欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

centos安装k8s

程序员文章站 2024-03-11 09:57:55
...

centos安装k8s

一、准备机器

ip 节点
172.22.1.10 master-k8s
172.22.1.11 node1-k8s
172.22.1.12 node2-k8s

修改主机名称 /etc/hosts文件加入

hostnamectl set-hostname  xxx
172.22.1.10 master-k8s
172.22.1.11 node1-k8s
172.22.1.12 node2-k8s

二、时间同步

yum -y install chrony 

vim /etc/chrony.conf

master
server master-k8s iburst
allow 172.22.1.0/24
local stratum 10
systemctl enable  chronyd
systemctl start   chronyd
ss -unl|grep 123
 chronyc sources
 
node
server master-k8s iburst
systemctl enable  chronyd
systemctl start   chronyd
 chronyc sources


三、关闭防火墙,iptables,selinux,swap

iptables -F
systemctl stop firewalld
systemctl disable firewalld
关闭 selinux
setenforce 0
vi /etc/selinux/config 
SELINUX=disabled
关闭交换分区  swapoff -a
vi /etc/fstab
#/dev/mapper/centos-swap swap
 free -m

四、内核配置

# 开启路由转发功能以及iptables的过滤策略。

cat <<EOF >  /etc/sysctl.d/k8s.conf
#开启iptables中ipv6的过滤规则
net.bridge.bridge-nf-call-ip6tables = 1
#开启ipv4的过滤规则
net.bridge.bridge-nf-call-iptables = 1
#开启服务器的路由转发功能
net.ipv4.ip_forward = 1
EOF

# 执行命令使修改生效。
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf

五、安装docker

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/
yum makecache fast
yum repolist
yum install decker-ce -y

cat > /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF

systemctl enable docker
systemctl start docker

六、安装 kubelet kubeadm kubectl

生成kubernetes的yum仓库配置文件/etc/yum.repos.d/kubernetes.repo,内容如下:
  
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
enabled=1
yum -y install  kubelet kubeadm kubectl 

七、准备相关镜像

不能*先把相关镜像下载好导入到本地
kubeadm config images list

k8s.gcr.io/kube-apiserver:v1.17.4
k8s.gcr.io/kube-controller-manager:v1.17.4
k8s.gcr.io/kube-scheduler:v1.17.4
k8s.gcr.io/kube-proxy:v1.17.4
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.5

八、主节点初始化,从节点加入集群

编辑kubelet的配置文件/etc/sysconfig/kubelet 忽略swap
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
systemctl enable kubelet

kubeadm init --kubernetes-version=v1.17.3 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
 
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

从节点重复以上步骤后
kubeadm join 172.22.1.10:6443 --token xxxxx --discovery-token-ca-cert-hash sha256:xxx

九、kubectl 命令自动补全

yum install bash-completion -y
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc

十、安装flannel

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

十一、安装dashboard

wget https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml
改一下暴露服务端口
Service.spec.type: NodePort
Service.spec.ports: nodePort: 30888
kubectl apply -y recommended.yaml

新建 serviceaccount 绑定集群管理员角色
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
查看访问token
kubectl get secrets -n kubernetes-dashboard dashboard-admin-token-hm9hk -o jsonpath={.data.token}

创建访问conf
kubectl config set-cluster luhaocluster --kubeconfig=/root/dashboard/con.conf  --certificate-authority=./ca.crt --embed-certs=true  --server="https://172.22.1.10:6443"
kubectl config set-credentials luhao-admin --kubeconfig=/root/dashboard/con.conf --token=$(kubectl get secrets -n kubernetes-dashboard dashboard-admin-token-hm9hk -o jsonpath={.data.token} |base64 -d)
kubectl config set-context luhao-[email protected] --cluster=luhaocluster --user=luhao-admin --kubeconfig=/root/dashboard/con.conf

十二、安装 ingress-nginx

ingress-nginx暴露服务方式一:共享宿主机网络名称空间
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
修改 pod spec:
使用主机IPC
hostIPC: true
使用主机PID
hostPID: true
使用主机网络命名空间
hostNetwork: true
然后设置固定 spec.nodeName   spec.nodeSelector,使pod调度到固定的机器
kubectl apply -f mandatory.yaml

ingress-nginx暴露服务方式二:使用service NodePort暴露服务
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml
改一下服务端口 
kubectl apply -f service-nodeport.yaml