n kube-system -o wide,查看 Pod 状态均为 Runing 即可
    使用 kubectl get node -o wide,查看 Node 状态为 Ready 表示 Master 初始化完成

    ```

    ###kubectl apply -f kube-flannel.yml

    ```

    ---
    apiVersion: policy/v1beta1
    kind: PodSecurityPolicy
    metadata:
    name: psp.flannel.unprivileged
    annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
    seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
    apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
    apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
    spec:
    privileged: false
    volumes:
    - configMap
    - secret
    - emptyDir
    - hostPath
    allowedHostPaths:
    - pathPrefix: "/etc/cni/net.d"
    - pathPrefix: "/etc/kube-flannel"
    - pathPrefix: "/run/flannel"
    readOnlyRootFilesystem: false
    # Users and groups
    runAsUser:
    rule: RunAsAny
    supplementalGroups:
    rule: RunAsAny
    fsGroup:
    rule: RunAsAny
    # Privilege Escalation
    allowPrivilegeEscalation: false
    defaultAllowPrivilegeEscalation: false
    # Capabilities
    allowedCapabilities: ['NET_ADMIN']
    defaultAddCapabilities: []
    requiredDropCapabilities: []
    # Host namespaces
    hostPID: false
    hostIPC: false
    hostNetwork: true
    hostPorts:
    - min: 0
    max: 65535
    # SELinux
    seLinux:
    # SELinux is unused in CaaSP
    rule: 'RunAsAny'
    ---
    kind: ClusterRole
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
    name: flannel
    rules:
    - apiGroups: ['extensions']
    resources: ['podsecuritypolicies']
    verbs: ['use']
    resourceNames: ['psp.flannel.unprivileged']
    - apiGroups:
    - ""
    resources:
    - pods
    verbs:
    - get
    - apiGroups:
    - ""
    resources:
    - nodes
    verbs:
    - list
    - watch
    - apiGroups:
    - ""
    resources:
    - nodes/status
    verbs:
    - patch
    ---
    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
    name: flannel
    roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: flannel
    subjects:
    - kind: ServiceAccount
    name: flannel
    namespace: kube-system
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
    name: flannel
    namespace: kube-system
    ---
    kind: ConfigMap
    apiVersion: v1
    metadata:
    name: kube-flannel-cfg
    namespace: kube-system
    labels:
    tier: node
    app: flannel
    data:
    cni-conf.json: |
    {
    "name": "cbr0",
    "cniVersion": "0.3.1",
    "plugins": [
    {
    "type": "flannel",
    "delegate": {
    "hairpinMode": true,
    "isDefaultGateway": true
    }
    },
    {
    "type": "portmap",
    "capabilities": {
    "portMappings": true
    }
    }
    ]
    }
    net-conf.json: |
    {
    "Network": "10.244.0.0/16",
    "Backend": {
    "Type": "vxlan"
    }
    }
    ---
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
    name: kube-flannel-ds-amd64
    namespace: kube-system
    labels:
    tier: node
    app: flannel
    spec:
    selector:
    matchLabels:
    app: flannel
    template:
    metadata:
    labels:
    tier: node
    app: flannel
    spec:
    affinity:
    nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
    nodeSelectorTerms:
    - matchExpressions:
    - key: beta.kubernetes.io/os
    operator: In
    values:
    - linux
    - key: beta.kubernetes.io/arch
    operator: In
    values:
    - amd64
    hostNetwork: true
    tolerations:
    - operator: Exists
    effect: NoSchedule
    serviceAccountName: flannel
    initContainers:
    - name: install-cni
    image: quay.io/coreos/flannel:v0.11.0-amd64
    command:
    - cp
    args:
    - -f
    - /etc/kube-flannel/cni-conf.json
    - /etc/cni/net.d/10-flannel.conflist
    volumeMounts:
    - name: cni
    mountPath: /etc/cni/net.d
    - name: flannel-cfg
    mountPath: /etc/kube-flannel/
    containers:
    - name: kube-flannel
    image: quay.io/coreos/flannel:v0.11.0-amd64
    command:
    - /opt/bin/flanneld
    args:
    - --ip-masq
    - --kube-subnet-mgr
    resources:
    requests:
    cpu: "100m"
    memory: "50Mi"
    limits:
    cpu: "100m"
    memory: "50Mi"
    securityContext:
    privileged: false
    capabilities:
    add: ["NET_ADMIN"]
    env:
    - name: POD_NAME
    valueFrom:
    fieldRef:
    fieldPath: metadata.name
    - name: POD_NAMESPACE
    valueFrom:
    fieldRef:
    fieldPath: metadata.namespace
    volumeMounts:
    - name: run
    mountPath: /run/flannel
    - name: flannel-cfg
    mountPath: /etc/kube-flannel/
    volumes:
    - name: run
    hostPath:
    path: /run/flannel
    - name: cni
    hostPath:
    path: /etc/cni/net.d
    - name: flannel-cfg
    configMap:
    name: kube-flannel-cfg
    ---
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
    name: kube-flannel-ds-arm64
    namespace: kube-system
    labels:
    tier: node
    app: flannel
    spec:
    selector:
    matchLabels:
    app: flannel
    template:
    metadata:
    labels:
    tier: node
    app: flannel
    spec:
    affinity:
    nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
    nodeSelectorTerms:
    - matchExpressions:
    - key: beta.kubernetes.io/os
    operator: In
    values:
    - linux
    - key: beta.kubernetes.io/arch
    operator: In
    values:
    - arm64
    hostNetwork: true
    tolerations:
    - operator: Exists
    effect: NoSchedule
    serviceAccountName: flannel
    initContainers:
    - name: install-cni
    image: quay.io/coreos/flannel:v0.11.0-arm64
    command:
    - cp
    args:
    - -f
    - /etc/kube-flannel/cni-conf.json
    - /etc/cni/net.d/10-flannel.conflist
    volumeMounts:
    - name: cni
    mountPath: /etc/cni/net.d
    - name: flannel-cfg
    mountPath: /etc/kube-flannel/
    containers:
    - name: kube-flannel
    image: quay.io/coreos/flannel:v0.11.0-arm64
    command:
    - /opt/bin/flanneld
    args:
    - --ip-masq
    - --kube-subnet-mgr
    resources:
    requests:
    cpu: "100m"
    memory: "50Mi"
    limits:
    cpu: "100m"
    memory: "50Mi"
    securityContext:
    privileged: false
    capabilities:
    add: ["NET_ADMIN"]
    env:
    - name: POD_NAME
    valueFrom:
    fieldRef:
    fieldPath: metadata.name
    - name: POD_NAMESPACE
    valueFrom:
    fieldRef:
    fieldPath: metadata.namespace
    volumeMounts:
    - name: run
    mountPath: /run/flannel
    - name: flannel-cfg
    mountPath: /etc/kube-flannel/
    volumes:
    - name: run
    hostPath:
    path: /run/flannel
    - name: cni
    hostPath:
    path: /etc/cni/net.d
    - name: flannel-cfg
    configMap:
    name: kube-flannel-cfg
    ---
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
    name: kube-flannel-ds-arm
    namespace: kube-system
    labels:
    tier: node
    app: flannel
    spec:
    selector:
    matchLabels:
    app: flannel
    template:
    metadata:
    labels:
    tier: node
    app: flannel
    spec:
    affinity:
    nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
    nodeSelectorTerms:
    - matchExpressions:
    - key: beta.kubernetes.io/os
    operator: In
    values:
    - linux
    - key: beta.kubernetes.io/arch
    operator: In
    values:
    - arm
    hostNetwork: true
    tolerations:
    - operator: Exists
    effect: NoSchedule
    serviceAccountName: flannel
    initContainers:
    - name: install-cni
    image: quay.io/coreos/flannel:v0.11.0-arm
    command:
    - cp
    args:
    - -f
    - /etc/kube-flannel/cni-conf.json
    - /etc/cni/net.d/10-flannel.conflist
    volumeMounts:
    - name: cni
    mountPath: /etc/cni/net.d
    - name: flannel-cfg
    mountPath: /etc/kube-flannel/
    containers:
    - name: kube-flannel
    image: quay.io/coreos/flannel:v0.11.0-arm
    command:
    - /opt/bin/flanneld
    args:
    - --ip-masq
    - --kube-subnet-mgr
    resources:
    requests:
    cpu: "100m"
    memory: "50Mi"
    limits:
    cpu: "100m"
    memory: "50Mi"
    securityContext:
    privileged: false
    capabilities:
    add: ["NET_ADMIN"]
    env:
    - name: POD_NAME
    valueFrom:
    fieldRef:
    fieldPath: metadata.name
    - name: POD_NAMESPACE
    valueFrom:
    fieldRef:
    fieldPath: metadata.namespace
    volumeMounts:
    - name: run
    mountPath: /run/flannel
    - name: flannel-cfg
    mountPath: /etc/kube-flannel/
    volumes:
    - name: run
    hostPath:
    path: /run/flannel
    - name: cni
    hostPath:
    path: /etc/cni/net.d
    - name: flannel-cfg
    configMap:
    name: kube-flannel-cfg
    ---
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
    name: kube-flannel-ds-ppc64le
    namespace: kube-system
    labels:
    tier: node
    app: flannel
    spec:
    selector:
    matchLabels:
    app: flannel
    template:
    metadata:
    labels:
    tier: node
    app: flannel
    spec:
    affinity:
    nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
    nodeSelectorTerms:
    - matchExpressions:
    - key: beta.kubernetes.io/os
    operator: In
    values:
    - linux
    - key: beta.kubernetes.io/arch
    operator: In
    values:
    - ppc64le
    hostNetwork: true
    tolerations:
    - operator: Exists
    effect: NoSchedule
    serviceAccountName: flannel
    initContainers:
    - name: install-cni
    image: quay.io/coreos/flannel:v0.11.0-ppc64le
    command:
    - cp
    args:
    - -f
    - /etc/kube-flannel/cni-conf.json
    - /etc/cni/net.d/10-flannel.conflist
    volumeMounts:
    - name: cni
    mountPath: /etc/cni/net.d
    - name: flannel-cfg
    mountPath: /etc/kube-flannel/
    containers:
    - name: kube-flannel
    image: quay.io/coreos/flannel:v0.11.0-ppc64le
    command:
    - /opt/bin/flanneld
    args:
    - --ip-masq
    - --kube-subnet-mgr
    resources:
    requests:
    cpu: "100m"
    memory: "50Mi"
    limits:
    cpu: "100m"
    memory: "50Mi"
    securityContext:
    privileged: false
    capabilities:
    add: ["NET_ADMIN"]
    env:
    - name: POD_NAME
    valueFrom:
    fieldRef:
    fieldPath: metadata.name
    - name: POD_NAMESPACE
    valueFrom:
    fieldRef:
    fieldPath: metadata.namespace
    volumeMounts:
    - name: run
    mountPath: /run/flannel
    - name: flannel-cfg
    mountPath: /etc/kube-flannel/
    volumes:
    - name: run
    hostPath:
    path: /run/flannel
    - name: cni
    hostPath:
    path: /etc/cni/net.d
    - name: flannel-cfg
    configMap:
    name: kube-flannel-cfg
    ---
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
    name: kube-flannel-ds-s390x
    namespace: kube-system
    labels:
    tier: node
    app: flannel
    spec:
    selector:
    matchLabels:
    app: flannel
    template:
    metadata:
    labels:
    tier: node
    app: flannel
    spec:
    affinity:
    nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
    nodeSelectorTerms:
    - matchExpressions:
    - key: beta.kubernetes.io/os
    operator: In
    values:
    - linux
    - key: beta.kubernetes.io/arch
    operator: In
    values:
    - s390x
    hostNetwork: true
    tolerations:
    - operator: Exists
    effect: NoSchedule
    serviceAccountName: flannel
    initContainers:
    - name: install-cni
    image: k8s.gcr.io/coredns:1.6.5
    command:
    - cp
    args:
    - -f
    - /etc/kube-flannel/cni-conf.json
    - /etc/cni/net.d/10-flannel.conflist
    volumeMounts:
    - name: cni
    mountPath: /etc/cni/net.d
    - name: flannel-cfg
    mountPath: /etc/kube-flannel/
    containers:
    - name: kube-flannel
    image: k8s.gcr.io/coredns:1.6.5
    command:
    - /opt/bin/flanneld
    args:
    - --ip-masq
    - --kube-subnet-mgr
    resources:
    requests:
    cpu: "100m"
    memory: "50Mi"
    limits:
    cpu: "100m"
    memory: "50Mi"
    securityContext:
    privileged: false
    capabilities:
    add: ["NET_ADMIN"]
    env:
    - name: POD_NAME
    valueFrom:
    fieldRef:
    fieldPath: metadata.name
    - name: POD_NAMESPACE
    valueFrom:
    fieldRef:
    fieldPath: metadata.namespace
    volumeMounts:
    - name: run
    mountPath: /run/flannel
    - name: flannel-cfg
    mountPath: /etc/kube-flannel/
    volumes:
    - name: run
    hostPath:
    path: /run/flannel
    - name: cni
    hostPath:
    path: /etc/cni/net.d
    - name: flannel-cfg
    configMap:
    name: kube-flannel-cfg

    ```

    ###可视化网页dash-board

    ```

    docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
    (3)部署:kubectl create -f kubernetes-dashboard.yaml
    (4)重新编辑:kubectl -n kube-system edit service kubernetes-
    dashboard,修改 type: ClusterIP 成 type: NodePort 保存
    (5)获取端口信息:kubectl -n kube-system get service kubernetes-
    dashboard
    (6)然后就可以根据端口进行访问了

     ```

  • 相关阅读:
    MIPS、ARM、X86三大架构 (待写)
    NDIS驱动(待补充)
    iptables参数详解
    SSL协议详解
    shell脚本自学系列(3):shell编程基本语法简介
    shell脚本自学系列(x):十三个写好shell脚本的技巧分享
    软件质量模型的6大特性和27个子特性
    spring boot 热部署
    mysql 查询表死锁 和结束死锁的表步骤以及锁表等级
    高cpu分析
  • 原文地址:https://www.cnblogs.com/sxgaofeng/p/12048771.html
Copyright © 2020-2023  润新知