目錄
1 Docker安裝
1.1 移除舊版Docker
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
1.2 安裝Docker依賴
yum install -y yum-utils device-mapper-persistent-data lvm2
1.3 添加源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum-config-manager --add-repo https://mydream.ink/utils/container/docker-ce.repo
1.4 更新緩存
yum makecache fast
1.5 安裝Docker
yum install -y docker-ce docker-ce-cli containerd.io
###安裝指定版本docer-ce 可使用以下命令查看
yum list docker-ce.x86_64 --showduplicates |sort -r
1.6 查看安裝結果
systemctl start docker
docker version
1.7 配置阿里雲鏡像加速
vi daemon.json
{
"registry-mirrors" : ["https://v16stybc.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
cp daemon.json /etc/docker/
##通知 systemd 重載此配置文件
systemctl daemon-reload && systemctl restart docker
##設置開機啓動
systemctl enable docker
##啓動 docker
systemctl start docker
2 k8s安裝
2.1 設置系統主機名以及 Host 文件的相互解析
hostnamectl set-hostname k8s-master
vi /etc/hosts
192.168.117.132 k8s-master
192.168.117.133 k8s-node01
2.2 驗證 uuid 和 mac
cat /sys/class/net/ens33/address
cat /sys/class/dmi/id/product_uuid
注:ens33 根據自己網卡名稱所填,ip addr即可操作
2.3 關閉 SELINUX(臨時禁用&&永久禁用)
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
kubernetes的想法是將實例緊密包裝到儘可能接近100%。 所有的部署應該與CPU /內存限制固定在一起。 所以如果調度程序發送一個pod到一臺機器,它不應該使用交換。 設計者不想交換,因爲它會減慢速度。所以關閉swap主要是爲了性能考慮
爲了一些節省資源的場景,比如運行容器數量較多,可添加kubelet參數 --fail-swap-on=false來解決
2.4 k8s調整內核參數
vi /etc/sysctl.d/kubernetes.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
# 禁止使用 swap 空間,只有當系統 OOM 時才允許使用它
vm.swappiness=0
# 不檢查物理內存是否夠用
vm.overcommit_memory=1
# 開啓 OOM
fs.inotify.max_user_instances=8192
vm.panic_on_oom=0
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
sysctl -p /etc/sysctl.d/kubernetes.conf
2.5 新增 k8s 源
vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[] 中括號中的是repository id,唯一,用來標識不同倉庫
name 倉庫名稱,自定義
baseurl 倉庫地址
enable 是否啓用該倉庫,默認爲1表示啓用
gpgcheck 是否驗證從該倉庫獲得程序包的合法性,1爲驗證
repo_gpgcheck 是否驗證元數據的合法性 元數據就是程序包列表,1爲驗證
gpgkey=URL 數字簽名的公鑰文件所在位置,如果gpgcheck值爲1,此處就需要指定gpgkey文件的位置,如果gpgcheck值爲0就不需要此項
更新緩存
yum clean all
yum -y makecache
2.6 安裝
yum list kubelet kubeadm kubectl --showduplicates | sort -r
yum install kubectl-1.17.5 kubelet-1.17.5 kubeadm-1.17.5 -y
systemctl enable kubelet
2.7 查看版本並初始化k8s集羣
[root@master01 ~]# yum list kubelet --showduplicates | sort -r
[root@master01 ~]# kubeadm init --kubernetes-version=1.17.5 --apiserver-advertise-address=192.168.117.132 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.117.132:6443 --token 2n21m4.djh9i09eswr22gh7 \
--discovery-token-ca-cert-hash sha256:1bb80647721b19978d24142fe4a1fc3dad8e987875ff23cce250170dddad93c5
再次檢索
kubeadm token create --print-join-command
--apiserver-advertise-address:API服務器將通知它正在監聽的IP地址,監聽的地址爲“0.0.0.0”,即本機所有IP地址
--apiserver-bind-port:API服務器綁定到的端口。(默認:6443)
--cert-dir:加載證書的相關目錄(默認:/etc/kubernetes/pki)
--config:配置文件的路徑 警告:配置文件目前屬於實驗性,還不穩定
--ignore-preflight-errors:將錯誤顯示爲警告的檢查列表進行忽略 例如:“IsPrivilegedUser,Swp” Value 'all'忽略所有檢查中的錯誤
--pod-network-cidr:指定pod網絡的IP地址範圍 如果設置,控制平面將爲每個節點自動分配CIDRs
--service-cidr:爲service VIPs使用不同的IP地址 (默認“10.96.0.0/12”)
建立規則
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
防火牆警告
[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
firewall-cmd --zone=public --add-port=6443/tcp --permanent
firewall-cmd --zone=public --add-port=10250/tcp --permanent
firewall-cmd --reload
2.8 添加網絡組件
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel configured
clusterrolebinding.rbac.authorization.k8s.io/flannel unchanged
serviceaccount/flannel unchanged
configmap/kube-flannel-cfg configured
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created
[root@k8s-master ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.aliyuncs.com/google_containers/kube-proxy v1.17.5 e13db435247d 12 days ago 116MB
registry.aliyuncs.com/google_containers/kube-apiserver v1.17.5 f640481f6db3 12 days ago 171MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.17.5 fe3d691efbf3 12 days ago 161MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.17.5 f648efaff966 12 days ago 94.4MB
quay.io/coreos/flannel v0.12.0-amd64 4e9f801d2217 6 weeks ago 52.8MB
registry.aliyuncs.com/google_containers/coredns 1.6.5 70f311871ae1 5 months ago 41.6MB
registry.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 6 months ago 288MB
registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 2 years ago 742kB
2.9 配置環境變量
export KUBECONFIG=/etc/kubernetes/admin.conf
source /etc/profile
3 檢查Master安裝結果
3.1 查看命名空間
[root@k8s-master ~]# kubectl get pods --all-namespaces #查看所有名稱空間的pod,同時可以看到flannel已經正常啓動
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-9d85f5447-m9f4b 1/1 Running 0 31m
kube-system coredns-9d85f5447-qgvq9 1/1 Running 0 31m
kube-system etcd-k8s-master 1/1 Running 0 32m
kube-system kube-apiserver-k8s-master 1/1 Running 0 32m
kube-system kube-controller-manager-k8s-master 1/1 Running 0 32m
kube-system kube-flannel-ds-amd64-r8qpw 1/1 Running 0 3m55s
kube-system kube-proxy-pzlht 1/1 Running 0 31m
kube-system kube-scheduler-k8s-master 1/1 Running 0 32m
[root@k8s-master ~]# kubectl get pods -n kube-system #查看名稱空間爲kube-system的pod
NAME READY STATUS RESTARTS AGE
coredns-9d85f5447-m9f4b 1/1 Running 0 32m
coredns-9d85f5447-qgvq9 1/1 Running 0 32m
etcd-k8s-master 1/1 Running 0 32m
kube-apiserver-k8s-master 1/1 Running 0 32m
kube-controller-manager-k8s-master 1/1 Running 0 32m
kube-flannel-ds-amd64-r8qpw 1/1 Running 0 4m12s
kube-proxy-pzlht 1/1 Running 0 32m
kube-scheduler-k8s-master 1/1 Running 0 32m
[root@k8s-master ~]# kubectl get ns #查看有哪些名稱空間
NAME STATUS AGE
default Active 32m
kube-node-lease Active 32m
kube-public Active 32m
kube-system Active 32m
[root@k8s-master ~]#