# 准备正式开始安装
# 修改主机名称(多台主机依次修改)
hostnamectl --static set-hostname master01 hostnamectl --static set-hostname master02 hostnamectl --static set-hostname master03 hostnamectl --static set-hostname worker01 hostnamectl --static set-hostname worker02 hostnamectl --static set-hostname worker03 hostnamectl --static set-hostname worker04 hostnamectl --static set-hostname worker05
# 添加hosts
cat >> /etc/hosts <<EOF 192.168.1.171 master01 192.168.1.172 master02 192.168.1.173 master03 192.168.1.181 worker01 192.168.1.182 worker02 192.168.1.183 worker03 192.168.1.184 worker04 192.168.1.185 worker05 EOF
# 准备初始化集群(只需要在其中一台master上执行即可,这里在192.168.1.171上执行)
生成集群默认初始化配置文件
kubeadm config print init-defaults > kubeadm-init-config.yaml
修改为如下内容
cat kubeadm-init-config.yaml
# kubeadm config print init-defaults
# https://www.guojingyi.cn/912.html
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.1.171
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: master01
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
# extraArgs:
# authorization-mode: Node,RBAC
certSANs:
- "192.168.1.170"
- "192.168.1.171"
- "192.168.1.172"
- "192.168.1.173"
- "127.0.0.1"
- localhost
- master01
- master02
- master03
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
controlPlaneEndpoint: "192.168.1.171:6443"
kind: ClusterConfiguration
kubernetesVersion: v1.16.15
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
mode: ipvs
ipvs:
strictARP: true注意: 192.168.1.170是VIP,负载均衡ip或者其它类似作用的ip,文件里面的192.168.1.171理论上来说应该换成192.168.1.170在前面做负载均衡和高可用
初始化集群
kubeadm init --config=kubeadm-init-config.yaml --upload-certs
# kubeadm init --pod-network-cidr=10.244.0.0/16
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of the control-plane node running the following command on each as root: kubeadm join 192.168.1.171:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:2a1cd7e5b01f1cc95ddf9823d3f288f3fe4e6ff2ff9891a6ae302a1e863ac90d \ --control-plane --certificate-key 8e032e22ce1c539b7c6fd838f21fe59bf677d3089f43f88525f07cf9adbfae44 Please note that the certificate-key gives access to cluster sensitive data, keep it secret! As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use "kubeadm init phase upload-certs --upload-certs" to reload certs afterward. Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.1.171:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:2a1cd7e5b01f1cc95ddf9823d3f288f3fe4e6ff2ff9891a6ae302a1e863ac90d
# 其它节点加入集群有证书错误,可以将证书拷贝到其他机器,如下命令,然后再执行join命令
scp -rp /etc/kubernetes/pki/ca.* master-117:/etc/kubernetes/pki scp -rp /etc/kubernetes/pki/sa.* master-117:/etc/kubernetes/pki scp -rp /etc/kubernetes/pki/front-proxy-ca.* master-117:/etc/kubernetes/pki scp -rp /etc/kubernetes/pki/etcd/ca.* master-117:/etc/kubernetes/pki/etcd scp -rp /etc/kubernetes/admin.conf master-117:/etc/kubernetes
其他两个master节点加入集群(192.168.1.172,192.168.1.173)
master加入集群命令如下
kubeadm join 192.168.1.171:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:2a1cd7e5b01f1cc95ddf9823d3f288f3fe4e6ff2ff9891a6ae302a1e863ac90d \ --control-plane --certificate-key 8e032e22ce1c539b7c6fd838f21fe59bf677d3089f43f88525f07cf9adbfae44
所有node节点加入集群(192.168.1.181,192.168.1.182,192.168.1.183,192.168.1.184,192.168.1.185)
node加入集群命令如下
kubeadm join 192.168.1.171:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:2a1cd7e5b01f1cc95ddf9823d3f288f3fe4e6ff2ff9891a6ae302a1e863ac90d
注意:如上token具有默认24小时的有效期,token和hash值可通过如下方式获取:
kubeadm token list
如果 Token 过期以后,可以输入以下命令,生成新的 Token:
kubeadm token create openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
初始化完成,复制配置文件到默认目录
[root@master01 ~]# mkdir -p $HOME/.kube[root@master01 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config[root@master01 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
#设置KUBECONFIG环境变量 cat << EOF >> ~/.bashrc export KUBECONFIG=$HOME/.kube/config EOF echo "source <(kubectl completion bash)" >> ~/.bashrc source ~/.bashrc 附加:初始化过程大致步骤如下: 1、[kubelet-start] 生成kubelet的配置文件”/var/lib/kubelet/config.yaml” 2、[certificates]生成相关的各种证书 3、[kubeconfig]生成相关的kubeconfig文件 4、[bootstraptoken]生成token记录下来,后边使用kubeadm join往集群中添加节点时会用到
### 安装flannel
kubectl apply -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel.yml
# 如果kubeadm-init-config.yaml里面的pod网段自定义为非10.244.0.0/16网段,这里kube-flannel.yml文件里面要修改对应网段和自定义网段一致
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
# This file does not bundle RBAC permissions. If you need those, run
设置标签
[root@master01 ~]# kubectl taint nodes --all node-role.kubernetes.io/master- #允许master部署应用
提示:部署完内部应用后可使用kubectl taint node master01 node-role.kubernetes.io/master="":NoSchedule重新设置Master为Master Only 状态。
开启kubelet只读端口用于监控
```bash
echo 'KUBELET_EXTRA_ARGS="--read-only-port=10255"' >> /etc/sysconfig/kubelet
systemctl restart kubelet.service
-
« 上一篇:
LVM lvm