1. 环境初始化
centos7
# 配置国内kubernetes yum源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes Repositry
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
# 关闭selinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 关闭swap
swapoff -a
sed -i '/ swap / s/^(.*)$/#1/g' /etc/fstab
# 加载内核模块
modprobe br_netfilter
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
modprobe -- br_netfilter
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules
# 设置内核参数
cat << EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl -p /etc/sysctl.d/k8s.conf
# 配置主机名解析
echo -e "$(hostname -i) $(hostname)" >> /etc/hosts
# 国内docker源
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.d/
# 安装相关依赖包
yum clean all && yum makecache fast
yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp chrony
# 设置时区
timedatectl set-timezone "Asia/Shanghai"
# 时间同步
systemctl start chronyd && systemctl enable chronyd
# 安装docker
yum install docker-ce-18.06.2.ce -y
# 安装kubeadm
yum install kubelet-1.14.0 kubeadm-1.14.0 kubectl-1.14.0 --disableexcludes=kubernetes -y
# docker配置及服务启动
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors":["https://registry.docker-cn.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
systemctl daemon-reload && systemctl restart docker
# 启动kubelet
systemctl start kubelet && systemctl enable kubelet
2. 单节点master-node
2.1 master节点
# 生成初始化配置文件
mkdir /ops-data && cd /ops-data
kubeadm config print init-defaults > init.default.yaml
cat > init.default.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta1
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.30.60
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: kubeadm-node1
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta1
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: ""
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: docker.io/dustise
kind: ClusterConfiguration
kubernetesVersion: v1.14.0
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"
serviceSubnet: 10.96.0.0/12
scheduler: {}
EOF
# 下载镜像
kubeadm config images pull --config=init.default.yaml
# 初始化集群
kubeadm init --config=init.default.yaml
# 配置kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 安装网络插件calico
kubectl apply -f https://docs.projectcalico.org/v3.7/manifests/calico.yaml
# 修改kube-proxy使用ipvs
kubectl get configmap kube-proxy -n kube-system -o yaml > kube-proxy-configmap.yaml
sed -i 's/mode: ""/mode: "ipvs"/' kube-proxy-configmap.yaml
kubectl apply -f kube-proxy-configmap.yaml
2.2 Node节点
# node 加入集群
kubeadm join 192.168.30.60:6443 --token abcdef.0123456789abcdef
--discovery-token-ca-cert-hash sha256:e1ef4b5294184b0c989ae4bf8d9f59d03d5cae3369296fe777fad3183035f44a
# 修改kubelet cgroup diver为systemd
sed -i 's/cgroupfs/systemd/g' /var/lib/kubelet/kubeadm-flags.env
systemctl daemon-reload && systemctl retart kubelet
2.3 验证
kubectl get cs
kubectl get nodes
kubectl get pod --all-namespaces
kubectl --namespace kube-system describe pod <pod-names>