Centos部署K8S-3节点

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

#禁用selinux
sed -i 's\SELINUX=enforcing\SELINUX=disabled\' /etc/selinux/config
#禁用swap
sed -i .bak '/swap/s/^/#/' /etc/fstab
sed -ri 's/.*swap.*/#&/' /etc/fstab
#加载模块
modprobe br_netfilter
#模块配置文件
tee /etc/modules-load.d/k8s.conf <<-'EOF'
br_netfilter
EOF
systemctl enable --now systemd-modules-load.service
systemctl start systemd-modules-load.service
###############################
tee  /etc/sysctl.d/k8s.conf <<-'EOF'
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
######
sysctl -p /etc/sysctl.d/k8s.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

1.#.安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2

2.#配置docker yum源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

3.#docker版本查看
yum list docker-ce --showduplicates | sort -r

###################################################
3.#安装docker
# docker versions
yum install docker-ce docker-ce-cli containerd.io -y
#也可以指定版本
yum install docker-ce-19.03.15 docker-ce-cli-19.03.15 containerd.io -y
###################################################################################################################
#yum 锁定版本
yum -y install yum-versionlock
yum versionlock docker-ce* containerd.io
#锁定
yum versionlock docker-ce* containerd.io
#查看锁定
yum versionlock list
#清除指定锁定
yum versionlock delete docker-ce* containerd.io
#清除全部锁定
yum versionlock clear
#apt 
sudo apt-mark hold <package-name>
#Remove the hold:
sudo apt-mark unhold <package-name>
#Show all packages on hold:
sudo apt-mark showhold
###################################################################################################################

#普通用户执行docker
usermod -G docker forsre

4.#docker镜像加速
mkdir -p /etc/docker

tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://myvtuues.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#修改cgroupdriver是为了消除告警：
#[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/

systemctl daemon-reload
systemctl start docker
systemctl enable docker
docker version
docker info
# https://docs.docker.com/engine/reference/commandline/docker/
#docker save保存的是镜像（image），docker export保存的是容器（container）；
#docker load用来载入镜像包，docker import用来载入容器包，但两者都会恢复为镜像；
#docker load不能对载入的镜像重命名，而docker import可以为镜像指定新名称。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

1.#配置安装k8s yum源
tee /etc/yum.repos.d/kubernetes.repo <<-"EOF"
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

2.#k8s版本查看
yum list kubelet --showduplicates | sort -r 
############################################################################
3.#安装k8s
yum install -y kubelet kubeadm kubectl
#安装指定版本
yum install -y kubelet-1.19.14 kubeadm-1.19.14 kubectl-1.19.14
#锁定版本
yum versionlock kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet

8.#拉取镜像脚本
image.sh 
#########################
tee image.sh <<-'EOF'
#!/bin/bash
url=registry.cn-hangzhou.aliyuncs.com/google_containers
version=v1.19.14
images=(`kubeadm config images list --kubernetes-version=$version|awk -F '/' '{print $2}'`)
for imagename in ${images[@]} ; do
  docker pull $url/$imagename
  docker tag $url/$imagename k8s.gcr.io/$imagename
  docker rmi -f $url/$imagename
done
EOF
#######################
docker images
8.#初始化 on master only
kubeadm init --apiserver-advertise-address 192.168.8.184 --pod-network-cidr=172.16.0.0/16
#node
kubeadm join 192.168.8.184:6443 --token 0vaib1.jgcq91io31yyc67x \
    --discovery-token-ca-cert-hash sha256:8c52ab5a15773d35410cccce383083818732fe73235ae1d2bf4fb113564aa3be 
#env
#on root
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile
source .bash_profile 

# on forsre
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
source <(kubectl completion bash)
9.#flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml 
#9.calico
#  https://docs.projectcalico.org/getting-started/kubernetes/quickstart
#kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
#watch kubectl get pods -n calico-system
10#.如果tocken过期需要重新生成
kubeadm token list
kubeadm token create
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
kubeadm join 192.168.8.184:6443 --token d53xwy.naw2niu11s8uif13 --discovery-token-ca-cert-hash sha256:72b64346d2e629836157584060db048d7b0fd5c86e04da9a120de24736e0d624
12#.证书有效期
#sudo kubeadm certs check-expiration
sudo kubeadm alpha certs check-expiration
for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===============;done
13#.dashboard

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

1#.
tee /etc/modules-load.d/ipvs.conf <<-'EOF'
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack_ipv4
EOF
systemctl restart systemd-modules-load.service
for i in `cat  /etc/modules-load.d/ipvs.conf`;do modprobe $i;done

2#.
yum install ipvsadm ipset -y

3#.
kubectl edit configmap kube-proxy -n kube-system
#mode: "ipvs"     

4#.
kubectl get pod -n kube-system | grep kube-proxy |awk '{system("kubectl delete pod "$1" -n kube-system")}'

5#.
ipvsadm -ln