Kube.NETes下載
K8S官網下載最新版本即可
Kubernetes前期準備工作
關閉防火墻
systemctl disable --now firewalld
關閉selinux和開機自啟動
setenforce 0
# vi /etc/sysconfig/selinux
# 修改內容
SELINUX=disabled
關閉swap
swapoff -a && sysctl -w vm.swAppiness=0
vi /etc/fstab
如果感覺centos8使用的同步時間不習慣,可安裝ntpdate
yum install -y ntpdate
服務器同步時間
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' > /etc/timezone
ntpdate time2.aliyun.com
# 開機自啟動
# crontab -e
*/5 * * * * ntpdate time2.aliyun.com
# vi /etc/rc.local
ntpdate time2.aliyun.com
配置limit
# 臨時設置
ulimit -SHn 65535
# 永久設置
# vi /etc/sercurity/limit.conf
* soft nofile 65535
* hard nofile 65535
選一臺Master節點設置免鑰登錄其他節點且需要單獨一臺kubectl服務器
ssh-keygen -t rsa
for i in k8s-master01 k8s-master02 k8s-master03 k8s-node01 k8s-node02;do ssh-copy-id -i .ssh/id_rsa.pub $i;done
配置使用的是國內倉庫源,將其復制到所有節點
git clone https://github.com/dotbalo/k8s-ha-install.git
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
安裝ipvsadm
yum install ipvsadm ipset sysstat conntrack libseccomp -y
所有節點配置ipv模塊
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
IPVS開機自啟動
# vi /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack_ipv4
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
systemctl enable --now systemd-modules-load.service
驗證ipvs是否加載
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
創建k8s.conf文件
$ cd /etc/sysctl.d
$ vim k8s.conf
>>
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
# 使得配置文件生效
$ modprobe br_netfilter
$ sysctl -p /etc/sysctl.d/k8s.conf
Kubernetes高可用集群的環境要求
|
主機名 |
IP地址 |
說明 |
|
k8s-master01 |
192.168.2.XX0 |
master節點 |
|
k8s-master02 |
192.168.2.XX1 |
master節點 |
|
k8s-master03 |
192.168.2.XX2 |
master節點 |
|
k8s-master-lb |
192.168.2.XX5 |
keepalived虛擬IP |
|
k8s-node01 |
192.168.2.XX3 |
worker節點 |
|
k8s-node02 |
192.168.2.XX4 |
worker節點 |
kubeadm組件安裝
# 查看kubeadm、kubectl、kubelet版本
$ yum list kubeadm --showduplicates
$ yum list kubectl --showduplicates
$ yum list kubelet --showduplicates
$ yum install kubeadm -y # 安裝最新版本且依賴的組件也會安裝
修改pause默認鏡像
$ Docker_CGROUPS=$(docker info | grep 'Cgroup Driver' | cut -d' ' -f4)
$ cat >/etc/sysconfig/kubelet <<EOF
KUBELET_KUBEADM_ARGS="--cgroup-driver=$DOCKER_CGROUPS --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1"
EOF
kubelet開機自啟動
systemctl daemon-reload
systemctl enable --now kubelet
高可用組件安裝
# k8s-master01、k8s-master02、k8s-master03安裝即可
yum install -y keepalived haproxy
$ vi /etc/haproxy/haproxy.cfg
>>
global
maxconn 2000
ulimit-n 16384
log 127.0.0.1 local0 err
stats timeout 30s
defaults
log global
mode http
option httplog
timeout connect 5000
timeout client 50000
timeout server 50000
timeout http-request 15s
timeout http-keep-alive 15s
frontend monitor-in
bind *:33305
mode http
option httplog
monitor-uri /monitor
listen stats
bind *:8006
mode http
stats enable
stats hide-version
stats uri /stats
stats refresh 30s
stats realm Haproxy Statistics
stats auth admin:admin
frontend k8s-master
bind 0.0.0.0:16443
bind 127.0.0.1:16443
mode tcp
option tcplog
tcp-request inspect-delay 5s
default_backend k8s-master
backend k8s-master
mode tcp
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server k8s-master01 192.168.2.200:6443 check
server k8s-master02 192.168.2.201:6443 check
server k8s-master03 192.168.2.202:6443 check
$ vi /etc/keepalived/keepalived.conf
>>
global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 2
weight -5
fall 3
rise 2
}
vrrp_instance VI_1{
state MASTER # 一主(MASTER)兩從(BACKUP)
interface ens33
mcast_src_ip 192.168.2.200 #所在主機IP 192.168.2.200、192.168.2.201、192.168.2.202
virtual_router_id 51
priority 100 # 需修改100、101、102
advert_int 2
authentication {
auth_type PASS
auth_pass K8S
}
virtual_ipaddress {
192.168.2.205
}
#track_script {
# chk_apiserver
# }
}
# k8s-master01、k8s-master02、k8s-master03配置健康檢查
$ vi /etc/keepalived/check_apiserver.sh
>>
# !/bin/bash
err=0
for k in $(seq 1 5)
do
check_code=$(pgrep kube-apiserver)
if [[ $check_code == "" ]]; then
err=$(expr $err + 1)
sleep 5
continue
else
err=0
break
fi
done
if [[ $err != "0" ]]; then
echo "systemctl stop keepalived"
/usr/bin/systemctl stop keepalived
exit 1
else
exit 0
fi
# 啟動haproxy和keepalived
systemctl enable --now haproxy
systemctl enable --now keepalived
Kubeadm集群初始化
# 只有master01和初始化的時候才使用
$ vi kubeadm-config.yaml
