kubeadm安装集群系列-1.基础服务安装

基础服务

本文基于centos7.5部署

规划

10.8.28.200	master-VIP
10.8.31.84	k8s-test-master-1
10.8.152.149	k8s-test-master-2
10.8.191.56	k8s-test-master-3
10.8.85.173	k8s-test-node-1

 

将host信息写入hosts文件

系统调优

 1 # 关闭swap
 2 swapoff -a
 3 yes | cp /etc/fstab /etc/fstab_bak
 4 cat /etc/fstab_bak |grep -v swap > /etc/fstab
 5 
 6 # 关闭selinux
 7 setenforce 0 \
 8 && sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config \
 9 && getenforce
10 
11 # 关闭防火墙
12 systemctl stop firewalld \
13 && systemctl daemon-reload \
14 && systemctl disable firewalld \
15 && systemctl daemon-reload \
16 && systemctl status firewalld
17 
18 yum install -y iptables-services \
19 && systemctl stop iptables \
20 && systemctl disable iptables \
21 && systemctl status iptables
22 
23 # 系统参数调优
24 [ ! -e "/etc/sysctl.conf_bk" ] && /bin/mv /etc/sysctl.conf{,_bk} \
25 && cat > /etc/sysctl.conf << EOF
26 fs.file-max=1000000
27 fs.nr_open=20480000
28 net.ipv4.tcp_max_tw_buckets = 180000
29 net.ipv4.tcp_sack = 1
30 net.ipv4.tcp_window_scaling = 1
31 net.ipv4.tcp_rmem = 4096 87380 4194304
32 net.ipv4.tcp_wmem = 4096 16384 4194304
33 net.ipv4.tcp_max_syn_backlog = 16384
34 net.core.netdev_max_backlog = 32768
35 net.core.somaxconn = 32768
36 net.core.wmem_default = 8388608
37 net.core.rmem_default = 8388608
38 net.core.rmem_max = 16777216
39 net.core.wmem_max = 16777216
40 net.ipv4.tcp_timestamps = 0
41 net.ipv4.tcp_fin_timeout = 20
42 net.ipv4.tcp_synack_retries = 2
43 net.ipv4.tcp_syn_retries = 2
44 net.ipv4.tcp_syncookies = 1
45 #net.ipv4.tcp_tw_len = 1
46 net.ipv4.tcp_tw_reuse = 1
47 net.ipv4.tcp_mem = 94500000 915000000 927000000
48 net.ipv4.tcp_max_orphans = 3276800
49 net.ipv4.ip_local_port_range = 1024 65000
50 #net.nf_conntrack_max = 6553500
51 #net.netfilter.nf_conntrack_max = 6553500
52 #net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
53 #net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
54 #net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
55 #net.netfilter.nf_conntrack_tcp_timeout_established = 3600
56 EOF
57 sysctl -p
58 
59 # k8s部分参数调优
60 cat <<EOF >  /etc/sysctl.d/k8s.conf
61 net.bridge.bridge-nf-call-ip6tables = 1
62 net.bridge.bridge-nf-call-iptables = 1
63 net.ipv4.ip_nonlocal_bind = 1
64 net.ipv4.ip_forward = 1
65 vm.swappiness=0
66 EOF
67 sysctl -p /etc/sysctl.d/k8s.conf
68 
69 # 开启ipvs
70 cat > /etc/sysconfig/modules/ipvs.modules <<EOF
71 #!/bin/bash
72 modprobe -- ip_vs
73 modprobe -- ip_vs_rr
74 modprobe -- ip_vs_wrr
75 modprobe -- ip_vs_sh
76 modprobe -- nf_conntrack_ipv4
77 EOF
78 chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
79 
80 # 制作镜像（正常安装无需执行）
81 echo "mkdir -p /data/docker" >> /etc/rc.d/rc.local
82 echo "swapoff -a" >> /etc/rc.d/rc.local

 

安装docker

 1 # 拉取rpm文件，国内可以从阿里源下载
 2 mkdir -p /data/init/docker && cd /data/init/docker
 3 wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-18.09.8-3.el7.x86_64.rpm
 4 wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
 5 wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-cli-18.09.8-3.el7.x86_64.rpm
 6 yum install -y containerd.io-1.2.6-3.3.el7.x86_64.rpm docker-ce-cli-18.09.8-3.el7.x86_64.rpm docker-ce-18.09.8-3.el7.x86_64.rpm
 7 
 8 # 创建docker目录，修改docker运行参数
 9 mkdir /data/docker
10 cat << EOF >/etc/sysconfig/docker
11 INSECURE_REGISTRY="--insecure-registry=harbor.test123.net"
12 DOCKER_NETWORK_OPTIONS="-H fd:// --containerd=/run/containerd/containerd.sock"
13 DOCKER_STORAGE_OPTIONS="--data-root=/data/docker --storage-driver=overlay2"
14 EOF
15 
16 # 编辑system unit文件
17 cat << EOF > /usr/lib/systemd/system/docker.service
18 [Unit]
19 Description=Docker Application Container Engine
20 Documentation=https://docs.docker.com
21 BindsTo=containerd.service
22 After=network-online.target firewalld.service containerd.service
23 Wants=network-online.target
24 Requires=docker.socket
25 
26 [Service]
27 Type=notify
28 EnvironmentFile=-/etc/sysconfig/docker
29 ExecStart=/usr/bin/dockerd \\
30           \$INSECURE_REGISTRY \\
31           \$DOCKER_STORAGE_OPTIONS \\
32           \$DOCKER_NETWORK_OPTIONS
33 ExecReload=/bin/kill -s HUP \$MAINPID
34 TimeoutSec=0
35 RestartSec=2
36 Restart=always
37 StartLimitBurst=3
38 StartLimitInterval=60s
39 LimitNOFILE=infinity
40 LimitNPROC=infinity
41 LimitCORE=infinity
42 TasksMax=infinity
43 Delegate=yes
44 KillMode=process
45 
46 [Install]
47 WantedBy=multi-user.target
48 
49 EOF
50 
51 # 启动docker
52 systemctl daemon-reload
53 systemctl restart docker.service
54 systemctl enable docker.service
55 
56 # 验证
57 docker info
58 docker version

 

安装kubeadm/kubelet/kubectl(选装)

 1 cat <<EOF > /etc/yum.repos.d/kubernetes.repo
 2 [kubernetes]
 3 name=Kubernetes
 4 baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
 5 enabled=1
 6 gpgcheck=1
 7 repo_gpgcheck=1
 8 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
 9 EOF
10 
11 yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
12 
13 systemctl enable --now kubelet

 

预下载镜像

1 kubeadm config images pull
2 [config/images] Pulled k8s.gcr.io/kube-apiserver:v1.15.1
3 [config/images] Pulled k8s.gcr.io/kube-controller-manager:v1.15.1
4 [config/images] Pulled k8s.gcr.io/kube-scheduler:v1.15.1
5 [config/images] Pulled k8s.gcr.io/kube-proxy:v1.15.1
6 [config/images] Pulled k8s.gcr.io/pause:3.1
7 [config/images] Pulled k8s.gcr.io/etcd:3.3.10
8 [config/images] Pulled k8s.gcr.io/coredns:1.3.1

 

master-1到其他master免密

1 # master-1执行
2 ssh-keygen
3 ssh-copy-id -i /root/.ssh/id_rsa.pub -p 8022 root@k8s-test-master-2
4 ssh-copy-id -i /root/.ssh/id_rsa.pub -p 8022 root@k8s-test-master-3