系統(tǒng)準(zhǔn)備
環(huán)境準(zhǔn)備
部署集群沒有特殊說明均使用root用戶執(zhí)行命令
硬件信息
k8s-master 內(nèi)存16GB 硬盤20GB k8s 控制節(jié)點(diǎn) + Node節(jié)點(diǎn)
軟件信息
CentOS Linux release 7.6.1810 (Core)
Kubernetesv1.19.0
Docker 19.03.12
修改主機(jī)名
hostnamectl set-hostname k8s-master
關(guān)閉防火墻 (僅用于測試贤牛,生產(chǎn)請不要使用)
systemctl disable --now firewalld
禁用swap
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
關(guān)閉 SELinux
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
設(shè)置系統(tǒng)時(shí)區(qū)邪蛔、同步時(shí)間
timedatectl set-timezone Asia/Shanghai
systemctl enable --now chronyd
# 將當(dāng)前的 UTC 時(shí)間寫入硬件時(shí)鐘
timedatectl set-local-rtc 0
# 重啟依賴于系統(tǒng)時(shí)間的服務(wù)
systemctl restart rsyslog && systemctl restart crond
部署docker
添加docker yum源
# 安裝必要依賴
yum install -y yum-utils device-mapper-persistent-data lvm2
# 添加aliyun docker-ce yum源
yum -y install yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 重建yum緩存
yum makecache fast
安裝指定版本docker
yum install -y docker-ce-19.03.12-3.el7
確保網(wǎng)絡(luò)模塊開機(jī)自動(dòng)加載
lsmod | grep overlay
lsmod | grep br_netfilter
若上面命令無返回值輸出或提示文件不存在蜂大,需執(zhí)行以下命令:
cat > /etc/modules-load.d/docker.conf <<EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
使橋接流量對iptables可見
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
驗(yàn)證是否生效,均返回 1 即正確
sysctl -n net.bridge.bridge-nf-call-iptables
sysctl -n net.bridge.bridge-nf-call-ip6tables
配置docker
mkdir /etc/docker
#修改cgroup驅(qū)動(dòng)為systemd[k8s官方推薦]疏橄、限制容器日志量占拍、修改存儲(chǔ)類型,最后的docker家目錄可修改
cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"registry-mirrors": ["https://7uuu3esz.mirror.aliyuncs.com"],
"data-root": "/data/docker"
}
EOF
#添加開機(jī)自啟捎迫,立即啟動(dòng)
systemctl enable --now docker
systemctl daemon-reload
systemctl restart docker
部署kubernetes
添加kubernetes源
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#重建yum緩存晃酒,輸入y添加證書認(rèn)證
yum makecache fast
查看安裝版本
yum list |grep kubelet
yum list |grep kubeadm
yum list |grep kubectl
安裝kubeadm、kubelet窄绒、kubectl
yum install -y kubelet-1.19.0-0 --disableexcludes=kubernetes
yum install -y kubeadm-1.19.0-0 --disableexcludes=kubernetes
yum install -y kubectl-1.19.0-0 --disableexcludes=kubernetes
systemctl enable --now kubelet
配置自動(dòng)補(bǔ)全命令
#安裝bash自動(dòng)補(bǔ)全插件
yum install bash-completion -y
#設(shè)置kubectl與kubeadm命令補(bǔ)全贝次,下次login生效
kubectl completion bash >/etc/bash_completion.d/kubectl
kubeadm completion bash > /etc/bash_completion.d/kubeadm
預(yù)拉取kubernetes鏡像
kubeadm config images list --kubernetes-version v1.19.0
新建腳本get-k8s-images.sh,內(nèi)容如下:
#!/bin/bash
# Script For Quick Pull K8S Docker Images
# by qiraosky <qiraosky@qq.com>
KUBE_VERSION=v1.19.0
PAUSE_VERSION=3.2
CORE_DNS_VERSION=1.7.0
ETCD_VERSION=3.4.9-1
# pull kubernetes images from hub.docker.com
docker pull kubesphere/kube-proxy-amd64:$KUBE_VERSION
docker pull kubesphere/kube-controller-manager-amd64:$KUBE_VERSION
docker pull kubesphere/kube-apiserver-amd64:$KUBE_VERSION
docker pull kubesphere/kube-scheduler-amd64:$KUBE_VERSION
# pull aliyuncs mirror docker images
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$CORE_DNS_VERSION
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:$ETCD_VERSION
docker pull quay.io/coreos/flannel:v0.12.0-arm64
docker pull quay.io/coreos/flannel:v0.12.0-amd64
# retag to k8s.gcr.io prefix
docker tag kubesphere/kube-proxy-amd64:$KUBE_VERSION k8s.gcr.io/kube-proxy:$KUBE_VERSION
docker tag kubesphere/kube-controller-manager-amd64:$KUBE_VERSION k8s.gcr.io/kube-controller-manager:$KUBE_VERSION
docker tag kubesphere/kube-apiserver-amd64:$KUBE_VERSION k8s.gcr.io/kube-apiserver:$KUBE_VERSION
docker tag kubesphere/kube-scheduler-amd64:$KUBE_VERSION k8s.gcr.io/kube-scheduler:$KUBE_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION k8s.gcr.io/pause:$PAUSE_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$CORE_DNS_VERSION k8s.gcr.io/coredns:$CORE_DNS_VERSION
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:$ETCD_VERSION k8s.gcr.io/etcd:$ETCD_VERSION
# untag origin tag, the images won't be delete.
docker rmi kubesphere/kube-proxy-amd64:$KUBE_VERSION
docker rmi kubesphere/kube-controller-manager-amd64:$KUBE_VERSION
docker rmi kubesphere/kube-apiserver-amd64:$KUBE_VERSION
docker rmi kubesphere/kube-scheduler-amd64:$KUBE_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/pause:$PAUSE_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:$CORE_DNS_VERSION
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:$ETCD_VERSION
腳本添加可執(zhí)行權(quán)限彰导,執(zhí)行腳本拉取鏡像:
chmod +x get-k8s-images.sh
./get-k8s-images.sh
初始化kube-master
修改kubelet配置默認(rèn)cgroup driver
mkdir -p /var/lib/kubelet/
cat > /var/lib/kubelet/config.yaml <<EOF
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
EOF
systemctl restart kubelet
測試環(huán)境是否正常(WARNING是正常的)
kubeadm init phase preflight
初始化master 10.244.0.0/16是flannel固定使用的IP段蛔翅,設(shè)置取決于網(wǎng)絡(luò)組件要求
kubeadm init --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.19.0
配置master認(rèn)證
echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> /etc/profile
source /etc/profile
安裝網(wǎng)絡(luò)組件flannel
# 注意這里下載kubectl apply -f kube-flannel.yaml需要科學(xué)上網(wǎng)
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yaml
查看kube-master節(jié)點(diǎn)狀態(tài)
kubectl get nodes
如果長時(shí)間達(dá)不到 ready 可以查看所有pod 狀態(tài)
kubectl get pods --all-namespaces
如果有pod有異常,可以查看描述以解決異常
kubectl -n kube-system describe pod-id
Kubernetes 將Pod調(diào)度到Master節(jié)點(diǎn)(單機(jī)運(yùn)行K8S)去除 master 的污點(diǎn)
出于安全考慮位谋,默認(rèn)配置下Kubernetes不會(huì)將Pod調(diào)度到Master節(jié)點(diǎn)山析。如果希望將k8s-master也當(dāng)作Node使用,可以執(zhí)行如下命令:
kubectl taint node k8s-master node-role.kubernetes.io/master-
其中k8s-master是主機(jī)節(jié)點(diǎn)hostname如果要恢復(fù)Master Only狀態(tài)掏父,執(zhí)行如下命令:
kubectl taint node k8s-master node-role.kubernetes.io/master=""