安装步骤
现在只装两个节点 master01 ,node01,后期会继续添加节点
1.系统初始化
所有机器都要执行操作
1.1 设置系统主机名以及 Host 文件的相互解析 hostnamectl set-hostname k8s-master01
| hostnamectl set-hostname k8s-master01 / hostnamectl set-hostname k8s-node01 |
| |
| #修改hosts |
| 192.168.100.102 k8s-node01 |
| 192.168.100.169 k8s-master01 |
1.2安装依赖包
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git
1.3设置防火墙为 Iptables 并设置空规则
| systemctl stop firewalld && systemctl disable firewalld |
| yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save |
1.4关闭 SELINUX
| swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab |
| setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config |
1.5调整内核参数,对于 K8S
| cat > kubernetes.conf <<EOF |
| net.bridge.bridge-nf-call-ip6tables=1 |
| net.ipv4.ip_forward=1 |
| net.ipv4.tcp_tw_recycle=0 |
| vm.swappiness=0 # 禁止使用 swap 空间,只有当系统 OOM 时才允许使用它 |
| vm.overcommit_memory=1 # 不检查物理内存是否够用 |
| vm.panic_on_oom=0 # 开启 OOM |
| fs.inotify.max_user_instances=8192 |
| fs.inotify.max_user_watches=1048576 |
| fs.file-max=52706963 |
| fs.nr_open=52706963 |
| net.ipv6.conf.all.disable_ipv6=1 |
| net.netfilter.nf_conntrack_max=2310720 |
| EOF |
| |
| cp kubernetes.conf /etc/sysctl.d/kubernetes.conf |
| |
| sysctl -p /etc/sysctl.d/kubernetes.conf |
1.6 调整系统时区
| # 设置系统时区为 中国/上海 |
| timedatectl set-timezone Asia/Shanghai # 将当前的 UTC 时间写入硬件时钟 timedatectl set-local-rtc 0 |
| # 重启依赖于系统时间的服务 |
| systemctl restart rsyslog |
| systemctl restart crond |
1.7 关闭系统不需要服务
systemctl stop postfix && systemctl disable postfix
1.8 设置 rsyslogd 和 systemd journald
| mkdir /var/log/journal # 持久化保存日志的目录 |
| mkdir /etc/systemd/journald.conf.d |
| |
| cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF |
| [Journal] |
| # 持久化保存到磁盘 |
| Storage=persistent |
| # 压缩历史日志 |
| Compress=yes |
| SyncIntervalSec=5m |
| RateLimitInterval=30s |
| RateLimitBurst=1000 |
| # 最大占用空间 10G |
| SystemMaxUse=10G |
| # 单日志文件最大 200M |
| SystemMaxFileSize=200M |
| # 日志保存时间 2 周 |
| MaxRetentionSec=2week |
| # 不将日志转发到 |
| syslog ForwardToSyslog=no |
| EOF |
| |
| systemctl restart systemd-journald |
1.9 暂时不用升级系统内核为 4.44,有不兼容的情况
| CentOS 7.x 系统自带的 3.10.x 内核存在一些 Bugs,导致运行的 Docker、Kubernetes 不稳定,例如: rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm |
| |
| rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm |
| # 安装完成后检查 /boot/grub2/grub.cfg 中对应内核 menuentry 中是否包含 initrd16 配置,如果没有,再安装 一次! |
| yum --enablerepo=elrepo-kernel install -y kernel-lt |
| # 设置开机从新内核启动 |
| grub2-set-default 'CentOS Linux (4.4.189-1.el7.elrepo.x86_64) 7 (Core)' |
2.kubeadm 部署安装
所有机器都要执行操作
2.1 kube-proxy开启ipvs的前置条件
| modprobe br_netfilter |
| |
| cat > /etc/sysconfig/modules/ipvs.modules111 <<EOF |
| #!/bin/bash |
| modprobe -- ip_vs |
| modprobe -- ip_vs_rr |
| modprobe -- ip_vs_wrr |
| modprobe -- ip_vs_sh |
| modprobe -- nf_conntrack_ipv4 |
| EOF |
| |
| chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4 |
2.2安装 Docker 软件
| yum install -y yum-utils device-mapper-persistent-data lvm2 |
| |
| yum-config-manager \ |
| --add-repo \ |
| http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo |
| |
| yum update -y && yum install -y docker-ce |
| ## 创建 /etc/docker 目录 |
| mkdir /etc/docker |
| # 配置 daemon. |
| cat > /etc/docker/daemon.json <<EOF |
| { |
| "exec-opts": ["native.cgroupdriver=systemd"], |
| "log-driver": "json-file", |
| "log-opts": { |
| "max-size": "100m" |
| } |
| } |
| EOF |
| |
| mkdir -p /etc/systemd/system/docker.service.d |
| |
| # 重启docker服务 |
| systemctl daemon-reload && systemctl restart docker && systemctl enable docker |
2.3 安装 Kubeadm (主从配置)
| cat > /etc/yum.repos.d/kubernetes.repo <<EOF |
| [kubernetes] |
| name=Kubernetes |
| baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 |
| enabled=1 |
| gpgcheck=0 |
| repo_gpgcheck=0 |
| gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg |
| http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg |
| EOF |
| |
| yum -y install kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1 |
| |
| systemctl enable kubelet.service |
2.4 初始化主节点
只在master节点执行操作
导入脚本之前先将 kubeadm-basic.images.tar.gz 压缩包解压。
在执行下面脚本
| #!/bin/bash |
| |
| ls /root/kubeadm-basic.images > /tmp/image-list.txt |
| |
| cd /root/kubeadm-basic.images |
| |
| for i in $( cat /tmp/image-list.txt) |
| do |
| docker load -i $i |
| done |
| |
| rm -rf /tmp/image-list.txt |
| kubeadm config print init-defaults > kubeadm-config.yaml |
| |
| ## 修改 kubeadm-config.yaml模版文件 |
| localAPIEndpoint: |
| # 修改主机IP地址 |
| advertiseAddress: 192.168.66.10 |
| …… |
| # 修改版本号 |
| kubernetesVersion: v1.15.1 |
| networking: |
| # 添加下面一行 |
| podSubnet: "10.244.0.0/16" |
| serviceSubnet: 10.96.0.0/12 |
| # 在文件最后添加下面一段保存 |
| --- |
| apiVersion: kubeproxy.config.k8s.io/v1alpha1 |
| kind: KubeProxyConfiguration |
| featureGates: |
| SupportIPVSProxyMode: true |
| mode: ipvs |
| |
| #kubeadm init 操作比较慢,可以提前下载好镜像本地导入 |
| kubeadm init --config=kubeadm-config.yaml --experimental-upload-certs | tee kubeadm-init.log |
| |
| # 若安装的过程出现报错,解决后重新安装需要先执行下面指令 |
| kubeadm reset |
| |
| #查看安装日志 kubeadm-init.log,如果安装成功需要执行log上面的指令 |
| mkdir -p $HOME/.kube |
| sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config |
| sudo chown $(id -u):$(id -g) $HOME/.kube/config |
2.5部署flannel网络
只在master节点执行操作
| # wget如果不可以,则可以自己下载上传到服务器 |
| wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml |
| |
| kubectl create -f kube-flannel.yml |
| |
| 测试 kubectl get node / kubectl get pod -n kube-system -o wide |
2.7 加入主节点以及其余工作节点
在所有node节点执行操作
| # 执行安装日志kubeadm-init.log中的加入命令即可 |
| kubeadm join 192.168.100.169:6443 --token abcdef.0123456789abcdef \ |
| --discovery-token-ca-cert-hash sha256:f46b8f94dfab80094ad7ba4756001dbecc146b28351435f78a5a7560591fe9bd |
3.卸载K8S
| kubeadm reset -f |
| modprobe -r ipip |
| lsmod |
| rm -rf ~/.kube/ |
| rm -rf /etc/kubernetes/ |
| rm -rf /etc/systemd/system/kubelet.service.d |
| rm -rf /etc/systemd/system/kubelet.service |
| rm -rf /usr/bin/kube* |
| rm -rf /etc/cni |
| rm -rf /opt/cni |
| rm -rf /var/lib/etcd |
| rm -rf /var/etcd |
| yum -y remove kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1 |
Q.E.D.
