K8S搭建

1. 基础环境

#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld# 修改 hostname
hostnamectl set-hostname k8s-01
hostnamectl status
# 设置 hostname 解析
echo "127.0.0.1   $(hostname)" >> /etc/hosts#关闭 selinux： 
sed -i 's/enforcing/disabled/' /etc/selinux/config
setenforce 0#关闭 swap：
swapoff -a  
sed -ri 's/.*swap.*/#&/' /etc/fstab 

2. docker环境

sudo yum remove docker*
sudo yum install -y yum-utils
#配置docker yum 源
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo#安装docker 19.03.9
yum install -y docker-ce-3:19.03.9-3.el7.x86_64  docker-ce-cli-3:19.03.9-3.el7.x86_64 containerd.io#安装docker 19.03.9   docker-ce  19.03.9
yum install -y docker-ce-19.03.9-3  docker-ce-cli-19.03.9 containerd.io#启动服务
systemctl start docker
systemctl enable docker#配置加速
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{"registry-mirrors": ["https://docker.registry.cyou","https://docker-cf.registry.cyou","https://dockercf.jsdelivr.fyi","https://docker.jsdelivr.fyi","https://dockertest.jsdelivr.fyi","https://mirror.aliyuncs.com","https://dockerproxy.com","https://mirror.baidubce.com","https://docker.m.daocloud.io","https://docker.nju.edu.cn","https://docker.mirrors.sjtug.sjtu.edu.cn","https://docker.mirrors.ustc.edu.cn","https://mirror.iscas.ac.cn","https://docker.rainbond.cc"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

3. 安装k8s核心（都执行）

# 配置K8S的yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttp://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF# 卸载旧版本
yum remove -y kubelet kubeadm kubectl# 查看可以安装的版本
yum list kubelet --showduplicates | sort -r# 安装kubelet、kubeadm、kubectl 指定版本
yum install -y kubelet-1.21.0 kubeadm-1.21.0 kubectl-1.21.0# 开机启动kubelet
systemctl enable kubelet && systemctl start kubelet

4. 初始化master节点

####封装成images.sh文件
#!/bin/bash
images=(kube-apiserver:v1.21.0kube-proxy:v1.21.0kube-controller-manager:v1.21.0kube-scheduler:v1.21.0coredns:v1.8.0etcd:3.4.13-0pause:3.4.1
)
for imageName in ${images[@]} ; dodocker pull registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/$imageName
done
#####封装结束chmod +x images.sh && ./images.sh##注意1.21.0版本的k8s coredns镜像比较特殊，结合阿里云需要特殊处理，重新打标签
docker tag registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/coredns:v1.8.0 registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/coredns/coredns:v1.8.0########kubeadm init 一个master########################
########kubeadm join 其他worker########################
kubeadm init \
--apiserver-advertise-address=10.170.11.8 \
--image-repository registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images \
--kubernetes-version v1.21.0 \
--service-cidr=10.96.0.0/16 \
--pod-network-cidr=192.168.0.0/16
## 注意：pod-cidr与service-cidr
# apiserver-advertise-address 为主节点ip######按照提示继续######
## init完成后第一步：复制相关文件夹
To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config## 导出环境变量
Alternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.conf### 部署一个pod网络
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/##############如下：安装calico#####################
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml### 命令检查
kubectl get pod -A  ##获取集群中所有部署好的应用Pod
kubectl get nodes  ##查看集群所有机器的状态Then you can join any number of worker nodes by running the following on each as root:kubeadm join 172.24.80.222:6443 --token nz9azl.9bl27pyr4exy2wz4 \--discovery-token-ca-cert-hash sha256:4bdc81a83b80f6bdd30bb56225f9013006a45ed423f131ac256ffe16bae73a20 ## 获取新token
kubeadm token create --ttl 0 --print-join-command

5. 初始化worker节点

## 用master生成的命令即可
kubeadm join 172.24.80.222:6443 --token nz9azl.9bl27pyr4exy2wz4 \--discovery-token-ca-cert-hash sha256:4bdc81a83b80f6bdd30bb56225f9013006a45ed423f131ac256ffe16bae73a20 

6.设置ipvs模式（可选）

#1、查看默认kube-proxy 使用的模式
kubectl logs -n kube-system kube-proxy-28xv4
#2、需要修改 kube-proxy 的配置文件,修改mode 为ipvs。默认iptables，但是集群大了以后就很慢
kubectl edit cm kube-proxy -n kube-system
修改如下ipvs:excludeCIDRs: nullminSyncPeriod: 0sscheduler: ""strictARP: falsesyncPeriod: 30skind: KubeProxyConfigurationmetricsBindAddress: 127.0.0.1:10249mode: "ipvs"###修改了kube-proxy的配置，为了让重新生效，需要杀掉以前的Kube-proxykubectl get pod -A|grep kube-proxykubectl delete pod kube-proxy-pqgnt -n kube-system

7. 让其他客户端也能操作集群（可选）

#1、master获取管理员配置
cat /etc/kubernetes/admin.conf
#2、其他节点创建保存
vi ~/.kube/config