1.设置hostname4台服务器
k8s.master
k8s.node01
k8s.node02
k8s.harbor
hostnamectl set-hostname k8s.masterhostnamectl set-hostname k8s.node01hostnamectl set-hostname k8s.node02hostnamectl set-hostname k8s.harbor
2.安装依赖包
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git
3.设置防火墙为iptables并设置空规则
systemctl stop firewalld && systemctl disable firewalldyum -y install iptables-services && systemctl 电脑start iptables && systemctl enable iptables && iptables -F && service iptables save
4.关闭SELINUX
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstabsetenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
5.调整内核参数,对于K8S
cat > kubernetes.conf <<EOFnet.bridge.bridge-nf-call-iptables=1net.bridge.bridge-nf-call-ip6tables=1net.ipv4.ip_forward=1net.ipv4.tcp_tw_recycle=0vm.swappiness=0 #禁止使用swap空间,只有当系统ooM时才允许使用它vm.overcommit_memory=1 #不检查物理内存是否够用vm.panic_on_oom=0 #开启oomfs.inotify.max_user_instances=8192fs.inotify.max_user_watches=1048576fs.file-max=52706963fs.nr_open=52706963net.ipv6.conf.all.disable_ipv6=1net.netfilter.nf_conntrack_max=2310720EOF
cp kubernetes.conf /etc/sysctl.d/kubernetes.confsysctl -p 电脑 /etc/sysctl.d/kubernetes.conf
6.调整系统时区
timedatectl set-timezone Asia/Shanghaitimedatectl set-local-rtc 0systemctl restart rsyslogsystemctl restart crond
7.关闭系统不需要服务
systemctl stop postfix && systemctl disable postfix
8.设置rsyslogd 和 systemd journald
#持久化保存日志的目录mkdir /var/log/journal mkdir /etc/systemd/journald.conf.dcat > /etc/systemd/journald.conf.d/99-prophet.conf << EOF[Journal]Storage=persistent# 压缩历史日志Compress=yesSyncIntervalSec=5mRateLimitInterval=30sRateLimitBurst=1000#最大占用空间SystemMaxUse=10G# 单日志文件最大 200MSystemMaxFileSize=200M# 日志保存时间2周MaxRetentionSec=2week# 不将日志转到syslogForwardToSyslog=noEOF
systemctl restart systemd-journald
9.升级系统内核为4.44
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpmyum --enablerepo=elrepo-kernel install -y kernel-ltcat /boot/grub2/grub.cfg |grep menuentrygrub2-set-default "CentOS Linux (4.4.233-1.el7.elrepo.x86_64) 7 (Core)"grub2-editenv listrebootuname -r
10.卸载docker (k8s) 不是必须的
yum list installed | grep dockeryum remove docker.x86_64 docker-client.x86_64 docker-common.x86_64 -yyum remove containerd.io.x86_64 docker-ce.x86_64 docker-ce-cli.x86_64 -yrm -rf /var/lib/dockeryum remove kubernetes-master.x86_64 kubernetes-client.x86_64 -y
11.kube-proxy开启ipvs的前置条件
modprobe br_netfilter
cat > /etc/sysconfig/modules/ipvs.modules <<EOF#!/bin/bashmodprobe -- ip_vsmodprobe -- ip_vs_rrmodprobe -- ip_vs_wrrmodprobe -- ip_vs_shmodprobe -- nf_conntrack_ipv4EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
12.docker 安装
yum install -y yum-utils device-mapper-persistent-data lvm2yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum update -y && yum install -y docker-ce-18.06.1.ce-3.el7 docker-ce-selinux-18.06.1.ce-3.el7
mkdir /etc/dockercat > /etc/docker/daemon.json <<EOF{ "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts":{ "max-size": "100m" }, "registry-mirrors": ["https://w8jj28zi.mirror.aliyuncs.com"], "insecure-registries": ["192.168.4.87"] # harbor}EOF
mkdir -p /etc/systemd/system/docker.service.dsystemctl daemon-reload && systemctl restart docker && systemctl enable docker
13.安装kubeadm (主从配置)
cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF
yum -y install kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1systemctl enable kubelet.service
14.初始化主节点
可以尝试直接用这种(上面下载镜像的方法都不用)kubeadm init --kubernetes-version=1.15.1 --apiserver-advertise-address=192.168.4.81 --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/12 --pod-network-cidr=20.244.0.0/16
15.安装 kubernetes-dashboard
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml vim kubernetes-dashboard.yaml修改以下内容:112行 image: lizhenliang/kubernetes-dashboard-amd64:v1.10.1 指定国内的镜像,这里默认是谷歌的158行 type: NodePort 添加类型159 ports:160 - port: 443kubectl apply -f kubernetes-dashboard.yamlkubectl get pods -n kube-system
16.dashboard用户创建
kubectl create serviceaccount dashboard-admin -n kube-systemkubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-adminkubectl get secret -n kube-systemkubectl describe secret dashboard-admin-token-sx5gl -n kube-system
17.kubectl常用命令
sudo kubectl delete deployment kubernetes-dashboard --namespace=kube-system sudo kubectl delete service kubernetes-dashboard --namespace=kube-system sudo kubectl delete role kubernetes-dashboard-minimal --namespace=kube-system sudo kubectl delete rolebinding kubernetes-dashboard-minimal --namespace=kube-systemsudo kubectl delete sa kubernetes-dashboard --namespace=kube-system sudo kubectl delete secret kubernetes-dashboard-certs --namespace=kube-systemsudo kubectl delete secret kubernetes-dashboard-csrf --namespace=kube-systemsudo kubectl delete secret kubernetes-dashboard-key-holder --namespace=kube-systemsudo kubectl -n kube-system delete $(sudo kubectl -n kube-system get pod -o name | grep dashboard)
18.部署网络
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
19.加入主节点一级其余工作节点19.1 master 运行
mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $电脑 HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config
19.2 2个node节点运行
kubeadm join 192.168.4.81:6443 --token a09sd6.vjdajoc85anavorb \ --discovery-token-ca-cert-hash sha256:7cb5dd7f8207ef3fa029512ae9e6
电脑