安装docker:
准备两台电脑 :
ip: 192.168.200.10 master
ip: 192.168.200.11 node
前两台都要安装,xftp上传安装包,解压tar包(两个都解压),准备docker的yum。
[root@one ~]# cat /etc/yum.repos.d/docker.repo
[docker]
name=docker
baseurl=file:///root/Docker
gpgcheck=0
enabled=1
升级内核:
yum upgrade -y
添加映射:
cat /etc/hosts
192.168.200.10 master
192.168.200.11 node
配置防火墙:
systemctl stop firewalld && systemctl disable firewalld
iptables -F
iptables -X
iptables -Z
iptables-save
vi /etc/selinux/config
setenforce 0
关闭swapoff
swapoff -a
vi /etc/fstab
#/dev/mapper/centos-swap swap
配置时间同步:master 节点
yum -y install chrony
vi /etc/chrony.conf
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
...
local stratum 10
server master iburst
allow all
启动chrony
systemctl restart chronyd && systemctl enable chronyd
timedatectl set-ntp ture
配置时间同步:node节点
yum -y install chrony
vi /etc/chrony.conf
...
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
...
server 192.168.200.11
启动chrony
systemctl restart chronyd && systemctl enable chronyd
chronyd sources
配置路由转发:(所有节点)
vi /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
启动相关配置:
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
配置ipvs(在master节点)
由于ipvs已经加入到了内核主干,所以为kube-proxy 开启 ipvs 的前提需要加载以下内容
[root@master ~]# cat /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
所有节点安装ipset软件包。
yum install ipset ipvsadm -y
权限,启动,查看(lsmod 列出所有已载入系统的模块。Linux 操作系统的核心具有模块化的特性,因此在编译核心时,务须把全部的功能都放入核心。您可以将这些功能编译成一个个单独的模块,待需要时再分别载入)
[root@master ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
yum 安装docker,
yum install docker-ce-18.09.6 docker-ce-cli-18.09.6 containerd.io -y
启动docker
systemctl start docker
配置加速器。
tee /etc/docker/daemon.json <<-'EOF'
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
启动服务:
deamon-reload 修改和新添加服务需要重新启动。
systemctl deamon-reload
systemctl restart docker
systemctl enable docker
./kubnernetes_base.sh
docker info |grep Cgroup
安装kubernetes 集群
所有节点安装kubernetes工具并启动
[root@master ~]# vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=file:///root/Kubernetes
enabled=1
gpgcheck=0
安装工具
yum -y install kubelet-1.14.1 kubeadm-1.14.1 kubectl-1.14.1
systemctl start kubelet && systemctl enable kubelet
初始化集群
master节点
[root@master ~]#kubeadm init --apiserver-advertise-address 10.24.2.8 --kubernetes-version="v1.14.1" --pod-network-cidr=10.16.0.0/16 --image-repository=registry.aliyuncs.com/google_containers
kubectl 默认会在执行的用户home目录下面的 .kube 目录下寻找config 文件。配置kubectl 工具。
[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
查看集群状态
[root@master ~]# kubectl get cs
配置kubernetes 的网络
登录master 节点,将提供的kube-flannel.yml文件上传至master 节点root 目录,使用kubectlappiy 命令安装网络。
[root@master ~]# kubectl apply -f yaml/kube-flannel.yaml
[root@master ~]# kubectl get pods -n kube-system
node 节点加入集群。
[root@node ~]#kubeadm join 10.30.59.207:6443 --token 4svckc.hkkjfe25ul9cvvca \
--discovery-token-ca-cert-hash sha256:9289dcc55aa9d3f511aeb88ef06470005e3a19d09e096e8cb7199d1a9effcff8
[root@master ~]# kubectl get pods -n kube-system
如果遇到问题
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR Swap]: running with swap on is not supported. Please disable swap
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
解决方法:
[root@node ~]# swapoff -a
登录mastart 节点,检查各节点状态。
[root@master ~]# kubectl get nodes
安装Dashboard
将kubernetes-dashboard.yaml 和 kubernetes-adrninuser.yaml上传到master节点的root目录
[root@master ~]# kubectl apply -f yaml/kubernetes-dashboard.yaml
[root@master ~]# kubectl apply -f yaml/dashboard-adminuser.yaml
检测所有pod状态
[root@master ~]# kubectl get pods --all-namespaces -o wide
用网页访问k8s:输入node节点ip (建议用火狐浏览器,https://192.168.200.11)
获取令牌认证
[root@master ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubernetes-dashboard-admin-token | awk '{print $1}')
token:
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi10b2tlbi1sNzliZyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImJiOGJjNWMyLWM4OWUtMTFlYi1hNTk3LTAwNTA1NmEwMmYzMSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbiJ9.PCszbtfipmRorfKC5W9riWpQds2FEu0L35voKmzNhr1_ZxFOj8pAHGGm2dok8P3fL1CjPov6yvfAPbHda2pD6GyduVlBXpFCmCG4qS3zTyZ2KfxbVVP8KnSLxkZ09rsX5ODyG1oH44UoRO1id1XXd574XpJMBK_JDmeU1snK1mA8LkX_PpFk32MjELPW4ktcj_TPG-OnztCPKiYcfY55gwlzzbWwso-riMBgDJc-gTMGTBM5ccNicnx8-EI1xJI30vucQXosOXjSL7N8xz0So0BYqJO2dRfBF6JHxkh0pEsmERL8Z-zWOzvtEMsnhWn1M3wGQKzgVSW6JRfWqmhBxw