<返回更多

Kubernetes集群

2022-10-07  今日头条  Iliuhu
加入收藏

Kube.NETes下载

K8S官网下载最新版本即可

Kubernetes前期准备工作

关闭防火墙

systemctl disable --now firewalld

关闭selinux和开机自启动

setenforce 0
# vi /etc/sysconfig/selinux 

# 修改内容
SELINUX=disabled

关闭swap

swapoff -a && sysctl -w vm.swAppiness=0

vi /etc/fstab

 

 

如果感觉centos8使用的同步时间不习惯,可安装ntpdate

yum install -y ntpdate

服务器同步时间

ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' > /etc/timezone
ntpdate time2.aliyun.com
# 开机自启动
# crontab -e 
*/5 * * * * ntpdate time2.aliyun.com

# vi /etc/rc.local
ntpdate time2.aliyun.com

配置limit

# 临时设置

ulimit -SHn 65535
# 永久设置
#  vi /etc/sercurity/limit.conf

* soft nofile 65535
* hard nofile 65535

选一台Master节点设置免钥登录其他节点且需要单独一台kubectl服务器

ssh-keygen -t rsa

for i in k8s-master01 k8s-master02 k8s-master03 k8s-node01 k8s-node02;do ssh-copy-id -i .ssh/id_rsa.pub $i;done

配置使用的是国内仓库源,将其复制到所有节点

git clone https://github.com/dotbalo/k8s-ha-install.git
cat <<EOF > /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
       http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

安装ipvsadm

yum install ipvsadm ipset sysstat conntrack libseccomp -y

所有节点配置ipv模块

modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4

IPVS开机自启动

# vi /etc/modules-load.d/ipvs.conf

ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack_ipv4
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
systemctl enable --now systemd-modules-load.service

验证ipvs是否加载

lsmod | grep -e ip_vs -e nf_conntrack_ipv4

创建k8s.conf文件

$ cd /etc/sysctl.d
$ vim k8s.conf
>>
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0

# 使得配置文件生效
$ modprobe br_netfilter
$ sysctl -p /etc/sysctl.d/k8s.conf

Kubernetes高可用集群的环境要求

主机名

IP地址

说明

k8s-master01

192.168.2.XX0

master节点

k8s-master02

192.168.2.XX1

master节点

k8s-master03

192.168.2.XX2

master节点

k8s-master-lb

192.168.2.XX5

keepalived虚拟IP

k8s-node01

192.168.2.XX3

worker节点

k8s-node02

192.168.2.XX4

worker节点

kubeadm组件安装

# 查看kubeadm、kubectl、kubelet版本
$ yum list kubeadm --showduplicates
$ yum list kubectl --showduplicates
$ yum list kubelet --showduplicates

$ yum install kubeadm -y # 安装最新版本且依赖的组件也会安装

修改pause默认镜像

$ Docker_CGROUPS=$(docker info | grep 'Cgroup Driver' | cut -d' ' -f4)

$ cat >/etc/sysconfig/kubelet <<EOF
KUBELET_KUBEADM_ARGS="--cgroup-driver=$DOCKER_CGROUPS --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1"
EOF

kubelet开机自启动

systemctl daemon-reload
systemctl enable --now kubelet

高可用组件安装

# k8s-master01、k8s-master02、k8s-master03安装即可
yum install -y keepalived haproxy
$ vi /etc/haproxy/haproxy.cfg 

>>
  
global
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s

defaults
  log global
  mode  http
  option  httplog
  timeout connect 5000
  timeout client  50000
  timeout server  50000
  timeout http-request 15s
  timeout http-keep-alive 15s

frontend monitor-in
  bind *:33305
  mode http
  option httplog
  monitor-uri /monitor

listen stats
  bind  *:8006
  mode  http
  stats enable
  stats hide-version
  stats uri     /stats
  stats refresh 30s
  stats realm   Haproxy Statistics
  stats auth    admin:admin

frontend k8s-master
  bind 0.0.0.0:16443
  bind 127.0.0.1:16443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master

backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
  server k8s-master01    192.168.2.200:6443  check
  server k8s-master02    192.168.2.201:6443  check
  server k8s-master03    192.168.2.202:6443  check
$ vi /etc/keepalived/keepalived.conf

>>

global_defs {
   router_id LVS_DEVEL
}

vrrp_script chk_apiserver {
        script "/etc/keepalived/check_apiserver.sh"
        interval 2
        weight  -5
        fall    3
        rise    2
}

vrrp_instance VI_1{
        state           MASTER	# 一主(MASTER)两从(BACKUP)
        interface       ens33
        mcast_src_ip    192.168.2.200 #所在主机IP 192.168.2.200、192.168.2.201、192.168.2.202
        virtual_router_id       51
        priority        100 	# 需修改100、101、102
        advert_int      2
        authentication {
                auth_type       PASS
                auth_pass       K8S
        }
        virtual_ipaddress {
                192.168.2.205
        }
        #track_script {
        #       chk_apiserver
        # }
}
# k8s-master01、k8s-master02、k8s-master03配置健康检查

$ vi /etc/keepalived/check_apiserver.sh

>>
  
# !/bin/bash

err=0
for k in $(seq 1 5)
do
  check_code=$(pgrep kube-apiserver)
  if [[ $check_code == "" ]]; then
        err=$(expr $err + 1)
        sleep 5 
        continue
  else  
        err=0   
        break   
  fi    
done

if [[ $err != "0" ]]; then   
  echo "systemctl stop keepalived"
  /usr/bin/systemctl stop keepalived
  exit 1
else
  exit 0
fi
# 启动haproxy和keepalived

systemctl enable --now haproxy
systemctl enable --now keepalived

Kubeadm集群初始化

# 只有master01和初始化的时候才使用
$ vi kubeadm-config.yaml
声明:本站部分内容来自互联网,如有版权侵犯或其他问题请与我们联系,我们将立即删除或处理。
▍相关推荐
更多资讯 >>>