zoukankan      html  css  js  c++  java
  • 20分钟kubeadm安装kubernetes 1.15.1

    节点四台:master、node01、node02、harbor

    安装软件:链接:https://pan.baidu.com/s/1iBM9ymdvmQi67DPJ93OF0w  密码:k2m6


    设置系统主机名及host文件解析

    #hostnamectl set-hostname k8s-master hostnamectl set-hostname k8s-node01 hostnamectl set-hostname k8s-node02

    安装依赖包

    #yum -y install conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git  

    设置防火墙为iptables规则并设置空规则

    #systemctl stop firewalld&&systemctl disable firewalld
    #yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save  

    关闭SElinux

    # swapoff -a && sed -i '/ swap / s/^(.*)$/#1/g' /etc/fstab
    #setenforce 0 && sed -I 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config 

    调整内核参数

    #cat > kubernetes.conf << EOF
    net.bridge.bridge-nf-call-iptables=1
    net.bridge.bridge-nf-call-ip6tables=1
    net.ipv4.ip_forward=1
    net.ipv4.tcp_tw_recycle=0
    vm.swappiness=0 #禁止使用swap空间
    vm.overcommit_memory=1 #不检查物理内存
    vm.panic_on_oom=0
    fs.inotify.max_user_instances=8192
    fs.inotify.max_user_watches=1048576
    fs.file-max=52706963
    fs.nr_open=52706963
    net.ipv6.conf.all.disable_ipv6=1
    net.netfilter.nf_conntrack_max=2310720
    EOF 

    开机调用kubernetes.conf,并生效

    #cp kubernetes.conf /etc/sysctl.d/kubernetes.conf
    #sysctl -p /etc/sysctl.d/kubernetes.conf  

    调整系统时区-安装系统时选择上海,这步跳过
    设置时区 中国/上海

    #timedatectl set-timezone Asia/Shanghai

    将当前UTC时间写入硬件时钟

    #timedatectl set-local-rtc 0

    重启依赖于系统时间的服务

    #systemctl restart rsyslog
    #systemctl restart crond  

    关闭系统邮件服务

    #systemctl stop postfix&&systemctl disable postfix
    

    设置系统日志服务rsyslogd和systemd journald

    创建持久化目录

    # mkdir /var/log/journal 

    创建journald配置文件

    # mkdir /etc/systemd/journal.conf.d
    #cat > /etc/systemd/journal.conf.d/99-prophet.conf <<EOF
    [ Journal ]
    #持久化保存到磁盘
    Storage=persistent
    
    #压缩历史日志
    Compress=yes
    
    SyncIntervalSec=5m
    RateLimitInterval=30s
    RateLimitBurst=1000
    
    #最大占用空间
    SystemMaxUse=10G
    
    #单日志文件最大 200M
    SystemMaxFileSize=200M
    
    #日志保存时间
    MaxRetentionSec=2week
    
    #不讲日志转发到 syslog
    ForwardToSyslog=no
    
    EOF
    #systemctl restart systemd-journald 

    升级系统内核为4.44版本

    #rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm  

    查看 /boot/grub2/grub.cfg是否存在menuentry 中是否包含 initrd16配置,如果没有重新安装

    #cat /boot/grub2/grub.cfg|grep initrd16
    
    #yum --enablerepo=elrepo-kernel install -y kernel-lt

    设置开几重启内核

    #grub2-set-default 'CentOS Linux (4.4.214-1.el7.elrepo.x86_64) 7 (core)'
    #reboot 

    检查下三台节点内核版本是否为4.44

    #uname -r
    4.4.214-1.el7.elrepo.x86_64 

    Kube-proxy开启ipvs前置条件

    #modprobe br_netfilter
    #cat > /etc/sysconfig/modules/ipvs.modules << EOF
    #!/bin/bash
    modprobe -- ip_vs
    modprobe -- ip_vs_rr
    modprobe -- ip_vs_wrr
    modprobe -- ip_vs_sh
    modprobe -- nf_conntrack_ipv4
    EOF
    #chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod |grep -e ip_vs -e nf_conntrack_ipv4

    安装docker

    #yum -y install yum-utils device-mapper-persistent-data lvm2
    #yum-config-manager 
    --add-repo 
    http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    # yum update -y && yum install -y docker-ce

    创建 /etc/docker 目录

    #mkdir /etc/docker
    
    #grub2-set-default 'CentOS Linux (4.4.214-1.el7.elrepo.x86_64) 7 (core)'&&reboot 

    设置docker启动,开机自启

    # systemctl start docker && systemctl enable docker 

    创建 daemon.json 配置文件,将存储日志的方式改为为 json file 格式存储,方便日后从 /var/log/container/ 下查找容器日志,之后就可以从 efk 中搜索索引信息了

    #cat > /etc/docker/daemon.json << EOF
    {
    "registry-mirrors": ["https://registry.docker-cn.com"],
    "exec-opts": ["native.cgroupdriver=systemd"], #centos7中有两种cgroup组(cgroupfx, cgroupdriver)是由systemd做隔离
    "log-driver": "json-file",
    "log-opts": {
    "max-size": "100m"
    }
    }
    EOF
    #mkdir -p /etc/systemd/system/docker.service.d
    #systemctl daemon-reload && systemctl restart docker && systemctl enable docker 

    安装kubeadm

    #cat << EOF > /etc/yum.repos.d/kubernetes.repo
    [kubernetes]
    baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
    gpgcheck=1
    gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
    https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
    EOF
    #yum -y install kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1
    #systemctl enable kubelet

    导入kubernetes系统镜像,百度云盘链接:https://pan.baidu.com/s/1iBM9ymdvmQi67DPJ93OF0w  密码:k2m6

    # tar xf kubeadm-basic.images.tar.gz

    批量导入镜像脚本

    # vim docker-load.sh
    #!/bin/bash
    
    ls /root/rpm/kubeadm-basic.images > /root/docker-load-list.txt
    
    cd /root/rpm/kubeadm-basic.images
    
    for i in $(cat /root/docker-load-list.txt)
    do
    docker load -i $i
    done
    #chmod a+x docker-load.sh
    #./docker-load.sh

    在master节点操作,导出kubeadm-config.yaml配置文件

    #kubeadm config print init-defaults > /etc/kubernetes/kubeadm-config.yaml
    #vim kubeadm-config.yaml
    第12行:advertiseAddress:192.168.1.11
    第34行:kubernetesVersion: v1.15.1
    第36行下增加:podSubnet: "10.244.0.0/16" #pod网段

    初始化master

    #kubeadm init --config=/etc/kubernetes/kubeadm-config.yaml --experimental-upload-certs | tee kubeadm-init.log

    Your Kubernetes control-plane has initialized successfully!

    To start using your cluster, you need to run the following as a regular user:

    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config

    You should now deploy a pod network to the cluster.
    Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
    https://kubernetes.io/docs/concepts/cluster-administration/addons/

    Then you can join any number of worker nodes by running the following on each as root:

    kubeadm join 192.168.1.11:6443 --token abcdef.0123456789abcdef
    --discovery-token-ca-cert-hash sha256:69540b24d9d2eaa4fd9a9d533bfde8c6520ce7586366fa9e35474e94553532ba

    # mkdir -p $HOME/.kube
    # cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    # chown $(id -u):$(id -g) $HOME/.kube/config
    # echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
    # source ~/.bash_profile 

    保留安装文件

    #mkdir install-k8s
    # mv /etc/kubernetes/kubeadm-config.yaml /etc/kubernetes/kubeadm-init.log /usr/local/kubernetes/install-k8s/

    master安装flannel

    #wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
    # kubectl create -f kube-flannel.yml

    没有镜像可以下载国内镜像,然后重新打标签,将镜像scp到node01和node02节点上,docker load即可

    #docker pull lizhenliang/flannel:v0.11.0-amd64
    #docker tag lizhenliang/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64

    Node01和Node02节点加入k8s集群

    #tail -5 /usr/local/kubernetes/install-k8s/kubeadm-init.log
    #kubeadm join 192.168.1.11:6443 --token abcdef.0123456789abcdef 
    --discovery-token-ca-cert-hash sha256:69540b24d9d2eaa4fd9a9d533bfde8c6520ce7586366fa9e35474e94553532ba
    

    安装harbor仓库

    #mv docker-compose /usr/local/bin/
    #chmod a+x /usr/local/bin/docker-compose
    #tar xf harbor-offline-installer-v1.2.0.tgz -C /usr/local/harbor

    修改harbor配置文件

    #vim harbor.cfg
    第五行:hostname = edwin.registry.docker.com
    第九行:ui_url_protocol = https
    #mkdir -p /data/cert/&&cd /data/cert/

    制作证书
    生成server.key

    #openssl genrsa -des3 -out server.key 2048

    生成server.csr私钥

    #openssl req -new -key server.key -out server.csr
    

    # cp server.key server.key.bak 

    验证时不使用密码

    # openssl rsa -in server.key.bak -out server.key 

    为生成证书签名

    # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 

    为生成的证书授予权限

    # chmod a+x *
    # cd /usr/loacl/harbor/
    # ./install.sh

    为k8s集群下的主机配置hosts主机解析

    # echo "192.168.1.11 edwin.registry.docker.com" >> /etc/hosts
    

     

     

  • 相关阅读:
    POJ 2942 圆桌骑士 (点双学习笔记)
    洛谷P3563 POI Polarization
    通过集群的方式解决基于MQTT协议的RabbitMQ消息收发
    在WebAPI中调用其他WebAPI
    将WebAPI发布到本地服务器与远程服务器
    利用RabbitMQ、MySQL实现超大用户级别的消息在/离线收发
    C#程序调用cmd.exe执行命令
    C#调用python
    Trixbox下SIP TRUNK的基本设定
    连接两台asterisk服务器
  • 原文地址:https://www.cnblogs.com/houjunjun437416/p/12378425.html
Copyright © 2011-2022 走看看