一 环境准备
1.1 服务器规划
准备五台Linux服务器,如下所示
IP地址 | 主机名 | 操作系统 | 角色 |
192.168.0.104 | k8s-master01 | CentOS7.8 | master01 |
192.168.0.105 | k8s-master02 | master02 |
192.168.0.106 | k8s-master03 | master03 |
192.168.0.107 | k8s-node01 | node01 |
192.168.0.108 | k8s-node02 | node02 |
192.168.0.109 | 虚拟VIP |
1.2 网段规划
- 物理主机:192.168.0.0/24
- service:10.96.0.0/12
- pod:172.16.0.0/12
1.3 修改主机名
192.168.0.104执行
hostnamectl set-hostname k8s-master01
192.168.0.105执行
hostnamectl set-hostname k8s-master02
192.168.0.106执行
hostnamectl set-hostname k8s-master03
192.168.0.107执行
hostnamectl set-hostname k8s-node01
192.168.0.108执行
hostnamectl set-hostname k8s-node02
1.4 配置yum源
五台服务器都操作
sed -e 's|^mirrorlist=|#mirrorlist=|g'
-e 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g'
-i.bak
/etc/yum.repos.d/CentOS-*.repo
1.5 安装必要的工具
yum -y install wget jq psmisc vim net-tools nfs-utils telnet yum-utils device-mapper-persistent-data lvm2 git network-scripts tar curl lrzsz -y
1.6 下载安装工具(master01执行)
wget https://dl.k8s.io/v1.22.10/kubernetes-server-linux-amd64.tar.gz
wget https://github.com/etcd-io/etcd/releases/download/v3.5.4/etcd-v3.5.4-linux-amd64.tar.gz
wget https://github.com/containerd/containerd/releases/download/v1.6.6/cri-containerd-cni-1.6.6-linux-amd64.tar.gz
wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64 wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64 wget https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl-certinfo_1.6.1_linux_amd64
wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.23.0/crictl-v1.23.0-linux-amd64.tar.gz
1.7 关闭防火墙
五台服务器都操作
systemctl disable --now firewalld
1.8 关闭selinux
五台服务器都操作
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
1.9 关闭交换分区
sed -ri 's/.*swap.*/#&/' /etc/fstab
swapoff -a && sysctl -w vm.swappiness=0
1.10 关闭NetworkManager并启用network
五台服务器都操作
systemctl disable --now NetworkManager
systemctl start network && systemctl enable network
1.11 时间同步
五台服务器都操作
yum install chrony -y
cat > /etc/chrony.conf << EOF
server ntp1.aliyun.com
server ntp2.aliyun.com
server ntp3.aliyun.com
EOF
systemctl start chronyd
systemctl enable chronyd
1.12 配置ulimit
五台服务器都操作
ulimit -SHn 65535
cat >> /etc/security/limits.conf <* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* seft memlock unlimited
* hard memlock unlimitedd
EOF
1.13 配置免密登录
五台服务器都操作
yum install -y sshpass
ssh-keygen -f /root/.ssh/id_rsa -P ''
export IP="192.168.0.104 192.168.0.105 192.168.0.106 192.168.0.107 192.168.0.108"
export SSHPASS='123123'
for HOST in $IP;do sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $HOST;done
1.14 添加启用源
yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm -y
1.15 升级内核至4.18版本以上
五台服务器都操作
我这里选择的是安装稳定版本kernel-ml 如需更新长期维护版本kernel-lt
yum --enablerepo=elrepo-kernel install kernel-ml -y
查看已安装哪些内核
rpm -qa|grep kernel
查看默认内核
grubby --default-kernel若不是最新的,使用命令设置
grubby --set-default /boot/vmlinuz-6.0.2-1.el7.elrepo.x86_64
重启生效
reboot
1.16 安装ipvsadm
五台服务器都操作
yum install ipvsadm ipset sysstat conntrack libseccomp -y
cat >> /etc/modules-load.d/ipvs.conf <systemctl restart systemd-modules-load.service
lsmod | grep -e ip_vs -e nf_conntrack
1.17 修改内核参数
五台服务器都操作
修改内核参数
cat < /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.forwarding = 0
EOF
sysctl --system
1.18 所有节点配置hosts本地解析
五台服务器都操作
cat >> /etc/hosts <192.168.0.104 k8s-master01
192.168.0.105 k8s-master02
192.168.0.106 k8s-master03
192.168.0.107 k8s-node01
192.168.0.108 k8s-node02
192.168.0.109 lb-vip
EOF
二 Kubernetes基本组件安装
2.1 安装docker作为runtime
五台服务器都操作
创建cni插件所需目录
mkdir -p /etc/cni/net.d /opt/cni/bin
解压cni二进制包
cd /opt
tar xf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/
更新yum源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache
yum list docker --show-duplicates
yum install -y yum-utils
设置镜像仓库
yum-config-manager
--add-repo
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装docker
yum install docker-ce docker-ce-cli containerd.io -y
mkdir -p /etc/docker
cat >>/etc/docker/daemon.json << EOF
{
"graph": "/data/docker",
"storage-driver": "overlay2",
"insecure-registries": ["registry.access.redhat.com","quay.io","harbor.test.com"],
"registry-mirrors": ["https://6su5l99j.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true
}
EOF
systemctl daemon-reload
systemctl enable --now docker
2.2 k8s与etcd安装(仅master01操作)
解压k8s安装文件
cd /opt/
tar -xf kubernetes-server-linux-amd64.tar.gz --strip-components=3 -C /usr/local/bin kubernetes/server/bin/kube{let,ctl,-apiserver,-controller-manager,-scheduler,-proxy}
解压etcd安装文件
tar -xf etcd-v3.5.4-linux-amd64.tar.gz --strip-components=1 -C /usr/local/bin etcd-v3.5.4-linux-amd64/etcd{,ctl}
查看/usr/local/bin下的内容
查看版本
kubelet --version
etcdctl version
将组件发送至其它k8s节点
Master='k8s-master02 k8s-master03'
Work='k8s-node01 k8s-node02'
for NODE in $Master; do echo $NODE; scp /usr/local/bin/kube{let,ctl,-apiserver,-controller-manager,-scheduler,-proxy} $NODE:/usr/local/bin/; scp /usr/local/bin/etcd* $NODE:/usr/local/bin/; done
for NODE in $Work; do scp /usr/local/bin/kube{let,-proxy} $NODE:/usr/local/bin/ ; done
2.3 创建证书相关文件
mv cfssl_1.6.1_linux_amd64 /usr/local/bin/cfssl
mv cfssljson_1.6.1_linux_amd64 /usr/local/bin/cfssljson
chmod +x /usr/local/bin/cfssl*
mkdir pki
cd pki
- cat admin-csr.json
- cat ca-config.json
- cat etcd-ca-csr.json
- cat front-proxy-ca-csr.json
- cat kubelet-csr.json
- cat manager-csr.json
- cat apiserver-csr.json
- cat ca-csr.json
- cat etcd-csr.json
- cat front-proxy-client-csr.json
- cat kube-proxy-csr.json
- cat scheduler-csr.json
- cat bootstrap.secret.yaml
- cat coredns.yaml
- cat metrics-server.yaml
至此,二进制安装Kuberbetes-v1.22.10版本第一部分结束。
待续......
