Kube.NETes下载
K8S官网下载最新版本即可
Kubernetes前期准备工作
关闭防火墙
systemctl disable --now firewalld
关闭selinux和开机自启动
setenforce 0
# vi /etc/sysconfig/selinux
# 修改内容
SELINUX=disabled
关闭swap
swapoff -a && sysctl -w vm.swAppiness=0
vi /etc/fstab
如果感觉centos8使用的同步时间不习惯,可安装ntpdate
yum install -y ntpdate
服务器同步时间
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' > /etc/timezone
ntpdate time2.aliyun.com
# 开机自启动
# crontab -e
*/5 * * * * ntpdate time2.aliyun.com
# vi /etc/rc.local
ntpdate time2.aliyun.com
配置limit
# 临时设置
ulimit -SHn 65535
# 永久设置
# vi /etc/sercurity/limit.conf
* soft nofile 65535
* hard nofile 65535
选一台Master节点设置免钥登录其他节点且需要单独一台kubectl服务器
ssh-keygen -t rsa
for i in k8s-master01 k8s-master02 k8s-master03 k8s-node01 k8s-node02;do ssh-copy-id -i .ssh/id_rsa.pub $i;done
配置使用的是国内仓库源,将其复制到所有节点
git clone https://github.com/dotbalo/k8s-ha-install.git
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
安装ipvsadm
yum install ipvsadm ipset sysstat conntrack libseccomp -y
所有节点配置ipv模块
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
IPVS开机自启动
# vi /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack_ipv4
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
systemctl enable --now systemd-modules-load.service
验证ipvs是否加载
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
创建k8s.conf文件
$ cd /etc/sysctl.d
$ vim k8s.conf
>>
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
# 使得配置文件生效
$ modprobe br_netfilter
$ sysctl -p /etc/sysctl.d/k8s.conf
Kubernetes高可用集群的环境要求
主机名 |
IP地址 |
说明 |
k8s-master01 |
192.168.2.XX0 |
master节点 |
k8s-master02 |
192.168.2.XX1 |
master节点 |
k8s-master03 |
192.168.2.XX2 |
master节点 |
k8s-master-lb |
192.168.2.XX5 |
keepalived虚拟IP |
k8s-node01 |
192.168.2.XX3 |
worker节点 |
k8s-node02 |
192.168.2.XX4 |
worker节点 |
kubeadm组件安装
# 查看kubeadm、kubectl、kubelet版本
$ yum list kubeadm --showduplicates
$ yum list kubectl --showduplicates
$ yum list kubelet --showduplicates
$ yum install kubeadm -y # 安装最新版本且依赖的组件也会安装
修改pause默认镜像
$ Docker_CGROUPS=$(docker info | grep 'Cgroup Driver' | cut -d' ' -f4)
$ cat >/etc/sysconfig/kubelet <<EOF
KUBELET_KUBEADM_ARGS="--cgroup-driver=$DOCKER_CGROUPS --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.1"
EOF
kubelet开机自启动
systemctl daemon-reload
systemctl enable --now kubelet
高可用组件安装
# k8s-master01、k8s-master02、k8s-master03安装即可
yum install -y keepalived haproxy
$ vi /etc/haproxy/haproxy.cfg
>>
global
maxconn 2000
ulimit-n 16384
log 127.0.0.1 local0 err
stats timeout 30s
defaults
log global
mode http
option httplog
timeout connect 5000
timeout client 50000
timeout server 50000
timeout http-request 15s
timeout http-keep-alive 15s
frontend monitor-in
bind *:33305
mode http
option httplog
monitor-uri /monitor
listen stats
bind *:8006
mode http
stats enable
stats hide-version
stats uri /stats
stats refresh 30s
stats realm Haproxy Statistics
stats auth admin:admin
frontend k8s-master
bind 0.0.0.0:16443
bind 127.0.0.1:16443
mode tcp
option tcplog
tcp-request inspect-delay 5s
default_backend k8s-master
backend k8s-master
mode tcp
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server k8s-master01 192.168.2.200:6443 check
server k8s-master02 192.168.2.201:6443 check
server k8s-master03 192.168.2.202:6443 check
$ vi /etc/keepalived/keepalived.conf
>>
global_defs {
router_id LVS_DEVEL
}
vrrp_script chk_apiserver {
script "/etc/keepalived/check_apiserver.sh"
interval 2
weight -5
fall 3
rise 2
}
vrrp_instance VI_1{
state MASTER # 一主(MASTER)两从(BACKUP)
interface ens33
mcast_src_ip 192.168.2.200 #所在主机IP 192.168.2.200、192.168.2.201、192.168.2.202
virtual_router_id 51
priority 100 # 需修改100、101、102
advert_int 2
authentication {
auth_type PASS
auth_pass K8S
}
virtual_ipaddress {
192.168.2.205
}
#track_script {
# chk_apiserver
# }
}
# k8s-master01、k8s-master02、k8s-master03配置健康检查
$ vi /etc/keepalived/check_apiserver.sh
>>
# !/bin/bash
err=0
for k in $(seq 1 5)
do
check_code=$(pgrep kube-apiserver)
if [[ $check_code == "" ]]; then
err=$(expr $err + 1)
sleep 5
continue
else
err=0
break
fi
done
if [[ $err != "0" ]]; then
echo "systemctl stop keepalived"
/usr/bin/systemctl stop keepalived
exit 1
else
exit 0
fi
# 启动haproxy和keepalived
systemctl enable --now haproxy
systemctl enable --now keepalived
Kubeadm集群初始化
# 只有master01和初始化的时候才使用
$ vi kubeadm-config.yaml