PS:內容選取自網絡,僅用於學習記錄
集群節點說明
10.0.0.10 mke.kuber.com
10.0.0.11 master.kuber.com
10.0.0.12 node12.kuber.com
10.0.0.13 node13.kuber.com
安裝前的操作調整
基礎操作
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 關閉selinux
systemctl stop firewalld.service && systemctl disable firewalld.service # 關閉防火牆
echo 'LANG="en_US.UTF-8"' >> /etc/profile;source /etc/profile #修改系統語言
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime # 修改時區(如果需要修改)
# 添加hosts文件
# 性能調優
cat >> /etc/sysctl.conf<<EOF
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
EOF
sysctl -p
配置yum 國內源
# 備份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
# 下載國內源到/etc/yum.repo.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo <http://mirrors.aliyun.com/repo/Centos-7.repo>
配置相關轉發
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
EOF
sysctl --system
配置kubernetes源(所有機器上操作)
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg <https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg>
EOF
配置docker源,安裝docker(所有機器上操作)
yum -y install yum-utils
yum-config-manager --add-repo <http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo>
yum install -y device-mapper-persistent-data lvm2
sudo yum makecache fast
yum -y remove container-selinux.noarch
yum install <https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm> -y
yum install docker-ce-17.03.0.ce -y (安裝17.03,要不然會出現問題)
systemctl start docker && systemctl enable docker
創建docker用戶(所有節點上) 這一步特別重要,我們后面起的服務全部都要在docker這個用戶下啟動
[root@RKE ~]# grep ^docker /etc/group 如果有docker組就不需要創建
docker:x:994:
useradd -g docker docker
echo "1" | passwd --stdin docker
在RKE上分發秘鑰
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub docker@10.0.0.10
ssh-copy-id -i ~/.ssh/id_rsa.pub docker@10.0.0.11
ssh-copy-id -i ~/.ssh/id_rsa.pub docker@10.0.0.12
ssh-copy-id -i ~/.ssh/id_rsa.pub docker@10.0.0.13
安裝nginx,為了我們能在外面訪問(多master負載使用,在MKE安裝)
nginx的配置如下:
[docker@MKE ~]$ cat /etc/nginx/nginx.conf
worker_processes auto;
pid /run/nginx.pid;
events {
use epoll;
worker_connections 65536;
accept_mutex off;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$upstream_addr" "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$request_time"';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 900;
# keepalive_timeout 0;
keepalive_requests 100;
types_hash_max_size 2048;
server {
listen 80;
return 301 https://$host$request_uri;
}
}
stream {
upstream rancher_servers {
least_conn;
server 10.0.0.11:443 max_fails=3 fail_timeout=5s;
}
server {
listen 443;
proxy_pass rancher_servers;
}
}
啟用docker nginx服務
docker run -d --restart=unless-stopped \\
-p 80:80 -p 443:443 \\
-v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf \\
nginx:1.14
RKE 安裝kubernetes(在MKE機器上操作)
下載RKE wget https://github.com/rancher/rke/releases/download/v0.1.11/rke_linux-amd64 (不建議在不能×××的機器上安裝,我們可以下載下來傳上去)
rancher-cluster.yml
nodes:
- address: 10.0.0.11
user: docker
ssh_key_path: ~/.ssh/id_rsa
role: [controlplane, worker, etcd]
- address: 10.0.0.12
user: docker
ssh_key_path: ~/.ssh/id_rsa
role: [worker, etcd]
- address: 10.0.0.13
user: docker
ssh_key_path: ~/.ssh/id_rsa
role: [worker, etcd]
services:
etcd:
snapshot: true
creation: 6h
retention: 24
# 當使用外部 TLS 終止,並且使用 ingress-nginx v0.22或以上版本時,必須。
ingress:
provider: nginx
options:
use-forwarded-headers: "true"
安裝kubectl 檢查集群
yum -y install kuberctl