k8s安装之kubeadm
所有主机更新内核(选做)
yum update -y
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
yum --enablerepo=elrepo-kernel install -y kernel-ml
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
grub2-set-default 0
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
rpm -qa | grep kernel
rpm -qa | grep kernel
yum remove 过滤出来的旧内核
vim /etc/sysconfig/network-scripts/ifcfg-ens33
IPADDR=192.168.1.128
NETMASK=255.255.255.0
GATEWAY=192.168.1.2
DNS1=144.144.144.144
DNS2=8.8.8.8
systemctl restart network
hostnamectl set-hostname k8s-master
hostnamectl set-hostname k8s-node01
hostnamectl set-hostname k8s-node02
bash
cat << EOF >> /etc/hosts
192.168.1.128 k8s-master
192.168.1.129 k8s-node01
192.168.1.132 k8s-node02
EOF
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
iptables -F
systemctl disable --now firewalld
systemctl disable --now dnsmasq
systemctl disable --now NetworkManager
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
yum -y install ntpdate
ntpdate time2.aliyun.com
hwclock --systohc
crontab -e
*/5 * * * * /usr/sbin/ntpdate time2.aliyun.com
timedatectl set-timezone Asia/Shanghai
ulimit -SHn 65535
vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited
ssh-keygen -t rsa
for i in k8s-master k8s-node01 k8s-node02;do ssh-copy-id -i .ssh/id_rsa.pub $i;done
cat << EOF >> /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter
modprobe overlay
sysctl -p
tee /etc/modules-load.d/ipvs.conf <<'EOF'
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
nf_conntrack
ip_tables
ip_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
systemctl enable --now systemd-modules-load.service
lsmod |grep -e ip_vs -e nf_conntrack
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
user.max_user_namespaces=28633
fs.may_detach_mounts = 1
net.ipv4.conf.all.route_localnet = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
sysctl --system
reboot
lsmod | grep --color=auto -e ip_vs -e nf_conntrack
mkdir /var/log/journal
mkdir /etc/systemd/journal.conf.d
cat >/etc/systemd/journal.conf.d/99-prophet.conf <<EOF
[Journal]
#持久化保存到磁盘
Storage=persistent
#压缩历史日志
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
#最大占用空间10G
SystemMaxUse=10G
#单日志文件最大200M
SystemMaxFileSize=200M
#日志保存时间2周
MaxRetentionSec=2week
#不将日志转发到syslog
ForwardToSyslog=no
EOF
systemctl restart systemd-journald
mkdir -pv /opt/docker/rpm
rz /opt/docker/rpm
yum -y localinstall ./*.rpm
systemctl start docker
systemctl enable docker
docker info
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": [
"https://nyakyfun.mirror.aliyuncs.com",
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"max-concurrent-downloads": 10,
"max-concurrent-uploads": 5,
"log-driver": "json-file",
"log-opts": {
"max-size": "300m",
"max-file": "2"
},
"insecure-registries":["192.168.10.250"],
"live-restore": true,
"storage-driver": "overlay2"
}
EOF
systemctl daemon-reload
systemctl restart docker
docker --version
docker info
《《《《《《《《部署kubernetes集群》》》》》》》》
所欲主机执行
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
cat /etc/yum.repos.d/kubernetes.repo
ls /etc/yum.repos.d/
CentOS-Base.repo CentOS-Media.repo kubernetes.repo
yum list kubeadm.x86_64 --showduplicates | sort -r
yum -y install kubelet-1.23.7 kubeadm-1.23.7 kubectl-1.23.7
systemctl enable --now kubelet
kubeadm config print init-defaults > init-config.yaml
vim init-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- 3groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.1.128
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-master
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.19.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}
kubeadm config images list --config init-config.yaml
kubeadm config images pull --config=init-config.yaml
mkdir a
cd a
rz 上传已经下载好的镜像
ls | while read line
do
docker load -i $line
done
cd /root/a
rm -rfv ./*.tar
cd
rm -rfv a
kubeadm init --config=init-config.yaml
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
vim 1.txt
kubeadm join 192.168.1.128:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:4512ce73af59ed4b25e96416f0f7f3fa1e8d48ad84f2b9f9687ad3b0eca55e41
kubeadm token create --ttl 0 --print-join-command
kubeadm token list
把生成的新的写入到1.txt
vim 1.txt
kubeadm join 192.168.1.128:6443 --token eutwqx.93palhqa7s8vjln6 \
--discovery-token-ca-cert-hash sha256:4512ce73af59ed4b25e96416f0f7f3fa1e8d48ad84f2b9f9687ad3b0eca55e41
把1.txt文件中的内容复制出来在两台node节点执行
kubeadm join 192.168.1.128:6443 --token eutwqx.93palhqa7s8vjln6 \
--discovery-token-ca-cert-hash sha256:4512ce73af59ed4b25e96416f0f7f3fa1e8d48ad84f2b9f9687ad3b0eca55e41
kubectl get cs
kubectl get nodes
kubectl get pod -A
《《《《《《安装calico网络插件》》》》
mkdir calico
cd calico
curl https://docs.projectcalico.org/manifests/calico.yaml -O
ls
kubectl apply -f calico.yaml
kubectl get pod -A
rz cni-v3.23.1.tar kube-controllers-v3.23.1.tar node-v3.23.1.tar
for i in `ls *.tar` ;do docker load < $i ;done
node执行
rz cni-v3.23.1.tar kube-controllers-v3.23.1.tar node-v3.23.1.tar
for i in `ls *.tar` ;do docker load < $i ;done
小实验之添加一个node
iptables -F
setenforce 0
systemctl disable --now firewalld
systemctl disable --now dnsmasq
systemctl disable --now NetworkManager
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
hostnamectl set-hostname k8s-node03
bash
vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.128 k8s-master
192.168.1.129 k8s-node01
192.168.1.132 k8s-node02
192.168.1.132 k8s-node02
192.168.1.141 k8s-node03
scp /etc/hosts 192.168.1.141:/etc/
scp /etc/hosts 192.168.1.132:/etc/
scp /etc/hosts 192.168.1.129:/etc/
scp /etc/resolv.conf 192.168.1.141:/etc/
vim /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=none
IPADDR=192.168.1.141
NETMASK=255.255.255.0
GATEWAY=192.168.1.2
DNS1=144.144.144.144
DNS2=8.8.8.8
systemctl restart network
yum -y install vim wget net-tools lrzsz
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
cat << EOF >> /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter
modprobe overlay
sysctl -p
mkdir -pv /opt/docker/rpm
cd /opt/docker/rpm
rz docker所需要的包
rpm -ivh ./*.rpm --force --nodeps
touch /etc/docker/daemon.json
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": [
"https://nyakyfun.mirror.aliyuncs.com",
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"max-concurrent-downloads": 10,
"max-concurrent-uploads": 5,
"log-driver": "json-file",
"log-opts": {
"max-size": "300m",
"max-file": "2"
},
"insecure-registries":["192.168.10.250"],
"live-restore": true,
"storage-driver": "overlay2"
}
EOF
systemctl daemon-reload
systemctl restart docker
docker --version
docker info
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
cat /etc/yum.repos.d/kubernetes.repo
ls /etc/yum.repos.d/
CentOS-Base.repo CentOS-Media.repo kubernetes.repo
yum list kubeadm.x86_64 --showduplicates | sort -r
yum -y install kubelet-1.23.7 kubeadm-1.23.7 kubectl-1.23.7
systemctl enable --now kubelet
kubeadm join 192.168.1.128:6443 --token eutwqx.93palhqa7s8vjln6 \
--discovery-token-ca-cert-hash sha256:4512ce73af59ed4b25e96416f0f7f3fa1e8d48ad84f2b9f9687ad3b0eca55e41
master执行
kubectl get nodes
kubectl get pods -n kube-system
node3执行
mkdir -pv /opt/k8s/images
cd /opt/k8s/images
rz kube-proxy-v1.23.0.tar pause-3.6.tar coredns-v1.8.6.tar
for i in `ls *.tar` ;do docker load < $i ;done
节点管理命令
master执行
kubeadm reset
kubectl delete node k8s-node03
node03执行
docker rm -f $(docker ps -aq)
systemctl stop kubelet
rm -rf /etc/kubernetes/*
rm -rfv /var/lib/kubernetes/*