标签:node admin etc master yum kubeadm k8s root docker
一.节点规划
| Hostname |
Outer-IP |
Inner-IP |
| k8s-master-001 |
10.0.0.100 |
172.16.1.113 |
| K8s-node-001 |
10.0.0.101 |
172.16.1.114 |
| K8s-node-002 |
10.0.0.102 |
172.16.1.115 |
#1.在所有节点上安装 Docker 和 kubeadm
#2.部署 Kubernetes Master
#3.部署容器网络插件
#4.部署 Kubernetes Node,将节点加入 Kubernetes 集群中
#5.部署 Dashboard Web 页面,可视化查看 Kubernetes 资源
三、系统初始化(所有节点)
1天假host解析
#1.修改主机名
[root@ip-172-16-1-113 ~]# hostnamectl set-hostname k8s-master-001
[root@ip-172-16-1-114 ~]# hostnamectl set-hostname k8s-node-001
[root@ip-172-16-1-115 ~]# hostnamectl set-hostname k8s-node-002
#2.Master节点添加hosts解析
[root@k8s-master-001 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.100 k8s-admin-master01 m1
10.0.0.101 k8s-admin-node01 n1
10.0.0.102 k8s-admin-node02 n2
#3.分发hosts文件到Node节点
[root@k8s-master-001 ~]# scp /etc/hosts root@n1:/etc/hosts
hosts 100% 247 2.7KB/s 00:00
[root@k8s-master-001 ~]# scp /etc/hosts root@n2:/etc/hosts
hosts
2 配置免密登录
[root@k8s-admin-master01 ~]# ssh-keygen
[root@k8s-admin-node01 ~]# ssh-keygen
[root@k8s-admin-node02 ~]# ssh-keygen
[root@k8s-admin-master01 ~]# ssh-copy-id m1
[root@k8s-admin-master01 ~]# ssh-copy-id n1
[root@k8s-admin-master01 ~]# ssh-copy-id n2
[root@k8s-admin-node01 ~]# ssh-copy-id m1
[root@k8s-admin-node01 ~]# ssh-copy-id n1
[root@k8s-admin-node01 ~]# ssh-copy-id n2
[root@k8s-admin-node02 ~]# ssh-copy-id m1
[root@k8s-admin-node02 ~]# ssh-copy-id n1
[root@k8s-admin-node02 ~]# ssh-copy-id n2
3关闭交换分区 swap,提升性能
#临时关闭
[root@k8s-admin-master01 ~]# swapoff -a
[root@k8s-admin-node01 ~]# swapoff -a
[root@k8s-admin-node02 ~]# swapoff -a
[root@k8s-admin-master01 ~]# vim /etc/fstab
#UUID=ff05d4f6-5d80-4d32-90a2-8268a0d4d0d3 swap swap defaults 0 0
#如果是克隆的虚拟机,需要删除 UUID
[root@k8s-admin-node01 ~]# vim /etc/fstab
#UUID=ff05d4f6-5d80-4d32-90a2-8268a0d4d0d3 swap swap defaults 0 0
#如果是克隆的虚拟机,需要删除 UUID
[root@k8s-admin-node02 ~]# vim /etc/fstab
#UUID=ff05d4f6-5d80-4d32-90a2-8268a0d4d0d3 swap swap defaults 0 0
#如果是克隆的虚拟机,需要删除 UUID
解释:
Swap 是交换分区,如果机器内存不够,会使用 swap 分区,但是 swap 分区的性能较低,k8s 设计的
时候为了能提升性能,默认是不允许使用姜欢分区的。Kubeadm 初始化的时候会检测 swap 是否关
闭,如果没关闭,那就初始化失败。如果不想要关闭交换分区,安装 k8s 的时候可以指定--ignorepreflight-errors=Swap
来解决。
4.修改机器内核参数
[root@xianchaomaster1 ~]# modprobe br_netfilter
[root@xianchaomaster1 ~]# echo "modprobe br_netfilter" >> /etc/profile
[root@xianchaomaster1 ~]# cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[root@xianchaomaster1 ~]# sysctl -p /etc/sysctl.d/k8s.conf
[root@xianchaonode1 ~]# modprobe br_netfilter
[root@xianchaonode1 ~]# echo "modprobe br_netfilter" >> /etc/profile
[root@xianchaonode1 ~]# cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[root@xianchaonode1 ~]# sysctl -p /etc/sysctl.d/k8s.conf
[root@xianchaonode2 ~]# modprobe br_netfilter
[root@xianchaonode2 ~]# echo "modprobe br_netfilter" >> /etc/profile
[root@xianchaonode2 ~]# cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[root@xianchaonode2 ~]# sysctl -p /etc/sysctl.d/k8s.conf
5.关闭防火墙和Selinux
#1.关闭防火墙
[root@k8s-master-001 ~]# systemctl disable --now firewalld
#2.关闭Selinux
1)临时关闭
[root@k8s-master-001 ~]# setenforce 0
2)永久关闭
[root@k8s-master-001 ~]# sed -i 's#enforcing#disabled#g' /etc/selinux/config
3)检查
[root@xianchaonode2~]#getenforce
Disabled
#显示 Disabled 说明 selinux 已经关
5.配置国内yum源
默认情况下,CentOS使用的是官方yum源,所以一般情况下在国内使用是非常慢,所以我们可以替换成国内的一些比较成熟的yum源,例如:清华大学镜像源,网易云镜像源等等。
#1.更改yum源
[root@k8s-master-001 ~]# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
[root@k8s-master-001 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@k8s-master-001 ~]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#2.刷新缓存
[root@k8s-master-001 ~]# yum makecache
#3.禁止自动更新更新内核版本
[root@k8s-master-001 ~]# yum update -y --exclud=kernel*
6.时间同步
在集群当中,时间是一个很重要的概念,一旦集群当中某台机器时间跟集群时间不一致,可能会导致集群面临很多问题。所以,在部署集群之前,需要同步集群当中的所有机器的时间。
#1.CentOS7版
yum install ntp -y
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' > /etc/timezone
ntpdate time2.aliyun.com
# 写入定时任务
#Timing synchronization time
* * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null
#2.CentOS8版
rpm -ivh http://mirrors.wlnmp.com/centos/wlnmp-release-centos.noarch.rpm
yum install wntp -y
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' > /etc/timezone
ntpdate time2.aliyun.com
# 写入定时任务
#Timing synchronization time
* * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null
7.开启ipvs
ipvs是系统内核中的一个模块,其网络转发性能很高。一般情况下,我们首选ipvs。
#1.安装IPVS
[root@k8s-master-001 ~]# yum install -y conntrack-tools ipvsadm ipset conntrack libseccomp
# 加载IPVS模块
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in \${ipvs_modules}; do
/sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/modprobe \${kernel_module}
fi
done
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
8.安装基础软件包
[root@xianchaomaster1 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl
curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlibdevel
python-devel epel-release openssh-server socat ipvsadm conntrack ntpdate telnet
ipvsadm
10.安装docker
#1准备docker源
[root@xianchaomaster1 ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@xianchaonode1 ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/dockerce/linux/centos/docker-ce.repo
[root@xianchaonode2 ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/dockerce/linux/centos/docker-ce.repo
[root@xianchaomaster1 ~]# yum install docker-ce-20.10.6 docker-ce-cli-20.10.6
containerd.io -y
[root@xianchaomaster1 ~]# systemctl start docker && systemctl enable docker.service
[root@xianchaonode1 ~]# yum install docker-ce-20.10.6 docker-ce-cli-20.10.6
containerd.io -y
[root@xianchaonode1 ~]# systemctl start docker && systemctl enable docker.service
[root@xianchaonode2 ~]# yum install docker-ce-20.10.6 docker-ce-cli-20.10.6
containerd.io -y
[root@xianchaonode2 ~]# systemctl start docker && systemctl enable docker.service
#2 配置 docker 镜像加速器和驱动
[root@xianchaomaster1 ~]#vim /etc/docker/daemon.json
{
"registry-mirrors":["https://rsbud4vc.mirror.aliyuncs.com","https://registry.dockercn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hubmirror.c.163.com","http://qtid6917.mirror.aliyuncs.com",
"https://rncxm540.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
#解释:
#修改 docker 文件驱动为 systemd,默认为 cgroupfs,kubelet 默认使用 systemd,两者必须一致才可
以。
二.初始化k8s
第一步配置源
#1配置安装 k8s 组件需要的阿里云的 repo 源
[root@xianchaomaster1 ~]#vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
配置安装 k8s 组件需要的阿里云的 repo 源
[root@xianchaomaster1 ~]#vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
配置安装 k8s 组件需要的阿里云的 repo 源
[root@xianchaomaster1 ~]#vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
2.步下载并启动
可以提前把初始化需要的镜像 给拉下来 我下载好了 做成离线镜像包了 你们只需要下载下来上传到服务器 手动解压就好 这样初始化会更快
#把初始化 k8s 集群需要的离线镜像包上传到 master1、node1、node2 机器上,手动解压:
[root@xianchaomaster1 ~]# docker load -i k8simage-1-20-6.tar.gz
[root@xianchaonode1 ~]# docker load -i k8simage-1-20-6.tar.gz
[root@xianchaonode2 ~]# docker load -i k8simage-1-20-6.tar.gz
[root@xianchaomaster1 ~]# yum install -y kubelet-1.20.6 kubeadm-1.20.6 kubectl-1.20.6
[root@xianchaomaster1 ~]# systemctl enable kubelet
[root@xianchaomaster1]# systemctl status kubelet
[root@xianchaonode1 ~]# yum install -y kubelet-1.20.6 kubeadm-1.20.6 kubectl-1.20.6
[root@xianchaonode1 ~]# systemctl enable kubelet
[root@xianchaonode1]# systemctl status kubelet
[root@xianchaonode2 ~]# yum install -y kubelet-1.20.6 kubeadm-1.20.6 kubectl-1.20.6
[root@xianchaonode2 ~]# systemctl enable kubelet
[root@xianchaonode2]# systemctl status kubele
解释:
注:每个软件包的作用
Kubeadm: kubeadm 是一个工具,用来初始化 k8s 集群的
kubelet: 安装在集群所有节点上,用于启动 Pod 的
kubectl: 通过 kubectl 可以部署和管理应用,查看各种资源,创建、删除和更新各种组件
3.使用 kubeadm 初始化 k8s 集群
[root@xianchaomaster1 ~]# kubeadm init --kubernetes-version=1.20.6 --apiserveradvertise-address=192.168.40.180--image-repository
registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=SystemVerification
#显示如下表示成功
... ...
Your Kubernetes control-plane has initialized successfully! #表示master节点初始化成功
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.13.113:6443 --token e62t6l.s9pejtl8bksf8brh \
--discovery-token-ca-cert-hash sha256:6f13d84943614f945ca32d915f01de64a07b7f6c9f1b7708543ae8303c6d6ec
解释:
--image-repository registry.aliyuncs.com/google_containers: 手动指定仓库地址为registry.aliyuncs.com/google_containers。kubeadm 默认从 k8s.grc.io 拉取镜像,但是 k8s.gcr.io访问不到,所以需要指定从 registry.aliyuncs.com/google_containers 仓库拉取镜像。
--pod-network-cidr= #pod的网段
--kubernetes-version=v1.20.2 # 指定安装的k8s版本号
标签:node,
admin,
etc,
master,
yum,
kubeadm,
k8s,
root,
docker
From: https://www.cnblogs.com/GAO321/p/16734782.html