zoukankan      html  css  js  c++  java
  • k8s搭建-详情

    本文详细部署参考 :使用kubeadm安装Kubernetes 1.13

    高可用k8s集群

    Ha搭建详情

    环境准备,每个节点都需要:

      centos7.5 4 、2G内存,cup个数>=2

      1、时间同步(ntp5.aliyun.com),chronyc sources(查看是否同步)

      2、主机名解析,互相免密登陆

      3、关闭防火墙(firewall,iptables)

                  docker有些版本的filter 表,默认的FORWARD  链默认是 DROP ,需要修改
                  iptables -t filter -P FORWARD ACCEPT (命令临时生效)

      4、禁用selinux 

    setenforce 0
    sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
    

      5、禁用swap,/etc/fstable,  swapoff -a,swapof -s(查看)

      6、启用内核模块:

    创建/etc/sysctl.d/k8s.conf文件,添加如下内容:
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    net.ipv4.ip_forward = 1

    另一个人的配置(
    net.bridge.bridge-nf-call-iptables = 1
    net.bridge.bridge-nf-call-ip6tables = 1
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.ip_forward = 1

    执行命令使修改生效。

    modprobe br_netfilter
    sysctl -p /etc/sysctl.d/k8s.conf
     

      7、开启ipvs,执行脚本(K8S集群优化之路由转发:使用IPVS替代iptables。kube-proxy的ipvs模式解读

    cat > /etc/sysconfig/modules/ipvs.modules <<EOF
    #!/bin/bash
    modprobe -- ip_vs
    modprobe -- ip_vs_rr
    modprobe -- ip_vs_wrr
    modprobe -- ip_vs_sh
    modprobe -- nf_conntrack_ipv4
    EOF
    chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

      8、安装Docker

        使用阿里云的源docker-ce

      9、确认一下iptables filter表中FOWARD链的默认策略(pllicy)为ACCEPT。iptables -nvL

      10、安装kubeadm和kubelet,使用阿里云源

      11、拉取镜像

    docker pull docker.io/fanever/k8scheduler
    docker pull docker.io/fanever/k8proxy
    docker pull docker.io/fanever/k8pause
    docker pull docker.io/fanever/k8etcd
    docker pull docker.io/fanever/k8coredns
    docker pull docker.io/fanever/k8controller
    docker pull docker.io/fanever/k8api

      打标签

    docker tag docker.io/fanever/k8coredns k8s.gcr.io/coredns:1.3.1
    docker tag docker.io/fanever/k8etcd k8s.gcr.io/etcd:3.3.10
    docker tag docker.io/fanever/k8pause k8s.gcr.io/pause:3.1
    docker tag docker.io/fanever/k8proxy k8s.gcr.io/kube-proxy:v1.14.1
    docker tag docker.io/fanever/k8scheduler k8s.gcr.io/kube-scheduler:v1.14.1
    docker tag docker.io/fanever/k8controller k8s.gcr.io/kube-controller-manager:v1.14.1
    docker tag docker.io/fanever/k8api k8s.gcr.io/kube-apiserver:v1.14.1

      

    11、使用kubeadm init初始化集群

        在各节点开机启动kubelet服务:systemctl enable kubelet.service

        在master上使用kubeadm初始化集群:

    kubeadm init   --kubernetes-version=v1.14.0   --pod-network-cidr=10.244.0.0/16   --apiserver-advertise-address=192.168.61.11

     根据提示,创建配置文件,和pod网络,选择flannel

    kubectl apply -f  https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

     需要的镜像是:quay.io/coreos/flannel:v0.11.0-amd64在kube-flannel.yml中查看,可以先pull,镜像站在https://quay.io/repository/coreos/flannel?tab=tags

    测试环境:

    1 master

    3nodes

    所需软件:

    kubeadm(部署工具)

    kubelet(管理pod)

    docker

    k8s中文官方文档:

      Kubernetes对Docker的版本支持列表

    部署dashboard web图形界面

     wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

    更改镜像,加上type 

    kubectl apply -f kubernetes-dashboard.yaml      #kubectl delete  -f kubernetes-dashboard.yaml
    
    743  kubectl create serviceaccount fang -n kube-system
      744  kubectl get serviceaccount
      745  kubectl get serviceaccount -a
      746  kubectl get serviceaccount -A
      748  kubectl create clusterrolebinding fang --clusterrole=cluster-admin --serviceaccount=kube-system:fang
      749  kubectl get secret -A
      750  kubectl describe secret fang-token-skvgq -n kube-system

  • 相关阅读:
    Valid Palindrome
    LeetCode: Path Sum 2
    LeetCode: Path Sum
    LeetCode:Convert Sorted Array to Binary Search Tree
    LeetCode:Convert Sorted List to Binary Search Tree
    LeetCode: Balanced Binary Tree
    LeetCode: Maximum Depth of Binary Tree
    django文件上传,只上传一张
    URLError: <urlopen error [Errno 10061] >
    error: <class 'socket.error'>, [Errno 101] Network is unreachable: file: /usr/local/python2.7.12/lib/python2.7/socket.py line: 575
  • 原文地址:https://www.cnblogs.com/fanever/p/10632333.html
Copyright © 2011-2022 走看看