centos安装k8s-CSDN博客

本文链接：https://blog.csdn.net/qq_26768133/article/details/105041124

centos安装k8s

一、准备机器

ip	节点
172.22.1.10	master-k8s
172.22.1.11	node1-k8s
172.22.1.12	node2-k8s

修改主机名称 /etc/hosts文件加入

hostnamectl set-hostname  xxx
172.22.1.10 master-k8s
172.22.1.11 node1-k8s
172.22.1.12 node2-k8s

二、时间同步

yum -y install chrony 

vim /etc/chrony.conf

master
server master-k8s iburst
allow 172.22.1.0/24
local stratum 10
systemctl enable  chronyd
systemctl start   chronyd
ss -unl|grep 123
 chronyc sources
 
node
server master-k8s iburst
systemctl enable  chronyd
systemctl start   chronyd
 chronyc sources

三、关闭防火墙，iptables，selinux，swap

iptables -F
systemctl stop firewalld
systemctl disable firewalld
关闭 selinux
setenforce 0
vi /etc/selinux/config 
SELINUX=disabled
关闭交换分区  swapoff -a
vi /etc/fstab
#/dev/mapper/centos-swap swap
 free -m

四、内核配置

# 开启路由转发功能以及iptables的过滤策略。

cat <<EOF >  /etc/sysctl.d/k8s.conf
#开启iptables中ipv6的过滤规则
net.bridge.bridge-nf-call-ip6tables = 1
#开启ipv4的过滤规则
net.bridge.bridge-nf-call-iptables = 1
#开启服务器的路由转发功能
net.ipv4.ip_forward = 1
EOF

# 执行命令使修改生效。
modprobe br_netfilter

sysctl -p /etc/sysctl.d/k8s.conf

开启ipvs
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack_ipv4"
for kernel_module in \${ipvs_modules}; do
    /sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
    if [ $? -eq 0 ]; then
        /sbin/modprobe \${kernel_module}
    fi
done
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs

查看安装了的模块
lsmod | grep ip_vs

查看ipvs规则
ipvsadm -Ln

五、安装docker

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/
yum makecache fast
yum repolist
yum install decker-ce -y

cat > /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF

systemctl enable docker
systemctl start docker

六、安装 kubelet kubeadm kubectl

生成kubernetes的yum仓库配置文件/etc/yum.repos.d/kubernetes.repo，内容如下：
  
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
enabled=1
yum -y install  kubelet kubeadm kubectl

七、准备相关镜像

不能科学上网先把相关镜像下载好导入到本地
kubeadm config images list

k8s.gcr.io/kube-apiserver:v1.17.4
k8s.gcr.io/kube-controller-manager:v1.17.4
k8s.gcr.io/kube-scheduler:v1.17.4
k8s.gcr.io/kube-proxy:v1.17.4
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.5

八、主节点初始化，从节点加入集群

编辑kubelet的配置文件/etc/sysconfig/kubelet 忽略swap
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
systemctl enable kubelet

kubeadm init --kubernetes-version=v1.17.3 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
 
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

从节点重复以上步骤后
kubeadm join 172.22.1.10:6443 --token xxxxx --discovery-token-ca-cert-hash sha256:xxx

九、kubectl 命令自动补全

yum install bash-completion -y
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc

十、安装flannel

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

十一、安装dashboard

wget https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml
改一下暴露服务端口
Service.spec.type: NodePort
Service.spec.ports: nodePort: 30888
kubectl apply -y recommended.yaml

新建 serviceaccount 绑定集群管理员角色
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
查看访问token
kubectl get secrets -n kubernetes-dashboard dashboard-admin-token-hm9hk -o jsonpath={.data.token}

创建访问conf
kubectl config set-cluster luhaocluster --kubeconfig=/root/dashboard/con.conf  --certificate-authority=./ca.crt --embed-certs=true  --server="https://172.22.1.10:6443"
kubectl config set-credentials luhao-admin --kubeconfig=/root/dashboard/con.conf --token=$(kubectl get secrets -n kubernetes-dashboard dashboard-admin-token-hm9hk -o jsonpath={.data.token} |base64 -d)
kubectl config set-context luhao-admin@luhaocluster --cluster=luhaocluster --user=luhao-admin --kubeconfig=/root/dashboard/con.conf

十二、安装 ingress-nginx

ingress-nginx暴露服务方式一：共享宿主机网络名称空间
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
修改 pod spec:
使用主机IPC
hostIPC: true
使用主机PID
hostPID: true
使用主机网络命名空间
hostNetwork: true
然后设置固定 spec.nodeName   spec.nodeSelector，使pod调度到固定的机器
kubectl apply -f mandatory.yaml

ingress-nginx暴露服务方式二：使用service NodePort暴露服务
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml
改一下服务端口 
kubectl apply -f service-nodeport.yaml