链接:https://pan.baidu.com/s/1QuVelCG43_VbHiOs04R3-Q 密码:70q2
本文只是作为一个安装记录
1. 环境
1.1 服务器信息
| 主机名 | IP地址 | os 版本 | 节点 | |
| k8s01 | 172.16.50.131 | CentOS Linux release 7.4.1708 (Core) | master | |
| k8s02 | 172.16.50.132 | CentOS Linux release 7.4.1708 (Core) | master | |
| k8s03 | 172.16.50.104 | CentOS Linux release 7.4.1708 (Core) | master | |
| k8s04 | 172.16.50.111 | CentOS Linux release 7.4.1708 (Core) | node |
1.2 软件版本信息
| 名称 | 版本 | |
| kubernetes | v1.10.4 | |
| docker | 1.13.1 |
2. Master部署
2.1 服务器初始化
基础软件安装
yuminstallvimnet-toolsgit-y
关闭selinux
编辑/etc/sysconfig/selinuxSELINUX=disabled
关闭firewall防火墙
systemctldisablefirewalld&&systemctlstopfirewalld
配置 k8s01 免密码登录所有节点
#ssh-keygenGeneratingpublic/privatersakeypair.Enterfileinwhichtosavethekey(/root/.ssh/id_rsa):Enterpassphrase(emptyfornopassphrase):Entersamepassphraseagain:Youridentificationhasbeensavedin/root/.ssh/id_rsa.Yourpublickeyhasbeensavedin/root/.ssh/id_rsa.pub.Thekeyfingerprintis:SHA256:uKdVyzKOYp1YiuvmKuYQDice4UX2aKbzAxmzdeou3uoroot@k8s01Thekey'srandomartimageis:+---[RSA2048]----+|o||oo||+*o||.%o.||+O...S.||++*..o.||.o==..=o||oo=*o*o||BE*=.o.|+----[SHA256]-----+[root@k8s01~]#foriin131132104111;dossh-copy-idroot@172.16.50.$i;done
更新服务器后重启
yumupgrade-y&&reboot
上传v1.10.4.zip压缩包到服务器 k8s01 /data目录
#unzipv1.10.4.zip&&cdv1.10.4Archive:v1.10.4.zipcreating:v1.10.4/creating:v1.10.4/images/inflating:v1.10.4/images/etcd-amd64_3.1.12.tarinflating:v1.10.4/images/flannel_v0.10.0-amd64.tarinflating:v1.10.4/images/heapster-amd64_v1.5.3.tarinflating:v1.10.4/images/k8s-dns-dnsmasq-nanny-amd64_1.14.8.tarinflating:v1.10.4/images/k8s-dns-kube-dns-amd64_1.14.8.tarinflating:v1.10.4/images/k8s-dns-sidecar-amd64_1.14.8.tarinflating:v1.10.4/images/kube-apiserver-amd64_v1.10.4.tarinflating:v1.10.4/images/kube-controller-manager-amd64_v1.10.4.tarinflating:v1.10.4/images/kube-proxy-amd64_v1.10.4.tarinflating:v1.10.4/images/kube-scheduler-amd64_v1.10.4.tarinflating:v1.10.4/images/kubernetes-dashboard-amd64_v1.8.3.tarinflating:v1.10.4/images/pause-amd64_3.1.tarcreating:v1.10.4/pkg/extracting:v1.10.4/pkg/kubeadm-1.10.4-0.x86_64.rpminflating:v1.10.4/pkg/kubectl-1.10.4-0.x86_64.rpmextracting:v1.10.4/pkg/kubelet-1.10.4-0.x86_64.rpminflating:v1.10.4/pkg/kubernetes-cni-0.6.0-0.x86_64.rpmcreating:v1.10.4/yaml/inflating:v1.10.4/yaml/deploy.yamlinflating:v1.10.4/yaml/grafana.yamlinflating:v1.10.4/yaml/heapster.yamlinflating:v1.10.4/yaml/influxdb.yamlinflating:v1.10.4/yaml/kube-flannel.yamlinflating:v1.10.4/yaml/kubernetes-dashboard.yaml
创建配置文件目录
#mkdirconfig&&cdconfig/
创建k8s.conf 内容如下:
net.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1
分发到所有主机
foriin131132104111;doscpk8s.confroot@172.16.50.$i:/etc/sysctl.d/k8s.conf;done
生效
foriin131132104111;dosshroot@172.16.50.$i"modprobebr_netfilter&&sysctl-p/etc/sysctl.d/k8s.conf";donenet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1net.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1net.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1net.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1
创建kubernetes yum源文件kubernetes.repo,内容如下:
[kubernetes]name=Kubernetesbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttps://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
这里使用阿里云的yum源,免×××
分发到各个服务器
foriin131132104111;doscpkubernetes.reporoot@172.16.50.$i:/etc/yum.repos.d/kubernetes.repo;done
配置hosts
foriin131132104111;dosshroot@172.16.50.$i'echo"172.16.50.131k8s01">>/etc/hosts&&echo"172.16.50.132k8s02">>/etc/hosts&&echo"172.16.50.104k8s03">>/etc/hosts&&echo"172.16.50.111k8s04">>/etc/hosts';done
所有服务器安装docker及 kubernetes 组件
yuminstalldocker-y&&systemctlstartdocker.service&&systemctlstatusdocker.service&&systemctlenabledocker.service&&yuminstallkubeadmkubectlkubeletdocker-y&&systemctlenablekubelet
分发dock镜像
cd../images/&&foriin131132104111;doscp./*root@172.16.50.$i:/mnt;done
所有主机执行,导入docker镜像
forjin`ls/mnt`;dodockerload--input/mnt/$j;done
在主机k8s01上手动生成证书
gitclone&&cdk8s-tls/
分发可执行文件到所有服务器
foriin131132104111;doscp./bin/*root@172.16.50.$i:/usr/bin/;done
编辑apiserver.json 文件, 修改之后内容如下:
{"CN":"kube-apiserver","hosts":["172.16.50.131","172.16.50.132","172.16.50.104","k8s01","k8s02","k8s03","10.96.0.1","kubernetes","kubernetes.default","kubernetes.default.svc","kubernetes.default.svc.cluster","kubernetes.default.svc.cluster.local"],"key":{"algo":"rsa","size":2048}}运行./run.sh 生成证书
进入到/etc/kubernetes/pki/ 目录
编辑node.sh 文件
ip="172.16.50.131"NODE="k8s01"
编辑kubelet.json 文件
"CN":"system:node:k8s01",
执行./node.sh 生成配置文件
进入到/data/v1.10.4/config 目录 ; 创建config.yaml 文件 内容如下:
apiVersion:kubeadm.k8s.io/v1alpha1kind:MasterConfigurationkubernetesVersion:v1.10.4networking:podSubnet:10.244.0.0/16apiServerCertSANs:-k8s01-k8s02-k8s03-172.16.50.131-172.16.50.132-172.16.50.104-172.16.50.227apiServerExtraArgs:endpoint-reconciler-type:"lease"etcd:endpoints:-http://172.16.50.132:2379-http://172.16.50.131:2379-http://172.16.50.104:2379token:"deed3a.b3542929fcbce0f0"tokenTTL:"0"
在主机k8s01上初始化集群
#kubeadminit--configconfig.yaml[init]UsingKubernetesversion:v1.10.4[init]UsingAuthorizationmodes:[NodeRBAC][preflight]Runningpre-flightchecks.[WARNINGFileExisting-crictl]:crictlnotfoundinsystempathSuggestion:gogetgithub.com/kubernetes-incubator/cri-tools/cmd/crictl[preflight]Startingthekubeletservice[certificates]Usingtheexistingcacertificateandkey.[certificates]Usingtheexistingapiservercertificateandkey.[certificates]Usingtheexistingapiserver-kubelet-clientcertificateandkey.[certificates]Usingtheexistingsakey.[certificates]Usingtheexistingfront-proxy-cacertificateandkey.[certificates]Usingtheexistingfront-proxy-clientcertificateandkey.[certificates]Validcertificatesandkeysnowexistin"/etc/kubernetes/pki"[kubeconfig]Usingexistingup-to-dateKubeConfigfile:"/etc/kubernetes/admin.conf"[kubeconfig]Usingexistingup-to-dateKubeConfigfile:"/etc/kubernetes/kubelet.conf"[kubeconfig]Usingexistingup-to-dateKubeConfigfile:"/etc/kubernetes/controller-manager.conf"[kubeconfig]Usingexistingup-to-dateKubeConfigfile:"/etc/kubernetes/scheduler.conf"[controlplane]WroteStaticPodmanifestforcomponentkube-apiserverto"/etc/kubernetes/manifests/kube-apiserver.yaml"[controlplane]WroteStaticPodmanifestforcomponentkube-controller-managerto"/etc/kubernetes/manifests/kube-controller-manager.yaml"[controlplane]WroteStaticPodmanifestforcomponentkube-schedulerto"/etc/kubernetes/manifests/kube-scheduler.yaml"[init]WaitingforthekubelettobootupthecontrolplaneasStaticPodsfromdirectory"/etc/kubernetes/manifests".[init]Thismighttakeaminuteorlongerifthecontrolplaneimageshavetobepulled.[apiclient]Allcontrolplanecomponentsarehealthyafter15.506913seconds[uploadconfig]StoringtheconfigurationusedinConfigMap"kubeadm-config"inthe"kube-system"Namespace[markmaster]Willmarknodek8s01asmasterbyaddingalabelandataint[markmaster]Masterk8s01taintedandlabelledwithkey/value:node-role.kubernetes.io/master=""[bootstraptoken]Usingtoken:deed3a.b3542929fcbce0f0[bootstraptoken]ConfiguredRBACrulestoallowNodeBootstraptokenstopostCSRsinorderfornodestogetlongtermcertificatecredentials[bootstraptoken]ConfiguredRBACrulestoallowthecsrapprovercontrollerautomaticallyapproveCSRsfromaNodeBootstrapToken[bootstraptoken]ConfiguredRBACrulestoallowcertificaterotationforallnodeclientcertificatesinthecluster[bootstraptoken]Creatingthe"cluster-info"ConfigMapinthe"kube-public"namespace[addons]Appliedessentialaddon:kube-dns[addons]Appliedessentialaddon:kube-proxyYourKubernetesmasterhasinitializedsuccessfully!Tostartusingyourcluster,youneedtorunthefollowingasaregularuser:mkdir-p$HOME/.kubesudocp-i/etc/kubernetes/admin.conf$HOME/.kube/configsudochown$(id-u):$(id-g)$HOME/.kube/configYoushouldnowdeployapodnetworktothecluster.Run"kubectlapply-f[podnetwork].yaml"withoneoftheoptionslistedat:https://kubernetes.io/docs/concepts/cluster-administration/addons/Youcannowjoinanynumberofmachinesbyrunningthefollowingoneachnodeasroot:kubeadmjoin172.16.50.131:6443--tokendeed3a.b3542929fcbce0f0--discovery-token-ca-cert-hashsha256:0334022c7eb4f2b20865f1784c64b1e81ad87761b9e8ffd50ecefabca5cfad5c
分发证书文件到k8s02 k8s03 服务器
foriin131132104111;dosshroot@172.16.50.$i"mkdir/etc/kubernetes/pki/";doneforiin132104;doscp/etc/kubernetes/pki/*root@172.16.50.$i:/etc/kubernetes/pki/;done
分发config.yaml 文件到k8s02 k8s03 服务器
foriin132104;doscpconfig.yamlroot@172.16.50.$i:/mnt;done
后续操作
mkdir-p$HOME/.kubecp-i/etc/kubernetes/admin.conf$HOME/.kube/config
在主机k8s02上初始化集群
cd/etc/kubernetes/pki/
编辑node.sh 文件
ip="172.16.50.132"NODE="k8s02"
编辑kubelet.json 文件
"CN":"system:node:k8s02",
生成配置文件
./node.sh
初始化集群
kubeadminit--config/mnt/config.yaml
同样方法初始化节点k8s03
加入 node 节点
kubeadmjoin172.16.50.131:6443--tokendeed3a.b3542929fcbce0f0--discovery-token-ca-cert-hashsha256:0334022c7eb4f2b20865f1784c64b1e81ad87761b9e8ffd50ecefabca5cfad5c
这里未做kubernetes api 的负载均衡器 直接加入 master k8s01节点
kubernetes V1.10.4 集群部署 ?(手动生成证书)
原文地址:http://blog.51cto.com/11889458/2130621