k8s搭建-详情

本文详细部署参考 :使用kubeadm安装Kubernetes 1.13

高可用k8s集群

Ha搭建详情

环境准备,每个节点都需要:

  centos7.5 4 、2G内存,cup个数>=2

  1、时间同步(ntp5.aliyun.com),chronyc sources(查看是否同步)

  2、主机名解析,互相免密登陆

  3、关闭防火墙(firewall,iptables)

              docker有些版本的filter 表,默认的FORWARD  链默认是 DROP ,需要修改    (可以不用修改,第六步,启用内核模块的forward功能后重启电脑就可以了)
              iptables -t filter -P FORWARD ACCEPT (命令临时生效)

               service iptables save  (然后执行保存,永久生效,参考)  或者  iptables-save

  4、禁用selinux 

setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

 

  5、禁用swap,/etc/fstable,  swapoff -a,swapof -s(查看)

  6、启用内核模块:

创建/etc/sysctl.d/k8s.conf文件,添加如下内容:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

另一个人的配置(
net.bridge.bridge-nf-call-iptables = 1 
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.conf.all.rp_filter = 1 
net.ipv4.ip_forward = 1 


阿里k8s节点(

cat /etc/sysctl.d/99-k8s.conf
#sysctls for k8s node config
net.ipv4.tcp_slow_start_after_idle=0
net.core.rmem_max=16777216
fs.inotify.max_user_watches=524288
kernel.softlockup_all_cpu_backtrace=1
kernel.pid_max=4194303
kernel.softlockup_panic=1
fs.file-max=2097152
fs.inotify.max_user_instances=16384
fs.inotify.max_queued_events=16384
vm.max_map_count=262144
fs.may_detach_mounts=1
net.core.netdev_max_backlog=16384
net.ipv4.tcp_wmem=4096 12582912 16777216
net.core.wmem_max=16777216
net.core.somaxconn=32768
net.ipv4.ip_forward=1
net.ipv4.tcp_max_syn_backlog=8096
net.bridge.bridge-nf-call-iptables=1
net.ipv4.tcp_rmem=4096 12582912 16777216









cat /etc/sysctl.d/99-sysctl.conf
vm.swappiness = 0
kernel.sysrq=1








net.ipv4.neigh.default.gc_stale_time=120








# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2








# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2









net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1





 


 


执行命令使修改生效。




modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf




 




  7、开启ipvs,执行脚本(K8S集群优化之路由转发:使用IPVS替代iptables。kube-proxy的ipvs模式解读




cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4




  8、安装Docker


    使用阿里云的源docker-ce


  9、确认一下iptables filter表中FOWARD链的默认策略(pllicy)为ACCEPT。iptables -nvL


  10、安装kubeadm和kubelet,使用阿里云源


  11、拉取镜像




docker pull docker.io/fanever/k8scheduler
docker pull docker.io/fanever/k8proxy
docker pull docker.io/fanever/k8pause
docker pull docker.io/fanever/k8etcd
docker pull docker.io/fanever/k8coredns
docker pull docker.io/fanever/k8controller
docker pull docker.io/fanever/k8api




  打标签




docker tag docker.io/fanever/k8coredns k8s.gcr.io/coredns:1.3.1
docker tag docker.io/fanever/k8etcd k8s.gcr.io/etcd:3.3.10
docker tag docker.io/fanever/k8pause k8s.gcr.io/pause:3.1
docker tag docker.io/fanever/k8proxy k8s.gcr.io/kube-proxy:v1.14.1
docker tag docker.io/fanever/k8scheduler k8s.gcr.io/kube-scheduler:v1.14.1
docker tag docker.io/fanever/k8controller k8s.gcr.io/kube-controller-manager:v1.14.1
docker tag docker.io/fanever/k8api k8s.gcr.io/kube-apiserver:v1.14.1




 


  


11、使用kubeadm init初始化集群


    在各节点开机启动kubelet服务:systemctl enable kubelet.service


    在master上使用kubeadm初始化集群:




kubeadm init   --kubernetes-version=v1.14.0   --pod-network-cidr=10.244.0.0/16   --apiserver-advertise-address=192.168.61.11




 根据提示,创建配置文件,和pod网络,选择flannel


kubectl apply -f  https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml


 需要的镜像是:quay.io/coreos/flannel:v0.11.0-amd64在kube-flannel.yml中查看,可以先pull,镜像站在https://quay.io/repository/coreos/flannel?tab=tags


 


 


测试环境:


1 master


3nodes


所需软件:


kubeadm(部署工具)


kubelet(管理pod)


docker


 


k8s中文官方文档:


  Kubernetes对Docker的版本支持列表


 


部署dashboard web图形界面


 wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml


更改镜像,加上type 








kubectl apply -f kubernetes-dashboard.yaml      #kubectl delete  -f kubernetes-dashboard.yaml

743  kubectl create serviceaccount fang -n kube-system
  744  kubectl get serviceaccount
  745  kubectl get serviceaccount -a
  746  kubectl get serviceaccount -A
  748  kubectl create clusterrolebinding fang --clusterrole=cluster-admin --serviceaccount=kube-system:fang
  749  kubectl get secret -A
  750  kubectl describe secret fang-token-skvgq -n kube-system






 






            

            
posted @ 
2019-05-20 20:37 
清哥哥 
阅读(787) 
评论(0编辑 
收藏 
举报