本文首發自個人博客:https://blog.smile13.com/articles/2019/01/13/1547376380025.html
環境準備(所有節點都需要操作)
1.服務器信息
server count: 7
server version: Centos7.4
2.節點規劃
192.168.158.131 k8s01 etcd、Master、Node、keepalived
192.168.158.132 k8s02 etcd、Master、Node、keepalived
192.168.158.133 k8s03 etcd、Master、Node、keepalived
192.168.158.134 k8s04 node
192.168.158.135 k8s05 node
192.168.158.136 k8s06 node
192.168.158.137 k8s07 node
192.168.158.138 k8s08 k8s-cluster.smile13.com (VIP)
3.關閉防火牆
sudo systemctl stop firewalld && sudo systemctl disable firewalld
4.關閉Sexlinux
sed -i ‘/SELINUX=enforcing/d’ /etc/selinux/config
sed -i ‘/SELINUX=disabled/d’ /etc/selinux/config
echo “SELINUX=disabled” >> /etc/selinux/config
重啓後生效。
5.安裝ntp同步時間
# yum -y install ntp 修改配置文件/etc/ntp.conf 註釋掉原有的server指向把時間服務器的域名地址指向一個靠譜可連的時間服務器,我選擇的是ntp1.aliyun.com. # vi /etc/ntp.conf …… #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server ntp1.aliyun.com iburst ...... 啓動ntp並加入開機啓動 # systemctl start ntpd # systemctl enable ntpd Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service. 注意:在啓動之前,先使用ntpdate手動同步一下時間,免得本機與對時中心時間差距太大,使得ntpd不能正常同步。這裏選用ntp1.aliyun.com作爲對時中心:sudo ntpdate -u ntp1.aliyun.com
6.配置ssh,實現節點見的無祕密登錄
6.1生成密鑰
ssh-keygen -t rsa #輸入之後一直選擇enter即可。生成的祕鑰位於 ~/.ssh文件夾下。可用cd 命令進入查看。
6.2 導入authorized_keys
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
6.3 遠程無密碼登錄(把各個主機上的authorized_keys拷貝到其他主機的相應目錄下)
cat ~/.ssh/id_rsa.pub | ssh -p 22 user@host 'cat >> ~/.ssh/authorized_keys'
6.4 修改authorized_keys文件的權限(必須爲600,否則不能免密碼登陸)
chmod 600 ~/.ssh/authorized_keys
7.關閉swap
swapoff -a 然後再打開文件/etc/fstab,找到swap有關的一行,如下圖紅框所示,在這一行的最左邊加上"#",將該行註釋掉: # # /etc/fstab # Created by anaconda on Fri Jul 20 23:01:49 2018 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # UUID=f5f7670b-9aaf-414c-8e5e-50cb33e81d48 / xfs defaults 0 0 UUID=8ef45b9a-a906-40a9-a51c-af05d3d13766 /boot xfs defaults 0 0 #UUID=26981930-f538-4a6f-a055-6ca7a5a51112 swap swap defaults 0 0 執行free -m命令檢查,swap值應該都爲0了 [root@k8s01 ~]# free -m . total used free shared buff/cache available Mem: 29443 181 28985 8 276 28865 Swap: 0 0 0
8.配置ipvs支持
[root@k8s01 ~]# cat /etc/sysconfig/modules/ipvs.modules #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack_ipv4 上面腳本創建了的/etc/sysconfig/modules/ipvs.modules文件,保證在節點重啓後能自動加載所需模塊。 查看是否已經正確加載所需的內核模塊: [root@k8s01 ~]# lsmod | grep -e ip_vs -e nf_conntrack_ipv4 nf_conntrack_ipv4 16384 2 nf_defrag_ipv4 16384 1 nf_conntrack_ipv4 ip_vs_sh 16384 0 ip_vs_wrr 16384 0 ip_vs_rr 16384 0 ip_vs 151552 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr nf_conntrack 135168 8 xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat,ipt_MASQUERADE,nf_nat_ipv4,nf_conntrack_netlink,ip_vs libcrc32c 16384 4 nf_conntrack,nf_nat,xfs,ip_vs 接下來還需要確保各個節點上已經安裝了ipset軟件包yum install ipset。 爲了便於查看ipvs的代理規則,最好安裝一下管理工具ipvsadm yum install ipvsadm。 如果以上前提條件如果不滿足,則即使kube-proxy的配置開啓了ipvs模式,也會退回到iptables模式。
9.安裝docker
------詳細教程請查看: docker安裝完成後,配置爲阿里雲的源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
10.配置kubernetes的yum源
[root@k8s01 ~]# cat /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
11.iptable設置
[root@k8s01 sysctl.d]# cat /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.ipv4.ip_nonlocal_bind = 1
12.kubeadm、kubectl、kubelet安裝
yum install -y kubelet-1.13.1 kubeadm-1.13.1 kubectl-1.13.1 systemctl enable kubelet.service # 配置kubelet使用國內阿里pause鏡像,官方的鏡像被牆,kubelet啓動不了 [root@k8s01 kubernetes]# cat /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1"
版權聲明:本文爲博主原創文章,轉載請註明出處!