文章目錄
前言
一:環境準備
- VMware軟件
- 1臺centos7虛擬機作爲master節點,IP地址:192.168.233.128,CPU核心數最低爲2
- 1臺centos7虛擬機作爲node01節點,IP地址:192.168.233.129
- 1臺centos7虛擬機作爲node02節點,IP地址:192.168.233.130
二:集羣部署過程
2.1:設置系統初始化
-
修改三臺虛擬機主機名
[root@192 ~]# hostnamectl set-hostname k8s-master '//相同方法修改node節點主機名爲k8s-node01和node02' [root@192 ~]# su [root@k8s-master ~]#
-
使三個節點可以相互關聯,在master節點中配置如下
[root@k8s-master ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.233.128 k8s-master 192.168.233.129 k8s-node01 192.168.233.130 k8s-node02 [root@k8s-master ~]# scp /etc/hosts root@k8s-node01:/etc/hosts '//將之複製到node01節點' '//期間需要輸入yes和node01節點的密碼' [root@k8s-master ~]# scp /etc/hosts root@k8s-node01:/etc/hosts
2.1.1:三個節點初始化系統,僅展示master節點操作
-
安裝依賴包
[root@k8s-master ~]# yum install -y \ > conntrack \ > ntpdate \ > ntp \ > ipvsadm \ > ipset \ > jq \ > iptables \ > curl \ > sysstat \ > libseccomp \ > wget \ > vim net-tools git
-
清空防火牆規則
[root@k8s-master ~]# systemctl stop firewalld && systemctl disable firewalld '//關閉防火牆並設置爲開啓不自啓動' [root@k8s-master ~]# yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save '//安裝iptables服務且開啓iptables並設置爲開機自啓且清空iptables規則且保存iptables配置'
-
關閉SELINUX和swap功能,如果pod放在swap內會降低工作效率
[root@k8s-master ~]# swapoff -a && sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab '//關閉swap分區【虛擬內存】並且永久關閉虛擬內存。' [root@k8s-master ~]# setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config '//關閉selinux'
-
調整內核參數
[root@k8s-master ~]# cat > kubernetes.conf <<EOF > net.bridge.bridge-nf-call-iptables=1 '//開啓網橋模式' > net.bridge.bridge-nf-call-ip6tables=1 '//開啓網橋模式' > net.ipv4.ip_forward=1 > net.ipv4.tcp_tw_recycle=0 > vm.swappiness=0 '//禁止使用swap交換空間,只有當系統OOM時才允許使用' > vm.overcommit_memory=1 '//不檢查物理內存是否夠用' > vm.panic_on_oom=0 '//開啓OOM' > fs.inotify.max_user_instances=8192 > fs.inotify.max_user_watches=1048576 > fs.file-max=52706963 > fs.nr_open=52706963 > net.ipv6.conf.all.disable_ipv6=1 '//關閉ipv6' > net.netfilter.nf_conntrack_max=2310720 > EOF [root@k8s-master ~]# cp kubernetes.conf /etc/sysctl.d/kubernetes.conf '//將文件放到sysctl.d目錄下,在啓動時調整這些內核參數' [root@k8s-master ~]# modprobe br_netfilter [root@k8s-master ~]# sysctl -p /etc/sysctl.d/kubernetes.conf '//使之立即生效' 若提示:sysctl:cannot stat /proc/sys/net/netfilter/nf_conntrack_max:沒有那個文件或目錄:##是因爲內核版本小於4.0,稍後更新內核即可
-
調整系統時區:若安裝centos7時候選擇的是上海則不需要更改
#設置系統時區爲中國/上海 timedatectl set-timezone Asia/Shanghai #將當前的UTC時間寫入硬件時鐘 timedatectl set-local-rtc 0 #重啓依賴於系統時間的服務 systemctl restart rsyslog systemctl restart crond
-
關閉不需要的服務
[root@k8s-master ~]# systemctl stop postfix &&systemctl disable postfix '//關閉郵件服務且開啓不自啓動'
-
設置日誌保存方式爲journald日誌
'//創建journald日誌保存目錄和配置文件存放目錄' [root@k8s-master ~]# mkdir /var/log/journal [root@k8s-master ~]# mkdir /etc/systemd/journald.conf.d [root@k8s-master ~]# cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF > [Journal] > #持久化保存到磁盤 > Storage=persistent > > #壓縮歷史日誌 > Compress=yes > SyncIntervalSec=5m > RatelimitInterval=30s > RatelimitBurst=1000 > > #最大佔用空間10G > SystemMaxUse=10G > > #單日誌文件最大200M > SystemMaxFileSize=200M > > #日誌保存時間2周 > MaxRetentionSec=2week > > #不將日誌轉發到syslog > ForwardToSyslog=no > EOF [root@k8s-master ~]# systemctl restart systemd-journald '//重啓journald'
-
升級系統內核爲4.4,提高k8s系統運行的穩定性
[root@k8s-master ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm '//升級RPM包' [root@k8s-master ~]# yum --enablerepo=elrepo-kernel install -y kernel-lt '//安裝內核' [root@k8s-master ~]# grub2-set-default "CentOS Linux (4.4.213-1.el7.elrepo.x86_64) 7 (Core)" '//設置開機從新內核啓動' [root@k8s-master ~]# init 6 '//重啓' [root@k8s-master ~]# uname -r '//檢查內核版本' 4.4.213-1.el7.elrepo.x86_64
2.2:kubeadm部署安裝
-
kube-proxy開啓ipvs的前置條件,主從都做
[root@k8s-master ~]# modprobe br_netfilter '//加載netfilter模塊' '//引導模塊依賴' [root@k8s-master ~]# cat > /etc/sysconfig/modules/ipvs.modules <<EOF > #!/bin/bash > modprobe -- ip_vs > modprobe -- ip_vs_rr > modprobe -- ip_vs_wrr > modprobe -- ip_vs_sh > modprobe -- nf_conntrack_ipv4 > EOF [root@k8s-master ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules &&lsmod | grep -e ip_vs -e nf_conntrack_ipv4
2.2.1:docker安裝,主從都做
-
安裝docker依賴
[root@k8s-master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
-
加載阿里雲docker鏡像,YUM倉庫
[root@k8s-master ~]# yum-config-manager \ > --add-repo \ > http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
-
更新並安裝docker:時間較長
[root@k8s-master ~]# yum update -y && yum install -y docker-ce
-
安裝完畢重啓系統
[root@k8s-master ~]# grub2-set-default "CentOS Linux (4.4.213-1.el7.elrepo.x86_64) 7 (Core)" [root@k8s-master ~]# init 6 '//如果光標不是在4.4版本上停留,一定要手動選擇4.4版本'
-
開啓docker
[root@k8s-master ~]# systemctl status docker
-
配置daemon
[root@k8s-master ~]# cat > /etc/docker/daemon.json <<EOF > { > "exec-opts": ["native.cgroupdriver=systemd"], > "log-driver": "json-file", > "log-opts": { > "max-size": "100m" > } > } > EOF [root@k8s-master ~]# mkdir ‐p /etc/systemd/system/docker.service.d [root@k8s-master ~]# systemctl daemon-reload && systemctl restart docker && systemctl enable docker '//重載daemon,重啓docker,開機自啓docker'
2.2.2:kubeadm安裝,主從都做
-
導入阿里雲K8Syum倉庫
[root@k8s-master ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo > [kubernetes] > name=Kubernetes > baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 > enabled=1 > gpgcheck=0 > repo_ gpgcheck=0 > gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg > http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg > EOF [root@k8s-master ~]# yum -y install kubeadm-1.15.1 kubect1-1.15.1 kubelet-1.15.1
-
開機自啓動kubelet
[root@k8s-master ~]# systemctl enable kubelet.service
-
解壓kubeadm鏡像
[root@k8s-master ~]# mount.cifs //192.168.11.1/ccc /mnt Password for root@//192.168.11.1/ccc: [root@k8s-master ~]# cd /mnt/kubernetes/ [root@k8s-master kubernetes]# mkdir /opt/k8s [root@k8s-master kubernetes]# tar zxvf kubeadm-basic.images.tar.gz -C /opt/k8s/
-
將解壓的鏡像複製到node節點
[root@k8s-master kubernetes]# scp -r /opt/k8s/ root@k8s-node01:/opt/k8s [root@k8s-master kubernetes]# scp -r /opt/k8s/ root@k8s-node02:/opt/k8s
-
編寫一個腳本,快捷導入kubeadm
[root@k8s-master ~]# vim daoru.sh '//編輯腳本' #!/bin/bash ls /opt/k8s/kubeadm-basic.images > /opt/k.txt cd /opt/k8s/kubeadm-basic.images for i in `cat /opt/k.txt` do docker load -i $i done rm -rf /opt/k.txt [root@k8s-master ~]# chmod +x daoru.sh '//增加腳本執行權限' [root@k8s-master ~]# scp daoru.sh root@k8s-node01: '//複製到節點' [root@k8s-master ~]# scp daoru.sh root@k8s-node02: [root@k8s-master ~]# ./daoru.sh '//每個節點都執行腳本'
-
初始化主節點,node節點不需要操作
[root@k8s-master ~]# cd /opt [root@k8s-master opt]# kubeadm config print init-defaults > kubeadm-config.yaml [root@k8s-master opt]# vim kubeadm-config.yaml '//12行改爲當前本機IP,冒號後面要有空格' advertiseAddress: 192.168.233.128 '//34行當前版本爲:v1.15.1' kubernetesVersion: v1.15.1 '//在37行下方添加pod節點網段' serviceSubnet: 10.96.0.0/12 podSubnet: "10.244.0.0/16" '//此IP地址爲flannel自動分配的地址段落' '//在39行下面插入默認調度方式爲:ipvs' --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration featureGates : SupportIPVSProxyMode: true mode: ipvs
-
開始初始化主節點
[root@k8s-master opt]# kubeadm init --config=kubeadm-config.yaml --experimental-upload-certs | tee kubeadm-init.log
-
查看kubeadm-init.log ,並根據提示進行操作
[root@k8s-master opt]# vim kubeadm-init.log '//56、57、58行三行話要複製出來作爲命令輸入' mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config [root@k8s-master opt]# mkdir -p $HOME/.kube [root@k8s-master opt]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@k8s-master opt]# sudo chown $(id -u):$(id -g) $HOME/.kube/config [root@k8s-master opt]# kubectl get node '//查看節點狀態' NAME STATUS ROLES AGE VERSION k8s-master NotReady master 4m57s v1.15.1
-
移動重要的文件
[root@k8s-master opt]# mkdir k-install ...省略操作,文件移動後爲下方樹狀圖 [root@k8s-master opt]# tree /opt/k-install/ /opt/k-install/ '//創建k-install目錄' ├── code '//在k-install下創建code目錄' │ ├── kubeadm-config.yaml '//將這兩個文件移動到code目錄' │ └── kubeadm-init.log └── plugin '//在k-install目錄下創建plugin目錄' └── flannel '//在plugin目錄下創建flannel目錄' 3 directories, 2 files
-
下載並安裝flannel組件
[root@k8s-master opt]# cd k-install/plugin/flannel/ [root@k8s-master flannel]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml [root@k8s-master flannel]# kubectl create -f kube-flannel.yml [root@k8s-master flannel]# kubectl get pod -n kube-system '//稍等會發現flannel是running狀態了' [root@k8s-master flannel]# kubectl get node NAME STATUS ROLES AGE VERSION k8s-master Ready master 162m v1.15.1 '//發現k8s是ready狀態了'
-
node節點操作,添加到master節點
主節點的 kubeadm-init.log中最下面有這兩句話,複製到node節點中執行自動添加到主節點之中 [root@k8s-master flannel]# cd ../../code/ [root@k8s-master code]# ls kubeadm-config.yaml kubeadm-init.log [root@k8s-master code]# vim kubeadm-init.log kubeadm join 192.168.233.128:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:fb07c549867486b9dc43dd6f00267f335ff250978476e9d177b43ce1e450c375 '//將這兩句話複製到node節點直接執行' [root@k8s-master code]# kubectl get pod -n kube-system -o wide '//查看更詳細的信息' [root@k8s-master code]# kubectl get pod -n kube-system -w '//監控狀態' '//其他省略,這倆正在初始化,我們監控,等到他running' kube-flannel-ds-amd64-cvg8v 0/1 Init:0/1 0 2m35s kube-flannel-ds-amd64-k69bq 0/1 Init:0/1 0 2m38s [root@k8s-master code]# kubectl get node k8s-master Ready master 162m v1.15.1 k8s-node01 Ready node 162m v1.15.1 k8s-node02 Ready node 162m v1.15.1
-
集羣搭建成功
2.3:實驗結束,集羣搭建成功
[root@k8s-master code]# kubectl get node
k8s-master Ready master 162m v1.15.1
k8s-node01 Ready node 162m v1.15.1
k8s-node02 Ready node 162m v1.15.1