K8S从入门到放弃系列-(1)环境初始化

一、系统规划

主机名	IP	组件
k8s-master01	10.10.0.18	etcd、kube-apiserver、kube-controller-manager、kube-scheduler
k8s-master02	10.10.0.19	etcd、kube-apiserver、kube-controller-manager、kube-scheduler
k8s-master03	10.10.0.20	etcd、kube-apiserver、kube-controller-manager、kube-scheduler
k8s-node01	10.10.0.21	kubelet、kube-proxy、docker、dns、calico
k8s-node02	10.10.0.22	kubelet、kube-proxy、docker、dns、calico

 

 

 

二、初始化系统基础环境

系统初始化时由于5台机器大部分操作都相同，我这里在配置过程中，在一台主机上进行配置文件创建，然后使用ansible进行分发，当然你也可以直接在对应主机上进行操作。

　1）设置主机名

在五台机器分别执行对应设置主机名的命令

[root@localhost ~]# hostnamectl set-hostname k8s-master01
[root@localhost ~]# hostnamectl set-hostname k8s-master02
[root@localhost ~]# hostnamectl set-hostname k8s-master03
[root@localhost ~]# hostnamectl set-hostname k8s-node01
[root@localhost ~]# hostnamectl set-hostname k8s-node02

　2）配置免密钥登陆

以k8s-master01为主机，对另外4台机器进行免密钥登陆　

[root@k8s-master01 ~]# ssh-keygen ##一路回车进行公钥私钥创建
[root@k8s-master01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.10.0.18
[root@k8s-master01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.10.0.19
[root@k8s-master01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.10.0.20
[root@k8s-master01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.10.0.21
[root@k8s-master01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.10.0.22

3、安装ansible(可以不安装，把生成文件或者命令在各节点执行即可)

这里只需在master01节点安装即可，后续一些操作均在此机器上执行，然后把生成的文件分发至对应节点

[root@k8s-master01 ~]# yum install -y epel-release
[root@k8s-master01 ~]#  yum install ansible -y
[root@k8s-master01 ~]# ansible --version
ansible 2.7.10
    ......
    ......

定义主机组

[root@k8s-master01 ~]# vim /etc/ansible/hosts 
[k8s-master] #master节点服务器组
10.10.0.18
10.10.0.19
10.10.0.20

[k8s-node]  #node节点服务器组
10.10.0.21
10.10.0.22

[k8s-all]  #k8s集群服务器组
10.10.0.18
10.10.0.19
10.10.0.20
10.10.0.21
10.10.0.22
[root@k8s-master01 ~]# ansible k8s-all -m ping  #测试ansible是否正常
10.10.0.20 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
10.10.0.19 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
10.10.0.22 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
10.10.0.21 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
10.10.0.18 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

4、关闭防火墙、selinux(5台机器都执行，我这里使用ansible)

##如果你不使用ansible，在各个机器执行一下命令
systemctl stop firewalld
systemctl disable firewalld
setenforce  0 
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux 
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

[root@k8s-master01 ~]# ansible k8s-all -m shell -a 'systemctl stop firewalld'
[root@k8s-master01 ~]# ansible k8s-all -m shell -a 'systemctl disable firewalld'
[root@k8s-master01 ~]# ansible k8s-all -m shell -a 'setenforce  0'
[root@k8s-master01 ~]# ansible k8s-all -m replace -a 'path=/etc/sysconfig/selinux regexp="SELINUX=enforcing" replace=SELINUX=disabled'
[root@k8s-master01 ~]# ansible k8s-all -m replace -a 'path=/etc/selinux/config regexp="SELINUX=enforcing" replace=SELINUX=disabled'

5、配置host主机域名解析

[root@k8s-master01 ~]# vim /etc/hosts
    10.10.0.18 k8s-master01
    10.10.0.19 k8s-master02
    10.10.0.20 k8s-master03
    10.10.0.21 k8s-node01
    10.10.0.22 k8s-node02
[root@k8s-master01 ~]# ansible k8s-all -m copy -a "src=/etc/hosts dest=/etc/hosts"  ##文件分发

6、设置内核

[root@k8s-master01 ~]# vim /etc/sysctl.d/k8s.conf
    net.ipv4.ip_forward = 1
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
[root@k8s-master01 ~]# ansible k8s-all -m copy -a "src=/etc/sysctl.d/k8s.conf dest=/etc/sysctl.d/k8s.conf"
[root@k8s-master01 ~]# ansible k8s-all -m shell -a 'modprobe br_netfilter'
[root@k8s-master01 ~]# ansible k8s-all -m shell -a 'sysctl -p /etc/sysctl.d/k8s.conf'

7、时间同步

[root@k8s-master01 ~]# ansible k8s-all -m yum -a "name=ntpdate state=latest" 
[root@k8s-master01 ~]# ansible k8s-all -m cron -a "name='k8s cluster crontab' minute=*/30 hour=* day=* month=* weekday=* job='ntpdate time7.aliyun.com >/dev/null 2>&1'"
[root@k8s-master01 ~]# ansible k8s-all -m shell -a "ntpdate time7.aliyun.com"

 8、创建集群目录

在集群组件部署之前，先进行对应的目录创建

## 所有节点所需目录
[root@k8s-master01 ~]# ansible k8s-all -m file -a 'path=/etc/kubernetes/ssl state=directory'
[root@k8s-master01 ~]# ansible k8s-all -m file -a 'path=/etc/kubernetes/config state=directory'
## k8s-master01节点所需目录
[root@k8s-master01 ~]# mkdir /opt/k8s/{certs,cfg,unit} -p