centos安装k8s
程序员文章站
2024-03-11 09:57:55
...
centos安装k8s
一、准备机器
ip | 节点 |
---|---|
172.22.1.10 | master-k8s |
172.22.1.11 | node1-k8s |
172.22.1.12 | node2-k8s |
修改主机名称 /etc/hosts文件加入
hostnamectl set-hostname xxx
172.22.1.10 master-k8s
172.22.1.11 node1-k8s
172.22.1.12 node2-k8s
二、时间同步
yum -y install chrony
vim /etc/chrony.conf
master
server master-k8s iburst
allow 172.22.1.0/24
local stratum 10
systemctl enable chronyd
systemctl start chronyd
ss -unl|grep 123
chronyc sources
node
server master-k8s iburst
systemctl enable chronyd
systemctl start chronyd
chronyc sources
三、关闭防火墙,iptables,selinux,swap
iptables -F
systemctl stop firewalld
systemctl disable firewalld
关闭 selinux
setenforce 0
vi /etc/selinux/config
SELINUX=disabled
关闭交换分区 swapoff -a
vi /etc/fstab
#/dev/mapper/centos-swap swap
free -m
四、内核配置
# 开启路由转发功能以及iptables的过滤策略。
cat <<EOF > /etc/sysctl.d/k8s.conf
#开启iptables中ipv6的过滤规则
net.bridge.bridge-nf-call-ip6tables = 1
#开启ipv4的过滤规则
net.bridge.bridge-nf-call-iptables = 1
#开启服务器的路由转发功能
net.ipv4.ip_forward = 1
EOF
# 执行命令使修改生效。
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
五、安装docker
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/
yum makecache fast
yum repolist
yum install decker-ce -y
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF
systemctl enable docker
systemctl start docker
六、安装 kubelet kubeadm kubectl
生成kubernetes的yum仓库配置文件/etc/yum.repos.d/kubernetes.repo,内容如下:
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
enabled=1
yum -y install kubelet kubeadm kubectl
七、准备相关镜像
不能*先把相关镜像下载好导入到本地
kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.17.4
k8s.gcr.io/kube-controller-manager:v1.17.4
k8s.gcr.io/kube-scheduler:v1.17.4
k8s.gcr.io/kube-proxy:v1.17.4
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.4.3-0
k8s.gcr.io/coredns:1.6.5
八、主节点初始化,从节点加入集群
编辑kubelet的配置文件/etc/sysconfig/kubelet 忽略swap
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
systemctl enable kubelet
kubeadm init --kubernetes-version=v1.17.3 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
从节点重复以上步骤后
kubeadm join 172.22.1.10:6443 --token xxxxx --discovery-token-ca-cert-hash sha256:xxx
九、kubectl 命令自动补全
yum install bash-completion -y
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
十、安装flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
十一、安装dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml
改一下暴露服务端口
Service.spec.type: NodePort
Service.spec.ports: nodePort: 30888
kubectl apply -y recommended.yaml
新建 serviceaccount 绑定集群管理员角色
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
查看访问token
kubectl get secrets -n kubernetes-dashboard dashboard-admin-token-hm9hk -o jsonpath={.data.token}
创建访问conf
kubectl config set-cluster luhaocluster --kubeconfig=/root/dashboard/con.conf --certificate-authority=./ca.crt --embed-certs=true --server="https://172.22.1.10:6443"
kubectl config set-credentials luhao-admin --kubeconfig=/root/dashboard/con.conf --token=$(kubectl get secrets -n kubernetes-dashboard dashboard-admin-token-hm9hk -o jsonpath={.data.token} |base64 -d)
kubectl config set-context luhao-[email protected] --cluster=luhaocluster --user=luhao-admin --kubeconfig=/root/dashboard/con.conf
十二、安装 ingress-nginx
ingress-nginx暴露服务方式一:共享宿主机网络名称空间
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
修改 pod spec:
使用主机IPC
hostIPC: true
使用主机PID
hostPID: true
使用主机网络命名空间
hostNetwork: true
然后设置固定 spec.nodeName spec.nodeSelector,使pod调度到固定的机器
kubectl apply -f mandatory.yaml
ingress-nginx暴露服务方式二:使用service NodePort暴露服务
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/baremetal/service-nodeport.yaml
改一下服务端口
kubectl apply -f service-nodeport.yaml
上一篇: Java 数据库连接池详解及简单实例