軟件環境清單
kubeadm.x86_64 Version :1.13.1-0
kubelet.x86_64 Version : 1.13-1-0
kubectl.x86_64 Version : 1.13-1-0
kubernetes-cni.x86_64 Version : 0.6.0-0
docker Version 18.06.1-ce
一、更改系統部署參數
# 關閉 firewalld 防火牆
systemctl stop firewalld systemctl disable firewalld
# 關閉交換分區 swapoff -a sed 's/.*swap.*/#&/' /etc/fstab
# 禁用selinux setenforce 0 sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config
# 內核優化包括支持ipvs CNI cat <<EOF > /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 fs.may_detach_mounts = 1 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 fs.file-max=52706963 fs.nr_open=52706963 net.netfilter.nf_conntrack_max=2310720 EOF sysctl -p /etc/sysctl.conf
# 添加master節點,如果是集群需要填寫多個,否則會出現找到主機 sed -i '$a\192.168.100.40 k8s-host1' /etc/hosts
# 安裝ipvs 服務 yum install ipvsadm ipset sysstat conntrack libseccomp wget -y
# 加載ipvs模塊 :> /etc/modules-load.d/ipvs.conf module=( ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp ) for kernel_module in ${module[@]};do /sbin/modinfo -F filename $kernel_module |& grep -qv ERROR && echo $kernel_module >> /etc/modules-load.d/ipvs.conf || : done
# 啟動並開啟即啟動 systemctl enable --now systemd-modules-load.service
# 修改默認的yum源並新增k8s源 mkdir -p /etc/yum.repos.d/bak mv /etc/yum.repos.d/CentOS* /etc/yum.repos.d/bak wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/epel-7.repo cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # 修改系統默認文件打開數 echo "* soft nofile 65536" >> /etc/security/limits.conf echo "* hard nofile 65536" >> /etc/security/limits.conf echo "* soft nproc 65536" >> /etc/security/limits.conf echo "* hard nproc 65536" >> /etc/security/limits.conf echo "* soft memlock unlimited" >> /etc/security/limits.conf echo "* hard memlock unlimited" >> /etc/security/limits.conf
# 安裝k8s yum install -y kubelet-1.13* kubernetes-cni-0.6.0-0.x86_64 kubeadm-1.13* kubectl-1.13* --disableexcludes=kubernetes
# 安裝同步時間工具,確保所有node時間一致(非常重要,后面會用到) yum install chrony -y
# 安裝docker,docker版本選擇k8s官方推薦的版本
yum install docker-ce-18.06*
# docker 自動補全
yum install -y epel-release bash-completion && cp /usr/share/bash-completion/completions/docker /etc/bash_completion.d/ systemctl enable --now docker systemctl enable chronyd.service systemctl start chronyd.service
# 添加pause鏡像下載地址,如果翻牆可以忽略 sed -i '9a\Environment="KUBELET_EXTRA_ARGS=--pod-infra-container-image=registry.aliyuncs.com/google_containers/pause-amd64:3.1"' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
sed -i 's/ExecStart=\/usr\/bin\/kubelet/ExecStart=\/usr\/bin\/kubelet \$KUBELET_EXTRA_ARGS /g' 10-kubeadm.conf
# 重啟服務
systemctl enable --now docker
systemctl enable --now kubelet systemctl restart docker systemctl restart kubelet
# 重啟機器
reboot
二、配置 master config文件
init 地址:https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/
1.13主要是優化了kubeadm這一塊,把配置分成了很多個接口,目前只有InitConfiguration和ClusterConfiguration是beta,其余都是v1alpha1,能不用就別用,官方也已注明
# 1.12版本 通過kubeadm config print-defaults 會將默認的所有配置打印到終端
# 1.13版本 kubeadm config print init-defaults 也會打印,但沒有上面那個圈,部分被隱藏了
#如果你配置了VIP地址請將40改為VIP
vim kubeadm-config-init.yaml
apiVersion: kubeadm.k8s.io/v1beta1
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 0s
usages:
- signing
- authentication
kind: InitConfiguration
---
# master 集群 地址池+VIP地址
apiServer:
certSANs:
- 192.168.100.40
- master1 IP
- master2 IP
- master3 IP
- master1 host name
- master2 host name
- master3 host name
- VIP
extraArgs:
authorization-mode: Node,RBAC
advertise-address: 0.0.0.0
controlPlaneEndpoint: "192.168.100.40:6443"
controllerManager:
extraArgs:
address: 0.0.0.0
scheduler:
extraArgs:
address: 0.0.0.0
apiVersion: kubeadm.k8s.io/v1beta1
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
dns:
type: CoreDNS
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.13.1
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"
三、部署服務
kubeadm init --config kubeadm-config-init.yaml
等待即可,所有鏡像均來自阿里雲鏡像倉庫
最后一步,安裝網絡組建,這里我是使用的flannel,以前的版本鏡像因為要翻牆無法下載,現在官方已作了修改,所以可以直接使用
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml
# 更多網絡組建可以在這里查看
https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/
如果機器多且網絡資源較多的可以考慮安裝calico
kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
wget https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
vim calico.yaml
將192.168.0.0/16改為10.244.0.0/16
最后,耐心等待一會
上面已部署完單機master節點
現在我們想讓k8s實現高可用並且其余etcd,controller-manager,scheduler各自通過選舉進行調度,我們可以這樣:
這條命令如果有使用的應當清楚是讓新的機器加入到k8s當中並充當worker nodes,只需要在后面跟上--experimental-control-plane 就能讓該節點部署master上的所有組件包括etcd,如果在第一次配置中指定etcd配置(外部部署etcd),那么會直接跳過
如果你忘記了上述命令,可以通過 kubeadm token create --print-join-command 來獲取,所以
1. 新機器加入到master充當worker nodes
kubeadm join 192.168.100.40:6443 --token acgtq8.i1vsmfnrztf1u98v --discovery-token-ca-cert-hash sha256:091a1019349db37bc05bbb3aa4ceabc0334413b8385618e4be1d0539ec1d9425
2. 新機器加入到master充當 master nodes,
# 192.168.100.102 是我另一個master節點
可以提前做好免秘鑰認證
cd /etc/kubernetes/pki/
scp ca.crt ca.key sa.key sa.pub front-proxy-ca.crt front-proxy-ca.key root@192.168.100.102:/etc/kubernetes/pki/
cd /etc/kubernetes/pki/etcd
scp ca.crt ca.key root@192.168.100.102:/etc/kubernetes/pki/etcd/
cd /etc/kubernetes/
scp admin.conf root@192.168.100.102:/etc/kubernetes/
scp admin.conf root@192.168.100.102:~/.kube/config
kubeadm join 192.168.100.40:6443 --token acgtq8.i1vsmfnrztf1u98v --discovery-token-ca-cert-hash sha256:091a1019349db37bc05bbb3aa4ceabc0334413b8385618e4be1d0539ec1d9425 --experimental-control-plane
## PS:
192.168.100.40 是因為我沒有去安裝VIP,所以直接以我主機的IP來顯示了,如果你要搭建完整的高可用,請務必將該地址替換成VIP地址,包括上面的所有配置文件