一,环境规划
环境Ip/hostname | 节点名称 | 内存 |
192.168.10.30/master.example.com | master | 8G |
192.168.10.31/node01.example.com | node01 | 4G |
192.168.10.32/node02.example.com | node02 | 4G |
二,#固定虚拟机Ip
cd /etc/sysconfig/net-script/xxx-enth
修改dhcp->static
DNS1="114.114.114.114"
NETMASK="255.255.255.0"
IPADDR="192.168.10.32"
GATEWAY="192.168.10.1"
service network restart
三,处理linux配置
#暂时关闭关闭防火墙
systemctl stop firewalld
#防止开机自启动
systemctl disable firewalld
#关闭selinux
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/sysconfig/selinux && setenforce 0
#关闭swap
swapoff -a
#备份etc的fstab文件
yes | cp /etc/fstab /etc/fstab_20200918
cat /etc/fstab_20200918
grep -v swap /etc/fstab_20200918 >/etc/fstab
cat /etc/fstab
#处理内核参数
vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness = 0
net.ipv4.ip_forward = 1
#使配置生效
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
#修改host
vim /etc/hosts
192.168.10.30 master.example.com
192.168.10.31 node01.example.com
192.168.10.32 node02.example.com
四,安装Docker
#安装docker并设置开机自启动
yum -y install docker
systemctl enable docker
vim /etc/sysconfig/docker
selinux-enabled=false
systemctl start docker && systemctl status docker
五,配置阿里的k8syum源并安装kubelet,kubeadm,kubectl
vim /etc/yum.repos.d/k8s.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
yum install -y kubelet-1.17.0 kubeadm-1.17.0 kubectl-1.17.0
六,查看资源依赖
kubeadm config images list
[root@master ~]# kubeadm config images list
I0926 21:17:13.604398 41284 version.go:251] remote version is much newer: v1.22.2; falling back to: stable-1.17
W0926 21:17:16.458405 41284 validation.go:28] Cannot validate kube-proxy config - no validator is available
W0926 21:17:16.458464 41284 validation.go:28] Cannot validate kubelet config - no validator is available
k8s.gcr.io/kube-apiserver:v1.17.17
k8s.gcr.io/kube-controller-manager:v1.17.17
k8s.gcr.io/kube-scheduler:v1.17.17
k8s.gcr.io/kube-proxy:v1.17.17
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.5
七,启动kubelet
#启动kubelet
systemctl enable kubelet && systemctl start kubelet && systemctl status kubelet
八,安装资源
使用以下脚本pullK8sResources.sh
#!/bin/bash
# 下面的镜像应该去除"k8s.gcr.io/"的前缀,版本换成kubeadm config images list命令获取到的版本
images=(
kube-apiserver:v1.17.17
kube-controller-manager:v1.17.17
kube-scheduler:v1.17.17
kube-proxy:v1.17.17
pause:3.1
etcd:3.4.3-0
coredns:1.6.5
)
for imageName in ${images[@]} ; do
docker pull registry.aliyuncs.com/google_containers/$imageName
docker tag registry.aliyuncs.com/google_containers/$imageName k8s.gcr.io/$imageName
#docker rmi registry.aliyuncs.com/google_containers/$imageName
done
#配置网络flannel
docker pull quay.io/coreos/flannel:v0.11.0-amd64
注意以上步骤,master,node01,node02都需要执行。
九,初始化master
以下master节点
#初始化网络
kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository registry.aliyuncs.com/google_containers
#声明kubectl
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
#kubectl get nodes -> notready
#应用flannel
curl https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml -o kube-flannel.yml
kubectl apply -f kube-flannel.yml
#kubectl get nodes -> ready
#获取token
kubeadm token list
#24小时过期生成token
kubeadm token create
#获取discovery-token-ca-cert-hash
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
十,初始化nodes
kubeadm join 192.168.10.30:6443 --token ari48c.xxxxxxxxiqa --discovery-token-ca-cert-hash sha256:69cf8b69b079b8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx43b9