kubadm1.18部署笔记
本文最后更新于:20 天前
系统环境
系统: CentOS Linux release 7.8.2003 (Core)
内核: 4.4.241-1.el7.elrepo.x86_64
k8s版本: 1.18
calico:3.17
升级内核脚本
# 载入公钥
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
# 安装ELRepo
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
# 载入elrepo-kernel元数据
yum --disablerepo=\* --enablerepo=elrepo-kernel repolist
# 查看可用的rpm包
yum --disablerepo=\* --enablerepo=elrepo-kernel list kernel*
# 安装长期支持版本的kernel
yum --disablerepo=\* --enablerepo=elrepo-kernel install -y kernel-lt.x86_64
# 删除旧版本工具包
yum remove kernel-tools-libs.x86_64 kernel-tools.x86_64 -y
# 安装新版本工具包
yum --disablerepo=\* --enablerepo=elrepo-kernel install -y kernel-lt-tools.x86_64
#查看默认启动顺序
awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg
#默认启动的顺序是从0开始,新内核是从头插入(目前位置在0,而4.4.4的是在1),所以需要选择0。
grub2-set-default 0配置环境
#yum
yum install wget curl openssl openssh lrzsz
# 关掉防火墙
systemctl stop firewalld && systemctl disable firewalld
# 关掉NetManager网络管理
systemctl stop NetworkManager && systemctl disable NetworkManager
# selinux
setenforce 0
sed -i "s#=enforcing#=disabled#g" /etc/selinux/config
# 关闭swap
swapoff -a && sysctl -w vm.swappiness=0
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
# 修改yum源
sed -e 's!^#baseurl=!baseurl=!g' -e 's!^mirrorlist=!#mirrorlist=!g' -e 's!mirror.centos.org!mirrors.ustc.edu.cn!g' -i /etc/yum.repos.d/CentOS-Base.repo
# epel源
yum install -y epel-release
sed -e 's!^mirrorlist=!#mirrorlist=!g' -e 's!^#baseurl=!baseurl=!g' -e 's!^metalink!#metalink!g' -e 's!//download\.fedoraproject\.org/pub!//mirrors.ustc.edu.cn!g' -e 's!http://mirrors\.ustc!https://mirrors.ustc!g' -i /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel-testing.repo
yum 安装依赖和工具
yum install ipvsadm ipset sysstat conntrack libseccomp curl git conntrack-tools psmisc nfs-utils jq socat bash-completion ipset ipvsadm conntrack libseccomp net-tools crontabs sysstat unzip iftop nload strace bind-utils tcpdump telnet lsof htop -y
系统优化配置
#---ipvs模式需要开机加载下列模块---
echo "ipvs模式需要开机加载下列模块"
cat>/etc/modules-load.d/ipvs.conf<<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
br_netfilter
EOF
systemctl daemon-reload
systemctl enable --now systemd-modules-load.service
#---内核参数
cat <<EOF > /etc/sysctl.d/k8s.confnet.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 10
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.ip_forward = 1
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
net.netfilter.nf_conntrack_max = 2310720
fs.inotify.max_user_watches=89100
fs.may_detach_mounts = 1
fs.file-max = 52706963
fs.nr_open = 52706963
vm.swappiness = 0
vm.overcommit_memory=1
vm.panic_on_oom=0
EOF
sysctl --system
#---优化设置 journal 日志相关---
sed -ri 's/^\$ModLoad imjournal/#&/' /etc/rsyslog.conf
sed -ri 's/^\$IMJournalStateFile/#&/' /etc/rsyslog.conf
sed -ri 's/^#(DefaultLimitCORE)=/\1=100000/' /etc/systemd/system.conf
sed -ri 's/^#(DefaultLimitNOFILE)=/\1=100000/' /etc/systemd/system.conf
sed -ri 's/^#(UseDNS )yes/\1no/' /etc/ssh/sshd_config
#---优化文件最大打开数---
cat>/etc/security/limits.d/kubernetes.conf<<EOF
* soft nproc 131072
* hard nproc 131072
* soft nofile 131072
* hard nofile 131072
root soft nproc 131072
root hard nproc 131072
root soft nofile 131072
root hard nofile 131072
EOF
docker 配置
# add yum 源
curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
sed -i 's#download.docker.com#mirrors.ustc.edu.cn/docker-ce#g' /etc/yum.repos.d/docker-ce.repo
# yum
yum -y install docker-ce bash-completion
cp /usr/share/bash-completion/completions/docker /etc/bash_completion.d/
# check 脚本
curl https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh > check-config.sh
bash ./check-config.sh
#---设置user_namespace.enable=1---
grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"docker daemon.json
{
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
},
"live-restore": true,
"max-concurrent-downloads": 10,
"max-concurrent-uploads": 10,
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn/"
]
}docker 启动
systemctl enable --now docker
systemctl start dockerk8s 安装
cat > /etc/yum.repos.d/k8s.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# yum 1.18版本
yum install kubelet-1.18* kubadm-1.18* kubctl-1.18* -y
# k8s 服务启动
systemctl daemon-reload
systemctl restart docker
systemctl enable kubelet
systemctl start kubelet
# k8s env
export MASTER_IP=10.1.1.21
export APISERVER_NAME=k8s-api
# 如果想重置,重新初始化请用下面命令
kubeadm resetk8s master节点初始化
kubeadm init --apiserver-advertise-address 0.0.0.0 --apiserver-bind-port 6443 --cert-dir /etc/kubernetes/pki --control-plane-endpoint k8s-api --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --kubernetes-version 1.18.12 --pod-network-cidr 10.11.0.0/16 --service-cidr 10.20.0.0/16 --service-dns-domain cluster.local --upload-certs
#
rm -f ~/.kube && mkdir ~/.kube
cp -i /etc/kubernets/admin.conf ~/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/configcalico
wget https://docs.projectcalico.org/v3.17/manifests/calico.yaml
sed -i "s#192\.168\.0\.0/16#10\.10\.0\.0/16#" calico.yaml
kubectl apply -f calico.yamlkuboard
kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml
kubectl get pods -l name=kuboard -n kube-system
kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d > admin-token.txtk8s check
kubelet get node
kubelet get pods -A[root@k8s-01-21 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-01-21 Ready master 2d1h v1.18.12
k8s-02-22 NotReady <none> 2d v1.18.12
k8s-03-23 NotReady <none> 2d v1.18.12
#
[root@k8s-01-21 ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-8586758878-9z69l 1/1 Running 2 2d
kube-system calico-node-6wtfx 1/1 Running 2 2d
kube-system calico-node-9qh4k 0/1 Running 2 2d
kube-system calico-node-j7qqb 1/1 Running 0 2d
kube-system coredns-546565776c-bfxtm 1/1 Running 2 2d1h
kube-system coredns-546565776c-qx9h8 1/1 Running 2 2d1h
kube-system etcd-k8s-01-21 1/1 Running 4 2d1h
kube-system kube-apiserver-k8s-01-21 1/1 Running 6 2d1h
kube-system kube-controller-manager-k8s-01-21 1/1 Running 11 2d
kube-system kube-proxy-28m7c 1/1 Running 0 2d
kube-system kube-proxy-d6f6h 1/1 Running 4 2d1h
kube-system kube-proxy-zmvkg 1/1 Running 0 2d
kube-system kube-scheduler-k8s-01-21 1/1 Running 11 2d1h
kube-system kuboard-7986796cf8-h8vjt 1/1 Terminating 0 2d
kube-system kuboard-7986796cf8-k57jj 1/1 Running 1 7m19s
kube-system metrics-server-7f96bbcc66-7pzgp 0/1 Pending 0 7m19s
kube-system metrics-server-7f96bbcc66-p48m9 1/1 Terminating 0 2d本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!