一、环境
关闭防火墙和selinux
禁用swap
服务器配置,至少2核2G
所有节点
#所有节点 echo net.bridge.bridge-nf-call-iptables = 1 >>/etc/sysctl.conf echo net.ipv4.ip_forward=1 >>/etc/sysctl.conf echo net.bridge.bridge-nf-call-iptables=1 >>/etc/sysctl.conf echo net.bridge.bridge-nf-call-ip6tables=1 >>/etc/sysctl.conf echo vm.swappiness=0 >>/etc/sysctl.conf sysctl -p
#有swap的话要关闭
#swapoff -a
#sed -i '/swap/s/^/#/' /etc/fstab
#关闭firewalld systemctl stop firewalld systemctl disable firewalld sed -i 's/=enforcing/=disabled/g' /etc/selinux/config #ipvs相关 cat > /etc/sysconfig/modules/ipvs.modules <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack_ipv4 EOF chmod 755 /etc/sysconfig/modules/ipvs.modules bash /etc/sysconfig/modules/ipvs.modules lsmod | grep -e ip_vs -e nf_conntrack_ipv4 #配置源 cd /etc/yum.repos.d/ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo cat>>/etc/yum.repos.d/kubrenetes.repo<<EOF [kubernetes] name=Kubernetes Repo baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg EOF #下载服务 #查看docker-ce版本 yum list docker-ce.x86_64 --showduplicates |sort -r #k8s1.14最高支持18.09版本的docker #yum install -y --setopt=obsoletes=0 docker-ce-18.09.6-3.el7 yum install kubelet kubeadm kubectl -y yum -y install ipvsadm ipset
master节点执行操作
#启动服务 systemctl restart docker systemctl enable docker systemctl enable kubelet && systemctl start kubelet #kubeadm初始化 kubeadm init --kubernetes-version=v1.18.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 #国内环境安装 # kubeadm init --kubernetes-version=v1.18.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --image-repository='registry.cn-hangzhou.aliyuncs.com/google_containers' #记录初始化后的kubeadm join 信息 mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config #安装flannel网络(也可以安装其他网络) #wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml #kubectl apply -f kube-flannel.yml #安装calico网络 wget https://docs.projectcalico.org/manifests/calico.yaml #更换网段 sed -i "s#192.168.0.0/16#10.244.0.0/16#g" calico.yaml #导入 kubectl apply -f calico.yaml
node节点操作
#启动服务 systemctl restart docker systemctl enable docker #执行master上显示的kubeadm join命令 (类似如下) kubeadm join 172.31.250.160:6443 --token fx3ua3.4cxlvfnbrhiwpnj8 --discovery-token-ca-cert-hash sha256:1ac1ece9c7b61fb88208680ba9e864d3a496a81be4bc2212833327b14d0991bf
在master端使用kubectl get node 查看即可
[root@k8s-m ~]# kubectl get node NAME STATUS ROLES AGE VERSION k8s-m Ready master 12m v1.18.0 node Ready <none> 9m22s v1.18.0
kube-proxy 开启 ipvs
改ConfigMap的kube-system/kube-proxy中的config.conf,mode: “ipvs”
[root@k8s-m ~]kubectl edit cm kube-proxy -n kube-system ...... ipvs: excludeCIDRs: null minSyncPeriod: 0s scheduler: "" strictARP: false syncPeriod: 0s tcpFinTimeout: 0s tcpTimeout: 0s udpTimeout: 0s kind: KubeProxyConfiguration metricsBindAddress: "" mode: "ipvs" #改成这样
删除原先的kube-proxy的pod
[root@k8s-m ~]# kubectl get pods -n kube-system|grep proxy kube-proxy-94cdw 1/1 Running 1 102m kube-proxy-sgdzw 1/1 Running 0 45m [root@k8s-m ~]# kubectl get pod -n kube-system | grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}' pod "kube-proxy-94cdw" deleted pod "kube-proxy-sgdzw" deleted [root@k8s-m ~]# kubectl get pods -n kube-system|grep proxy kube-proxy-pmntz 1/1 Running 0 56s kube-proxy-xbxxb 1/1 Running 0 58
使用ipvsadm测试,可以查看之前创建的Service已经使用LVS创建了集群
[root@k8s-m ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.96.0.1:443 rr -> 10.0.0.100:6443 Masq 1 0 0 TCP 10.96.0.10:53 rr -> 10.244.167.129:53 Masq 1 0 0 -> 10.244.167.130:53 Masq 1 0 0 TCP 10.96.0.10:9153 rr -> 10.244.167.129:9153 Masq 1 0 0 -> 10.244.167.130:9153 Masq 1 0 0 UDP 10.96.0.10:53 rr -> 10.244.167.129:53 Masq 1 0 0 -> 10.244.167.130:53 Masq 1 0 0