參考:
https://blog.csdn.net/qq_42006894/article/details/86214085
https://blog.csdn.net/networken/article/details/84991940
集羣信息
10.22.60.26 master
10.22.60.172 node01
10.22.60.173 node02
1、安裝基本服務(所有節點:master + node)
yum install -y net-tools epel-release
yum install -y vim yum-utils device-mapper-persistent-data lvm2
|
2、配置docker-ce 和 k8s yum 源(所有節點:master + node)
yum-config-manager --add-repo http: //mirrors .aliyun.com /docker-ce/linux/centos/docker-ce .repo
cat <<EOF > /etc/yum .repos.d /kubernetes .repo
[kubernetes]
name=Kubernetes
baseurl=https: //mirrors .aliyun.com /kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https: //mirrors .aliyun.com /kubernetes/yum/doc/yum-key .gpg https: //mirrors .aliyun.com /kubernetes/yum/doc/rpm-package-key .gpg
EOF
|
3、防火牆、Selinux和swap分區(所有節點:master + node)
sudo systemctl stop firewalld.service #停止firewall
sudo systemctl disable firewalld.service #禁止firewall開機啓動
sudo swapoff -a
sudo setenforce 0
sudo vi /etc/selinux/config
#SELINUX修改爲disabled
SELINUX=disabled
|
4、安裝docker-ce 和k8s(所有節點:master + node)
yum install docker-ce-18.06.0.ce
# 直接 yum install docker-ce,docker-ce的版本太高,可能存在兼容問題,未測試
systemctl enable docker
systemctl start docker
yum install kubectl-1.13.1 kubelet-1.13.1 kubernetes-cni-1.13.1 kubeadm-1.13.1 ## 如果不加版本號,會自動安裝最新的版本,當前最新的版本已經到1.14.1
systemctl enable kubelet
# 默認安裝需要禁用swap,這裏配置/etc/sysconfig/kubelet 忽略禁用swap
vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS= "--fail-swap-on=false"
|
|
|
5、修改鏡像源(所有節點:master + node)
vim /etc/systemd/system/kubelet .service.d /10-kubeadm .conf
修改爲:
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment= "KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment= "KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=- /var/lib/kubelet/kubeadm-flags . env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
# "KUBE_PAUSE" 指定pause鏡像的位置,需要在最後一行添加設置的"KUBE_PAUSE"的參數
Environment= "KUBE_PAUSE=--pod-infra-container-image=10.22.60.25/kubernetes/pause:3.1"
EnvironmentFile=- /etc/sysconfig/kubelet
ExecStart=
ExecStart= /usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS $KUBE_PAUSE
|
6、橋接網絡設置(所有節點:master + node)
modprobe br_netfilter
cat <<EOF > /etc/sysctl .d /k8s .conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl -p /etc/sysctl .d /k8s .conf
ls /proc/sys/net/bridge
|
7、配置 /etc/hosts(所有節點:master + node)
10.22.60.26 ODCBSCMCP01
10.22.60.172 DCK8SNO103
10.22.60.173 DCK8SNO104
|
8、集羣初始化(master節點操作:請記錄初始化最後打印出的kubeadm join 信息)
# --ignore-preflight-errors=Swap 忽略禁用swap ,必須要加上
由於網段衝突,導致dns解析有問題,所有這裏我改爲192.168.0.0/16,默認爲 "10.244.0.0/16"
kubeadm init \
--kubernetes-version=v1.13.1 \
--pod-network-cidr=192.168.0.0 /16 \
--apiserver-advertise-address=10.22.60.26 \
--image-repository=registry.odc.sunline.cn /kubernetes
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin .conf $HOME/.kube /config
sudo chown $( id -u):$( id -g) $HOME/.kube /config
|
9、安裝calico網絡插件
wget https: //raw .githubusercontent.com /Lentil1016/kubeadm-ha/1 .13.0 /calico/rbac .yaml
wget https: //raw .githubusercontent.com /Lentil1016/kubeadm-ha/1 .13.0 /calico/calico .yaml
"calico.yaml" 文件中的鏡像可以換成內網的鏡像地址,
"calico.yaml" 中的集羣IP範圍可根據需求修改,默認爲 "10.244.0.0/16",由於網段衝突,導致dns解析有問題,所有這裏我改爲192.168.0.0/16
kubectl apply -f rbac.yaml
kubectl apply -f calico.yaml
|
10、安裝dashboard
wget https: //raw .githubusercontent.com /cherryleo/k8s-apps/master/k8s-dashboard/kubernetes-dashboard .yaml
修改裏面的鏡像地址,改爲阿里的"registry.cn-hangzhou.aliyuncs.com/houfei/kubernetes-dashboard-amd64:v1.10.1"
kubectl apply -f kubernetes-dashboard.yaml
# 在火狐瀏覽器訪問主機的https:// 10.22.60.26/30080端口,其他瀏覽器訪問是時候有問題,如果出現頁面代表服務正常
|
11、配置dashboard的登錄權限
創建文件: cat admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io /v1beta1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
kubectl apply -f admin-user.yaml
# 獲取登錄頁面的token
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}' )
|