1.linux服务器配置(4核2G磁盘30G)
1.1 yum配置(yum)
1.yum配置阿里云镜像 1.1基础镜像 curl http://mirrors.aliyun.com/repo/Centos-7.repo>/etc/yum.repos.d/CentOS-Base.repo 1.2kubernetes.repo cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF 2.yum yum update yum clean all yum makecache
1.2 安装docker并配置(docker)
1.安装 yum install docker 2.配置阿里云 cat <<EOF /etc/docker/daemon.json { "registry-mirrors": [ "https://dockerhub.azk8s.cn", "https://reg-mirror.qiniu.com" ] } EOF 3.使用docker用户启动docker sudo useradd docker sudo usermod -aG docker docker su docker systemctl start docker 4.使用root加入docker用户组启动(不建议) sudo usermod -aG docker root systemctl enable docker.service
1.3 禁用SELinux(禁用SE Linux)
setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
1.4 host设置为master(设置host)
1.host-set.sh #!/bin/bash NET_NAME=$1 HOST_NM=$2 IP=$(ip addr| grep $NET_NAME | awk '/^[0-9]+: / {}; /inet.*global/ {print gensub(/(.*)\/(.*)/, "\\1", "g", $2)}') echo "$HOST_NM" >/etc/hostname echo "$IP $HOST_NM" >>/etc/hosts 2.执行 把eth0 ip4地址设置对应master sh host-set.sh eth0 master #重启 reboot
1.5关闭swap(关闭swap)
1.关闭swap交换区 swapoff -a 2.永久保存 sed -i "s/\/dev\/mapper\/centos-swap/#\/dev\/mapper\/centos-swap/g" /etc/fstab
1.6 允许iptables检查桥接流量(入门建议禁用iptables,firewalld)
# 确保 br_netfilter加载 加载命令(sudo modprobe br_netfilter)[root@master k8s]# lsmod | grep br_netfilterbr_netfilter 22256 0bridge 151336 1 br_netfilter cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf br_netfilter EOF cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sudo sysctl --system #禁用firewalld sudo systemctl stop firewalld.service sudo systemctl disable firewalld.service
2.安装k8s组件
2.1安装并配置 kubectl,kubelet,kubeadm
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes systemctl enable --now kubelet
2.2重新启动kubelet
sudo systemctl daemon-reload sudo systemctl restart kubelet
2.3加入环境配置(K8S-FAQ -1)
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile source ~/.bash_profile
2.4 首先使用阿里云把需要的镜像pull下来(kubeadm-pull-image.sh)
#作者:院长#QQ群:645072509#使用阿里镜像仓库#查看版本号并替换为阿里镜像仓库源下载kubeadm config images list | sed-e's/^/docker pull /g'-e's#k8s.gcr.io#registry.cn-hangzhou.aliyuncs.com/google_containers#g' | sh-x#将镜像名字更改为原来的k8s.gcr.iodocker images | grep registry.cn-hangzhou.aliyuncs.com/google_containers | awk'{print "docker tag",$1":"$2,$1":"$2}' | sed-e's/registry.cn-hangzhou.aliyuncs.com\/google_containers/k8s.gcr.io/2' | sh-x#将从阿里镜像仓库下载的镜像删除docker images | grep registry.cn-hangzhou.aliyuncs.com/google_containers | awk'{print "docker rmi """$1""":"""$2}' | sh-
2.5使用kubeadm和(kubeadm-init.yaml)文件初始化集群
apiVersion: kubeadm.k8s.io/v1beta2 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 192.168.56.130 #k8s本机ip bindPort: 6443nodeRegistration: criSocket: /var/run/dockershim.sock #容器运行时支持,此处为docker name: master taints: - effect: NoSchedule key: node-role.kubernetes.io/master ---apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta2 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: type: CoreDNS etcd: local: dataDir: /var/lib/etcd imageRepository: "registry.cn-hangzhou.aliyuncs.com/google_containers"kind: ClusterConfiguration kubernetesVersion: v1.20.2 networking: dnsDomain: cluster.local podSubnet: 10.244.0.0/16 #集群中pod网段 serviceSubnet: 10.254.0.0/16 scheduler: {} ---apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs
kubeadm init --config kubeadm-init.yaml
2.6配置 CNI网络插件
可参考(https://kubernetes.io/zh/docs/concepts/cluster-administration/addons/)
2.6.1 使用kube-flannel.yaml运行kube-fannel
kubectl apply -f kube-flannel.yaml
2.7安装配置daskboard(NodePort方式)
2.7.1使用kubernetes-dashboard.yaml运行kubernetes-dashboard
kubectl apply -f kubernetes-dashboard.yaml
2.7.2配置dashboard用户和角色(admin-user-role-binding.yaml)
kubectl apply -f admin-user-role-binding.yaml
2.7.3 查询token
[root@master work]# kubectl get secret -n kube-system | grep admin-user-token-* admin-user-token-x9qtl kubernetes.io/service-account-token 3 6m21s [root@master work]# kubectl describe secret admin-user-token-x9qtl -n kube-system Name: admin-user-token-x9qtl Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: 8f6c9809-abda-48bb-86f9-f81eb2272d05 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1066 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkVmYWhqN0ZtRDdnNFRoeGQxV0Z5SU94Y0dWbTlYT25WNVBWSmR0SkpoM2sifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXg5cXRsIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4ZjZjOTgwOS1hYmRhLTQ4YmItODZmOS1mODFlYjIyNzJkMDUiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.Wlot_v9tkWeCpmi7doUzf3LOgSqmM5ZLWp5MgbWJKewXcvR637Xu2wTP-Di9Wub_f734oxZCl97kLdel8YKHbAPT0RCF-gmvGZcTJvfC1q6YH8u5sRcIx2nYfvHpHztp4QzLD1YIauWC5DHmtGfPvtVBgkxp9DoB-KjWgxkPtoldP7GPTgXdhvQelHFgOmeoMFAk0VAry2Yx356Syh3KdM4LEEna0kcBJ87X-TbCC_j076euKm8Uzu2j6-FFVlNl6p0KscLKsrlrmoE0_9TnSdhWSu7ZVMaQoCNQK5BaY24qRL2lj-2T0dbpKbTbDSVGq_yAJ3xarhsbXxmMRC7dGA
2.8新增节点加入集群
# 生成master节点加入命令 echo "$(kubeadm token create --print-join-command) --control-plane --certificate-key $(kubeadm init phase upload-certs --upload-certs | awk 'END{print}')"
# 生成work节点加入命令 kubeadm token create --print-join-command
2.9部署ingress(ingress-controller.yaml)
kubecrl apply -f ingress-controller.yaml
