Kubernetes 1.17.2 高可用部署

20.0.0.200    10.0.0.200 bs-k8s-master01 管理节点 2c2g
20.0.0.201    10.0.0.201 bs-k8s-master02 管理节点 2c2g
20.0.0.202    10.0.0.202 bs-k8s-master03 管理节点 2c2g
20.0.0.203    10.0.0.203 bs-k8s-node01 业务节点 2c2g
20.0.0.204    10.0.0.204 bs-k8s-node02 业务节点 2c2g
20.0.0.205    10.0.0.205 bs-k8s-node03 业务节点 2c2g
服务器准备  所有机器    以bs-k8s-master01为例
#关闭selinux/firewalld/iptables 
[root@bs-k8s-master01 ~]# setenforce 0 \
> && sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config \
> && getenforce
l -y iptables-services \
&& systemctl stop iptables \
&& systemctl disable iptables \
&& systemctl status iptablessetenforce: SELinux is disabled
[root@bs-k8s-master01 ~]# 
[root@bs-k8s-master01 ~]# systemctl stop firewalld \
> && systemctl daemon-reload \
> && systemctl disable firewalld \
> && systemctl daemon-reload \
> && systemctl status firewalld
[root@bs-k8s-master01 ~]# 
[root@bs-k8s-master01 ~]# yum install -y iptables-services \
> && systemctl stop iptables \
> && systemctl disable iptables \
> && systemctl status iptables
#添加host解析记录
[root@bs-k8s-master01 ~]# cat >> /etc/hosts <<EOF
> 20.0.0.200  bs-k8s-master01
> 20.0.0.201  bs-k8s-master02
> 20.0.0.202  bs-k8s-master03
> 20.0.0.203  bs-k8s-node01
> 20.0.0.204  bs-k8s-node02
> 20.0.0.205  bs-k8s-node03
> EOF
#更换阿里源
[root@bs-k8s-master01 ~]# cp -r /etc/yum.repos.d /etc/yum.repos.d.bak
[root@bs-k8s-master01 ~]# rm -f /etc/yum.repos.d/*.repo
[root@bs-k8s-master01 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo \
> && wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@bs-k8s-master01 ~]# yum clean all && yum makecache
#设置limits.conf
[root@bs-k8s-master01 ~]# cat >> /etc/security/limits.conf <<EOF
> # End of file
> * soft nproc 10240000
> * hard nproc 10240000
> * soft nofile 10240000
> * hard nofile 10240000
> EOF
#设置sysctl.conf
[root@bs-k8s-master01 ~]#[ ! -e "/etc/sysctl.conf_bk" ] && /bin/mv /etc/sysctl.conf{,_bk} \
&& cat > /etc/sysctl.conf << EOF
fs.file-max=1000000
fs.nr_open=20480000
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_max_syn_backlog = 16384
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_syncookies = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024 65000
#net.nf_conntrack_max = 6553500
#net.netfilter.nf_conntrack_max = 6553500
#net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
#net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_established = 3600
EOF

[root@bs-k8s-master01 ~]#sysctl -p
#配置时间同步
[root@bs-k8s-master01 ~]#ntpdate -u pool.ntp.org
[root@bs-k8s-master01 ~]#crontab -e       #加入定时任务
*/15 * * * * /usr/sbin/ntpdate -u pool.ntp.org >/dev/null 2>&1
#配置k8s.conf
[root@bs-k8s-master01 ~]#cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
#执行命令使其修改生效
[root@bs-k8s-master01 ~]#modprobe br_netfilter \
[root@bs-k8s-master01 ~]#&& sysctl -p /etc/sysctl.d/k8s.conf
#关闭交换分区
[root@bs-k8s-master01 ~]# swapoff -a
[root@bs-k8s-master01 ~]# yes | cp /etc/fstab /etc/fstab_bak
[root@bs-k8s-master01 ~]# cat /etc/fstab_bak |grep -v swap > /etc/fstab
#加载ipvs模块
[root@bs-k8s-master01 ~]#cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
[root@bs-k8s-master01 ~]#chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
#添加k8s yum源
[root@bs-k8s-master01 ~]#cat << EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#安装服务器必备软件
[root@bs-k8s-master01 ~]# yum -y install wget vim iftop iotop net-tools nmon telnet lsof iptraf nmap httpd-tools lrzsz mlocate ntp ntpdate strace libpcap nethogs iptraf iftop nmon bridge-utils bind-utils telnet nc nfs-utils rpcbind nfs-utils dnsmasq python python-devel  yum-utils device-mapper-persistent-data lvm2 tcpdump mlocate tree 
#添加docker源信息
[root@bs-k8s-master01 ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@bs-k8s-master01 ~]# yum list docker-ce --showduplicates | sort -r
[root@bs-k8s-master01 ~]# yum -y install docker-ce-18.06.3.ce-3.el7
#配置daemon.json文件
#获取镜像加速
#阿里云
#   打开网址:https://cr.console.aliyun.com/#/accelerator
#        注册、登录、设置密码
#        然后在页面上可以看到加速器地址,类似于:https://123abc.mirror.aliyuncs.com
#腾讯云(非腾讯云主机不可用)
#加速地址:https://mirror.ccs.tencentyun.com
[root@bs-k8s-master01 ~]# mkdir -p /etc/docker/ \
> && cat > /etc/docker/daemon.json << EOF
> {
>     "registry-mirrors":[
>         "https://c6ai9izk.mirror.aliyuncs.com"
>     ],
>     "max-concurrent-downloads":3,
>     "data-root":"/data/docker",
>     "log-driver":"json-file",
>     "log-opts":{
>         "max-size":"100m",
>         "max-file":"1"
>     },
>     "max-concurrent-uploads":5,
>     "storage-driver":"overlay2",
>     "storage-opts": [
>     "overlay2.override_kernel_check=true"
>   ]
> }
      "live-restore": true, 
   "exec-opts": [
        "native.cgroupdriver=systemd"
  ]
> EOF
[root@bs-k8s-master01 ~]# systemctl enable docker \
> && systemctl restart docker \
> && systemctl status docker
#使用kubeadm 部署kubernetes1.17.2
[root@bs-k8s-master01 ~]# yum list  kubelet kubeadm kubectl --showduplicates | sort -r
[root@bs-k8s-master01 ~]# yum install -y kubelet-1.17.2 kubeadm-1.17.2 kubectl-1.17.2 ipvsadm ipset
#设置kubelet开机自启动,注意:这一步不能直接执行 systemctl start kubelet,会报错,成功初始化完后kubelet会自动起来
[root@bs-k8s-master01 ~]# systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
[root@bs-k8s-master01 ~]# 
#kubectl 命令补全
[root@bs-k8s-master01 ~]# source /usr/share/bash-completion/bash_completion
[root@bs-k8s-master01 ~]# source <(kubectl completion bash)
[root@bs-k8s-master01 ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc

以下 无特殊说明 在bs-k8s-master01上操作
#免密钥登陆
[root@bs-k8s-master01 ~]# vim /service/scripts/ssh-cp.sh
##########################################################################
#Author:                     zisefeizhu
#QQ:                         2********0
#Date:                       2020-02-02
#FileName:                   /service/scripts/ssh-cp.sh
#URL:                        https://www.cnblogs.com/zisefeizhu/
#Description:                The test script
#Copyright (C):              2020 All rights reserved
##########################################################################
#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
export $PATH
#目标主机列表
IP="
20.0.0.200
bs-k8s-master01
20.0.0.201
bs-k8s-master02
20.0.0.202
bs-k8s-master03
20.0.0.203
bs-k8s-node01
20.0.0.204
bs-k8s-node02
20.0.0.205
bs-k8s-node03
"
for node in ${IP};do
  sshpass -p 1 ssh-copy-id  ${node}  -o StrictHostKeyChecking=no
  if [ $? -eq 0 ];then
    echo "${node} 秘钥copy完成"
  else
    echo "${node} 秘钥copy失败"
  fi
done
[root@bs-k8s-master01 ~]# ssh-keygen -t rsa
[root@bs-k8s-master01 ~]# sh /service/scripts/ssh-cp.sh 

#修改初始化配置
使用kubeadm config print init-defaults > kubeadm-init.yaml 打印出默认配置,然后在根据自己的环境修改配置
注意
需要修改advertiseAddress、controlPlaneEndpoint、imageRepository、serviceSubnet、kubernetesVersion
    advertiseAddress 为master01的ip
    controlPlaneEndpoint 为VIP+8443端口
    imageRepository 修改为阿里的源
    serviceSubnet 一段没有使用的IP段
    kubernetesVersion 和上一步的版本一致
[root@bs-k8s-master01 ~]# cd /data/
[root@bs-k8s-master01 data]# mkdir k8s
[root@bs-k8s-master01 data]# cd k8s/
[root@bs-k8s-master01 k8s]# ls
[root@bs-k8s-master01 k8s]# mkdir Initialisierung
[root@bs-k8s-master01 k8s]# cd Initialisierung/
[root@bs-k8s-master01 Initialisierung]# kubeadm config print init-defaults > kubeadm-init.yaml
W0202 16:04:55.195871    4006 validation.go:28] Cannot validate kube-proxy config - no validator is available
W0202 16:04:55.195969    4006 validation.go:28] Cannot validate kubelet config - no validator is available
[root@bs-k8s-master01 Initialisierung]# cp kubeadm-init.yaml{,.bak}
[root@bs-k8s-master01 Initialisierung]# diff kubeadm-init.yaml{,.bak}
12c12
<   advertiseAddress: 20.0.0.200
---
>   advertiseAddress: 1.2.3.4
26d25
< controlPlaneEndpoint: "20.0.0.250:8443"
33c32
< imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
---
> imageRepository: k8s.gcr.io
35c34
< kubernetesVersion: v1.17.2
---
> kubernetesVersion: v1.17.0
38d36
<   podSubnet: "10.209.0.0/16"

#预下载镜像
[root@bs-k8s-master01 Initialisierung]# kubeadm config images pull --config kubeadm-init.yaml
#初始化
[root@bs-k8s-master01 Initialisierung]# kubeadm config images pull --config kubeadm-init.yaml
W0202 16:15:50.198535    4055 validation.go:28] Cannot validate kube-proxy config - no validator is available
W0202 16:15:50.198633    4055 validation.go:28] Cannot validate kubelet config - no validator is available
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.17.2
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.17.2
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.17.2
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.17.2
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.3-0
[config/images] Pulled registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.6.5
[root@bs-k8s-master01 Initialisierung]# 
[root@bs-k8s-master01 Initialisierung]# kubeadm init --config kubeadm-init.yaml
W0202 16:17:51.926686    4259 validation.go:28] Cannot validate kube-proxy config - no validator is available
W0202 16:17:51.926769    4259 validation.go:28] Cannot validate kubelet config - no validator is available
[init] Using Kubernetes version: v1.17.2
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [bs-k8s-master01 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 20.0.0.200 20.0.0.250]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [bs-k8s-master01 localhost] and IPs [20.0.0.200 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [bs-k8s-master01 localhost] and IPs [20.0.0.200 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[endpoint] WARNING: port specified in controlPlaneEndpoint overrides bindPort in the controlplane address
[kubeconfig] Writing "admin.conf" kubeconfig file
[endpoint] WARNING: port specified in controlPlaneEndpoint overrides bindPort in the controlplane address
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[endpoint] WARNING: port specified in controlPlaneEndpoint overrides bindPort in the controlplane address
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[endpoint] WARNING: port specified in controlPlaneEndpoint overrides bindPort in the controlplane address
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
W0202 16:17:57.407938    4259 manifests.go:214] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[control-plane] Creating static Pod manifest for "kube-scheduler"
W0202 16:17:57.411148    4259 manifests.go:214] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 18.038392 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.17" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node bs-k8s-master01 as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node bs-k8s-master01 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: abcdef.0123456789abcdef
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[endpoint] WARNING: port specified in controlPlaneEndpoint overrides bindPort in the controlplane address
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:

  kubeadm join 20.0.0.250:8443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:ff9bd96896f749ddcb8597fb958eb38654fb64af89ed844076018bf9b2a6dfd3 \
    --control-plane 

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 20.0.0.250:8443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:ff9bd96896f749ddcb8597fb958eb38654fb64af89ed844076018bf9b2a6dfd3 
#为kubectl准备Kubeconfig文件
kubectl默认会在执行的用户家目录下面的.kube目录下寻找config文件。这里是将在初始化时[kubeconfig]步骤生成的admin.conf拷贝到.kube/config
[root@bs-k8s-master01 Initialisierung]#  mkdir -p $HOME/.kube
[root@bs-k8s-master01 Initialisierung]#   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@bs-k8s-master01 Initialisierung]#   sudo chown $(id -u):$(id -g) $HOME/.kube/config
在该配置文件中,记录了API Server的访问地址,所以后面直接执行kubectl命令就可以正常连接到API Server中
#查看组件
[root@bs-k8s-master01 Initialisierung]# kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-0               Healthy   {"health":"true"}   
[root@bs-k8s-master01 Initialisierung]# kubectl get nodes
NAME              STATUS     ROLES    AGE    VERSION
bs-k8s-master01   NotReady   master   5m3s   v1.17.2
#其他master节点部署
[root@bs-k8s-master01 Initialisierung]# vim /service/scripts/k8s-master-zhengshu.sh
[root@bs-k8s-master01 Initialisierung]# cat /service/scripts/k8s-master-zhengshu.sh
##########################################################################
#Author:                     zisefeizhu
#QQ:                         2********0
#Date:                       2020-02-02
#FileName:                   /service/scripts/k8s-master-zhengshu.sh
#URL:                        https://www.cnblogs.com/zisefeizhu/
#Description:                The test script
#Copyright (C):              2020 All rights reserved
##########################################################################
#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
export $PATH
USER=root
CONTROL_PLANE_IPS="bs-k8s-master02 bs-k8s-master03"
for host in ${CONTROL_PLANE_IPS}; do
    ssh "${USER}"@$host "mkdir -p /etc/kubernetes/pki/etcd"
    scp /etc/kubernetes/pki/ca.* "${USER}"@$host:/etc/kubernetes/pki/
    scp /etc/kubernetes/pki/sa.* "${USER}"@$host:/etc/kubernetes/pki/
    scp /etc/kubernetes/pki/front-proxy-ca.* "${USER}"@$host:/etc/kubernetes/pki/
    scp /etc/kubernetes/pki/etcd/ca.* "${USER}"@$host:/etc/kubernetes/pki/etcd/
    scp /etc/kubernetes/admin.conf "${USER}"@$host:/etc/kubernetes/
done

#bs-k8s-master02
[root@bs-k8s-master02 ~]# kubeadm join 20.0.0.250:8443 --token abcdef.0123456789abcdef \
>     --discovery-token-ca-cert-hash sha256:ff9bd96896f749ddcb8597fb958eb38654fb64af89ed844076018bf9b2a6dfd3 \
>     --control-plane
[root@bs-k8s-master02 ~]# mkdir -p $HOME/.kube
[root@bs-k8s-master02 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@bs-k8s-master02 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config

#bs-k8s-master03
[root@bs-k8s-master03 ~]# kubeadm join 20.0.0.250:8443 --token abcdef.0123456789abcdef \
>     --discovery-token-ca-cert-hash sha256:ff9bd96896f749ddcb8597fb958eb38654fb64af89ed844076018bf9b2a6dfd3 \
>     --control-plane
[root@bs-k8s-master02 ~]# mkdir -p $HOME/.kube
[root@bs-k8s-master02 ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@bs-k8s-master02 ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@bs-k8s-master01 ~]# kubectl get nodes
NAME              STATUS     ROLES    AGE    VERSION
bs-k8s-master01   NotReady   master   14m    v1.17.2
bs-k8s-master02   NotReady   master   91s    v1.17.2
bs-k8s-master03   NotReady   master   104s   v1.17.2

#node节点部署
[root@bs-k8s-node01 ~]# kubeadm join 20.0.0.250:8443 --token abcdef.0123456789abcdef \
>     --discovery-token-ca-cert-hash sha256:ff9bd96896f749ddcb8597fb958eb38654fb64af89ed844076018bf9b2a6dfd3
[root@bs-k8s-node02 ~]# kubeadm join 20.0.0.250:8443 --token abcdef.0123456789abcdef \
>     --discovery-token-ca-cert-hash sha256:ff9bd96896f749ddcb8597fb958eb38654fb64af89ed844076018bf9b2a6dfd3
[root@bs-k8s-node03 ~]# kubeadm join 20.0.0.250:8443 --token abcdef.0123456789abcdef \
>     --discovery-token-ca-cert-hash sha256:ff9bd96896f749ddcb8597fb958eb38654fb64af89ed844076018bf9b2a6dfd3

#部署网络插件calico
[root@bs-k8s-master01 ~]# cd /data/k8s/
[root@bs-k8s-master01 k8s]# ls
Initialisierung
[root@bs-k8s-master01 k8s]# mkdir yaml
[root@bs-k8s-master01 k8s]# cd yaml/
[root@bs-k8s-master01 yaml]# wget http://docs.projectcalico.org/v3.11/getting-started/kubernetes/installation/hosted/calico.yaml
[root@bs-k8s-master01 yaml]# cp calico.yaml{,.bak}
[root@bs-k8s-master01 yaml]# vim calico.yaml
[root@bs-k8s-master01 yaml]# diff calico.yaml{,.bak}
598c598
<               value: "10.209.0.0/16"
---
>               value: "192.168.0.0/16"
[root@bs-k8s-master01 yaml]# kubectl apply -f calico.yaml 

#查看节点状态
[root@bs-k8s-master01 yaml]# kubectl get nodes
NAME              STATUS   ROLES    AGE   VERSION
bs-k8s-master01   Ready    master   44m   v1.17.2
bs-k8s-master02   Ready    master   32m   v1.17.2
bs-k8s-master03   Ready    master   32m   v1.17.2
bs-k8s-node01     Ready    <none>   29m   v1.17.2
bs-k8s-node02     Ready    <none>   29m   v1.17.2
bs-k8s-node03     Ready    <none>   29m   v1.17.2

#kube-proxy开启ipvs[单个master节点执行]
修改ConfigMap的kube-system/kube-proxy中的config.conf,mode: "ipvs"      
[root@bs-k8s-master01 yaml]#kubectl edit cm kube-proxy -n kube-system
#重启各个节点上的kube-proxy pod
[root@bs-k8s-master01 yaml]# kubectl get pod -n kube-system | grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}'
pod "kube-proxy-57gm2" deleted
pod "kube-proxy-7gpws" deleted
pod "kube-proxy-8jb4x" deleted
pod "kube-proxy-lhqmg" deleted
pod "kube-proxy-s2t4s" deleted
pod "kube-proxy-smfv8" deleted
#查看kube-proxy pod状态
[root@bs-k8s-master01 yaml]#  kubectl get pod -n kube-system | grep kube-proxy
kube-proxy-2wks8                           1/1     Running            0          46s
kube-proxy-7jr5q                           1/1     Running            0          33s
kube-proxy-7qzz8                           1/1     Running            0          55s
kube-proxy-cgz5z                           1/1     Running            0          37s
kube-proxy-fxxxs                           1/1     Running            0          49s
kube-proxy-lc9gt                           1/1     Running            0          59s
#查看是否开启了ivs
[root@bs-k8s-master01 yaml]# kubectl logs kube-proxy-2wks8 -n kube-system
I0202 09:10:37.049020       1 node.go:135] Successfully retrieved node IP: 20.0.0.201
I0202 09:10:37.049089       1 server_others.go:172] Using ipvs Proxier.
W0202 09:10:37.049375       1 proxier.go:420] IPVS scheduler not specified, use rr by default
I0202 09:10:37.049560       1 server.go:571] Version: v1.17.2
I0202 09:10:37.049979       1 conntrack.go:52] Setting nf_conntrack_max to 131072
I0202 09:10:37.050282       1 config.go:313] Starting service config controller
I0202 09:10:37.050303       1 shared_informer.go:197] Waiting for caches to sync for service config
I0202 09:10:37.050409       1 config.go:131] Starting endpoints config controller
I0202 09:10:37.050443       1 shared_informer.go:197] Waiting for caches to sync for endpoints config
I0202 09:10:37.157807       1 shared_informer.go:204] Caches are synced for endpoints config 
I0202 09:10:37.162308       1 shared_informer.go:204] Caches are synced for service config 
日志中打印出了Using ipvs Proxier,说明ipvs模式已经开启

#查看ipvs 状态
[root@bs-k8s-master01 yaml]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.96.0.1:443 rr
  -> 20.0.0.200:6443              Masq    1      0          0         
  -> 20.0.0.201:6443              Masq    1      0          0         
  -> 20.0.0.202:6443              Masq    1      0          0         
TCP  10.96.0.10:53 rr
  -> 10.209.194.129:53            Masq    1      0          0         
  -> 10.209.194.130:53            Masq    1      0          0         
TCP  10.96.0.10:9153 rr
  -> 10.209.194.129:9153          Masq    1      0          0         
  -> 10.209.194.130:9153          Masq    1      0          0         
UDP  10.96.0.10:53 rr
  -> 10.209.194.129:53            Masq    1      0          0         
  -> 10.209.194.130:53            Masq    1      0          0      
  
[root@hs-k8s-master01 calico-3.11]# wget https://docs.projectcalico.org/v3.11/manifests/calico.yam^C
[root@hs-k8s-master01 calico-3.11]# kubectl apply -f calico.yaml 
^C^C^C^C^C^C^C[root@hs-k8s-master01 calico-3.11]# ^C
[root@hs-k8s-master01 calico-3.11]# ls
calico.yaml  calico.yaml.bak
[root@hs-k8s-master01 calico-3.11]# free -h
              total        used        free      shared  buff/cache   available
Mem:           2.9G        806M        1.1G        1.1M        1.0G        1.8G
Swap:            0B          0B          0B
[root@hs-k8s-master01 calico-3.11]# kubectl apply -f calico.yaml 
configmap/calico-config created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created





[root@hs-k8s-master01 ~]# kubectl get pods -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-5b644bc49c-wdssd   1/1     Running   0          18m
calico-node-bjtbm                          1/1     Running   0          18m
calico-node-c4hfp                          1/1     Running   7          18m
calico-node-m5vz7                          1/1     Running   4          18m
calico-node-pvkdn                          1/1     Running   1          18m
calico-node-qmfz8                          1/1     Running   2          18m
calico-node-sbgfk                          1/1     Running   1          18m
coredns-7f9c544f75-b7ksm                   1/1     Running   0          66m
coredns-7f9c544f75-gg4rm                   1/1     Running   0          66m
etcd-bs-k8s-master02                       1/1     Running   4          58m
etcd-bs-k8s-master03                       1/1     Running   8          59m
etcd-hs-k8s-master01                       1/1     Running   6          66m
kube-apiserver-bs-k8s-master02             1/1     Running   12         58m
kube-apiserver-bs-k8s-master03             1/1     Running   12         59m
kube-apiserver-hs-k8s-master01             1/1     Running   10         66m
kube-controller-manager-bs-k8s-master02    1/1     Running   6          57m
kube-controller-manager-bs-k8s-master03    1/1     Running   6          59m
kube-controller-manager-hs-k8s-master01    1/1     Running   5          66m
kube-proxy-2cffl                           1/1     Running   2          58m
kube-proxy-d95pz                           1/1     Running   2          63m
kube-proxy-j6hxc                           1/1     Running   2          59m
kube-proxy-kgwll                           1/1     Running   2          62m
kube-proxy-lbh7v                           1/1     Running   2          62m
kube-proxy-vfvzl                           1/1     Running   2          66m
kube-scheduler-bs-k8s-master02             1/1     Running   6          58m
kube-scheduler-bs-k8s-master03             1/1     Running   6          59m
kube-scheduler-hs-k8s-master01             1/1     Running   4          66m



测试
[root@hs-k8s-master01 ~]# kubectl run nginx --image=nginx:1.14 --replicas=2
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/nginx created
[root@hs-k8s-master01 ~]# kubectl get pods  -o wide
NAME                     READY   STATUS    RESTARTS   AGE    IP             NODE            NOMINATED NODE   READINESS GATES
nginx-5cf565498c-q8fzl   1/1     Running   0          112s   10.209.46.65   bs-k8s-node01   <none>           <none>
nginx-5cf565498c-z2c2m   1/1     Running   0          112s   10.209.208.1   bs-k8s-node03   <none>           <none>

[root@hs-k8s-master01 ~]# curl 10.209.46.65
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>


#测试dns
[root@hs-k8s-master01 ~]# kubectl run curl --image=radial/busyboxplus:curl -it
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
If you don't see a command prompt, try pressing enter.
[ root@curl-69c656fd45-sc55l:/ ]$ nslookup kubernetes.default
Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes.default
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local

 

posted @ 2020-02-16 19:57  紫色飞猪  阅读(1147)  评论(0编辑  收藏  举报