一、环境准备
1、设置主机名
#查看主机名
$ hostname
#修改主机名
$ hostnamectl set-hostname huoban-k8s-master01
#配置host,使所有节点之间可以通过hostname互相访问
2、配置hosts解析
vim /etc/hosts
192.168.3.252 HUOBAN-IM-K8S-MASTER01 master01
192.168.3.1 HUOBAN-IM-K8S-NODE01 node01
192.168.3.2 HUOBAN-IM-K8S-NODE02 node02
192.168.3.4 HUOBAN-IM-K8S-NODE03 node03
192.168.3.5 HUOBAN-IM-K8S-NODE04 node04
3、安装依赖包
yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp
4、关闭防火墙、swap,重置iptables
关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
重置iptables
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
#关闭swap
swapoff -a
sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
#关闭selinux
setenforce 0
#关闭dnsmasq(否则可能导致docker容器无法解析域名)
service dnsmasq stop && systemctl disable dnsmasq
5、系统参数设置
cat >> /etc/sysctl.conf << EOF
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
vm.dirty_background_bytes = 0
vm.dirty_background_ratio = 5
vm.dirty_bytes = 0
vm.dirty_expire_centisecs = 600
vm.dirty_ratio = 10
vm.dirty_writeback_centisecs = 100
vm.vfs_cache_pressure = 500
EOF
cat > /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
EOF
sysctl -p /etc/sysctl.d/kubernetes.conf
二、安装docker
使用阿里云镜像仓库
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
#安装docker
查看可以安装的版本
yum list docker-ce --showduplicates|sort -r
yum install -y docker-ce-18.06.3.ce-3.el7
#设置docker启动参数(可选)
#- graph: 设置docker数据目录:选择比较大的分区(我这里是根目录就不需要配置了,默认为/var/lib/docker)
#- exec-opts: 设置cgroup driver(默认是cgroupfs,可以设置为systemd)
#- registry-mirrors 配置docker镜像加速
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
"graph": "/data/docker",
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors":["https://b5jij39s.mirror.aliyuncs.com"]
}
EOF
#启动docker服务并加入开机启动项
systemctl start docker && systemctl enable docker
三、安装 kubeadm, kubelet 和 kubectl
1、配置yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
2、安装kubelet,kubeadm,kubectl
#找到安装的版本号
yum list kubeadm --showduplicates | sort -r
#安装指定版本
yum install -y kubelet-1.15.3 kubeadm-1.15.3 kubectl-1.15.3
四、配置系统相关参数
#以下操作在所有节点操作
#!/bin/bash
#开启forward
#Docker从1.13版本开始调整了默认的防火墙规则
#禁用了iptables filter表中FOWARD链
#这样会引起Kubernetes集群中跨Node的Pod无法通信
iptables -P FORWARD ACCEPT
#加载ipvs相关内核模块
#如果重新开机,需要重新加载
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4
lsmod | grep ip_vs
五、部署第一个主节点
1、配置kubelet
###以下操作需要在所有节点上执行
#重新载入kubelet系统配置
systemctl daemon-reload
#设置开机启动,暂时不启动kubelet
systemctl enable kubelet
修改启动项配置
vim /etc/systemd/system/multi-user.target.wants/kubelet.service
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/
[Service]
ExecStart=/usr/bin/kubelet --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice --feature-gates=HugePages=true
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
2、根据配置文件初始化集群(在master上操作)
#使用kubeadm-config.yaml配置k8s1.14.5集群
#生成kubeadm配置文件
cat > kubeadm-master.config <<EOF
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kubernetesVersion: v1.15.3
controlPlaneEndpoint: "master_IP:6443"
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
EOF
#初始化k8s集群,建议重新编译kubeadm证书为100年后再初始化集群。
kubeadm init --config=kubeadm-master.config
- 添加管理访问权限(master上执行)
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
4、将node加入到集群(node上执行)
kubeadm join 192.168.3.252:6443 --token whazfy.9n53kulnq4sxt7n0 \
--discovery-token-ca-cert-hash sha256:089f7e9e2b3900ddaf012f79559c730956e8a8073c56c4af0a11babf9f984bd9
5、安装网络插件
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
6、检查
kubectl get pods -n kube-system