K8S环境搭建

一、关闭防火墙

systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动

开启iptables防火墙(可以不设置下面的防火墙配置）

yum -y install iptables-services

修改防火墙配置

增加规则

iptables -I INPUT -p tcp -m multiport --dports 8080 -m comment --comment "k8s" -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports 2379 -m comment --comment "etcd" -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports 3306 -m comment --comment "mysql" -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports 6379 -m comment --comment "redis" -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports 10254 -m comment --comment "ingress" -j ACCEPT

保存退出后

systemctl restart iptables.service #重启防火墙使配置生效
systemctl enable iptables.service #设置防火墙开机启动

最后重启系统使设置生效即可。

二、安装

准备两台及以上服务器，一台作为master节点，其他作为node节点
master 需要安装 kubernetes-master etcd flannel docker
yum install -y kubernetes-master etcd flannel docker

node需要安装 kubernetes-node flannel docker etcd
yum install -y kubernetes-node flannel docker etcd

三、配置etcd

所有的etcd都统一配置

vi /etc/etcd/etcd.conf

ETCD_NAME=default
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://masterIP:2379" 

运行

systemctl enable etcd
systemctl start etcd

在master端运行：

etcdctl mkdir /kube/network 
etcdctl set /kube/network/config "{\"Network\": \"10.1.0.0/16\"}"

（注：此处IP要与master节点中apiserver中的地址相同，/kube/network/要与flanneld中的配置相同）

四、master端配置

1、配置flanneld

vi /etc/sysconfig/flanneld

# Flanneld configuration options  

# etcd url location.  Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://masterIp:2379"

# etcd config key.  This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/kube/network"

# Any additional options that you want to pass
FLANNEL_OPTIONS="-iface=网卡 -subnet-file=/etc/profile.d/flanneld.env"

2、配置apiserver

vi /etc/kubernetes/apiserver

# The address on the local server to listen to.
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"

# The port on the local server to listen on.
KUBE_API_PORT="--insecure-port=8080"

# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.1.0.0/16  --service-node-port-range=30000-32767"

# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota"

# Add your own!
KUBE_API_ARGS="--authorization_mode=AlwaysAllow"

3、配置config

vi /etc/kubernetes/config

# Comma seperated list of nodes in the etcd cluster  
KUBE_ETCD_SERVERS="--etcd_servers=http://masterIP:2379"

# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"

# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"

# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"

# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_API_ARGS="--master=http://masterIP:8080"

# How the replication controller and scheduler find the kube-apiserver
KUBE_MASTER="--master=http://masterIP:8080"

4、配置controller-manager

vi /etc/kubernetes/config

KUBE_CONTROLLER_MANAGER_ARGS="--node-monitor-grace-period=10s --pod-eviction-timeout=10s"

5、启动master

for SERVICES in etcd flanneld docker kube-apiserver kube-controller-manager kube-scheduler; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done

五、node节点配置

1、配置flanneld

vi /etc/sysconfig/flanneld

FLANNEL_ETCD_ENDPOINTS="http://masterIP:2379"

FLANNEL_ETCD_PREFIX="/kube/network"

FLANNEL_OPTIONS="-iface=网卡 -subnet-file=/etc/profile.d/flanneld.env"

2、配置docker

vi /usr/lib/systemd/system/docker.service

EnvironmentFile=/etc/profile.d/flanneld.env
ExecStart=/usr/bin/dockerd-current \
          --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
          --default-runtime=docker-runc \
          --exec-opt native.cgroupdriver=systemd \
          --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
    --bip=${FLANNEL_SUBNET} \ #添加此行
    --mtu=${FLANNEL_MTU} \    #添加此行
          $OPTIONS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $ADD_REGISTRY \
          $BLOCK_REGISTRY \
          $INSECURE_REGISTRY

3、配置config

vi /etc/kubernetes/config

KUBE_LOGTOSTDERR="--logtostderr=true"

KUBE_LOG_LEVEL="--v=0"

KUBE_ALLOW_PRIV="--allow-privileged=false"

KUBE_MASTER="--master=http://masterIP:8080"

4、配置kubelet

vi /etc/kubernetes/kubelet

KUBELET_ADDRESS="--address=0.0.0.0"

KUBELET_HOSTNAME="--hostname-override=nodeIP"

KUBELET_API_SERVER="--api-servers=http://masterIP:8080"

KUBELET_ARGS="--register-schedulable=false  --register-node=true--cluster-dns=masterIP --cluster-domain=cluster.local"

5、启动node节点

for SERVICES in etcd flanneld docker kube-proxy kubelet; do
systemctl restart $SERVICES
systemctl enable $SERVICES
systemctl status $SERVICES
done

验证

在master节点运行kubectl get nodes，可以查看配置的节点信息，说明配置成功。

[root@localhost ~]# kubectl get nodes
NAME           STATUS    AGE
192.168.1.1   Ready     7h