版本信息node
linux Centos7 kubernetes v1.14.5 docker v18.06.1-ce
節點信息linux
VIP:47.110.19.11 阿里雲負載均衡
安裝前準備git
開始部署前確保全部節點網絡正常,能訪問公網。主要操做都在VPC-OPEN-MASTER001節點進行,設置VPC-OPEN-MASTER001能夠免密碼登錄其餘節點。全部操做都使用root用戶身份進行。
服務器說明github
咱們這裏使用的是五臺centos-7.6的虛擬機,具體信息以下表: 系統類型 IP地址 節點角色 CPU Memory Hostname centos-7.6 192.168.3.42 master >=2 >=4G master01 centos-7.6 192.168.3.43 master >=2 >=4G master02 centos-7.6 192.168.3.44 master >=2 >=4G master03 centos-7.6 192.168.3.45 worker >=2 >=4G node01 centos-7.6 192.168.3.46 worker >=2 >=4G node02
1、環境準備docker
一、設置主機名json
# 查看主機名 $ hostname # 修改主機名 $ hostnamectl set-hostname huoban-k8s-master01 # 配置host,使全部節點之間能夠經過hostname互相訪問
>二、配置hosts解析
192.168.3.42 huoban-k8s-master01 master01
192.168.3.43 huoban-k8s-master02 master02
192.168.3.44 huoban-k8s-master03 master03
192.168.3.45 huoban-k8s-node01 node01
192.168.3.46 huoban-k8s-node02 node02bootstrap
>三、安裝依賴包
$ yum updatevim
$ yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccompcentos
>四、關閉防火牆、swap,重置iptables
$ systemctl stop firewalld && systemctl disable firewalldapi
$ iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
$ swapoff -a
$ sed -i '/swap/s/^(.*)$/#\1/g' /etc/fstab
$ setenforce 0
$ service dnsmasq stop && systemctl disable dnsmasq
>五、系統參數設置
$ cat > /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
EOF
$ sysctl -p /etc/sysctl.d/kubernetes.conf
2、安裝docker
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
查看能夠安裝的版本
yum list docker-ce --showduplicates|sort -r
yum install -y docker-ce-18.06.1.ce-3
cat > /etc/docker/daemon.json <<EOF
{
"graph": "/docker/data/path",
"exec-opts": ["native.cgroupdriver=cgroupfs"],
"registry-mirrors":["https://k9e55i4n.mirror.aliyuncs.com"]
}
EOF
systemctl start docker && systemctl enable docker
3、安裝 kubeadm, kubelet 和 kubectl >一、配置yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
>二、安裝kubelet,kubeadm,kubectl
yum list kubeadm --showduplicates | sort -r
#安裝指定版本
yum install -y kubelet-1.14.5 kubeadm-1.14.5 kubectl-1.14.5
>三、查看安裝狀況
systemctl cat kubelet
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=http://kubernetes.io/docs/
[Service]
ExecStart=/usr/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
4、配置系統相關參數
#如下操做在全部節點操做
#!/bin/bash
iptables -P FORWARD ACCEPT
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4
lsmod | grep ip_vs
5、配置阿里雲負載均衡及修改證書
#下載源碼包
cd /usr/local/src/
git clone https://github.com/kubernetes/kubernetes.git
git checkout -b kubernetes-1.14.5 origin/release-1.14
#docker拉取修改鏡像,對應的版本有1.11.五、1.12.三、1.13.0、1.13.二、1.13.4
docker pull icyboy/k8s_build:v1.14.1
#k8s-1.14以上修改有效期的兩個文件,找到NotAfter字段並修改日期有效期
/usr/local/src/kubernetes/staging/src/k8s.io/client-go/util/cert/cert.go
NotAfter: now.Add(duration365d 100).UTC(),
/usr/local/src/kubernetes/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
NotAfter: time.Now().Add(duration365d 100).UTC(), #改爲100年
#執行編譯
docker run --rm -v /usr/local/src/kubernetes:/go/src/k8s.io/kubernetes -it icyboy/k8s_build:v1.14.1 bash
make all WHAT=cmd/kubeadm GOFLAGS=-v
make all WHAT=cmd/kubelet GOFLAGS=-v
make all WHAT=cmd/kubectl GOFLAGS=-v
#編譯完產物在 /usr/local/src/kubernetes/_output/local/bin/linux/amd64 目錄下
#將kubeadm 文件拷貝出來,替換系統中的kubeadm
#用新的kubeadm 替換官方的kubeadm
chmod +x kubeadm && \cp -f kubeadm /usr/bin
6、部署第一個主節點 >一、配置kubelet
systemctl daemon-reload
systemctl enable kubelet
>二、根據配置文件初始化集羣
LOAD_BALANCER_DNS="47.110.19.11"
LOAD_BALANCER_PORT="6443"
cat > kubeadm-master.config <<EOF
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: v1.14.5
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
apiServer:
certSANs:
networking:
podSubnet: 10.244.0.0/16
EOF
#初始化k8s集羣
kubeadm init --config=kubeadm-master.config
>三、驗證證書有效時間
notBefore=Aug 20 07:43:46 2019 GMT
notAfter=Jul 27 07:43:46 2119 GMT
notBefore=Aug 20 07:43:45 2019 GMT
notAfter=Jul 27 07:43:45 2119 GMT
notBefore=Aug 20 07:43:46 2019 GMT
notAfter=Jul 27 07:43:47 2119 GMT
notBefore=Aug 20 07:43:46 2019 GMT
notAfter=Jul 27 07:43:47 2119 GMT
notBefore=Aug 20 07:43:46 2019 GMT
notAfter=Jul 27 07:43:47 2119 GMT
notBefore=Aug 20 07:43:46 2019 GMT
notAfter=Jul 27 07:43:46 2119 GMT
notBefore=Aug 20 07:43:45 2019 GMT
notAfter=Jul 27 07:43:46 2119 GMT
notBefore=Aug 20 07:43:45 2019 GMT
notAfter=Jul 27 07:43:45 2119 GMT
notBefore=Aug 20 07:43:45 2019 GMT
notAfter=Jul 27 07:43:45 2119 GMT
notBefore=Aug 20 07:43:45 2019 GMT
notAfter=Jul 27 07:43:45 2119 GMT
>四、安裝網絡插件
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
>五、拷貝master證書到其餘節點
USER=root
CONTROL_PLANE_IPS="192.168.3.43 192.168.3.44"
for host in ${CONTROL_PLANE_IPS}; do
scp /etc/kubernetes/pki/ca.crt "${USER}"@$host:
scp /etc/kubernetes/pki/ca.key "${USER}"@$host:
scp /etc/kubernetes/pki/sa.key "${USER}"@$host:
scp /etc/kubernetes/pki/sa.pub "${USER}"@$host:
scp /etc/kubernetes/pki/front-proxy-ca.crt "${USER}"@$host:
scp /etc/kubernetes/pki/front-proxy-ca.key "${USER}"@$host:
scp /etc/kubernetes/pki/etcd/ca.crt "${USER}"@$host:etcd-ca.crt
scp /etc/kubernetes/pki/etcd/ca.key "${USER}"@$host:etcd-ca.key
scp /etc/kubernetes/admin.conf "${USER}"@$host:
ssh ${USER}@${host} 'mkdir -p /etc/kubernetes/pki/etcd'
ssh ${USER}@${host} 'mv /${USER}/ca.crt /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/ca.key /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/sa.pub /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/sa.key /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/front-proxy-ca.crt /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/front-proxy-ca.key /etc/kubernetes/pki/'
ssh ${USER}@${host} 'mv /${USER}/etcd-ca.crt /etc/kubernetes/pki/etcd/ca.crt'
ssh ${USER}@${host} 'mv /${USER}/etcd-ca.key /etc/kubernetes/pki/etcd/ca.key'
ssh ${USER}@${host} 'mv /${USER}/admin.conf /etc/kubernetes/admin.conf'
done
7、其餘節點上部署
#master
kubeadm join 47.110.19.11:6443 --token qlrq5y.1yhm3rz9r7ynfqf1 --discovery-token-ca-cert-hash sha256:62579157003c3537deb44b30f652c500e7fa6505b5ef6826d796ba1245283899 --experimental-control-plane
#node
kubeadm join 47.110.19.11:6443 --token qlrq5y.1yhm3rz9r7ynfqf1 --discovery-token-ca-cert-hash sha256:62579157003c3537deb44b30f652c500e7fa6505b5ef6826d796ba1245283899