环境准备
- Harbor(docker仓库,不介绍安装过程)
- k8s-master
- k8s-node01
- k8s-node02
安装准备 (master & node)
//安装依赖包
yum install -y conntrack ntpdate ntp ipvsadm ipset jq libseccomp -y
//设置防火墙为iptables并设置空规则
systemctl stop firewalld && systemctl disable firewalld
yum install -y iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
//关闭swap
swapoff -a
sed -i '/swap/d' /etc/fstab
//调整内核参数,对于K8s
cat > /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl -p /etc/sysctl.d/kubernetes.conf
//升级系统内核4.44,提升k8s稳定性(3.x内核也可以,但不建议,对k8s支持不是特别好,有bug)
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
//安装完成后检查/boot/grub2/grub.cfg中对对应内核中是否包含initrd16配置,如没有再次安装
yum --enablerepo=elrepo-kernel install -y kernel-lt
//设置开机从新内核启动(根据具体的安装内核版本号修改)
grub2-set-default "CentOS Linux (4.4.186-1.el7.elrepo.x86_64) 7 (Core)"
//重启
reboot
kuber_proxy开启的前置条件(master & node)
modprobe br_netfilter
cat > /etc/sysconfig/modules/ipvs.nodules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.nodules
/etc/sysconfig/modules/ipvs.nodules && lsmod|grep -e ip_vs -e nf_conntrack_ipv4
安装docker
yum install -y yum-utils device-mapper-persistent-data lvm2 -y
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -y
yum update -y
yum install docker-ce -y
systemctl enable docker
systemctl start docker
安装kubeadm(master & node)
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1
systemctl enable kubelet.service
安装kubernetes
- 初始化主节点安装用配置文件
//生成默认初始化配置文件
kubeadm config print init-defaults >kubeadm.yaml
//修改生成的配置文件
advertiseAddress: 192.168.1.2 //主节点IP地址
kubernetesVersion: v1.15.1 //安装的版本
imageRepository: registry.aliyuncs.com/google_containers //修改安装源为阿里云镜像
networking:
podSubnet: "10.244.0.0/16" //增加一行设置pod分配的网段信息
//在最后添加下列信息,将默认的调度方式改为IPVS
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
mode: ipvs
- 下载安装kubernetes images(master & node)
cat > k8s-images.sh << EOF
#!/bin/bash
# download k8s 1.15.1 images
# get image-list by 'kubeadm config images list --kubernetes-version=v1.15.1'
images=(
kube-apiserver:v1.15.1
kube-controller-manager:v1.15.1
kube-scheduler:v1.15.1
kube-proxy:v1.15.1
pause:3.1
etcd:3.3.10
coredns:1.3.1
)
for imageName in ${images[@]};do
docker pull registry.aliyuncs.com/google_containers/$imageName
done
EOF
sh k8s-images.sh
- 安装kubernetes
//方法(使用kubeadm生成的配置文件)
kubeadm init --config kubeadm.yaml --upload-certs |tee kubeadmin-init.log
//安装完成后,根据提示,必须执行以下操作
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
Flannel网路部署
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
//kube-flannel中Pod网段必须和kubernetes中配置的Pod网段一致
//kube-flannel默认Pod的网段为10.244.0.0/16
kubectl create -f kube-flannel.yml
查看kubernetes信息
//查看所有kubernetes组件信息
kubectl get pod -n kube-system
//查看k8s master信息
kubectl get node
node节点部署
node安装kubelet/kubeadm
[root@k8s-node01 ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
[root@k8s-node01 ~]# yum install kubeadm kubelet -y
[root@k8s-node01 ~]# systemctl enable kubelet
将node节点加入到k8s集群中
通过使用kubeadm join命令将node节点加入到集群中,具体加入命令可以在k8s master安装完成后的日志末尾查看。记录加入集群的令牌 每个需要加入的节点都需要运行
//如下所示:
kubeadm join 192.168.1.2:6443 --token abcdef.0123456789abcdef
--discovery-token-ca-cert-hash sha256.........
//node节点执行加入命令
[root@k8s-node01 ~]# kubeadm join 192.168.1.2:6443 --token nag8y9.9vllybijsnn7xrzd
--discovery-token-ca-cert-hash sha256:0f8e9cec4c19ca004fd7c9a906691e5295dd5e38e5265e0edcba0b06cc2a7e14
在master上执行验证节点是否加入集群
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready master 72m v1.15.0
node01 Ready <none> 5m33s v1.15.0
node02 NotReady <none> 14s v1.15.0