跳至主要內容

k8s安装-kubeadm

张海军容器技术kubernetes介绍kubernetes大约 6 分钟

官网地址

环境准备

## 更改yum源
yum install -y vim  wget
rm -rf /etc/yum.repos.d/CentOS-Base.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache && yum repolist && yum update

## 升级Linux内核版本
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install -y kernel-lt
rpm -qa | grep kernel
# 查看默认启动项
awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg
# 设置开机从新内核启动 第一个
grub2-set-default 0
# 注意:设置完内核后,需要重启服务器才会生效。
reboot
# 查询内核 4.4.249-1.el7.elrepo.x86_64
uname -r

## 通过 yum remove 命令(可选)
# 查看系统安装了哪些内核包
rpm -qa | grep kernel
# 使用yum remove 或rpm -e 删除无用内核 3.x相关的都可以删除
yum remove kernel-tools-3.10.0-1127.el7.x86_64 kernel-3.10.0-1127.el7.x86_64 kernel-tools-libs-3.10.0-1127.el7.x86_64

# 关闭SELINUX 永久关闭需要修改SELINUX的配置文件
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
# 配置ulimit
ulimit -SHn 65535
cat >> /etc/security/limits.conf <<EOF
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* seft memlock unlimited
* hard memlock unlimitedd
EOF

## 时间同步
yum -y install ntp ntpdate
ntpdate cn.pool.ntp.org
hwclock --systohc
hwclock -w
# 时区不对的更改时区
mv /etc/localtime /etc/localtime.bak
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
date

## 安装依赖环境
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git iproute lrzsz bash-completion tree bridge-utils unzip bind-utils gcc lsof

## 防⽕墙配置
systemctl disable --now firewalld
systemctl stop firewalld && systemctl disable firewalld
yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
# 关闭系统不需要的服务
systemctl stop postfix && systemctl disable postfix

## 禁⽤交换分区 关闭swap分区【虚拟内存】并且永久关闭虚拟内存
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
swapoff -a && sysctl -w vm.swappiness=0

# 设置日志保存方式
mkdir /var/log/journal
mkdir /etc/systemd/journald.conf.d
cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
[Journal]
Storage=persistent
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
SystemMaxUse=10G
SystemMaxFileSize=200M
MaxRetentionSec=2week
ForwardToSyslog=no
EOF
systemctl restart systemd-journald && systemctl status systemd-journald

## 系统优化参数
modprobe br_netfilter
cat > /root/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
# 将优化内核文件拷贝到/etc/sysctl.d/文件夹下,这样优化文件开机的时候能够被调用
cp -avf /root/kubernetes.conf /etc/sysctl.d/kubernetes.conf
# 手动刷新,让优化文件立即生效
sysctl -p /etc/sysctl.d/kubernetes.conf
## /proc/sys/net/netfilter/nf_conntrack_max: No such file or directory 请执行 modprobe ip_conntrack

# kube-proxy 开启 ipvs 前置条件
modprobe br_netfilter
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
# 使用lsmod命令查看这些文件是否被引导
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

节点规划

## 三台机器上分别执行
hostnamectl set-hostname k8s-master-96
hostnamectl set-hostname k8s-node-95
hostnamectl set-hostname k8s-node-94

## 三台机器上加入到hosts文件
cat <<EOF >> /etc/hosts

192.168.20.96 k8s-master-96
192.168.20.95 k8s-node-95
192.168.20.94 k8s-node-94
EOF

docker 安装

## 卸载docker
systemctl stop docker.socket && systemctl stop docker.service
yum list installed |grep docker
# 删除上面查询的结果
yum -y remove docker-ce.x86_64
rpm -qa |grep docker
rm -rf /var/lib/docker

## 安装依赖环境
yum install -y yum-utils device-mapper-persistent-data lvm2
## 添加软件源信息
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
## 查找docker软件版本
yum list docker-ce.x86_64 --showduplicates | sort -r
## 指定版本docker-ce 稳定版本
yum install -y docker-ce-19.03.9-3.el7
## 设置docker daemon.json⽂件,源地址,存储⽬录,⽇志规则,存储⽅式
mkdir -p /etc/docker && cat > /etc/docker/daemon.json <<EOF
{
 "registry-mirrors": ["https://zxpi33fv.mirror.aliyuncs.com","http://docker.devops.tr","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],
 "insecure-registries": ["docker.devops.tr"],
 "exec-opts": ["native.cgroupdriver=systemd"],
 "log-driver": "json-file",
 "log-opts": {"max-size": "100m"},
 "storage-driver": "overlay2",
 "storage-opts": ["overlay2.override_kernel_check=true"]
}
EOF
systemctl enable docker && systemctl daemon-reload && systemctl restart docker && systemctl status docker

Kubernetes-安装

## 下载阿⾥云的k8s源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg  https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
## 查看仓库软件⽀持版本
yum list kubelet --showduplicates | sort -r
## 指定版本进⾏部署,(所有节点全部进⾏此操作)
yum -y install kubelet-1.20.6 kubeadm-1.20.6 kubectl-1.20.6
## 为了实现docker使用的cgroupdriver与kubelet使用的cgroup的一致性,建议修改如下文件内容。
# vim /etc/sysconfig/kubelet
# KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
## 将kubelet设置为开机⾃启动
systemctl enable kubelet && systemctl start kubelet && systemctl status kubelet
## 查看日志 服务不正常先不用管,初始化节点完毕就可以了
journalctl -xefu kubelet

Kubernetes-主节点

## 初始化Master
kubeadm init \
  --kubernetes-version=v1.20.6 \
  --image-repository=registry.aliyuncs.com/google_containers \
  --pod-network-cidr=10.244.0.0/16 \
  --service-cidr=10.96.0.0/12 \
  --ignore-preflight-errors=Swap
## 初始化后执⾏提示的命令,如下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
## 下面这个不执行,要保存,从节点需要
kubeadm join 192.168.20.96:6443 --token pd4vie.ubvalbx3l3s3sirg \
    --discovery-token-ca-cert-hash sha256:5b83e7f22065bd29adaa59398a1df0cea8ef86ab6ab284620985a53ef3b14ebf
## 初始化完成查看节点的状态,为notready,这时状态是应为⽹络插件为安装
kubectl get nodes
## flannel插件
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
## 再次查看node信息Ready即可,可能需要等一会
kubectl get nodes
## 查看系统名称空间,下的k8s核⼼组件运⾏状态
kubectl get pod -n kube-system

Kubernetes-从节点

## 初始化 执行master节点初始化的结果输出 参考上面
kubeadm join 192.168.20.96:6443 --token pd4vie.ubvalbx3l3s3sirg \
    --discovery-token-ca-cert-hash sha256:5b83e7f22065bd29adaa59398a1df0cea8ef86ab6ab284620985a53ef3b14ebf
## 查看集群运⾏状态,到此安装完成
kubectl get nodes -o wide
## token丢失了,可以使⽤如下命令来重新⽣成
#kubeadm token create --print-join-command

## 报错解决: localhost:8080 was refused - did you specify the right host or
## 从主节点拷贝到从节点
scp -r /etc/kubernetes/admin.conf root@192.168.10.95:/etc/kubernetes/admin.conf
scp -r /etc/kubernetes/admin.conf root@192.168.10.94:/etc/kubernetes/admin.conf
## 添加到环境变量
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile && source ~/.bash_profile
## 查看运行情况
kubectl get pod -o wide -n kube-system
## K8S安装完毕

NFS 安装

为安装kubesphere做准备,参考:https://kubesphere.io/zh/docs/installing-on-kubernetes/introduction/prerequisites/open in new window
Kubernetes 集群已配置默认StorageClass(请使用 kubectl get sc 进行确认)。

## 提示 No resources found in default namespace.
kubectl get storageclass

## 在K8S主节点安装NFS-Server
yum -y install nfs-utils
cat <<EOF >> /etc/exports
/nfs/data *(rw,sync,no_root_squash)
EOF
# 创建共享⽬录
mkdir -p /nfs/data
systemctl start rpcbind && systemctl enable rpcbind && systemctl status rpcbind
systemctl start nfs-server && systemctl enable nfs-server && systemctl status nfs-server
# 查看是否挂载成功
showmount -e
## 下载安装⽂件
mkdir /root/nfsvolume && cd /root/nfsvolume
# 在command最后加入 - --feature-gates=RemoveSelfLink=false
vi /etc/kubernetes/manifests/kube-apiserver.yaml
## (推荐 修改过的)http://git.devops.tr/bedrock/bedrock-deploy/-/tree/main/kubernetes/nfs
## (参考 可以不下载)https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/tree/master/deploy
## 将 class.yaml、deployment.yaml、rbac.yaml 这个三个文件拷贝到目录中
## 在deployment.yaml中修改nfs的ip与⽂件⽬录
kubectl create -f rbac.yaml -f deployment.yaml -f class.yaml
## 成功runing即可
kubectl get pod -n storage

## 在K8S从节点安装NFS-Client
yum -y install nfs-utils
systemctl start nfs-utils && systemctl enable nfs-utils && systemctl status nfs-utils
rpcinfo -p
## 测试挂载到nfs-server上去
mkdir -p /data && mount -t nfs 192.168.20.96:/nfs/data /data

## 安装之后,在K8S主节点操作
kubectl get pod
## managed-nfs-storage 运行正常(Running)后执行下面
kubectl get storageclass
## 设置为默认SC
kubectl patch storageclass nfs-storage -p '{"metadata":{"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
kubectl get sc

安装 kubesphere

安装前准备: https://kubesphere.io/zh/docs/installing-on-kubernetes/introduction/prerequisites/open in new window

参考官方文档: https://kubesphere.io/zh/docs/quick-start/minimal-kubesphere-on-k8s/open in new window

## 执行以下命令开始安装
wget https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/kubesphere-installer.yaml
wget https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/cluster-configuration.yaml
kubectl apply -f kubesphere-installer.yaml
kubectl apply -f cluster-configuration.yaml
## 检查安装日志
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
## 查看所有 Pod 是否在 KubeSphere 的相关命名空间中正常运行
kubectl get pod --all-namespaces
## 使用默认帐户和密码 (admin/P@88w0rd) 访问 http://192.168.20.96:30880
kubectl get svc/ks-console -n kubesphere-system

卸载 kubesphere

## 参考官网地址: https://kubesphere.io/zh/docs/installing-on-kubernetes/uninstall-kubesphere-from-k8s/
wget https://raw.githubusercontent.com/kubesphere/ks-installer/release-3.1/scripts/kubesphere-delete.sh
sh kubesphere-delete.sh