kubernetes-k8s安装kubeadm (非正式-未整理)

发表于 Kubernetes 分类,标签:



## 环境准备


### 配置hosts解析


```bash

cat >>/etc/hosts<<EOF

10.5.10.232 master

10.5.10.233 node1

10.5.10.235 node2

10.5.10.236 node3

EOF

```


### 禁用防火墙:

```bash

systemctl stop firewalld

systemctl disable firewalld

iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat

iptables -P FORWARD ACCEPT

```


### 禁用SELINUX:


```bash

setenforce 0

sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

```


### 调整内核


```bash

cat >>/etc/sysctl.d/k8s.conf<<EOF

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

net.ipv4.ip_forward = 1

vm.swappiness=0

EOF

sysctl  -p

```


### 开启ipvs


```bash

modprobe br_netfilter && sysctl -p /etc/sysctl.d/k8s.conf

cat > /etc/sysconfig/modules/ipvs.modules <<EOF

#!/bin/bash

modprobe -- ip_vs

modprobe -- ip_vs_rr

modprobe -- ip_vs_wrr

modprobe -- ip_vs_sh

modprobe -- nf_conntrack_ipv4

EOF

chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

yum install ipset ipvsadm -y

```


### 同步服务器时间


```bash

timedatectl set-timezone Asia/Shanghai

yum install chrony -y

systemctl enable chronyd

systemctl start chronyd

timedatectl status

# 将当前的 UTC 时间写入硬件时钟

timedatectl set-local-rtc 0

# 重启依赖于系统时间的服务

systemctl restart rsyslog 

systemctl restart crond

```


### 关闭无关的服务


```

systemctl stop postfix && systemctl disable postfix

```


### 关闭 swap 分区:


```bash

swapoff -a

sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab 

```


### 安装docker


```bash

yum install -y yum-utils \

  device-mapper-persistent-data \

  lvm2

yum-config-manager \

    --add-repo \

    https://download.docker.com/linux/centos/docker-ce.repo

yum install docker-ce -y


# 配置 Docker 镜像加速器

cat >/etc/docker/daemon.json<<EOF

{

 "registry-mirrors": [

        "https://1nj0zren.mirror.aliyuncs.com",

        "https://docker.mirrors.ustc.edu.cn",

        "http://f1361db2.m.daocloud.io",

        "https://registry.docker-cn.com"

    ],

  "exec-opts": ["native.cgroupdriver=systemd"],

  "log-driver": "json-file",

  "log-opts": {

    "max-size": "100m"

  },

  "storage-driver": "overlay2",

  "storage-opts": [

    "overlay2.override_kernel_check=true"

  ]

}

EOF

systemctl start docker

systemctl enable docker


cat <<EOF > /etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64

enabled=1

gpgcheck=0

repo_gpgcheck=0

gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg

       http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

```


## 部署集群


### 安装 kubeadm、kubelet、kubectl


```bash

yum list kubelet kubeadm kubectl  --showduplicates|sort -r


yum install -y kubelet-1.16.9 kubeadm-1.16.9 kubectl-1.16.9 --disableexcludes=kubernetes

kubeadm version

systemctl enable kubelet.service

```


### 初始化集群


```bash

cat >>kubeadm.yaml<<EOF

apiServer:

  extraArgs:

    authorization-mode: Node,RBAC

  certSANs:

    - "10.5.7.90"

    - "101.37.171.195"

  timeoutForControlPlane: 4m0s

apiVersion: kubeadm.k8s.io/v1beta2

certificatesDir: /etc/kubernetes/pki

clusterName: kubernetes

controllerManager: {}

dns:

  type: CoreDNS

etcd:

  local:

    dataDir: /var/lib/etcd

imageRepository: registry.aliyuncs.com/google_containers

kind: ClusterConfiguration

kubernetesVersion: v1.16.9

networking:

  dnsDomain: cluster.local

  podSubnet: 192.168.0.0/16

  serviceSubnet: 10.96.0.0/12

scheduler: {}

---

apiVersion: kubeproxy.config.k8s.io/v1alpha1

kind: KubeProxyConfiguration

mode: "ipvs"

ipvs:

  strictARP: true

EOF

```


```bash

kubeadm init --config kubeadm.yaml


mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

```


### 安装flannel


```bash

kubectl apply -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel.yml


kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml  # This file does not bundle RBAC permissions. If you need those, run

```


### 加入节点


```bash

  kubeadm join 10.5.7.90:6443 --token 4y2a9g.9s4qvpbjvc919a0u \

    --discovery-token-ca-cert-hash sha256:b91eddd793f726ab983e85dc27dcbde0911e635c327b7c61f7fa4d01d801ef09

```


### Running Workloads on the Master Node


```bash

kubectl taint nodes --all node-role.kubernetes.io/master-

```


开启kubelet只读端口用于监控


```bash

echo 'KUBELET_EXTRA_ARGS="--read-only-port=10255"' >> /etc/sysconfig/kubelet

systemctl restart kubelet.service

```


0 篇评论

发表我的评论