设置系统主机名以及 Host 文件的相互解析

  1. [root@localhost ~]# hostnamectl set-hostname k8s-master01
  2. [root@localhost ~]# hostname
  3. k8s-master01

安装依赖包

  1. yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget
  2. vim net-tools git

关闭防火墙

  1. systemctl stop firewalld && systemctl disable firewalld
  2. Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
  3. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

设置防火墙为 Iptables 并设置空规则

  1. systemctl stop firewalld && systemctl disable firewalld
  2. Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
  3. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

关闭交换空间

  1. swapoff -a
  2. sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
  1. # 关闭selinux
  2. $ setenforce 0

配置内核

  1. [root@centos01 ~]# vim /etc/sysctl.d/k8s.conf
  2. ## 添加如下内容
  3. net.bridge.bridge-nf-call-ip6tables = 1
  4. net.bridge.bridge-nf-call-iptables = 1
  5. net.ipv4.ip_forward = 1
  6. ## 执行命令生效
  7. [root@localhost ~]# modprobe br_netfilter
  8. [root@localhost ~]# sysctl --system

docker安装

卸载旧版本,首次安装docker不需要执行下面的卸载的命令

  1. # sudo yum remove docker \
  2. >                   docker-common \
  3. >                   docker-selinux \
  4. >                   docker-engine

安装docker工具

  1. sudo yum install -y yum-utils \
  2.   device-mapper-persistent-data \
  3.   lvm2

国内建议安装阿里云的镜像仓库

  1. #yum-config-manager \
  2. --add-repo \
  3. http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
  4. #yum update -y
  1. yum list docker-ce --showduplicates | sort -r

选择安装18.3 版本的

  1. # yum install -y docker-ce-18.09.8-3.el7.x86_64

查看安装结果

  1. # docker version
  2. Client:
  3.  Version:           18.06.3-ce
  4.  API version:       1.38
  5.  Go version:        go1.10.3
  6.  Git commit:        d7080c1
  7.  Built:             Wed Feb 20 02:26:51 2019
  8.  OS/Arch:           linux/amd64
  9.  Experimental:      false
  10. Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

创建 /etc/docker 目录

  1. mkdir /etc/docker

配置 daemon.

  1. [root@localhost ~]# mkdir /etc/docker
  2. [root@localhost ~]# cat > /etc/docker/daemon.json <<EOF
  3.  {
  4.  "exec-opts": ["native.cgroupdriver=systemd"],
  5.  "registry-mirrors": ["https://5tiu40w5.mirror.aliyuncs.com"]
  6.  }
  7.  EOF
  8. [root@localhost ~]# mkdir -p /etc/systemd/system/docker.service.d
  9. [root@localhost ~]# systemctl daemon-reload && systemctl restart docker && systemctl enable docker
  10. Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

安装 Kubeadm (主从配置)

  1. cat <<EOF > /etc/yum.repos.d/kubernetes.repo
  2. [kubernetes]
  3. name=Kubernetes
  4. baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
  5. enabled=1
  6. gpgcheck=0
  7. repo_gpgcheck=0
  8. gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
  9. http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  10. EOF

查看版本

  1.  yum list kubeadm --showduplicates | sort -r

选择稳定版本安装

  1.  yum install -y kubelet-1.15.4 kubeadm-1.15.4 kubectl-1.15.4

查看安装结果

  1. [root@localhost ~]# kubeadm version
  2. kubeadm version: &version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.4", GitCommit:"67d2fcf276fcd9cf743ad4be9a9ef5828adc082f", GitTreeState:"clean", BuildDate:"2019-09-18T14:48:18Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"
  1. # systemctl enable kubelet && systemctl start kubelet

主节点安装

参数含义
https://kubernetes.io/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/
主要需要把镜像转成中国区的镜像地址

  1. # kubeadm init \
  2.  --apiserver-advertise-address 172.17.245.18 \
  3.  --image-repository registry.aliyuncs.com/google_containers \
  4.  --kubernetes-version v1.15.4 \
  5.  --pod-network-cidr=10.240.0.0/16

如果中途有什么安装错误 可以选择重新安装

  1. # kubeadm reset
  2. [reset] Reading configuration from the cluster...
  3. [reset] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
  4. [reset] WARNING: Changes made to this host by 'kubeadm init' or 'kubeadm join' will be reverted.
  5. [reset] Are you sure you want to proceed? [y/N]:

设置权限

  1. To start using your cluster, you need to run the following as a regular user:
  3.   mkdir -p $HOME/.kube
  4.   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  5.   sudo chown $(id -u):$(id -g) $HOME/.kube/config

其他节点加入

  1. kubeadm join 172.17.245.18:6443 --token hqzu0y.ensdbjnqay0au02f \
  2.     --discovery-token-ca-cert-hash sha256:46d0ff368b08e14204b8965475b4829ae6a957c6c7f57f4c789327c1ec4af71a

coredns 一直会处于pending状态 需要安装网络插件

  1. [root@localhost ~]# kubectl get pods --all-namespaces
  2. NAMESPACE     NAME                                   READY   STATUS    RESTARTS   AGE
  3. kube-system   coredns-bccdc95cf-dm67t                0/1     Pending   0          111s
  4. kube-system   coredns-bccdc95cf-l4tmd                0/1     Pending   0          111s
  5. kube-system   etcd-k8s-master01                      1/1     Running   0          59s
  6. kube-system   kube-apiserver-k8s-master01            1/1     Running   0          70s
  7. kube-system   kube-controller-manager-k8s-master01   1/1     Running   0          62s
  8. kube-system   kube-proxy-rwtb8                       1/1     Running   0          111s
  9. kube-system   kube-scheduler-k8s-master01            1/1     Running   0

安装网络插件

  1. [root@localhost ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
  2. podsecuritypolicy.policy/psp.flannel.unprivileged created
  3. clusterrole.rbac.authorization.k8s.io/flannel created
  4. clusterrolebinding.rbac.authorization.k8s.io/flannel created
  5. serviceaccount/flannel created
  6. configmap/kube-flannel-cfg created
  7. daemonset.apps/kube-flannel-ds-amd64 created
  8. daemonset.apps/kube-flannel-ds-arm64 created
  9. daemonset.apps/kube-flannel-ds-arm created
  10. daemonset.apps/kube-flannel-ds-ppc64le created
  11. daemonset.apps/kube-flannel-ds-s390x created

第一次安装需要在等待个几分钟左右,需要下载kube-flannel-ds镜像 在查看

  1. # kubectl get pods --all-namespaces
  2. NAMESPACE     NAME                                   READY   STATUS    RESTARTS   AGE
  3. kube-system   coredns-58cc8c89f4-4nw8s               0/1     Running   0          7m35s
  4. kube-system   coredns-58cc8c89f4-frtwx               0/1     Running   0          7m35s
  5. kube-system   etcd-k8s-master01                      1/1     Running   0          6m41s
  6. kube-system   kube-apiserver-k8s-master01            1/1     Running   0          6m29s
  7. kube-system   kube-controller-manager-k8s-master01   1/1     Running   0          6m42s
  8. kube-system   kube-flannel-ds-amd64-74gqm            1/1     Running   0          2m24s
  9. kube-system   kube-proxy-xcdfm                       1/1     Running   0          7m35s
  10. kube-system   kube-scheduler-k8s-master01            1/1     Running   0          6m57s

节点加入

下面这段会在主节点创建的时候 在成功的最后会显示出来 有效时长是24小时

  1. # kubeadm join 172.17.245.18:6443 --token 1abton.yf83y8sqq9jucdzn \
  2.     --discovery-token-ca-cert-hash sha256:ce53505a8f73f16cd73da51437c68581bb01235be96f4a5b0f87e09df5788108

在主机上查看token

  1. # kubeadm token list
  2. TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION                                                EXTRA GROUPS
  3. 1abton.yf83y8sqq9jucdzn   23h       2019-10-18T20:36:03+08:00   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

查看—discovery-token-ca-cert-hash

  1. # openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
  2. ce53505a8f73f16cd73da51437c68581bb01235be96f4a5b0f87e09df5788108

重新创建token

  1. # kubeadm token create --print-join-command

查看安装节点 

  1. # kubectl get nodes
  2. NAME           STATUS   ROLES    AGE   VERSION
  3. k8s-master01   Ready    master   35m   v1.15.4
  4. k8s-node01     Ready    <none>   13s   v1.16.1

参考

https://juejin.im/post/5df712d06fb9a0160770a01e
https://juejin.im/post/5d7fb46d5188253264365dcf
https://blog.51cto.com/9095441/2442378