kubeadm安装kubernetes1.9.2集群
2018-03-02 16:04
1211 查看
集群环境说明
hostname | ip | vip | 角色 |
---|---|---|---|
master1 | 192.168.6.101 | 192.168.6.110 | etcd集群,k8s-master ,keepalived |
master2 | 192.168.6.102 | 192.168.6.110 | etcd集群,k8s-master ,keepalived |
master3 | 192.168.6.103 | 192.168.6.110 | etcd集群,k8s-master ,keepalived |
node1 | 192.168.6.104 | k8s-node | |
node2 | 192.168.6.105 | k8s-node |
软件版本说明
系统版本:CentOS 7.4.1708 内核版本:3.10.0-693.17.1.el7.x86_64 etcd版本:3.2.11 docker版本:1.12.6 kubernetes版本:1.9.2
准备工作
1.更新软件源yum -y install epel-release yum -y update yum -y install wget net-tools
2.停止防火墙
systemctl stop firewalld systemctl disable firewalld
3.时间校时
/usr/sbin/ntpdate asia.pool.ntp.org
4.关闭swap
swapoff -a sed 's/.*swap.*/#&/' /etc/fstab
5.禁止iptables对bridge数据进行处理
cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl -p /etc/sysctl.conf
6.修改hosts文件
cat >> /etc/hosts << EOF 192.168.6.101 master1 192.168.6.102 master2 192.168.6.103 master3 192.168.6.104 node1 192.168.6.105 node2 EOF
7.设置免密码登录
ssh-keygen -t rsa ssh-copy-id root@192.168.6.101 ssh-copy-id root@192.168.6.102 ssh-copy-id root@192.168.6.103 ssh-copy-id root@192.168.6.104 ssh-copy-id root@192.168.6.105
etcd集群安装
1.下载cfssl,cfssljson,cfsslconfig软件wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 chmod +x cfssl_linux-amd64 mv cfssl_linux-amd64 /usr/local/bin/cfssl wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 chmod +x cfssljson_linux-amd64 mv cfssljson_linux-amd64 /usr/local/bin/cfssljson wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 chmod +x cfssl-certinfo_linux-amd64 mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo
2.生成key所需要文件
cat > ca-config.json <<EOF { "signing": { "default": { "expiry": "8760h" }, "profiles": { "kubernetes": { "usages": [ "signing", "key encipherment", "server auth", "client auth" ], "expiry": "8760h" } } } } EOF
cat > ca-config.json <<EOF { "signing": { "default": { "expiry": "8760h" }, "profiles": { "kubernetes": { "usages": [ "signing", "key encipherment", "server auth", "client auth" ], "expiry": "8760h" } } } } EOF
cat > etcd-csr.json <<EOF { "CN": "etcd", "hosts": [ "127.0.0.1", "192.168.6.101", "192.168.6.102", "192.168.6.103" "192.168.6.110" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "BeiJing", "L": "BeiJing", "O": "k8s", "OU": "System" } ] } EOF
3.生成key
cfssl gencert -initca ca-csr.json | cfssljson -bare ca cfssl gencert -ca=ca.pem \ -ca-key=ca-key.pem \ -config=ca-config.json \ -profile=kubernetes etcd-csr.json | cfssljson -bare etcd mkdir -p /etc/etcd/ssl cp etcd.pem etcd-key.pem ca.pem /etc/etcd/ssl/
4.下载etcd
wget https://github.com/coreos/etcd/releases/download/v3.2.11/etcd-v3.2.11-linux-amd64.tar.gz tar -xvf etcd-v3.2.11-linux-amd64.tar.gz cp etcd-v3.2.11-linux-amd64/etcd* /usr/local/bin
5.生成etcd启动服务文件
cat > /etc/systemd/system/etcd.service <<EOF [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target Documentation=https://github.com/coreos [Service] Type=notify WorkingDirectory=/var/lib/etcd_private/ ExecStart=/usr/local/bin/etcd \ --name=etcd-host1 \ --cert-file=/etc/etcd/ssl/etcd.pem \ --key-file=/etc/etcd/ssl/etcd-key.pem \ --peer-cert-file=/etc/etcd/ssl/etcd.pem \ --peer-key-file=/etc/etcd/ssl/etcd-key.pem \ --trusted-ca-file=/etc/etcd/ssl/ca.pem \ --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem \ --initial-advertise-peer-urls=https://192.168.6.101:2380 \ --listen-peer-urls=https://192.168.6.101:2380 \ --listen-client-urls=https://192.168.6.101:2379,http://127.0.0.1:2379 \ --advertise-client-urls=https://192.168.6.101:2379 \ --initial-cluster-token=etcd-cluster-0 \ --initial-cluster=etcd-host1=https://192.168.6.101:2380,etcd-host2=https://192.168.6.102:2380,etcd-host3=https://192.168.6.103:2380 \ --initial-cluster-state=new \ --data-dir=/var/lib/etcd Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target EOF
6.同步到其它etcd节点上
scp -r /etc/etcd/ master2:/etc/ scp -r /etc/etcd/ master3:/etc/ scp /usr/local/bin/etcd* master2:/usr/local/bin/ scp /usr/local/bin/etcd* master3:/usr/local/bin/ scp /etc/systemd/system/etcd.service master2:/etc/systemd/system/ scp /etc/systemd/system/etcd.service master2:/etc/systemd/system/
7.启动etcd集群
systemctl daemon-reload systemctl enable etcd systemctl start etcd
8.验证etcd集群状态
etcdctl --endpoints=https://192.168.6.101:2379 \ --ca-file=/etc/etcd/ssl/ca.pem \ --cert-file=/etc/etcd/ssl/etcd.pem \ --key-file=/etc/etcd/ssl/etcd-key.pem \ cluster-health
keepalived安装
1.分别在三台master服务器上安装keepalivedyum -y install keepalived
2.生成配置文件,并同步到其它节点,注意修改注释部分
cat > /etc/keepalived/keepalived.conf << EOF global_defs { router_id LVS_k8s } vrrp_script CheckK8sMaster { script "curl -k https://192.168.6.110:6443" # vip interval 3 timeout 9 fall 2 rise 2 } vrrp_instance VI_1 { state MASTER interface ens160 # 本地网卡名称 virtual_router_id 61 priority 120 # 权重,要唯一 advert_int 1 mcast_src_ip 192.168.6.101 # 本地IP nopreempt authentication { auth_type PASS auth_pass sqP05dQgMSlzrxHj } unicast_peer { #192.168.6.101 # 注释本地IP 192.168.6.102 192.168.6.103 } virtual_ipaddress { 192.168.6.110/24 # VIP } track_script { CheckK8sMaster }
3.分别在三台服务器上启动keepalived
systemctl enable keepalived systemctl start keepalived systemctl status keepalived
安装docker
1.分别在五台服务器上安装dockeryum -y install docker systemctl enable docker systemctl start docker
安装kubernetes集群
1.docker-image下载链接:https://pan.baidu.com/s/1rahyOrU 密码:kw12
2.kubernetes rpm包下载
链接:https://pan.baidu.com/s/1dgVjWU 密码:1ejn
3.yaml文件下载
链接:https://pan.baidu.com/s/1gfTnLJ1 密码:9sbl
4.下载文件移动到/root/k8s下,并同步到其它5台服务器
scp -r /root/k8s master2: scp -r /root/k8s master3: scp -r /root/k8s node1: scp -r /root/k8s node2:
5.分别在5台服务器运行以下命令
cd /root/k8s/rpm yum -y install *.rpm cd /root/k8s/docker-image for i in `ls`;do docker load < $i;done systemctl enable kubelet systemctl start kubelet
6.初始化kubernetes
cd /root/k8s/yaml kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=swap
7.授权
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile source ~/.bash_profile
8.安装网络组件flannel
kube-flannel.yaml文件Network值必须同kubeadm-config.yaml文件podSubnet值相同
kubectl create -f kube-flannel.yaml
9.kubernetes pki目录同步到其它两个master节点上
scp -r /etc/kubernetes/pki master2:/etc/kubernetes/ scp -r /etc/kubernetes/pki master3:/etc/kubernetes/
10.部署其它master节点,在master2 master3分别运行以下命令
cd /root/k8s/yaml kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=swap
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile source ~/.bash_profile
11.添加kubernetes节点
使用下面命令获取加入集群命令
kubeadm token create --print-join-command
12.分别在node1,node2运行以下命令
kubeadm join --token be0204.4f256def3933a7d6 192.168.6.110:6443 --discovery-token-ca-cert-hash sha256:9b1677f2a9121e89341daa5ce0dad0da2214cf1210857e1369033c43ad60b559
13.验证集群
相关文章推荐
- 离线使用 kubeadm 创建 kubernetes 1.9.2 集群
- centos7 、kubeadm 安装kubernetes 1.9
- kubeadm安装kubernetes
- 使用 kubeadm 创建一个 kubernetes 集群
- kubernetes 1.9.0 kubeadm方式安装
- [经验交流] kubeadm 安装 kubernetes 一年过期的解决办法
- kubeadm 安装 kubernetes
- 国内使用 kubeadm 在 Centos 7 搭建 Kubernetes 集群
- Kubernetes 1.4 基础篇:kubeadm方式安装
- kubeadm部署kubernetes-1.12.0 HA集群-ipvs
- kubeadm安装kubernetes(weave)
- Kubeadm安装Kubernetes环境
- k8s集群之kubernetes-dashboard和kube-dns组件部署安装
- kubernetes kubeadm部署高可用集群