一、服务器环境准备:(根据自己电脑配置设置这些环境)
1、操作系统:Centos7.4
内存:4G
cpu:2C
网络:NAT
2、主机名称设置:(设置永久命令:hostnamectl set-hostname master)
master
node1
node2
3、IP地址:
master 192.168.241.100
node1 192.168.241.101
node2 192.168.241.102
4、下载基础环境依赖:yum -y install wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel epel-release lrzsz openssh-server socat ipvsadm conntrack
二、k8s基础环境准备(每个节点都需要操作)
1、关闭各个节点防火墙
systemctl stop firewalld && systemctl disable firewalld
永久关闭selinux,各个节点操作,修改如下配置重启机器生效
永久关闭 修改/etc/sysconfig/selinux文件设置
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
2、时间同步,各个节点操作
ntpdate cn.pool.ntp.org
编写时间同步的计划任务,定时对时间进行同步
crontab -e
* */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org //每一小时同步一次时间
3、关闭交换分区
swapoff -a
永久禁用,打开/etc/fstab注释掉swap那一行
sed -i 's/.*swap.*/#&/' /etc/fstab
4、修改内核参数
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
##如果出现以下错误
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
##解决方法
[root@proemtheus sysctl.d]# modprobe br_netfilter
[root@proemtheus sysctl.d]# ls /proc/sys/net/bridge
bridge-nf-call-arptables bridge-nf-call-ip6tables bridge-nf-call-iptables bridge-nf-filter- pppoe-tagged bridge-nf-filter-vlan-tagged bridge-nf-pass-vlan-input-dev
[root@proemtheus sysctl.d]# sysctl -p /etc/sysctl.d/k8s.conf
5、修改主机名
hostnamectl set-hostname master
hostnamectl set-hostname node1
hostnamectl set-hostname node2
6、服务器之间设置免密登录
[root@master ~]# ssh-keygen -t rsa 一直回车(每个节点)
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub node1(主节点执行)
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub node2(主节点执行)
三、安装k8s1.16.4
1、配置安装k8s需要的yum源(每个节点)
[root@master ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
EOF
2、清理yum缓存(每个节点)
[root@master ~]# yum clean all
3、生成新的yum缓存(每个节点)
[root@master ~]# yum makecache fast
4、更新软件包(每个节点)
[root@master ~]# yum -y update
5、安装软件包(每个节点)
[root@master ~]# yum -y install yum-utils device-mapper-persistent-data lvm2
6、添加新的docker软件源(每个节点)
[root@master ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repoum-config-manager
7、安装docker18.09(每个节点)
7.1、查看支持的docker版本
[root@master ~]# yum list docker-ce --showduplicates |sort -r
7.2、下载18.09版本
[root@master ~]# yum install -y docker-ce-18.09.9-3.el7
7.3、启动docker并设置开机自启
[root@master ~]# systemctl enable docker && systemctl start docke
7.4、查看docker状态,如果状态是active(running),说明docker是正常运行状态
[root@master ~]# systemctl status docker
7.5、修改docker配置文件,配置镜像加速器
[root@master ~]# cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["http://6e9e5b27.m.daocloud.io"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
7.6、重启docker
[root@master ~]# systemctl restart docker
8、安装k8s 1.16.4
8.1、在master和node上安装kubeadm和kubelet
[root@master ~]# yum -y install kubeadm-1.16.4-0.x86_64 kubelet-1.16.4-0.x86_64
8.2、设置kubectl开机自启动
[root@master ~]# systemctl enable kubelet
8.3、查看镜像版本(master节点)
[root@master ~]# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.16.4
k8s.gcr.io/kube-controller-manager:v1.16.4
k8s.gcr.io/kube-scheduler:v1.16.4
k8s.gcr.io/kube-proxy:v1.16.4
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.3.15-0
k8s.gcr.io/coredns:1.6.2
8.4、下载镜像
[root@master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/loong576/kube-apiserver:v1.16.4
[root@master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/loong576/kube-controller-manager:v1.16.4
[root@master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/loong576/kube-scheduler:v1.16.4
[root@master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/loong576/kube-proxy:v1.16.4
[root@master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/loong576/pause:3.1
[root@master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/loong576/coredns:1.6.2
[root@master ~]# docker pull registry.cn-hangzhou.aliyuncs.com/loong576/etcd:3.3.15-0
8.5、修改镜像名称
docker tag registry.cn-hangzhou.aliyuncs.com/loong576/kube-proxy:v1.16.4 k8s.gcr.io/kube-proxy:v1.16.4
docker tag registry.cn-hangzhou.aliyuncs.com/loong576/kube-apiserver:v1.16.4 k8s.gcr.io/kube-apiserver:v1.16.4
docker tag registry.cn-hangzhou.aliyuncs.com/loong576/kube-controller-manager:v1.16.4 k8s.gcr.io/kube-controller-manager:v1.16.4
docker tag registry.cn-hangzhou.aliyuncs.com/loong576/kube-scheduler:v1.16.4 k8s.gcr.io/kube-scheduler:v1.16.4
docker tag registry.cn-hangzhou.aliyuncs.com/loong576/etcd:3.3.15-0 k8s.gcr.io/etcd:3.3.15-0
docker tag registry.cn-hangzhou.aliyuncs.com/loong576/pause:3.1 k8s.gcr.io/pause:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/loong576/coredns:1.6.2 k8s.gcr.io/coredns:1.6.2
8.6、初始化
主节点:kubeadm init --apiserver-advertise-address 192.168.241.100 --kubernetes-version=v1.16.4 --pod-network-cidr=10.244.0.0/16
8.7、初始化内容
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubeadm join 192.168.241.100:6443 --token ijxqtu.3rd5zao2ci7z5fvz \
--discovery-token-ca-cert-hash sha256:4e4b7569fa6d04981a5ff8df0b3273b64225fb7feea9d4a694b2f254bd2567d5
8.8、在master节点执行如下,这样才能有权限操作k8s资源
[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
8.9、添加node节点(在node节点执行)
[root@node ~]# kubeadm join 192.168.241.100:6443 --token ijxqtu.3rd5zao2ci7z5fvz \
--discovery-token-ca-cert-hash sha256:4e4b7569fa6d04981a5ff8df0b3273b64225fb7feea9d4a694b2f254bd2567d5
8.9.1、此时查看状态(都为NotReady状态。因为没有安装网络插件)
[root@master ~]# kubectl get no
NAME STATUS ROLES AGE VERSION
master NotReady master 2d15h v1.16.4
node1 NotReady <none> 10s v1.16.4
node2 NotReady <none> 7s v1.16.4
8.9.2、安装网络插件(只需要在master上执行)
[root@master ~]# wget http://docs.projectcalico.org/v3.2/getting-started/kubernetes/installation/hosted/calico.yaml
[root@master ~]# kubectl apply -f calico.yaml
####注意:我在安装1.16.4时候发现没有安装网网络插件之前coredns处于pending状态,报错说明是master上有污点存在,但是尝试了很多还是不行,最后发现安装网络插件之后就好使了
9、拓展
9.1、加入node节点的token默认24小时后会过期,如果忘记token,请执行以下命令生成
[root@master ~]# kubeadm token create --print-join-command
9.2、添加自动补全脚本到系统
[root@master ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc