一、环境说明
1、安装两台ubuntu 18.04的虚拟机,网络为桥接模式;1.1、K8S最低配置至少是2个CPU,2GB内存1.2、K8S要求网卡MAC地址【ifconfig可查询】和机器产品码保证唯一【获取机器唯一码:cat /sys/class/dmi/id/product_uuid】2、除有说明外,都在 root 用户下进行操作(虽然命令中有 sudo ==)3、这里实施为:k8s-master 192.168.89.133 9C004D56-F7E3-8C5F-1589-B51CFEF1DBEDk8s-worker 192.168.89.134 EB884D56-98B2-810D-9C2C-FCE9E75394AD
# 对于kubernetes v1.18.0的话,需要操作iptables,原文内容如下【操作的时k8s-master】# 将桥接的IPv4流量传递到iptables的链Letting iptables see bridged trafficAs a requirement for your Linux Node’s iptables to correctly see bridged traffic, you should ensure net.bridge.bridge-nf-call-iptables is set to 1 in your sysctl config, e.g.cat <<EOF > /etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1EOFsysctl --system# 具体操作如下:root@k8s-master:~# vim /etc/sysctl.d/k8s.conf# 输入以下内容:net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1root@k8s-master:~# sysctl --system* Applying /etc/sysctl.d/10-console-messages.conf ...kernel.printk = 4 4 1 7* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...* Applying /etc/sysctl.d/10-kernel-hardening.conf ...kernel.kptr_restrict = 1* Applying /etc/sysctl.d/10-link-restrictions.conf ...fs.protected_hardlinks = 1fs.protected_symlinks = 1* Applying /etc/sysctl.d/10-lxd-inotify.conf ...fs.inotify.max_user_instances = 1024* Applying /etc/sysctl.d/10-magic-sysrq.conf ...kernel.sysrq = 176* Applying /etc/sysctl.d/10-network-security.conf ...net.ipv4.conf.default.rp_filter = 1net.ipv4.conf.all.rp_filter = 1net.ipv4.tcp_syncookies = 1* Applying /etc/sysctl.d/10-ptrace.conf ...kernel.yama.ptrace_scope = 1* Applying /etc/sysctl.d/10-zeropage.conf ...vm.mmap_min_addr = 65536* Applying /usr/lib/sysctl.d/50-default.conf ...net.ipv4.conf.all.promote_secondaries = 1net.core.default_qdisc = fq_codel* Applying /etc/sysctl.d/99-sysctl.conf ...* Applying /etc/sysctl.d/k8s.conf ...net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1* Applying /etc/sysctl.conf ...
二、安装Docker
master和worker安装Docker操作步骤如下:apt updateapt remove docker docker-engine docker.ioapt install docker.io -ysystemctl start dockersystemctl enable dockerdocker --version配置一下 Docker 镜像加速,并将 Docker cgroup 驱动程序从"cgroupfs"改到"systemd"vim /etc/docker/daemon.json输入以下内容:{"registry-mirrors": ["https://registry.docker-cn.com"],"exec-opts": ["native.cgroupdriver=systemd"]}systemctl daemon-reloadsystemctl restart docker# 将当前登录用户添加至docker组,便于拉取镜像操作【需要退出root用户】sudo usermod -a -G docker $USER# 执行成功后,退出当前用户之后,再重新登录就会完全生效
k8s-master安装Docker操作步骤如下【同理:k8s-worker操作】:root@k8s-master:~# apt updateroot@k8s-master:~# apt remove docker docker-engine docker.ioroot@k8s-master:~# apt install docker.io -yroot@k8s-master:~# systemctl start dockerroot@k8s-master:~# systemctl enable dockerroot@k8s-master:~# docker --versionDocker version 19.03.6, build 369ce74a3croot@k8s-master:~# vim /etc/docker/daemon.jsonroot@k8s-master:~# systemctl daemon-reloadroot@k8s-master:~# systemctl restart dockerroot@k8s-master:~# exitmaster@k8s-master:~$ sudo usermod -a -G docker $USER[sudo] password for master:master@k8s-master:~$ logout
三、安装Kubernetes
apt-get update && apt-get install -y apt-transport-https curl# 获取kubernetes的apt keys【国内用阿里云镜像链接,国外是google镜像链接】curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -# 国外链接curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -# 编辑kubernetes.list,写入deb内容:vim /etc/apt/sources.list.d/kubernetes.list国内写入的内容:deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main【https://mirrors.aliyun.com/kubernetes/apt,这里面能看到kubeadm、kubelet、kubectl的版本号】国外写入的内容:deb https://apt.kubernetes.io/ kubernetes-xenial mainapt-get updateapt install software-properties-common# 关闭防火墙和swapufw disableufw status# 临时关闭swapswapoff -a# 永久关闭swap,编辑下面文件,将swap那一行注释掉即可或者执行:sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstabvim /etc/fstab# 检测是否需要关闭selinux# 如果这个/etc/selinux/config文件存在,且是enforcing,则需要进行以下调整sed -i 's/enforcing/disabled/' /etc/selinux/configsetenforce 0# 安装kubelet kubeadm kubectlapt-get install -y kubelet kubeadm kubectlapt-mark hold kubelet kubeadm kubectl# 验证是否安装成功【kubelet现在每隔几秒就会重启,因为它陷入了一个等待 kubeadm 指令的死循环】kubeadm version
k8s-master安装Docker操作步骤如下【同理:k8s-worker操作】:root@k8s-master:~# apt-get update && apt-get install -y apt-transport-https curlroot@k8s-master:~# curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -OKroot@k8s-master:~# vim /etc/apt/sources.list.d/kubernetes.listroot@k8s-master:~# apt-get updateroot@k8s-master:~# apt install software-properties-commonroot@k8s-master:~# ufw disableFirewall stopped and disabled on system startuproot@k8s-master:~# ufw statusStatus: inactiveroot@k8s-master:~# swapoff -aroot@k8s-master:~# vim /etc/fstabroot@k8s-master:~# apt-get install -y kubelet kubeadm kubectl...root@k8s-master:~# apt-mark hold kubelet kubeadm kubectlkubelet set on hold.kubeadm set on hold.kubectl set on hold.root@k8s-master:~# kubeadm versionkubeadm version: &version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.0", GitCommit:"9e991415386e4cf155a24b1da15becaa390438d8", GitTreeState:"clean", BuildDate:"2020-03-25T14:56:30Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}
四、配置 Master 节点
在执行 init 的时候 会向 k8s.gcr.io 获取 kube-apiserver 等 docker 镜像, 但是 k8s.gcr.io 访问不通。
所以,我们要从拉取 别人的镜像, 然后改名, 再执行 kubeadm init .
1、因为国内无法访问k8s.gcr.io,因此需要把相应包的docker从docker hub拉取下来,再改tag
【如果能访问
k8s.gcr.io则跳过此步骤
】 <