一、环境
关闭防火墙和selinux
禁用swap
服务器配置,至少2核2G
所有节点
#所有节点echo net.bridge.bridge-nf-call-iptables = >>/etc/sysctl.conf
echo net.ipv4.ip_forward= >>/etc/sysctl.conf
echo net.bridge.bridge-nf-call-iptables= >>/etc/sysctl.conf
echo net.bridge.bridge-nf-call-ip6tables= >>/etc/sysctl.conf
echo vm.swappiness= >>/etc/sysctl.confsysctl -p#有swap的话要关闭
#swapoff -a
#sed -i ‘/swap/s/^/#/’ /etc/fstab
#关闭firewalld
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/=enforcing/=disabled/g' /etc/selinux/config#ipvs相关
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod /etc/sysconfig/modules/ipvs.modules
bash /etc/sysconfig/modules/ipvs.modules
lsmod | grep -e ip_vs -e nf_conntrack_ipv4#配置源
cd /etc/yum.repos.d/
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
cat>>/etc/yum.repos.d/kubrenetes.repo<<EOF
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
EOF#下载服务
#查看docker-ce版本
yum list docker-ce.x86_64 --showduplicates |sort -r
#k8s1.14最高支持18.09版本的docker
#yum install -y --setopt=obsoletes= docker-ce-18.09.-.el7
yum install kubelet kubeadm kubectl -y
yum -y install ipvsadm ipset
master节点执行操作
#启动服务
systemctl restart docker
systemctl enable docker
systemctl enable kubelet && systemctl start kubelet#kubeadm初始化
kubeadm init --kubernetes-version=v1.18.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12
#国内环境安装
# kubeadm init --kubernetes-version=v1.18.0 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --image-repository='registry.cn-hangzhou.aliyuncs.com/google_containers'#记录初始化后的kubeadm join 信息
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config#安装flannel网络(也可以安装其他网络)
#wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
#kubectl apply -f kube-flannel.yml
#安装calico网络
wget https://docs.projectcalico.org/manifests/calico.yaml
#更换网段
sed -i "s#192.168.0.0/16#10.244.0.0/16#g" calico.yaml
#导入
kubectl apply -f calico.yaml
node节点操作
#启动服务
systemctl restart docker
systemctl enable docker#执行master上显示的kubeadm join命令 (类似如下)
kubeadm join 172.31.250.160:6443 --token fx3ua3.4cxlvfnbrhiwpnj8 --discovery-token-ca-cert-hash sha256:1ac1ece9c7b61fb88208680ba9e864d3a496a81be4bc2212833327b14d0991bf
在master端使用kubectl get node 查看即可
[root@k8s-m ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-m Ready master 12m v1.18.0
node Ready <none> 9m22s v1.18.0
kube-proxy 开启 ipvs
改ConfigMap的kube-system/kube-proxy中的config.conf,mode: “ipvs”
[root@k8s-m ~]kubectl edit cm kube-proxy -n kube-system
......
ipvs:
excludeCIDRs: null
minSyncPeriod: 0s
scheduler: ""
strictARP: false
syncPeriod: 0s
tcpFinTimeout: 0s
tcpTimeout: 0s
udpTimeout: 0s
kind: KubeProxyConfiguration
metricsBindAddress: ""
mode: "ipvs" #改成这样
删除原先的kube-proxy的pod
[root@k8s-m ~]# kubectl get pods -n kube-system|grep proxy
kube-proxy-94cdw / Running 102m
kube-proxy-sgdzw / Running 45m
[root@k8s-m ~]# kubectl get pod -n kube-system | grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}'
pod "kube-proxy-94cdw" deleted
pod "kube-proxy-sgdzw" deleted
[root@k8s-m ~]# kubectl get pods -n kube-system|grep proxy
kube-proxy-pmntz 1/1 Running 0 56s
kube-proxy-xbxxb 1/1 Running 0 58
使用ipvsadm测试,可以查看之前创建的Service已经使用LVS创建了集群
[root@k8s-m ~]# ipvsadm -Ln
IP Virtual Server version 1.2. (size=)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.96.0.1: rr
-> 10.0.0.100: Masq
TCP 10.96.0.10: rr
-> 10.244.167.129: Masq
-> 10.244.167.130: Masq
TCP 10.96.0.10: rr
-> 10.244.167.129: Masq
-> 10.244.167.130: Masq
UDP 10.96.0.10: rr
-> 10.244.167.129: Masq
-> 10.244.167.130: Masq
