分享
使用Kubeadm 部署 K8S 1.17.1
leon · · 1941 次点击 · · 开始浏览这是一个创建于 的文章,其中的信息可能已经有所发展或是发生改变。
设置系统主机名以及hosts文件
hostnamectl set-hostname master
hostnamectl set-hostname node01
hostnamectl set-hostname node02
修改hosts文件,master和node节点上都需要改
[root@master k8s]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.150.128 master
192.168.150.129 node1
192.168.150.130 node2安装依赖包
yum -y install conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git设置防火墙为Iptables并清空规则
systemctl stop firewalld && systemctl disable firewalld && yum -y install iptables-services && \\
systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save 关闭SELINUX、SWAP
swapoff -a && sed -i '/swap/d' /etc/fstab && setenforce 0 && sed -i 's/enforcing/SELINUX=disabled/g' /etc/selinux/config
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle=0 调整内核参数,对于K8S
#禁止使用swap空间,只有当系统OOM时才允许使用它
vm.swappiness = 0
#不检查物理内存是否够用
vm.overcommit_memory=1
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720 #4.0内核可以设置这个参数
EOF
sysctl -p /etc/sysctl.d/kubernetes.conf设置系统时区为上海
timedatectl set-timezone Asia/Shanghai
#将当前的UTC时间写入硬件时钟
timedatectl set-local-rtc 0 重启依赖于系统时间的服务
systemctl restart rsyslog
systemctl restart crond关闭不需要的服务
systemctl stop postfix && systemctl disable postfix设置rsyslogd和systemd journald
mkdir /var/log/journal
mkdir /etc/systemd/jorunald.conf.d
cat > /etc/systemd/jorunald.conf.d/99-prophet.conf << EOF
[Journal]
Storage=persistent
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
#最大占用空间
SystemMaxUse=10G
#单日志文件最大大小
SystemMaxFileSize=200M
#日志保存时间2周
MaxRetentionSec=2week
#不将日志转发到syslog
ForwardToSyslog=no
EOF
systemctl restart systemd-journald 升级系统内核为4.44版本
#CentOS7.x系统自带的3.10.x内核存在一些Bug,导致运行的Docker、Kubernetes不稳定
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
# 安装完成后检查/boot/grub2/grub.cfg 中对应内核menuentry中是否包含initrd16配置,如果没有,再安装一次
yum --enablerepo=elrepo-kernel install -y kernel-lt
# 设置开机从新内核启动
grub2-set-default "CentOS Linux (4.4.182-1.el7.elrepo.x86\_64) 7 (Core)"kube-rpoxy开启ipvs的前置条件
modprobe br_netfilter
cat > /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4安装Docker
yum -y install yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y update && yum -y install docker-ce
## 创建docker配置目录
mkdir /etc/docker
#配置daemon
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
# 启动docker
systemctl daemon-reload && systemctl start docker && systemctl enable docker
安装kubeadm(每个节点都需要安装)
# 导入阿里云kubeadm镜像仓库
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装
yum -y install kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1
# 设置开机自启动
systemctl enable kubelet.service 镜像下载
因为在国内访问不了google的docker仓库,但是我们可以在阿里云上找到需要的镜像,下载下来,然后重新打上标签即可,可以使用下面的脚本下载所需镜像
镜像下载地址 https://cr.console.aliyun.com/images/cn-hangzhou/google_containers/kube-apiserver-amd64/detail
下面是镜像下载脚本:
#!/bin/bash
image_aliyun=(kube-apiserver-amd64:v1.17.1 kube-controller-manager-amd64:v1.17.1 kube-scheduler-amd64:v1.17.1 kube-proxy-amd64:v1.17.1 pause-amd64:3.1 etcd-amd64:3.4.3-0 coredns:1.6.5)
for image in ${image_aliyun[@]}
do
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$image
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$image k8s.gcr.io/${image/-amd64/}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$image
done初始化主节点
生成默认配置yaml配置文件,生成之后需要修改一些配置
kubeadm config print init-defaults > kubeadm-config.yaml
# 修改advertiseAddress为master节点IP
# 修改kubernetesVersion: v1.17.1
# 在serviceSubnet: 10.96.0.0/12上面添加一行 podSubnet: "10.244.0.0/16" 原因是flanne默认网段就是这个网段
# 在配置文件最后添加下面的字段,将默认的调度方式改为ipvs
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
mode: ipvs
# 安装以及自动颁发证书
kubeadm init --config=kubeadm-config.yaml | tee kubeadm-init.log 成功安装之后的部分提示信息
# cat kubeadm-init.log
...
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.175.133:6443 --token 6bu2e9.heokh2kwn5h2eph1 --discovery-token-ca-cert-hash sha256:5382721c5a684d10d2d43a6a825af039c044c4dda46c4d49dd64d2f41ffa6c97
...成功安装之后的操作
mkdir -p $HOME/.kube # 该目录用于保存kubectl 和kubeapi的连接缓存以及认证文件
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config部署网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml查看集群节点状态
kubectl get nodes
kubectl get cs
kubectl get pod -n kube-system保存重要文件
mkdir k8sInstall
mv kubeadm-config.yaml kubeadm-init.log k8sInstallnode节点加入集群方法
kubeadm join MasterIP:6443 --token wyy67p.9wmda1iw4o8ds0c5 --discovery-token-ca-cert-hash sha256:3de3e4401de1cdf3b4c778ad1ac3920d9f7b15ca34b4c5ebe44d92e60d1290e0 #token和cert hash需要修改为你的配置,可以在kubeadm-init.log 中找到
有疑问加站长微信联系(非本文作者)
入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889
关注微信1941 次点击
2 回复 | 直到 2020年03月15日 09:27:24
暂无回复
添加一条新回复
(您需要 后才能回复 没有账号 ?)
- 请尽量让自己的回复能够对别人有帮助
- 支持 Markdown 格式, **粗体**、~~删除线~~、
`单行代码` - 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
- 图片支持拖拽、截图粘贴等方式上传
收入到我管理的专栏 新建专栏
设置系统主机名以及hosts文件
hostnamectl set-hostname master
hostnamectl set-hostname node01
hostnamectl set-hostname node02
修改hosts文件,master和node节点上都需要改
[root@master k8s]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.150.128 master
192.168.150.129 node1
192.168.150.130 node2安装依赖包
yum -y install conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git设置防火墙为Iptables并清空规则
systemctl stop firewalld && systemctl disable firewalld && yum -y install iptables-services && \\
systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save 关闭SELINUX、SWAP
swapoff -a && sed -i '/swap/d' /etc/fstab && setenforce 0 && sed -i 's/enforcing/SELINUX=disabled/g' /etc/selinux/config
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle=0 调整内核参数,对于K8S
#禁止使用swap空间,只有当系统OOM时才允许使用它
vm.swappiness = 0
#不检查物理内存是否够用
vm.overcommit_memory=1
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720 #4.0内核可以设置这个参数
EOF
sysctl -p /etc/sysctl.d/kubernetes.conf设置系统时区为上海
timedatectl set-timezone Asia/Shanghai
#将当前的UTC时间写入硬件时钟
timedatectl set-local-rtc 0 重启依赖于系统时间的服务
systemctl restart rsyslog
systemctl restart crond关闭不需要的服务
systemctl stop postfix && systemctl disable postfix设置rsyslogd和systemd journald
mkdir /var/log/journal
mkdir /etc/systemd/jorunald.conf.d
cat > /etc/systemd/jorunald.conf.d/99-prophet.conf << EOF
[Journal]
Storage=persistent
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
#最大占用空间
SystemMaxUse=10G
#单日志文件最大大小
SystemMaxFileSize=200M
#日志保存时间2周
MaxRetentionSec=2week
#不将日志转发到syslog
ForwardToSyslog=no
EOF
systemctl restart systemd-journald 升级系统内核为4.44版本
#CentOS7.x系统自带的3.10.x内核存在一些Bug,导致运行的Docker、Kubernetes不稳定
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
# 安装完成后检查/boot/grub2/grub.cfg 中对应内核menuentry中是否包含initrd16配置,如果没有,再安装一次
yum --enablerepo=elrepo-kernel install -y kernel-lt
# 设置开机从新内核启动
grub2-set-default "CentOS Linux (4.4.182-1.el7.elrepo.x86\_64) 7 (Core)"kube-rpoxy开启ipvs的前置条件
modprobe br_netfilter
cat > /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4安装Docker
yum -y install yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y update && yum -y install docker-ce
## 创建docker配置目录
mkdir /etc/docker
#配置daemon
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
# 启动docker
systemctl daemon-reload && systemctl start docker && systemctl enable docker
安装kubeadm(每个节点都需要安装)
# 导入阿里云kubeadm镜像仓库
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装
yum -y install kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1
# 设置开机自启动
systemctl enable kubelet.service 镜像下载
因为在国内访问不了google的docker仓库,但是我们可以在阿里云上找到需要的镜像,下载下来,然后重新打上标签即可,可以使用下面的脚本下载所需镜像
镜像下载地址 https://cr.console.aliyun.com/images/cn-hangzhou/google_containers/kube-apiserver-amd64/detail
下面是镜像下载脚本:
#!/bin/bash
image_aliyun=(kube-apiserver-amd64:v1.17.1 kube-controller-manager-amd64:v1.17.1 kube-scheduler-amd64:v1.17.1 kube-proxy-amd64:v1.17.1 pause-amd64:3.1 etcd-amd64:3.4.3-0 coredns:1.6.5)
for image in ${image_aliyun[@]}
do
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$image
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$image k8s.gcr.io/${image/-amd64/}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$image
done初始化主节点
生成默认配置yaml配置文件,生成之后需要修改一些配置
kubeadm config print init-defaults > kubeadm-config.yaml
# 修改advertiseAddress为master节点IP
# 修改kubernetesVersion: v1.17.1
# 在serviceSubnet: 10.96.0.0/12上面添加一行 podSubnet: "10.244.0.0/16" 原因是flanne默认网段就是这个网段
# 在配置文件最后添加下面的字段,将默认的调度方式改为ipvs
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
mode: ipvs
# 安装以及自动颁发证书
kubeadm init --config=kubeadm-config.yaml | tee kubeadm-init.log 成功安装之后的部分提示信息
# cat kubeadm-init.log
...
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.175.133:6443 --token 6bu2e9.heokh2kwn5h2eph1 --discovery-token-ca-cert-hash sha256:5382721c5a684d10d2d43a6a825af039c044c4dda46c4d49dd64d2f41ffa6c97
...成功安装之后的操作
mkdir -p $HOME/.kube # 该目录用于保存kubectl 和kubeapi的连接缓存以及认证文件
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config部署网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml查看集群节点状态
kubectl get nodes
kubectl get cs
kubectl get pod -n kube-system保存重要文件
mkdir k8sInstall
mv kubeadm-config.yaml kubeadm-init.log k8sInstallnode节点加入集群方法
kubeadm join MasterIP:6443 --token wyy67p.9wmda1iw4o8ds0c5 --discovery-token-ca-cert-hash sha256:3de3e4401de1cdf3b4c778ad1ac3920d9f7b15ca34b4c5ebe44d92e60d1290e0 #token和cert hash需要修改为你的配置,可以在kubeadm-init.log 中找到