使用Kubeadm 部署 K8S 1.17.1

時間 2020-01-27

標籤使用 kubeadm 部署 k8s 1.17.1 简体版

原文原文鏈接

設置系統主機名以及hosts文件

hostnamectl set-hostname master  
hostnamectl set-hostname node01  
hostnamectl set-hostname node02

修改hosts文件，master和node節點上都須要改

[root@master k8s]# cat /etc/hosts  
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4  
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6  
192.168.150.128 master  
192.168.150.129 node1  
192.168.150.130 node2

安裝依賴包

yum -y install conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git

設置防火牆爲Iptables並清空規則

systemctl stop firewalld && systemctl disable firewalld && yum -y install iptables-services && \\  
systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save

關閉SELINUX、SWAP

swapoff -a && sed  -i '/swap/d' /etc/fstab && setenforce 0 && sed -i 's/enforcing/SELINUX=disabled/g' /etc/selinux/config

cat > /etc/sysctl.d/kubernetes.conf << EOF  
net.bridge.bridge-nf-call-ip6tables = 1  
net.bridge.bridge-nf-call-iptables = 1  
net.ipv4.ip_forward = 1  
net.ipv4.tcp_tw_recycle=0

調整內核參數，對於K8S

#禁止使用swap空間，只有當系統OOM時才容許使用它  
vm.swappiness = 0  
#不檢查物理內存是否夠用  
vm.overcommit_memory=1   
fs.inotify.max_user_instances=8192  
fs.inotify.max_user_watches=1048576  
fs.file-max=52706963  
fs.nr_open=52706963  
net.ipv6.conf.all.disable_ipv6=1  
net.netfilter.nf_conntrack_max=2310720 #4.0內核能夠設置這個參數  
EOF  
  
sysctl -p /etc/sysctl.d/kubernetes.conf

設置系統時區爲上海

timedatectl set-timezone Asia/Shanghai  
#將當前的UTC時間寫入硬件時鐘  
timedatectl set-local-rtc 0

重啓依賴於系統時間的服務

systemctl restart rsyslog  
systemctl restart crond

關閉不須要的服務

systemctl stop postfix && systemctl disable postfix

設置rsyslogd和systemd journald

mkdir /var/log/journal  
mkdir /etc/systemd/jorunald.conf.d  
cat > /etc/systemd/jorunald.conf.d/99-prophet.conf << EOF  
[Journal]  
Storage=persistent  
Compress=yes  
SyncIntervalSec=5m  
RateLimitInterval=30s  
RateLimitBurst=1000  
#最大佔用空間  
SystemMaxUse=10G  
#單日誌文件最大大小 
SystemMaxFileSize=200M  
#日誌保存時間2周  
MaxRetentionSec=2week  
#不將日誌轉發到syslog  
ForwardToSyslog=no  
EOF  
systemctl restart systemd-journald

升級系統內核爲4.44版本

#CentOS7.x系統自帶的3.10.x內核存在一些Bug，致使運行的Docker、Kubernetes不穩定
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm   
# 安裝完成後檢查/boot/grub2/grub.cfg 中對應內核menuentry中是否包含initrd16配置，若是沒有，再安裝一次  
  
yum --enablerepo=elrepo-kernel install -y kernel-lt  
  
# 設置開機重新內核啓動  
grub2-set-default "CentOS Linux (4.4.182-1.el7.elrepo.x86\_64) 7 (Core)"

kube-rpoxy開啓ipvs的前置條件

modprobe br_netfilter  
  
cat > /etc/sysconfig/modules/ipvs.modules << EOF  
#!/bin/bash  
modprobe -- ip_vs  
modprobe -- ip_vs_rr  
modprobe -- ip_vs_wrr  
modprobe -- ip_vs_sh  
modprobe -- nf_conntrack_ipv4  
EOF  
  
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules  && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

安裝Docker

yum -y install yum-utils device-mapper-persistent-data lvm2   
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo  
  
yum -y update && yum -y install docker-ce   
## 建立docker配置目錄  
mkdir /etc/docker  
  
#配置daemon  
cat > /etc/docker/daemon.json << EOF  
{  
 "exec-opts": ["native.cgroupdriver=systemd"],  
 "log-driver": "json-file",  
 "log-opts": {  
 "max-size": "100m"  
 },  
 "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]  
}  
EOF  
  
  
mkdir -p /etc/systemd/system/docker.service.d  
  
# 啓動docker  
systemctl daemon-reload && systemctl start docker && systemctl enable docker

安裝kubeadm（每一個節點都須要安裝）

# 導入阿里雲kubeadm鏡像倉庫  
cat > /etc/yum.repos.d/kubernetes.repo << EOF  
[kubernetes]  
name=Kubernetes  
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/  
enabled=1  
gpgcheck=1  
repo_gpgcheck=1  
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg  
EOF  
  
# 安裝  
yum -y install kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1  
  
# 設置開機自啓動  
systemctl enable kubelet.service

鏡像下載

由於在國內訪問不了google的docker倉庫，可是咱們能夠在阿里雲上找到須要的鏡像，下載下來，而後從新打上標籤便可，可使用下面的腳本下載所需鏡像node

鏡像下載地址 https://cr.console.aliyun.com/images/cn-hangzhou/google_containers/kube-apiserver-amd64/detaillinux

下面是鏡像下載腳本：git

#!/bin/bash    
image_aliyun=(kube-apiserver-amd64:v1.17.1 kube-controller-manager-amd64:v1.17.1 kube-scheduler-amd64:v1.17.1 kube-proxy-amd64:v1.17.1 pause-amd64:3.1 etcd-amd64:3.4.3-0 coredns:1.6.5)  
  
for image in ${image_aliyun[@]}  
  
do  
 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$image  
 docker tag  registry.cn-hangzhou.aliyuncs.com/google_containers/$image k8s.gcr.io/${image/-amd64/}  
 docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$image  
done

初始化主節點

生成默認配置yaml配置文件，生成以後須要修改一些配置  
kubeadm config print init-defaults > kubeadm-config.yaml  
  
  
# 修改advertiseAddress爲master節點IP  
# 修改kubernetesVersion: v1.17.1  
# 在serviceSubnet: 10.96.0.0/12上面添加一行 podSubnet: "10.244.0.0/16" 緣由是flanne默認網段就是這個網段  
  
# 在配置文件最後添加下面的字段,將默認的調度方式改成ipvs  
---  
apiVersion: kubeproxy.config.k8s.io/v1alpha1  
kind: KubeProxyConfiguration  
featureGates:  
 SupportIPVSProxyMode: true  
mode: ipvs  
  
# 安裝以及自動頒發證書  
kubeadm init --config=kubeadm-config.yaml  | tee kubeadm-init.log

成功安裝以後的部分提示信息

# cat kubeadm-init.log   
...  
[addons] Applied essential addon: kube-proxy  
  
Your Kubernetes control-plane has initialized successfully!  
  
To start using your cluster, you need to run the following as a regular user:  
  
 mkdir -p $HOME/.kube  
 sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config  
 sudo chown $(id -u):$(id -g) $HOME/.kube/config  
  
You should now deploy a pod network to the cluster.  
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:  
 https://kubernetes.io/docs/concepts/cluster-administration/addons/  
  
Then you can join any number of worker nodes by running the following on each as root:  
  
kubeadm join 192.168.175.133:6443 --token 6bu2e9.heokh2kwn5h2eph1 --discovery-token-ca-cert-hash sha256:5382721c5a684d10d2d43a6a825af039c044c4dda46c4d49dd64d2f41ffa6c97   
...

成功安裝以後的操做

mkdir -p $HOME/.kube # 該目錄用於保存kubectl 和kubeapi的鏈接緩存以及認證文件  
 sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config  
 sudo chown $(id -u):$(id -g) $HOME/.kube/config

部署網絡

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

查看集羣節點狀態

kubectl get nodes 
kubectl get cs
kubectl get pod -n kube-system

保存重要文件

mkdir k8sInstall
mv kubeadm-config.yaml  kubeadm-init.log  k8sInstall

node節點加入集羣方法

kubeadm join MasterIP:6443 --token wyy67p.9wmda1iw4o8ds0c5 --discovery-token-ca-cert-hash sha256:3de3e4401de1cdf3b4c778ad1ac3920d9f7b15ca34b4c5ebe44d92e60d1290e0 #token和cert hash須要修改成你的配置，能夠在kubeadm-init.log 中找到