kubeadm介绍
通过kubeadm可以快速的安装部署kubernetes集群:
默认情况,如果安装单机场景的K8S(即控制平面单机),只需要用户安装完成docker,并下载好镜像后,执行 kubeadm init 就完成了控制平面的安装。
安装步骤
以下内容详细介绍了部署步骤:
1.修改系统配置
关闭swap,并注释掉fstab里的swap配置。执行以下命令打开以下网络配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
swapoff -a
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.conf
vm.swappiness=0
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl -p
cat <<EOF >> /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536
* soft memlock unlimited
* hard memlock unlimited
EOF
setenforce 0
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config
|
2.升级操作系统
可以安装 kernel-lt 或者 kernel-ml
1
2
3
4
5
6
7
8
9
10
11
|
yum remove kernel-lt-* kernel-tools kernel-tools-libs kernel-headers -y
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install kernel-ml kernel-ml-* perf -y
grep "^menuentry" /boot/grub2/grub.cfg | cut -d "'" -f2
grub2-set-default <内核版本>
grub2-editenv list
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
|
3.Yum安装
安装Docker服务:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce
cat <<EOF > /etc/docker/daemon.json
{
"data-root":"/data/docker",
"bip": "50.50.50.1/24",
"registry-mirrors": [
"https://fmemdis8.mirror.aliyuncs.com",
"https://registry.aliyuncs.com"
],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-opts": {
"mode": "non-blocking",
"max-size": "20m",
"max-file": "10"
},
"default-ulimits": {
"nofile": {
"Name": "nofile",
"Hard": 102400,
"Soft": 102400
}
}
}
EOF
systemctl daemon-reload
systemctl enable docker
systemctl restart docker
|
安装kubeadm、kubelet、kubectl
1
2
3
4
5
6
7
8
9
10
11
12
13
|
cat <<EOF> /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
EOF
yum install -y kubectl kubeadm kubelet
systemctl enable kubelet
|
4.创建集群
以下配置文件定义了K8S集群,其中使用registry.hci.io作为拉取k8s镜像的私有仓库。
vip.kubernetes.cn 作为集群内所有Kubelet范围k8s的endpoint,other.vip.kubernetes.cn 作为额外写入kube-apiserver的tls证书certSAN。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
etcd:
local:
imageRepository: registry.hci.io/kubernetes
imageTag: v3.4.13
dns:
type: CoreDNS
imageRepository: registry.hci.io/coredns
imageTag: 1.8.4
imageRepository: registry.hci.io/kubernetes
certificatesDir: /etc/kubernetes/pki
clusterName: cluster.local
controlPlaneEndpoint: vip.kubernetes.cn:6443
networking:
dnsDomain: cluster.local
podSubnet: 30.233.0.0/16
serviceSubnet: 30.234.0.0/16
apiServer:
extraArgs:
audit-log-maxage: "30"
audit-log-maxbackup: "10"
audit-log-maxsize: "100"
bind-address: 0.0.0.0
certSANs:
- other.vip.kubernetes.cn
controllerManager:
extraArgs:
node-cidr-mask-size: "24"
bind-address: 0.0.0.0
experimental-cluster-signing-duration: 87600h
extraVolumes:
- name: host-time
hostPath: /etc/localtime
mountPath: /etc/localtime
readOnly: true
scheduler:
extraArgs:
bind-address: 0.0.0.0
|
执行以下命令安装第一个节点:
1
|
kubeadm init --config kubeadm.config
|
5.安装网络插件
网络插件称为Container Network Interface (CNI),是K8S中容器间通信的接口规范,实现了这个规范后,就能提供IP地址、网关、路由、DNS等相关的网络参数。
当前K8S提供了非常多的CNI实现,并且全都是通过K8s工作负载的方式安装的。
1
2
3
4
|
# 安装calico插件
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
|
5. 其他配置
当使用 kubeadm 安装时,控制面相关服务的YAML文件保存在/etc/kubernetes/manifests/目录下(包括:etcd、apiserver、controller-manager、shceduler),需要修改Kubernetes服务时,可以修改这些 YAML 文件中的配置。
1
2
3
4
5
6
7
8
9
|
# 移除master节点隔离,服务可以调度到Master节点
kubectl taint nodes --all node-role.kubernetes.io/master-
# 部署dashboad
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
# 获取临时登录的token。PS:需要暴露服务到nodeport,并且创建相应的账号
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep kubernetes-dashboard | awk '{print $1}')
|
6. 清理环境
所有节点执行以下命令清理Kubernetes集群:
参考
Installing kubeadm
kubeadm Doc
Kubernetes安装calico插件
Clean Up
web-ui-dashboard
集群外访问Dashboad