配置 系统mod
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system按照contrainer runtime
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine -y sudo yum install -y yum-utils sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo -y yum list docker-ce --showduplicates | sort -r sudo yum install docker-ce docker-ce-cli containerd.io -y sudo mkdir /etc/docker cat <<EOF | sudo tee /etc/docker/daemon.json { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2" } EOF
sudo systemctl enable docker
sudo systemctl daemon-reload
sudo systemctl restart docker安装kubeadm 工具
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOF # Set SELinux in permissive mode (effectively disabling it) sudo setenforce 0 sudo sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes sudo systemctl enable --now kubelet
配置高可用nginx slb
yum install epel-release -y
yum install nginx-mod-stream nginx -y ############ # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 102400; } stream { upstream k8s { server 10.160.1.12:6443; server 10.160.1.13:6443; } server { listen 250; proxy_connect_timeout 1s; proxy_pass k8s; } }
初始化节点
kubeadm init --control-plane-endpoint "10.160.1.12:250" --upload-certs --pod-network-cidr 172.18.64.0/18 --service-cidr 172.18.0.0/18
############# 返回结果
You can now join any number of the control-plane node running the following command on each as root:
kubeadm join 10.160.1.12:250 --token 7diqj2.31xtw1ckzor14kqe
--discovery-token-ca-cert-hash sha256:460d4aad638a8d04509c362374def36c0484c34ae7352fd22102b105fd4cbd3a
--control-plane --certificate-key a701b6f4bd6cda8e5d339f16ac05d55b673840b85bff55101cc28d709e95d514
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.160.1.12:250 --token 7diqj2.31xtw1ckzor14kqe
--discovery-token-ca-cert-hash sha256:460d4aad638a8d04509c362374def36c0484c34ae7352fd22102b105fd4cbd3a
配置config
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
安装cilium
curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz{,.sha256sum} sha256sum --check cilium-linux-amd64.tar.gz.sha256sum sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin rm cilium-linux-amd64.tar.gz{,.sha256sum} cilium install cilium status 让cilium 从node object 中读取 cidr cilium config set ipam kubernetes cilium config set k8s-require-ipv4-pod-cidr true