配置
CentOS 7.6 ,内核版本 4.4 以上
k8s-master01 192.168.31.205
k8s-node01 192.168.31.206
k8s-node02 192.168.31.207
Habor
准备环境 ( 所有节点上操作 )
## 根据 IP 来分别设置 hostname
hostnamectl set-hostname k8s-master01
hostnamectl set-hostname k8s-node01
hostnamectl set-hostname k8s-node02
## 配置 hosts
cat >> /etc/hosts << EOF
192.168.31.205 k8s-master01
192.168.31.206 k8s-node01
192.168.31.207 k8s-node02
EOF
## 安装依赖包
yum install conntrack ntpdate ipvsadm ipset jq iptables curl sysstat libseccomp wget net-tools git update -y
## 设置防火墙为 iptables 并设置空规则
systemctl stop firewalld && systemctl disable firewalld
yum install -y iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
## 关闭 selinux
swapoff -a && sed -i '/ swap / s/^(.*)$/#1/g' /etc/fstab
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
## 调整内核参数
modprobe br_netfilter
cat >> /etc/rc.d/rc.local << EOF
modprobe br_netfilter
EOF
chmod +x /etc/rc.d/rc.local
cat > kubernetes.conf << EOF
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
vm.swappiness = 0
vm.overcommit_memory = 1
vm.panic_on_oom = 0
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches = 1048576
fs.file-max = 52706963
fs.nr_open = 52706963
net.ipv6.conf.all.disable_ipv6 = 1
net.netfilter.nf_conntrack_max = 2310720
EOF
cp kubernetes.conf /etc/sysctl.d/
sysctl -p /etc/sysctl.d/kubernetes.conf
## 关闭系统不需要的服务
systemctl stop postfix && systemctl disable postfix
## 设置 rsyslogd 和 systemd journald
mkdir /var/log/journal
mkdir /etc/systemd/journald.conf.d
cat > /etc/systemd/journald.conf.d/99-prophet.conf << EOF
[Journal]
Storage=persistent
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
SystemMaxUse=10G
SystemMaxFileSize=200M
MaxRetentionSec=2week
ForwardToSyslog=no
EOF
systemctl restart systemd-journald
## 升级系统内核为 4.4
rpm -Uvh https://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install -y kernel-lt
## 查看上面安装的内核版本是什么
grub2-set-default 'CentOS Linux (4.4.215-1.el7.elrepo.x86_64) 7 (Core)'
reboot
## 检查是否为 4.4 内核
uname -r
## 查看可启动的内核项
grep menuentry /boot/grub2/grub.cfg
安装 K8S
kube-proxy 开启 ipvs 的前置条件 ( 所有节点上操作 )
cat > /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod |grep -e ip_vs -e nf_conntrack_ipv4
安装 Docker 软件 ( 所有节点上操作 )
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce
mkdir /etc/docker
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["http://hub-mirror.c.163.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
}
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
systemctl daemon-reload && systemctl restart docker && systemctl enable docker
安装 Kubeadm 主从配置 ( k8s-master01 上操作 )
cat << EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1
systemctl enable kubelet.service
## 初始化主节点
kubeadm config print init-defaults > kubeadm-config.yaml
vi kubeadm-config.yaml
# 修改IP
advertiseAddress: 192.168.31.205
# 修改版本
kubernetesVersion: v1.15.1
# 在 dnsDomain: cluster.local 下添加
podSubnet: "10.244.0.0/16"
# 修改镜像库
把 imageRepository: k8s.gcr.io 换成
imageRepository: registry.aliyuncs.com/google_containers
# 在最后指定 kubeproxy 的工作模式
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
SupportIPVSProxyMode: true
mode: ipvs
kubeadm init --config=kubeadm-config.yaml --experimental-upload-certs | tee kubeadm-init.log
## 我们可以在 kubeadm-init.log 文件中找到 k8s 集群中的重要信息,保存好这个文件以后备用
## 配置一个管理账号
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get node
部署网络 ( k8s-master01 上操作 )
mkdir -p /usr/local/install-k8s/{core,plugin}
mv kubeadm-config.yaml kubeadm-init.log /usr/local/install-k8s/core/
cd /usr/local/install-k8s/plugin
mkdir flannel && cd flannel/
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl create -f kube-flannel.yml
kubectl get pod -n kube-system
node 节点加入集群 ( 在 node 节点上操作 )
cat << EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1
systemctl enable kubelet.service
kubeadm join 192.168.31.205:6443 --token abcdef.0123456789abcdef
--discovery-token-ca-cert-hash sha256:86f649df69f361692a9ba4e3dde7746c61107a0eeadce61c0d485b911cf64fff
检查状态( k8s-master01 上操作 )
kubectl get node
kubectl get pod -n kube-system -o wide