Kubernetes安装与配置k8s(一)——Devops(三)
目录1 Docker安装1.1 移除旧版Docker1.2 安装Docker依赖1.3 添加源1.4 更新缓存1.5 安装Docker1.6 查看安装结果1.7 配置阿里云镜像加速2 k8s安装2.1 设置系统主机名以及 Host 文件的相互解析2.2 验证 uuid 和 mac2.3 关闭 SELINUX(临时禁用&&永久禁用)2.4 k8s调整内核参数2.5 新增 k8s 源2
·
目录
1 Docker安装
1.1 移除旧版Docker
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
1.2 安装Docker依赖
yum install -y yum-utils device-mapper-persistent-data lvm2
1.3 添加源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum-config-manager --add-repo https://mydream.ink/utils/container/docker-ce.repo
1.4 更新缓存
yum makecache fast
1.5 安装Docker
yum install -y docker-ce docker-ce-cli containerd.io
###安装指定版本docer-ce 可使用以下命令查看
yum list docker-ce.x86_64 --showduplicates |sort -r
1.6 查看安装结果
systemctl start docker
docker version
1.7 配置阿里云镜像加速
vi daemon.json
{
"registry-mirrors" : ["https://v16stybc.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
cp daemon.json /etc/docker/
##通知 systemd 重载此配置文件
systemctl daemon-reload && systemctl restart docker
##设置开机启动
systemctl enable docker
##启动 docker
systemctl start docker
2 k8s安装
2.1 设置系统主机名以及 Host 文件的相互解析
hostnamectl set-hostname k8s-master
vi /etc/hosts
192.168.117.132 k8s-master
192.168.117.133 k8s-node01
2.2 验证 uuid 和 mac
cat /sys/class/net/ens33/address
cat /sys/class/dmi/id/product_uuid
注:ens33 根据自己网卡名称所填,ip addr即可操作
2.3 关闭 SELINUX(临时禁用&&永久禁用)
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
kubernetes的想法是将实例紧密包装到尽可能接近100%。 所有的部署应该与CPU /内存限制固定在一起。 所以如果调度程序发送一个pod到一台机器,它不应该使用交换。 设计者不想交换,因为它会减慢速度。所以关闭swap主要是为了性能考虑
为了一些节省资源的场景,比如运行容器数量较多,可添加kubelet参数 --fail-swap-on=false来解决
2.4 k8s调整内核参数
vi /etc/sysctl.d/kubernetes.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
# 禁止使用 swap 空间,只有当系统 OOM 时才允许使用它
vm.swappiness=0
# 不检查物理内存是否够用
vm.overcommit_memory=1
# 开启 OOM
fs.inotify.max_user_instances=8192
vm.panic_on_oom=0
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
sysctl -p /etc/sysctl.d/kubernetes.conf
2.5 新增 k8s 源
vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[] 中括号中的是repository id,唯一,用来标识不同仓库
name 仓库名称,自定义
baseurl 仓库地址
enable 是否启用该仓库,默认为1表示启用
gpgcheck 是否验证从该仓库获得程序包的合法性,1为验证
repo_gpgcheck 是否验证元数据的合法性 元数据就是程序包列表,1为验证
gpgkey=URL 数字签名的公钥文件所在位置,如果gpgcheck值为1,此处就需要指定gpgkey文件的位置,如果gpgcheck值为0就不需要此项
更新缓存
yum clean all
yum -y makecache
2.6 安装
yum list kubelet kubeadm kubectl --showduplicates | sort -r
yum install kubectl-1.17.5 kubelet-1.17.5 kubeadm-1.17.5 -y
systemctl enable kubelet
2.7 查看版本并初始化k8s集群
[root@master01 ~]# yum list kubelet --showduplicates | sort -r
[root@master01 ~]# kubeadm init --kubernetes-version=1.17.5 --apiserver-advertise-address=192.168.117.132 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.117.132:6443 --token 2n21m4.djh9i09eswr22gh7 \
--discovery-token-ca-cert-hash sha256:1bb80647721b19978d24142fe4a1fc3dad8e987875ff23cce250170dddad93c5
再次检索
kubeadm token create --print-join-command
--apiserver-advertise-address:API服务器将通知它正在监听的IP地址,监听的地址为“0.0.0.0”,即本机所有IP地址
--apiserver-bind-port:API服务器绑定到的端口。(默认:6443)
--cert-dir:加载证书的相关目录(默认:/etc/kubernetes/pki)
--config:配置文件的路径 警告:配置文件目前属于实验性,还不稳定
--ignore-preflight-errors:将错误显示为警告的检查列表进行忽略 例如:“IsPrivilegedUser,Swp” Value 'all'忽略所有检查中的错误
--pod-network-cidr:指定pod网络的IP地址范围 如果设置,控制平面将为每个节点自动分配CIDRs
--service-cidr:为service VIPs使用不同的IP地址 (默认“10.96.0.0/12”)
建立规则
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
防火墙警告
[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
firewall-cmd --zone=public --add-port=6443/tcp --permanent
firewall-cmd --zone=public --add-port=10250/tcp --permanent
firewall-cmd --reload
2.8 添加网络组件
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel configured
clusterrolebinding.rbac.authorization.k8s.io/flannel unchanged
serviceaccount/flannel unchanged
configmap/kube-flannel-cfg configured
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created
[root@k8s-master ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.aliyuncs.com/google_containers/kube-proxy v1.17.5 e13db435247d 12 days ago 116MB
registry.aliyuncs.com/google_containers/kube-apiserver v1.17.5 f640481f6db3 12 days ago 171MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.17.5 fe3d691efbf3 12 days ago 161MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.17.5 f648efaff966 12 days ago 94.4MB
quay.io/coreos/flannel v0.12.0-amd64 4e9f801d2217 6 weeks ago 52.8MB
registry.aliyuncs.com/google_containers/coredns 1.6.5 70f311871ae1 5 months ago 41.6MB
registry.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 6 months ago 288MB
registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 2 years ago 742kB
2.9 配置环境变量
export KUBECONFIG=/etc/kubernetes/admin.conf
source /etc/profile
3 检查Master安装结果
3.1 查看命名空间
[root@k8s-master ~]# kubectl get pods --all-namespaces #查看所有名称空间的pod,同时可以看到flannel已经正常启动
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-9d85f5447-m9f4b 1/1 Running 0 31m
kube-system coredns-9d85f5447-qgvq9 1/1 Running 0 31m
kube-system etcd-k8s-master 1/1 Running 0 32m
kube-system kube-apiserver-k8s-master 1/1 Running 0 32m
kube-system kube-controller-manager-k8s-master 1/1 Running 0 32m
kube-system kube-flannel-ds-amd64-r8qpw 1/1 Running 0 3m55s
kube-system kube-proxy-pzlht 1/1 Running 0 31m
kube-system kube-scheduler-k8s-master 1/1 Running 0 32m
[root@k8s-master ~]# kubectl get pods -n kube-system #查看名称空间为kube-system的pod
NAME READY STATUS RESTARTS AGE
coredns-9d85f5447-m9f4b 1/1 Running 0 32m
coredns-9d85f5447-qgvq9 1/1 Running 0 32m
etcd-k8s-master 1/1 Running 0 32m
kube-apiserver-k8s-master 1/1 Running 0 32m
kube-controller-manager-k8s-master 1/1 Running 0 32m
kube-flannel-ds-amd64-r8qpw 1/1 Running 0 4m12s
kube-proxy-pzlht 1/1 Running 0 32m
kube-scheduler-k8s-master 1/1 Running 0 32m
[root@k8s-master ~]# kubectl get ns #查看有哪些名称空间
NAME STATUS AGE
default Active 32m
kube-node-lease Active 32m
kube-public Active 32m
kube-system Active 32m
[root@k8s-master ~]#
4 Slave 安装
4.1 参考 Master 安装步骤
权威|前沿|技术|干货|国内首个API全生命周期开发者社区
更多推荐
1
0- 0
已为社区贡献1条内容
所有评论(0)