时间:2020.01.08
环境:CentOS7(64位 最小化安装)VMware15(网络连接方式:NAT)
目的:K8s基础配置
说明:Centos7系统 本文参考文章 https://www.jianshu.com/p/99d09406373e
宿主机配置: 确保VMware NAT Service和VMware DHCPService等相关服务开启
作者:Zhong QQ交流群:121160124 欢迎加入!
准备k8s-master1和k8s-node1、k8s-node2虚拟机
查看主机名
uname -n
#或者
hostnamectl
修改主机名
hostnamectl set-hostname k8s-master1 #k8s-master1
hostnamectl set-hostname k8s-node1 #k8s-node1
hostnamectl set-hostname k8s-node2 #k8s-node2
修改hosts文件(所有)
vi /etc/hosts
增加如下的配置:
192.168.88.8 k8s-master1
192.168.88.66 k8s-node1
192.168.88.88 k8s-node2
关闭 SELinux
setenforce 0 #重启后失效
关闭和禁止开机启动防火墙:
systemctl stop firewalld.service
systemctl disable firewalld.service
k8s-master1节点 安装etcd (数据存储,注意需要Base源)
yum install etcd -y
修改etcd配置文件
vim /etc/etcd/etcd.conf
6行:ETCD_LISTEN_CLIENT_URLS="[http://0.0.0.0:2379](http://0.0.0.0:2379)"
21行:ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379" # or ETCD_ADVERTISE_CLIENT_URLS="http://192.168.88.8:2379"
启动并开机自启
systemctl start etcd.service
systemctl enable etcd.service
查看
netstat -lntup|grep 2379
测试(存数据是目录结构 和键值对相似)
etcdctl set /test/word 123456 #插入数据 键(目录)值(123456)
etcdctl ls /test
etcdctl get /test/word
检查集群健康状态
etcdctl -C http://0.0.0.0:2379 cluster-health
Master节点安装kubernetes
yum install kubernetes-master.x86_64 -y
修改API配置文件
vim /etc/kubernetes/apiserver
8行: KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0" #服务的监听地址
11行:KUBE_API_PORT="--port=8080" #服务监听的端口
14行:KUBELET_PORT="--kubelet-port=10250" #通过10250端口控制kubelet
17行:KUBE_ETCD_SERVERS="--etcd-servers=[http://192.168.88.8:2379] #APIserver是通过那个地址和端口连接etcd数据
23行:KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota" #默认的管理控制插件ServiceAccount删掉
修改其他两个服务通用的配置文件
vim /etc/kubernetes/config
22行:KUBE_MASTER="--master=[http://192.168.88.8:8080]
启动master所有服务
systemctl enable kube-apiserver.service
systemctl start kube-apiserver.service
systemctl enable kube-controller-manager.service
systemctl start kube-controller-manager.service
systemctl enable kube-scheduler.service
systemctl start kube-scheduler.service
测试集群是否正常
kubectl get componentstatus
Node节点安装kubernetes
yum install kubernetes-node.x86_64 -y #同时会安装docker
修改kube-proxy服务配置文件
vim /etc/kubernetes/config
22行:KUBE_MASTER="--master=[http://192.168.88.8:8080]
修改kubelet服务服务配置文件
vim /etc/kubernetes/kubelet
5行:KUBELET_ADDRESS="--address=0.0.0.0" #监听的地址
8行:KUBELET_PORT="--port=10250" #kubelet端口
11行:KUBELET_HOSTNAME="--hostname-override=192.168.88.66" #给自己定义唯一的名字 不能冲突 IP地址或者主机名(各自节点改各自节点的)
14行:KUBELET_API_SERVER="--api-servers=[http://192.168.88.8:8080] #连接api的地址
启动node节点所有服务
systemctl start kubelet.service
systemctl enable kubelet.service
systemctl start kube-proxy.service
systemctl enable kube-proxy.service
在master测试 是否有节点加入集群
kubectl get nodes
所有节点安装flannel(网络通讯)插件需要etcd
yum install flannel -y
修改flannel配置文件
vim /etc/sysconfig/flanneld
# Flanneld configuration options
# etcd url location. Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://192.168.88.8:2379" #指向k8s-master1
# etcd config key. This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"
# Any additional options that you want to pass
#FLANNEL_OPTIONS=""
Master节点创建etcd值
etcdctl mk /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'
etcdctl get /atomic.io/network/config
安装docker(主要是兼职私有仓库(可以单独起一台))
yum install docker -y
启动flannel网络并重启所有服务
systemctl enable flanneld.service
systemctl restart flanneld.service
service docker restart
systemctl restart kubelet.service
systemctl restart kube-proxy.service
Node节点启动所有服务
systemctl enable flanneld.service
systemctl restart flanneld.service
service docker restart
systemctl restart kubelet.service
systemctl restart kube-proxy.service
这时ifconfig会发现flannel出现172段网络
所有节点测试是否跨主机通信 测试之前先修改 iptables(所有)
iptables -L -n #查看
iptables -P FORWARD ACCERT
启动docker并查看ip和测试
docker pull busybox
docker run -it --rm --name busybox busybox
ifconfig
ping k8s-master1和k8s-node1、k8s-node2
如图
修改iptables规则为永久生效
vim /usr/lib/systemd/system/docker.service
18行插入一行:ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
重启docker
systemctl daemon-reload
systemctl restart docker
为所有节点配置 镜像加速,和私有仓库位置
vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=192.168.88.8:18000'
systemctl restart docker #重启docker
Master启动私有仓库
docker pull registry
docker run -d -p 18000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry
测试仓库是否能上传
docker tag docker.io/busybox:latest 192.168.88.8:18000/busybox:latest
docker push 192.168.88.8:18000/busybox:latest
加入qq群交流技术:121160124 关注微信公众号