基本配置
关闭防火墙
# systemctl stop firewalld && systemctl disable firewalld
重置iptables
# iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
关闭swap
# swapoff -a
# sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
关闭selinux
# setenforce 0
关闭dnsmasq(否则可能导致docker容器无法解析域名)
# service dnsmasq stop && systemctl disable dnsmasq
安装docker
# yum remove docker docker-client docker-client-latest \
docker-common docker-latest docker-latest-logrotate \
docker-logrotate docker-engine
# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
查询版本信息
# yum list docker-ce --showduplicates | sort -r
选择版本安装
# yum -y install docker-ce-18.09.9-3.el7 docker-ce-cli-18.09.9-3.el7 containerd.io
添加systemd为cgroupdriver
# cat <<EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://ksbw1byv.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# systemctl daemon-reload
# systemctl restart docker
# systemctl enable docker
安装kubeadm, kubelet, kubectl
使用阿里yum源
# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
选择要安装的版本号
# yum list kubeadm --showduplicates | sort -r
# yum install -y kubeadm-1.16.7-0 kubelet-1.16.7-0 kubectl-1.16.7-0 --disableexcludes=kubernetes
配置系统参数
# cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# sysctl --system
添加开机启动kubelet,此时无法启动服务,没有配置需要初始化后才行启动
# systemctl enable kubelet
初始化安装
# kubeadm init --kubernetes-version=1.16.7 \
--apiserver-advertise-address=192.168.222.129 \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
参数解释:
–kubernetes-version: 用于指定k8s版本;
–apiserver-advertise-address:用于指定kube-apiserver监听的ip地址,就是 master本机IP地址。
–pod-network-cidr:用于指定Pod的网络范围; 10.244.0.0/16
–service-cidr:用于指定SVC的网络范围;
–image-repository: 指定阿里云镜像仓库地址
根据输出配置目录,和node添加命令
# mkdir -p $HOME/.kube
# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# chown $(id -u):$(id -g) $HOME/.kube/config
node节点安装docker kubeadm, kubelet, kubectl后只需要join即可
# kubeadm join 192.168.222.129:6443 --token uj00jt.667u16fzhb7o0n56 \
--discovery-token-ca-cert-hash sha256:40fdde881870354bdf8062a089a6f79610b69ebdf8d3005ec1088558a9077230
默认token 24小时过期,新建通过--ttl 0 设置不过期
# kubeadm token create --print-join-command --ttl 0
查看node节点
# kubectl get nodes
查看pod服务,cordns异常,需要安装flannel插件
# kubectl get pods -A
安装插件
flannel插件安装(只master执行)
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
设置node角色
添加
# kubectl label node cb2.4xyz.couchbase.com node-role.kubernetes.io/node=
删除
# kubectl label node cb2.4xyz.couchbase.com node-role.kubernetes.io/node-
安装Rancher
非K8S集群部署
# docker run --privileged -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher
配置导入集群,k8s集群添加,执行命令后即可
浙公网安备 33010602011771号