kubernetes1.16.2安装部署(二进制方式)
systemctl stop firewalld.service
systemctl disable firewalld.service
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab
yum install wget lrzsz vim epel-release.noarch ntp ntpdate -y
ntpdate ntp1.aliyun.com
cat > /etc/sysconfig/modules/ipvs.modules << EOF
modprobe – ip_vs
modprobe – ip_vs_rr
modprobe – ip_vs_wrr
modprobe – ip_vs_sh
modprobe – nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules
bash /etc/sysconfig/modules/ipvs.modules
modprobe br_netfilter (这句必须执行)
并且修改内核参数,编辑文件 /etc/sysctl.conf ,增加以下内容
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
sysctl -p
安装ansible(master)
yum install -y ansible
免密配置
ssh-******
ssh-copy-id 172.16.5.150/151/152 (三台都要)
mkdir -p /work/deploy/kubernetes/security
cd /work/deploy/kubernetes/security
复制一个/etc/pki/tls/openssl.cnf文件,编写openssl-k8s.cnf 和openssl-etcd.cnf 记得在v3_req 下添加:[email protected]_names
cp /etc/pki/tls/openssl.cnf openssl-k8s.cnf
cp /etc/pki/tls/openssl.cnf openssl-etcd.cnf
k8s
[alt_names]
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.cluster
DNS.5 = kubernetes.default.svc.cluster.local
IP.1 = 127.0.0.1 # kubernetes master server ip
IP.2 = 10.10.0.1
IP.3 = 10.10.0.200
IP.4 = 172.16.5.150
IP.5 = 172.16.5.151
IP.6 = 172.16.5.152
etcd:
[alt_names]
IP.1 = 127.0.0.1 # kubernetes master server ip
IP.2 = 172.16.5.150
IP.3 = 172.16.5.151
IP.4 = 172.16.5.152
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -days 10000 -out ca.pem -subj "/CN=kubernetes/O=k8s"
openssl genrsa -out kubernetes.key 2048
openssl req -new -key kubernetes.key -out kubernetes.csr -subj "/CN=kubernetes/O=k8s" -config openssl-k8s.cnf
openssl x509 -req -in kubernetes.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kubernetes.pem -days 10000 -extensions v3_req -extfile openssl-k8s.cnf
openssl genrsa -out etcd.key 2048
openssl req -new -key etcd.key -out etcd.csr -subj "/CN=etcd/O=etcd" -config openssl-etcd.cnf
openssl x509 -req -in etcd.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out etcd.pem -days 10000 -extensions v3_req -extfile openssl-etcd.cnf
openssl genrsa -out proxy.key 2048
openssl req -new -key proxy.key -out proxy.csr -subj "/CN=system:kube-proxy"
openssl x509 -req -in proxy.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out proxy.pem -days 10000
openssl genrsa -out admin.key 2048
openssl req -new -key admin.key -out admin.csr -subj "/CN=admin/O=system:masters/OU=System"
openssl x509 -req -in admin.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out admin.pem -days 10000
mkdir -p /usr/local/kubernetes/kubernetes
mkdir -p /usr/local/docker
从百度云下载包并解压
https://pan.baidu.com/s/1yFRFF1eX5qPoVMxhNgxiTA
分享码:e7el
拷贝doker及k8s的二进制包到/usr/local/docker和/usr/local/kubernetes/kubernetes
vim /etc/ansible/hosts(去掉里面的一些不恰当的空行。并根据需要修改这几个项的值 CLUSTER_DNS_SVC_IP SERVICE_CLUSTER_IP POD_CLUSTER_IP)
[master-server]
172.16.5.150 MASTER_IP="172.16.5.150"
[all-servers]
172.16.5.[150:152]
[node-servers]
172.16.5.150 NODE_IP="172.16.5.150"
172.16.5.151 NODE_IP="172.16.5.151"
172.16.5.152 NODE_IP="172.16.5.152"
[etcd-servers]
172.16.5.150 NODE_NAME=etcd1 NODE_IP="172.16.5.150"
172.16.5.151 NODE_NAME=etcd2 NODE_IP="172.16.5.151"
172.16.5.152 NODE_NAME=etcd3 NODE_IP="172.16.5.152"
[etcd-server-1]
172.16.5.150
[all:vars]
MASTER_IP="172.16.5.150"
CLUSTER_DNS_SVC_IP=10.10.10.200
SERVICE_CLUSTER_IP="10.10.10.0/24"
POD_CLUSTER_IP="192.168.0.0/16"
BOOTSTRAP_TOKEN="e5330137a96d293d6143af65eefbab4f"
etcd_data_dir="/opt/etcd"
ETCD_NODES="etcd1=https://172.16.5.150:2380,etcd2=https://172.16.5.151:2380,etcd3=https://172.16.5.152:2380"
ETCD_ENDPOINTS="https://172.16.5.150:2379,https://172.16.5.151:2379,https://172.16.5.152:2379"
binary_dir="/usr/local/kubernetes/kubernetes"
ca_source_dir="/work/deploy/kubernetes/security"
kube_ca_dir="/etc/kubernetes/ca"
etcd_ca_dir="/etc/etcd/ca"
docker_binary_dir="/usr/local/docker"
docker_domain="docker.ssiid.com"
ansible_dir="/work/deploy/ansible/playbook"
POD_INFRA_CONTAINER_IMAGE=docker.ssiid.com/google_containers/pause-amd64:3.1
(上面的pause镜像自己去github上下,或者阿里云上找一下,改一下名字即可)
上面中的BOOTSTRAP_TOKEN="?"**
可以使用下面的命令随机生成
echo "`head -c 16 /dev/urandom | od -An -t x | tr -d ' '`"
拷贝ansible资源包 到 /work/deploy/并解压
修改docker的配置添加阿里云镜像加速(加速地址复制自己阿里云的就行)
https://l7nazddas.mirror.aliyuncs.com
cd /work/deploy/ansible/playbook
依次运行
ansible-playbook prepare.yaml
ansible-playbook etcd.yaml
ansible-playbook docker.yaml
ansible-playbook kubernetes.yaml
ansible-playbook finalize.yaml
登录docker.ssiid.com 拉取pause镜像(这个你们自己去阿里云下或者github上拉)
docker login docker.ssiid.com
xxxx/xxxx
docker pull docker.ssiid.com/google_containers/pause-amd64:3.1
去github的calico仓库下载calico的yaml,并修改cidr
curl https://docs.projectcalico.org/manifests/calico.yaml -O
kubectl apply -f calico.yaml
添加别名
vim /etc/bashrc
alias kc='kubectl'
alias kcp='kubectl get po'
alias kcd='kubectl describe po'
alias kcdp='kubectl delete po'
alias kce='kubectl exec -it'
alias kcl='kubectl logs -f'
alias kca='kubectl apply -f'
source /etc/bashrc
mkdir /work/deploy/kubernetes/coredns
cd /work/deploy/kubernetes/coredns
拷贝公网上的coredns来用
去把这个文件下载下来进行相应的修改它的服务ip为10.10.0.200,apply
或者去下面这个地址下载
https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/coredns/coredns.yaml.base
上一篇: 深入理解Java中的接口
推荐阅读
-
kubernetes1.16.2安装部署(二进制方式)
-
二进制文件方式安装kubernetes集群
-
kubernetes 1.14.1二进制离线安装高可用生产环境部署手册
-
4.k8s入门:docker部署(二进制包离线安装)
-
运维--二进制离线安装Docker及一键部署docker脚本
-
二进制安装部署kubernetes集群---超详细教程
-
CentOS 7 中以命令行方式安装 MySQL 5.7.11 for Linux Generic 二进制版本教程详解
-
CentOS 7 中以命令行方式安装 MySQL 5.7.11 for Linux Generic 二进制版本教程详解
-
Centos7.5安装mysql5.7.24二进制包方式部署
-
Centos7.5安装mysql5.7.24二进制包方式部署