1. 准备二进制程序包
mkdir -p /ops-data/{files,service,config}
cd /ops-data/files
wget https://github-production-release-asset-2e65be.s3.amazonaws.com/11225014/bbf59d80-03c8-11ea-8295-29234860f87e?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20191115%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20191115T051541Z&X-Amz-Expires=300&X-Amz-Signature=8cca829f97ca53bf3ab2850e0c25a2f0a774b517d46e72baa519133549d5826a&X-Amz-SignedHeaders=host&actor_id=12264436&response-content-disposition=attachment%3B%20filename%3Detcd-v3.2.28-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream
wget https://storage.googleapis.com/kubernetes-release/release/v1.14.0/kubernetes-server-linux-amd64.tar.gz
2. master节点安装
2.1 etcd安装
# 解压二进制包
cd /ops-data/files
tar xzvf etcd-v3.2.28-linux-amd64.tar.gz
cp etcd etcdctl /usr/bin/
# etc service配置
cat > etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
[Service]
Type=simple
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=-/etc/etcd/etcd.conf
ExecStart=/usr/bin/etcd
[Install]
WantedBy=multi-user.target
EOF
# 启动ETCD
systemctl daemon-reload
systemctl start etcd && systemctl enable etcd
# 检查ETCD状态
etcdctl cluster-health
2.2 下发kubernetes二进制文件
cd /ops-data/files
tar xzvf kubernetes-server-linux-amd64.tar.gz.tar
cp kubernetes/server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler} /usr/bin/
2.3 配置启动kube-apiserver
mkdir -p /etc/kubernetes /var/log/kubernetes
cat > /usr/lib/systemd/system/kube-apiserver.service << EOF
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=etcd.service
Wants=etcd.service
[Service]
EnvironmentFile=/etc/kubernetes/apiserver
ExecStart=/usr/bin/kube-apiserver \$KUBE_API_ARGS
Restart=on-failure
Type=notify
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
EOF
cat > /etc/kubernetes/apiserver << EOF
KUBE_API_ARGS="--etcd-servers=http://127.0.0.1:2379 --insecure-bind-address=0.0.0.0 --insecure-port=8080 --service-cluster-ip-range=169.169.0.0/16 --service-node-port-range=1-65535 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota --logtostderr=false --log-dir=/var/log/kubernetes --v=0"
EOF
systemctl daemon-reload
systemctl start kube-apiserver && systemctl enable kube-apiserver
2.4 配置启动kube-controller-manager
cat > /usr/lib/systemd/system/kube-controller-manager.service << EOF
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=kube-apiserver.service
Require=kube-apiserver.service
[Service]
EnvironmentFile=/etc/kubernetes/controller-manager
ExecStart=/usr/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
EOF
cat > /etc/kubernetes/controller-manager <<EOF
KUBE_CONTROLLER_MANAGER_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig --logtostderr=false --log-dir=/var/log/kubernetes --v=0"
EOF
cat > /etc/kubernetes/kubeconfig << EOF
apiVersion: v1
kind: Config
users:
- name: client
user:
clusters:
- name: default
cluster:
server: 192.168.30.60:8080
contexts:
- context:
cluster: default
user: client
name: default
current-context: default
EOF
systemctl daemon-reload
systemctl start kube-controller-manager && systemctl enable kube-controller-manager
2.5 配置kube-scheduler
cat > /usr/lib/systemd/system/kube-scheduler.service << EOF
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=/etc/kubernetes/scheduler
ExecStart=/usr/bin/kube-scheduler \$KUBE_SCHEDULER_ARGS
Restart=on-failure
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
EOF
cat > /etc/kubernetes/scheduler << EOF
KUBE_SCHEDULER_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig --logtostderr=false --log-dir=/var/log/kubernetes --v=0"
EOF
systemctl daemon-reload
systemctl start kube-scheduler && systemctl enable kube-scheduler
3. Node节点安装
3.1 安装包准备
mkdir -p /ops-data/{service,config}
scp 192.168.60.61:/ops-data/files/kubernetes/server/bin/kubelet /usr/bin/
scp 192.168.60.61:/ops-data/files/kubernetes/server/bin/kube-proxy /usr/bin/
3.2 环境初始化
systemctl stop firewalld && systemctl disable firewalld
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
modprobe br_netfilter
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
modprobe -- br_netfilter
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules
cat << EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl -p /etc/sysctl.d/k8s.conf
echo -e "$(hostname -i)\t$(hostname)" >> /etc/hosts
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.d/
yum clean all && yum makecache fast
yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp chrony
timedatectl set-timezone "Asia/Shanghai"
systemctl start chronyd && systemctl enable chronyd
yum install docker-ce-18.06.2.ce -y
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors":["https://registry.docker-cn.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF
systemctl daemon-reload && systemctl restart docker
3.3 安装配置kubelet
mkdir /var/lib/kubelet /etc/kubernetes /var/log/kubernetes
cat > /usr/lib/systemd/system/kubelet.service << EOF
[Unit]
Description=Kubernetes kubelet server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=/etc/kubernetes/kubelet
ExecStart=/usr/bin/kubelet \$KUBELET_ARGS
Restart=on-failure
[Install]
WantedBy=mutli-user.target
EOF
cat > /etc/kubernetes/kubelet << EOF
KUBELET_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig --hostname-override=192.168.30.61 --logtostderr=false --log-dir=/var/log/kubernetes --v=0"
EOF
systemctl daemon-reload
systemctl start kubelet && systemctl enable kubelet
3.4 安装配置kube-proxy
cat > /usr/lib/systemd/system/kube-proxy.service << EOF
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
Requires=network.target
[Service]
EnvironmentFile=/etc/kubernetes/proxy
ExecStart=/usr/bin/kube-proxy \$KUBE_PROXY_ARGS
Restart=on-failure
LimitNOFILE=65535
[Install]
WantedBy=mutli-user.target
EOF
cat > /etc/kubernetes/proxy << EOF
KUBE_PROXY_ARGS="--kubeconfig=/etc/kubernetes/kubeconfig --logtostderr=false --log-dir=/var/log/kubernetes --v=2"
EOF
systemctl daemon-reload
systemctl start kube-proxy && systemctl enable kube-proxy