k8s安装记录
一、系统优化
#更新主机名
hostnamectl set-hostname 主机名
#添加host解析
echo '192.168.15.5 k8s-master01
192.168.15.41 k8s-master02
192.168.15.108 k8s-node01' >> /etc/hosts
#加载br_netfileter模块
modprobe br_netfilter ; lsmod|grep br_netfilter
#配置内核转发及网桥过滤、关闭swap
cat > /etc/sysctl.d/k8s.conf << EOF
vm.swappiness = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl -p /etc/sysctl.d/k8s.conf
#配置ipvs
yum -y install ipset ipvsadm
cat > /etc/sysconfig/modules/ipvs.modules << EOF
#! /bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
chmod +x /etc/sysconfig/modules/ipvs.modules
bash /etc/sysconfig/modules/ipvs.modules
lsmod |egrep "(ip_vs|nf_conntrack)"
#免密登录
#升级内核
yum update kernel
yum install -y https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
#安装kernel-ml版本,ml为长期稳定版本,lt为长期维护版本
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
yum --enablerepo=elrepo-kernel install -y kernel-lt
#设置grub2默认引导为0
yum install -y grub2-pc
grub2-set-default 0
#重新生成grub2引导文件
sed -i 's/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/g' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
#查看引导顺序
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /boot/grub2/grub.cfg
#重启
reboot
#重启设置服务开机启动
systemctl enable --now docker
systemctl enable --now cri-docker
systemctl enable --now kubelet
二、安装docker
#移除老版本
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
#安装新版本
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
#切换docker默认目录(可选操作)
cat << EOF > /etc/docker/daemon.json
{
"exec-opts":["native.cgroupdriver=systemd"],
"data-root": "/data/docker"
}
EOF
#启动docker
sudo systemctl start docker
sudo systemctl enable docker
三、安装 cri-docker
#安装
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.2/cri-dockerd-0.3.2-3.el7.x86_64.rpm
sudo rpm -ivh cri-dockerd-0.3.2-3.el7.x86_64.rpm
#查看cri-docker需要的pause版本
kubeadm config images list|grep pause
#修改ExecStart参数
sed -i 's@ExecStart=.*@ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.k8s.io/pause:3.9@g' /usr/lib/systemd/system/cri-docker.service
#启动服务
sudo systemctl enable --now cri-docker
安装k8s
#添加yum源
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
#安装
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
#修改初始化系统管理器
cat > /etc/sysconfig/kubelet << EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF
#自启动
sudo systemctl enable --now kubelet
初始化k8s
kubeadm init --config /root/kubeadm-config.yaml |tee -a init.log
添加控制节点需要拷贝一下证书
pki
|-- ca.crt
|-- ca.key
|-- etcd
| |-- ca.crt
| `-- ca.key
|-- front-proxy-ca.crt
|-- front-proxy-ca.key
|-- sa.key
`-- sa.pub
加入节点
#加入管理节点(需要拷贝证书)
kubeadm join api.k8s.cc.com:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:8a0bcbfe844f9fb061481b687dea0a2f739d02361fafb413f720c34ddb622722 --control-plane --cri-socket unix:///var/run/cri-dockerd.sock |tee -a add.log
#加入worker
kubeadm join api.k8s.cc.com:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:30742bc4ccb3aa6b9d9d51ca07ca474f38c08e717f6bc8490174d6c197282d5b --cri-socket unix:///var/run/cri-dockerd.sock
#生成新的加入命令
kubeadm token create --print-join-command
安装网络
#到官网下载yaml并修改默认网段
kubectl apply -f calico.yaml
kubeadm-config.yaml
calico.yaml