1,准备liunx环境
#k8s建议至少2核2g内存
#关闭防火墙
firewall-cmd --state #查看防火墙状态
#停止firewall
systemctl stop firewalld.service
#禁止firewall开机启动
systemctl disable firewalld.service
#关闭selinux
getenforce #查看selinux状态
setenforce 0 #临时关闭selinux
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config #永久关闭(需重启系统)
#关闭swap挂载
swapoff -a
sed -i.bak '/swap/s/^/#/' /etc/fstab #重启后生效,在禁用swap后还需修改配置文件/etc/fstab,注释swap
#下载阿里云repo
#下载wget工具
yum -y install wget
#先清除本地的repo
cd /etc/yum.repos.d/
rm -rf * //谨慎操作
#下载镜像
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#清除缓存
yum clean all
yum makecache
#配置主机名 不同节点使用不同名字
hostnamectl set-hostname master01
#修改host文件 #修改成自己的ip
cat >> /etc/hosts << EOF
192.168.50.118 master01
192.168.50.164 work01
192.168.50.61 work02
EOF
#节点之间需要通信,把主机之间的无密码连接建立
##
本步骤仅在master01中执行
#创建秘钥
ssh-keygen -t rsa
ssh-copy-id -i /root/.ssh/id_rsa.pub root@work01
ssh-copy-id -i /root/.ssh/id_rsa.pub root@work02
ssh-copy-id -i /root/.ssh/id_rsa.pub root@work03
ssh work01
#网络需要设置内核参数bridge-nf-call-iptables=1,修改这个参数需要系统有br_netfilter模块
查看br_netfilter模块:
lsmod |grep br_netfilter
如果系统没有br_netfilter模块则执行下面的新增命令,如有则忽略:
modprobe br_netfilter
#内核参数临时修改
sysctl net.bridge.bridge-nf-call-iptables=1
sysctl net.bridge.bridge-nf-call-ip6tables=1
#永久新增br_netfilter模块:
cat > /etc/rc.sysinit << EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF
cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
modprobe br_netfilter
EOF
chmod 755 /etc/sysconfig/modules/br_netfilter.modules
2,下载docker
1. 安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
2. 设置Docker源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
3. 安装Docker CE
3.1 docker安装版本查看
yum list docker-ce --showduplicates | sort -r
3.2 安装docker
yum install docker-ce-18.09.9 docker-ce-cli-18.09.9 containerd.io -y
3.3 启动docker并且开机启动
systemctl start docker
systemctl enable docker
4. 命令补全
4.1 安装bash-completion
yum -y install bash-completion
4.2 加载bash-completion
5.镜像加速 并且 修改Cgroup Driver
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://zhqm7b2o.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl daemon-reload #重载配置
systemctl restart docker #重启docker
6. 验证
docker --version
3.安装K8S
设置kubernetes源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
3.1 版本查看
yum list kubelet --showduplicates | sort -r
3.2 安装kubelet、kubeadm和kubectl
#本文安装的kubelet版本是1.16.4,该版本支持的docker版本为1.13.1, 17.03, 17.06, 17.09, 18.06, 18.09。
yum install -y kubelet-1.16.4 kubeadm-1.16.4 kubectl-1.16.4
1 安装包说明
- kubelet 运行在集群所有节点上,用于启动Pod和容器等对象的工具
- kubeadm 用于初始化集群,启动集群的命令工具
- kubectl 用于和集群通信的命令行,通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件
启动kubelet并设置开机启动
systemctl enable kubelet && systemctl start kubelet
kubectl命令补全
echo "source <(kubectl completion bash)" >> ~/.bash_profile
source .bash_profile
初始化kubeadm 这一步在Master01上执行
#使用阿里云镜像
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=172.16.0.0/16
记录下k8s给的建议步骤
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.50.118:6443 --token e4u9d0.mxf443amq7spbnmc \
--discovery-token-ca-cert-hash sha256:c1e29b3ff17d8bc4848bf276bd5d10113c1fda90cd9e581da67b634abdd857a9
创建配置目录和配置
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
节点加入 在work01和work02上操作
kubeadm join 192.168.50.118:6443 --token e4u9d0.mxf443amq7spbnmc \
--discovery-token-ca-cert-hash sha256:c1e29b3ff17d8bc4848bf276bd5d10113c1fda90cd9e581da67b634abdd857a9
获取节点 kubectl get nodes
master01 NotReady master 8m52s v1.16.4
work01 NotReady <none> 41s v1.16.4
work02 NotReady <none> 41s v1.16.4
此时是notReady状态 还需要calico
wget https://docs.projectcalico.org/v3.14/manifests/calico.yaml
kubectl apply -f calico.yaml
获取节点 kubectl get nodes
master01 Ready master 8m52s v1.16.4
work01 Ready <none> 41s v1.16.4
work02 Ready <none> 41s v1.16.4