# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux
# 永久
sed -i 's/enforcing/disabled/' /etc/selinux/config
# 临时
setenforce 0
# 关闭swap
# 临时
swapoff -a
# 永久
sed -ri 's/.*swap.*/#&/' /etc/fstab
# 根据规划设置主机名
hostnamectl set-hostname master
hostnamectl set-hostname work1
hostnamectl set-hostname work2
#添加hosts
cat >/etc/hosts<<EOF
10.0.0.6 master
10.0.0.7 work1
10.0.0.8 work2
EOF
# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# 生效
sysctl --system
# 时间同步
yum install ntpdate -y
ntpdate time.windows.com
#安装docker-ce
#下载安装docker
wget https://download.docker.com/linux/static/stable/x86_64/docker-19.03.6.tgz
tar -zvxf docker-19.03.6.tgz
cp docker/* /usr/bin/
rm -rf docker*
#配置成systemclt方式管理
cat >/etc/systemd/system/docker.service<<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
EOF
#配置镜像加速器
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF
#设置权限
chmod +x /etc/systemd/system/docker.service
systemctl daemon-reload
systemctl enable docker
systemctl start docker
systemctl restart docker
docker info
#添加阿里云YUM软件源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#安装kubeadm,kubelet和kubectl
yum install -y kubelet-1.20.0 kubeadm-1.20.0 kubectl-1.20.0
systemctl enable kubelet
#初始化master
kubeadm init
--apiserver-advertise-address=10.0.0.6
--image-repository registry.aliyuncs.com/google_containers
--kubernetes-version v1.20.0
--service-cidr=10.96.0.0/12
--pod-network-cidr=10.244.0.0/16
--ignore-preflight-errors=all
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get nodes
#work节点join集群
kubeadm join 10.0.0.6:6443 --token e41ctj.g52jlzyx8o62bvoo
--discovery-token-ca-cert-hash sha256:84198a854b62d583cdd9a17bd16652a201cf22356865fffa47b45eb35fee3985
#部署calico网络
wget https://www-1259165587.cos.ap-nanjing.myqcloud.com/K8S/calico.yaml
kubectl apply -f calico.yaml
kubectl get pods -n kube-system
#master节点scp文件到work节点
scp /etc/kubernetes/admin.conf work1:/etc/kubernetes/
scp /etc/kubernetes/admin.conf work2:/etc/kubernetes/
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source ~/.bash_profile
#work节点测试
kubectl get pods --all-namespaces
#等Calico Pod都Running,节点也会准备就绪
#删除yml文件创建的pod:kubectl delete -f calico.yaml
vim /etc/kubernetes/manifests/kube-controller-manager.yaml
vim /etc/kubernetes/manifests/kube-scheduler.yaml
#分别注释- --port=0参数
systemctl restart kubelet
kubectl get cs
#创建一个pod验证集群情况
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc
#创建UI面板界面
wget https://www-1259165587.cos.ap-nanjing.myqcloud.com/K8S/kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard.yaml
kubectl get pods -n kubernetes-dashboard
# 创建用户
kubectl create serviceaccount dashboard-admin -n kube-system
# 用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
# 获取用户Token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
#出了问题看这个
# 查看日志
kubectl logs <pod名称> -n kube-system
# 查看事件
kubectl describe pod <pod名称> -n kube-system
#更换容器引擎为containerd
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager
--add-repo
https://download.docker.com/linux/centos/docker-ce.repo
yum install -y containerd.io
mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
systemctl restart containerd
#修改配置
vi /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.2" 57行
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true 97行
...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://b9pmyelo.mirror.aliyuncs.com"] 106行
systemctl restart containerd
#配置kubelet使用containerd
vi /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=unix:///run/containerd/containerd.sock --cgroup-driver=systemd
systemctl restart kubelet
#验证
kubectl get node -o wide
k8s-node1 xxx containerd://1.4.4
#crictl工具检查和调试容器
cat >/etc/crictl.yaml<<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF