k8s安装

主机初始化配置
所有主机升级内核（选做）
#更新yum源仓库
[root@localhost ~]# yum update -y
#升级所有包的同时升级内核

#导入ELRepo仓库的公共密钥
[root@localhost ~]# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

#安装ELRepo仓库的yum源
[root@localhost ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

#查看可用的系统内核包
[root@localhost ~]# yum --disablerepo="*" --enablerepo="elrepo-kernel" list available

#安装最新版本内核
[root@localhost ~]# yum --enablerepo=elrepo-kernel install -y kernel-ml

#查看系统上的所有可用内核
[root@localhost ~]# awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg

#设置默认版本,其中 0 是上面查询出来的可用内核
[root@localhost ~]# grub2-set-default 0

#生成 grub 配置文件
[root@localhost ~]# grub2-mkconfig -o /boot/grub2/grub.cfg

#重启
[root@localhost ~]# reboot

#删除旧内核（可选）
#查看系统中全部的内核
[root@localhost ~]# rpm -qa | grep kernel

#删除旧内核的 RPM 包，具体内容视上述命令的返回结果而定
[root@localhost ~]# yum remove kernel-3.10.0-514.el7.x86_64 \
kernel-tools-libs-3.10.0-862.11.6.el7.x86_64 \
kernel-tools-3.10.0-862.11.6.el7.x86_64 \
kernel-3.10.0-862.11.6.el7.x86_64

 

hostnamectl set-hostname k8s-master
bash

hostnamectl set-hostname k8s-node02
bash

hostnamectl set-hostname k8s-node03

bash

 

#所有主机执行

cat << EOF >> /etc/hosts

192.168.207.129 test-masetr01
192.168.207.130 test-node01
192.168.207.131 test-node02
192.168.207.132 test-node03
192.168.207.133 test-node04
EOF

#主机初始化所有主机文件
yum -y install vim wget net-tools lrzsz

 

swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab

cat << EOF >> /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter
modprobe overlay
sysctl -p

setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

systemctl disable --now firewalld
systemctl disable --now dnsmasq
iptables -F
systemctl disable --now NetworkManager

yum -y install ntpdate
ntpdate time2.aliyun.com
hwclock --systohc

crontab -e
*/5 * * * * /usr/sbin/ntpdate time2.aliyun.com

 

#所有节点配置limit
ulimit -SHn 65535
#临时配置
vim /etc/security/limits.conf
#永久配置
* soft nofile 65536
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited

 

#master连接其它节点
ssh-keygen -t rsa
for i in test-master01 test-node01 test-node02 ;do ssh-copy-id -i .ssh/id_rsa.pub $i;done

#所有主机安装模块
tee /etc/modules-load.d/ipvs.conf <<'EOF'
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_conntrack
ip_vs_tables
ip_vs_set
ipt_rpfilter
ipt_REJECT
ipip
EOF

systemctl enable --now systemd-modules-load.service
lsmod |grep -e ip_vs -e nf_conntrack

#所有节点配置内核参数优化
cat <<EOF> /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
user.maxuser..namespaces=28633
fs.may_detach.mounts = 1
net.ipv4.conf.all.route_localnet = 1
vm.overcommit.memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
sysctl --system

#所有节点重启后加载旧内核
reboot
lsmod | grep --color=auto -e ip_vs -e nf_conntrack

 

#所有主机设置日志目录
mkdir /var/log/journal
mkdir /etc/systemd/journal.conf.d

cat >/etc/systemd/journal.conf.d/99-prophet.conf <<EOF
[Journal]
Storage=persistent
Compress=yes
SynclntervalSec=5m
RateLimitlnterval=30s
RateLimitBurst=1000
SystemMaxUse=10G
SystemMaxFilesize=200M
MaxRetentionSec=2week
ForwardToSyslog=no
EOF

cat >/etc/systemd/iournal.conf.d/99-prophet.conf<<EOF
[Journal]
#持久化保存到磁盘
Storage=persistent
#压缩历史目志。
Compress=yes
SynclntervalSec=5m
RateLimitlnterval=30s
RateLimitBurst=1000
#最大占用空间10G
SystemMaxUse=10G
#单日志文件最大200M
SystemMaxFilesize=200M
#日志保存时间2周。
MaxRetentionSec=2week
#不将日志转发到syslog
ForwardToSyslog=no
EOF

 

#所有主机安装docker

systemctl start docker
systemctl enable docker

cat << END > /etc/docker/daemon.json
{
"registry-mirrors":[ "https://nyakyfun.mirror.aliyuncs.com" ],"insecure-registries":["192.168.10.250"],"exec-opts": ["native.cgroupdriver=systemd"]
}
END
systemctl daemon-reload
systemctl restart docker

 

#安装k8,#所有主机执行
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum install -y kubelet-1.20.9 kubeadm-1.20.9 kubectl-1.20.9

ls /etc/yum.repos.d/

yum list kubeadm.x86_64 --showduplicates | sort -r
#过滤出来查看可以用K8版本

yum install -y kubelet-1.23.7 kubeadm-1.23.7 kubectl-1.23.7
systemctl start kubelet
systemctl enable --now kubelet

cd

kubeadm config print init-defaults > init-config.yaml
#生成默认的初始化配置文件

 

vim init-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.200.111 //master节点IP地址
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-master //如果使用域名保证可以解析，或直接使用 IP 地址
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd //etcd 容器挂载到本地的目录
imageRepository: registry.aliyuncs.com/google_containers //修改为国内地址
kind: ClusterConfiguration
kubernetesVersion: v1.19.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16 //新增加 Pod 网段
scheduler: {}

#安装master节点
kubeadm config images list --config init-config.yaml
kubeadm config images pull --config=init-config.yaml

systemctl daemon-reload
systemctl restart docker
systemctl restart kubelet
kubeadm reset

#初始化
kubeadm init --config=init-config.yaml

 

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf

 

[root@k8s-master01 ~]# kubeadm token create --ttl 0 --print-join-command
#生成一个不过期的token
[root@k8s-master01 ~]# kubeadm token list

 

#node执行
systemctl enable --now kubelet
kubeadm join 192.168.5.128:6443 --token 3h2obt.0c0t4zmyibx8u3fg \
--discovery-token-ca-cert-hash sha256:fcebd32a020679d644a093337c59b3d651e52335840241efb4aafd36dd7a709f
#复制一下在node节点执行

#安装网络插件
mkdir calico
cd calico/
kubectl apply -f calico.yaml
#执行安装calico.yam网络插件
kuebctl get pod -A
#查看pod及node信息

 

 

#节点管理命令
kubeadm reset
#重置master和node配置

删除node配置
kubectl delete node k8s-node04
docker rm -f $(docker ps -aq)
#把所有
systemctl stop kubelet
#停止kubelet
rm -rf /etc/kubernetes/*
rm -rf /var/lib/kubelet/*
systemctl status kubelet
#查看状态

#删除的可能会出现的问题
rm: cannot remove ‘/var/lib/kubelet/pods/85b9fae8-2eef-4ae2-82e3-7ee8a7654c62/volumes/kubernetes.io~secret/kube-proxy-token-z4ndh’: Device or resource busy
rm: cannot remove ‘/var/lib/kubelet/pods/db48c40d-9150-4422-9ee1-34d127f0322b/volumes/kubernetes.io~secret/calico-node-token-rv7vl’:
df -HT | grep '/var/lib/kubelet/pods'
#过滤一下挂载的信息

umount $(df -HT | grep '/var/lib/kubelet/pods' | awk '{print $7}')
#umount这些挂在，然后再删除
df -HT | grep '/var/lib/kubelet/pods'
# 已查不到挂载信息，再次删除目录则不再报错