目录
1.安装k8s依赖环境
- #关闭swap
swapoff -a
- #注释掉swap行 /etc/fstab
- #查看分区swap,swap都是 0则关闭成功。
free -h
- # 关闭 Selinux
setenforce 0 && sed -i ‘s/^SELINUX=.*/SELINUX=disabled/’ /etc/selinux/config
- #重启,查看关闭否
reboot
getenforce
- #升级内核
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
# 安装完成后检查 /boot/grub2/grub.cfg 中对应内核 menuentry 中是否包含 新内核 配置,如果没有,再装一次!
yum –enablerepo=elrepo-kernel install -y kernel-lt
#grep menuentry /boot/grub2/grub.cfg
- # 设置开机从新内核启动 (/boot/grub2/grub.cfg 文件中查找完整的内核版本”CentOS linux (4.4.182-1.el7.elrepo.x86_64) 7 (Core)”)
grub2-set-default “CentOS linux (4.4.182-1.el7.elrepo.x86_64) 7 (Core)”
#grub2-set-default ‘CentOS Linux (5.4.197-1.el7.elrepo.x86_64) 7 (Core)’
reboot
uname -r
- #另一种针对4.x的安装内核方法
wget http://mirrors.aliyun.com/elrepo/kernel/el7/x86_64/RPMS/kernel-lt-4.4.184-1.el7.elrepo.x86_64.rpm
yum install kernel-lt-4.4.184-1.el7.elrepo.x86_64.rpm
awk -F\’ ‘$1==”menuentry ” {print i++ ” : ” $2}’ /etc/grub2.cfg
#根据上面查到内核编号,下面设置启动顺序。
grub2-set-default 0
- 加载内核转发模块,这个k8s网络必须的。
yum install -y ipvsadm
yum install -y conntrack
echo ‘modprobe br_netfilter’ >>/etc/profile
echo ‘modprobe — ip_vs’ >>/etc/profile
echo ‘modprobe — ip_vs_rr’ >>/etc/profile
echo ‘modprobe — ip_vs_wrr’ >>/etc/profile
echo ‘modprobe — ip_vs_sh’ >>/etc/profile
echo ‘modprobe — nf_conntrack’ >>/etc/profile
#modprobe — nf_conntrack_ipv4
#modprobe — nf_conntrack 如果是内核5.2以上去掉了ipv4的后缀
#验证
reboot
lsmod |grep -e ip_vs -e nf_conntrack
- #调整内核参数,对于k8s
#调整这里,先重启下服务器,因为之前的参数没生效,影响这儿了。
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
#内核4.x以上去掉了这个参数
#net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=
fs.file-max=
fs.nr_open=
net.ipv6.conf.all.disable_ipv6=1
EOF
sysctl -p /etc/sysctl.d/k8s.conf
2.安装docker
-
需要安装yum扩展工具包
配置docker的下载yum源。注意这个不是docker镜像仓库!!!只是下载docker软件的地址。
#device-mapper-persistent-data lvm2 为docker依赖的包
yum install -y yum-utils device-mapper-persistent-data lvm2
#配置docker默认yum仓库:任选之一
yum-config-manager –add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#yum-config-manager –add-repo https://download.docker.com/linux/centos/docker-ce.repo
#yum-config-manager –add-repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
#禁用和启用yum仓库,如果要删除,直接删除文件。
# yum-config-manager –disable http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# yum-config-manager –enable http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#安装docker-ce
yum install docker-ce -y
- 配置docker的日志信息,国内镜像仓库地址
cat > /etc/docker/daemon.json <
“exec-opts”: [“native.cgroupdriver=systemd”],
“log-driver”: “json-file”,
“log-opts”: {
“max-size”: “100m”
},
“storage-driver”: “overlay2”,
“storage-opts”: [
“overlay2.override_kernel_check=true”
],
“registry-mirrors”: [“https://registry.docker-cn.com”]
}
EOF
- #启动
systemctl start docker
systemctl enable docker
- #测试
如果打印一行Hello from Docker! 表示安装完成
docker run hello-world
- #删除所有容器信息都在这个目录
rm -rf /var/lib/docker
- docker日志:
/var/lib/docker/containers/
<容器id>
/
<容器id>
-json.log 里面
3.安装k8s
- #安装kubeadm,kubectl,kubelet即安装k8s平台的官方工具,安装kubectl,kubelet k8s 服务器端和客户端 管理插件,安装yum源,默认源没有安装包。
cat <
/etc/yum.repos.d/k8s.repo
[k8s]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
EOF
yum clean all && yum makecache
yum -y install kubeadm-1.15.1 kubectl-1.15.1 kubelet-1.15.1
#开启开启启动(现在无法启动,还没初始化集群)
systemctl enable kubelet
- 初始化主节点
- 下载网络插件
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
- 操作节点,加入集群
kubeadm join 192.168.18.101:6443 –token abcdef.0abcdef \
–discovery-token-ca-cert-hash sha256:a3a8b8e1ee899c0df1fd71c6412d9de56955e8aa43191ca49d10b961
#删除节点
#主节点操作
kubectl delete node c102
#被删除的节点:
rm -f /etc/kubernetes/kubelet.conf
rm -f /etc/kubernetes/pki/ca.crt
rm -f /etc/kubernetes/bootstrap-kubelet.conf
reboot
#从节点加入成功后,可能网络、proxy 容器无法启动,可以把主节点的pause proxy 镜像导入节点
#如果还有节点的容器没有启动成功,可以重新创建它,方法如下:
kubectl get pod kube-flannel-ds-g85zs -n kube-system -o yaml >kube-flannel-ds-g85zs.yaml
kubectl delete -f kube-flannel-ds-g85zs.yaml
kubectl apply -f kube-flannel-ds-g85zs.yaml
- 修改集群插件通信证书时间,默认是一年,如果更新版本,会自动更新。
kubeadm alpha certs renew all
#检查所有证书到期时间。
kubeadm alpha certs check-expiration
#如果在没网的环境,需要自己手动修改
检查证书时间:
#重新更新所有证书,期限1年
#安装metrics监控模块
用于查看pod使用的服务器的使用率和Hpa自动扩容的基础组件
安装如下所有yaml文件使用命令:kubectl apply -f ./
aggregated-metrics-reader.yaml
kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: system:aggregated-metrics-reader labels: rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list", "watch"] kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: system:aggregated-metrics-reader labels: rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list", "watch"] [root@c101 1.8+]# cat auth-delegator.yaml --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: metrics-server-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-systemapiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: name: v1beta1.metrics.k8s.io spec: service: name: metrics-server namespace: kube-system group: metrics.k8s.io version: v1beta1 insecureSkipTLSVerify: true groupPriorityMinimum: 100 versionPriority: 100 apiVersion: v1 kind: ServiceAccount metadata: name: metrics-server namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: name: metrics-server namespace: kube-system labels: k8s-app: metrics-server spec: selector: matchLabels: k8s-app: metrics-server template: metadata: name: metrics-server labels: k8s-app: metrics-server spec: serviceAccountName: metrics-server volumes: # mount in tmp so we can safely use from-scratch images and/or read-only containers - name: tmp-dir emptyDir: {} containers: - name: metrics-server image: k8s.gcr.io/metrics-server-amd64:v0.3.6 imagePullPolicy: IfNotPresent command: - /metrics-server - --kubelet-insecure-tls - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP - --metric-resolution=30s volumeMounts: - name: tmp-dir mountPath: /tmp apiVersion: v1 kind: Service metadata: name: metrics-server namespace: kube-system labels: kubernetes.io/name: "Metrics-server" kubernetes.io/cluster-service: "true" spec: selector: k8s-app: metrics-server ports: - port: 443 protocol: TCP targetPort: 443 apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:metrics-server rules: - apiGroups: - "" resources: - pods - nodes - nodes/stats - namespaces verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/218655.html原文链接:https://javaforall.net
