Skip to content

Instantly share code, notes, and snippets.

@wangyiyang

wangyiyang/安装 K8S 集群 1.13.md

Created December 31, 2018 14:49
Show Gist options
  • Save wangyiyang/6b4dc7ef2ed439265326eaad69f2eb29 to your computer and use it in GitHub Desktop.
Save wangyiyang/6b4dc7ef2ed439265326eaad69f2eb29 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
安装 K8S 集群 1.13.md

安装 K8S 集群 1.13

准备工作(所有节点都要执行)

写入hosts:

echo "10.211.55.18    k8s-master-1
10.211.55.19    k8s-node-1
10.211.55.20    k8s-node-2" >> /etc/hosts

关闭防火墙:

systemctl stop firewalld
systemctl disable firewalld

禁用SELINUX:

setenforce 0
vi /etc/selinux/config #SELINUX=disabled

创建/etc/sysctl.d/k8s.conf文件,添加如下内容:

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

执行命令使修改生效

modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf

开启ipvs

kube-proxy开启ipvs的前置条件需要加入以下内核模块:

cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

关闭swap

Kubernetes 1.8开始要求关闭系统的Swap,如果不关闭,默认配置下kubelet将无法启动。

关闭系统的Swap方法如下:

swapoff -a

修改 /etc/fstab 文件,注释掉 SWAP 的自动挂载,使用free -m确认swap已经关闭。 swappiness参数调整,修改/etc/sysctl.d/k8s.conf添加下面一行:

vm.swappiness=0

生效:

sysctl -p /etc/sysctl.d/k8s.conf

安装 Docker(所有节点都要执行)

添加源

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

安装Docker:

yum makecache fast

yum install -y --setopt=obsoletes=0 \
  docker-ce-18.06.1.ce-3.el7

systemctl start docker
systemctl enable docker

使用kubeadm部署Kubernetes(1、2两步所有节点都要执行)

  1. 添加阿里的源
echo '[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg'>/etc/yum.repos.d/kubernetes.repo
  1. 安装必要组件:
yum makecache fast
yum install -y kubelet kubeadm kubectl
  1. 使用kubeadm init初始化集群(master上执行)
systemctl enable kubelet.service
kubeadm init \
  --kubernetes-version=v1.13.1 \
  --pod-network-cidr=10.244.0.0/16 \
  --apiserver-advertise-address=k8s-master-1

因为我们选择flannel作为Pod网络插件,所以上面的命令指定–pod-network-cidr=10.244.0.0/16。

如果报错无法下载镜像执行使用docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/<组件镜像名称>:<版本>,并使用docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/<组件镜像名称>:<版本> k8s.gcr.io/<组件镜像名称>:<版本>,例如:

docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.13.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.13.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.13.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.13.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.6
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.13.1 k8s.gcr.io/kube-controller-manager:v1.13.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.13.1 k8s.gcr.io/kube-scheduler:v1.13.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.13.1 k8s.gcr.io/kube-proxy:v1.13.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 k8s.gcr.io/etcd:3.2.24
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6

然后再次重试安装:

kubeadm init --kubernetes-version=1.13.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=k8s-master-1

将kubenetest配置写入环境变量

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile

下面就可以使用kubectl命令了

node节点注册到master(node节点执行)

node节点使用master 节点kubeadmin init最后结果中的kubeadm join XXX这串命令,形如:

kubeadm join 192.168.61.11:6443 --token 702gz5.49zhotgsiyqimwqw --discovery-token-ca-cert-hash sha256:2bc50229343849e8021d2aa19d9d314539b40ec7a311b5bb6ca1d3cd10957c2f

安装flannel 组件

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

如果下载镜像出错:

docker pull registry.cn-hangzhou.aliyuncs.com/kubernetes_containers/flannel:v0.10.0-amd64
docker tag registry.cn-hangzhou.aliyuncs.com/kubernetes_containers/flannel:v0.10.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64

验证安装

kubectl get pod --all-namespaces

看看所有组件是否都正常安装

安装dashboard

kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.1 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1

配置外网访问(不配置的话默认只能集群内访问)

修改service配置,将type: ClusterIP改成NodePort

kubectl edit service  kubernetes-dashboard --namespace=kube-system

查看外网暴露端口

kubectl get service --namespace=kube-system

访问dashboard

  • 创建dashboard用户

    1. 创建admin-token.yaml文件,文件内容如下:

      kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kube-system
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile

    2. 创建用户

      kubectl create -f admin-token.yaml

    3. 获取登陆token

      kubectl describe secret/$(kubectl get secret -nkube-system |grep admin|awk '{print $1}') -nkube-system

    4. 使用tocken登陆:

      kubernetes-1.12.1��dashboardv1.10.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment