kubernetes实战001 kubeadm安装k8s

1. 环境初始化

centos7

# 配置国内kubernetes yum源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes Repositry
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF

# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT

# 关闭selinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

# 关闭swap
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

# 加载内核模块
modprobe br_netfilter
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4

cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
modprobe -- br_netfilter
EOF

chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules


# 设置内核参数
cat << EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl -p /etc/sysctl.d/k8s.conf

# 配置主机名解析
echo -e "$(hostname -i)\t$(hostname)" >> /etc/hosts

# 国内docker源
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.d/

# 安装相关依赖包
yum clean all && yum makecache fast
yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp chrony

# 设置时区
timedatectl set-timezone "Asia/Shanghai"

# 时间同步
systemctl start chronyd && systemctl enable chronyd

# 安装docker
yum install docker-ce-18.06.2.ce -y

# 安装kubeadm
yum install kubelet-1.14.0 kubeadm-1.14.0 kubectl-1.14.0 --disableexcludes=kubernetes -y


# docker配置及服务启动
cat > /etc/docker/daemon.json <<EOF
{
  "registry-mirrors":["https://registry.docker-cn.com"],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF
systemctl daemon-reload && systemctl restart docker

# 启动kubelet
systemctl start kubelet && systemctl enable kubelet

2. 单节点master-node

2.1 master节点

# 生成初始化配置文件
mkdir /ops-data && cd /ops-data
kubeadm config print init-defaults > init.default.yaml
cat > init.default.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta1
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.30.60
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: kubeadm-node1
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta1
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: ""
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: docker.io/dustise
kind: ClusterConfiguration
kubernetesVersion: v1.14.0
networking:
  dnsDomain: cluster.local
  podSubnet: "10.244.0.0/16"
  serviceSubnet: 10.96.0.0/12
scheduler: {}
EOF

# 下载镜像
kubeadm config images pull --config=init.default.yaml

# 初始化集群
kubeadm init --config=init.default.yaml

# 配置kubectl
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 安装网络插件calico
kubectl apply -f https://docs.projectcalico.org/v3.7/manifests/calico.yaml

# 修改kube-proxy使用ipvs
kubectl get configmap kube-proxy -n kube-system -o yaml > kube-proxy-configmap.yaml
sed -i 's/mode: ""/mode: "ipvs"/' kube-proxy-configmap.yaml
kubectl apply -f kube-proxy-configmap.yaml

2.2 Node节点

# node 加入集群
kubeadm join 192.168.30.60:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:e1ef4b5294184b0c989ae4bf8d9f59d03d5cae3369296fe777fad3183035f44a
    
# 修改kubelet cgroup diver为systemd
sed -i 's/cgroupfs/systemd/g' /var/lib/kubelet/kubeadm-flags.env
systemctl daemon-reload && systemctl retart kubelet

2.3 验证

kubectl get cs
kubectl get nodes
kubectl get pod --all-namespaces
kubectl --namespace kube-system describe pod <pod-names>