Kubernetes 集群搭建
引言
由于朋友给的服务器,连不上阿里的镜像,只能用yum装,所以版本是1.15注意了啊,1.16之后才有role之类的东西,如果需要其他的功能,不要按照这个方法装。
关闭swap分区等等
初始化脚本,网上找的,挺方便的。
#!/bin/bash
# made by Elven , 2018-5-1
# Blog http://www.cnblogs.com/elvi/p/8976305.html
#check
[[ $UID -ne 0 ]] && { echo "Must run in root user !";exit; }
echo '# 基础配置#
#关闭防火墙
#关闭Selinux
#关闭Swap
#内核配置
'
#防火墙#
systemctl stop firewalld &>/dev/null
systemctl disable firewalld &>/dev/null
[[ -f /etc/init.d/ufw ]] && { ufw disable;}
[[ -f /etc/init.d/iptables ]] && { /etc/init.d/iptables stop; }
#关闭Selinux
setenforce 0 &>/dev/null
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config
#关闭Swap
swapoff -a
sed 's/.*swap.*/#&/' /etc/fstab &>/dev/null
#内核#
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
EOF
sysctl -p /etc/sysctl.d/k8s.conf &>/dev/null
echo "sysctl -p /etc/sysctl.d/k8s.conf" >>/etc/profile
echo "#myset
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536
* soft memlock unlimited
* hard memlock unlimited
">> /etc/security/limits.conf
hostname 3台主机配置
# 注意scp复制到另外2台主机(IP 为自己网段的内网IP,这里是我自己的)
vim /etc/hosts
10.45.187.236 k8smaster
10.45.187.237 k8snode1
10.45.187.239 k8snode2
安装kubernetes-master
准备工作,注意 master包我们只在master主机(10.45.187.236)安装
yum -y install etcd # 安装etcd
# 修改etcd配置
vim /etc/etcd/etcd.conf
# 修改ETCD_LISTEN_CLIENT_URLS 为0.0.0.0(ANY_ADDRESS)或内网网卡IP,默认为localhost
yum -y install kubernetes-master # 安装master包,其中包含client和master
先生成ServiceAccount的密钥
openssl genrsa -out /etc/kubernetes/serviceaccount.key 2048
配置apiserver
vim /etc/kubernetes/apiserver
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#
# The address on the local server to listen to.
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
# The port on the local server to listen on.
KUBE_API_PORT="--port=8080"
# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"
# Comma separated list of nodes in the etcd cluster
# 注意这里 改成了内网IP,如果非同域情况下可以直接改为外网IP
KUBE_ETCD_SERVERS="--etcd-servers=http://10.45.187.236:2379"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
# Add your own!
KUBE_API_ARGS="--service_account_key_file=/etc/kubernetes/serviceaccount.key"
配置scheduler
vim /etc/kubernetes/scheduler
###
# kubernetes scheduler config
# default config should be adequate
# Add your own!
KUBE_SCHEDULER_ARGS=""
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=4"
KUBE_MASTER="--master=10.45.187.236"
KUBE_LEADER_ELECT="--leader-elect"
# 配置完后启动kube-scheduler服务
配置controller-manager
vim /etc/kubernetes/controller-manager
###
# The following values are used to configure the kubernetes controller-manager
# defaults from config and apiserver should be adequate
# Add your own!
KUBE_CONTROLLER_MANAGER_ARGS=""
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=4"
KUBE_MASTER="--master=10.45.187.236"
KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file=/etc/kubernetes/serviceaccount.key"
# 同样配置完后启动kube-controller-manager
# 先安装下面说的flannel网络 然后再逐步启动
systemctl start docker.service
systemctl start etcd
systemctl start flanneld.service
systemctl start kube-apiserver.service
systemctl start kube-scheduler.service
systemctl start kube-controller-manager.service
安装flannel 网络
yum install -y flannel # 安装flannel 三台主机都需要
# 配置flannel 网络 从etcd的/flannel/network key中读取配置
vim /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://10.45.187.236:2379"
FLANNEL_ETCD_PREFIX="/flannel/network"
# etcd配置key-value
etcdctl set /flannel/network/config '{"Network":"10.20.0.0/16"}'
安装kubernetes-node
注意,剩余2个node节点主机,安装k8snode
yum install -y kubernetes-node
# 如果提示docker版本问题,可以先卸载之前安装的docker,然后重新安装kubernetes-node
yum list installed |grep docker # 看和@docker-ce有关的
yum remove docker-ce
yum remove docker-ce-cli.x86_64
yum remove containerd.io.x86_64
配置config
vim /etc/kubernetes/config
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
# kube-apiserver.service
# kube-controller-manager.service
# kube-scheduler.service
# kubelet.service
# kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"
# How the controller-manager, scheduler, and proxy find the apiserver
# master主机IP
KUBE_MASTER="--master=http://10.45.187.236:8080"
配置 /etc/kubernetes/kubelet,注意2台node的hostname不同哦
vim /etc/kubernetes/kubelet
###
# kubernetes kubelet (minion) config
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
# 同样监听地址 anyaddress或内网IP
KUBELET_ADDRESS="--address=0.0.0.0"
# The port for the info server to serve on
KUBELET_PORT="--port=10250"
# You may leave this blank to use the actual hostname
# 注意这里哦,可以写IP也可以写hostname,随意
KUBELET_HOSTNAME="--hostname-override=k8snode1"
# location of the api-server
# 主机api-server配置过的地址
KUBELET_API_SERVER="--api-servers=http://10.45.187.236:8080"
# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
# Add your own!
KUBELET_ARGS=""
配置proxy
vim /etc/kubernetes/proxy
###
# kubernetes proxy config
# default config should be adequate
# Add your own!
KUBE_PROXY_ARGS=""
# 注意这里哦,可以写IP也可以写hostname,随意
NODE_HOSTNAME="--hostname-override=k8snode1"
配置rhsm
yum install -y *rhsm*
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
启动kubelet和proxy
systemctl start kubelet.service
systemctl start kube-proxy.service
master查看节点
[root@k8smaster ~]# kubectl get node
NAME STATUS AGE
k8snode1 Ready 49m
k8snode2 Ready 41s