k8s快速搭建

一、准备工作

1.1 节点信息
主机名 IP地址 角色 备注
k8s-master 10.0.0.10 k8s-master 管理节点
k8s-node1 10.0.0.27 k8s-node 计算节点
k8s-node2 10.0.0.28 k8s-node 计算节点
1.2 系统配置
#配置主机名
hostnamectl set-hostname k8s-master
hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2

#本地解析
cat >> /etc/hosts <<eof
10.0.0.10 k8s-master
10.0.0.27 k8s-slave1
10.0.0.28 k8s-slave2
eof

#配置转发策略
#原因: docker自1.13+后调整了iptables规则,把forward规则改为了DROP导致无法通信
iptables -P FORWARD ACCEPT

#关闭内存交换
swapoff -a
echo "swapoff -a" >> /etc/profile

#内核参数调整
cat <<eof > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables= 1
net.bridge.bridge-nf-call-ip6tables= 1
net.ipv4.ip_forward = 1
vm.max_map_count = 362140
eof
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf

#selinux关闭
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config 2>&1
1.3 添加仓库
#添加docker源
cat > /etc/yum.repos.d/docker.repo <<EOF
[docker]
name=docker
gpgcheck=0
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
EOF

#添加k8s源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

#更新源缓存
yum clean all && yum makecache

二、搭建集群

2.1 安装etcd
# 在master节点上安装
yum -y install etcd

# 修改配置
vim /etc/etcd/etcd.conf
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"

# 启动服务
systemctl enable etcd
systemctl start etcd

# 验证服务
etcdctl set testdir/testkey0 0
etcdctl get testdir/testkey0
etcdctl -C http://10.0.0.10:2379 cluster-health

# 创建网络
etcdctl set /atomic.io/network/config '{"Network": "10.254.0.0/16"}'
etcdctl get /atomic.io/network/config
2.2 安装flannel
# 在每一个节点上安装
yum -y install flannel

# 修改配置(注意PREFIX部分配置要与etcd的设置一致)
vim /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://10.0.0.10:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"

# 下发配置
scp /etc/sysconfig/flanneld 10.0.0.27:/etc/sysconfig/flanneld
scp /etc/sysconfig/flanneld 10.0.0.28:/etc/sysconfig/flanneld

# 启动服务(如果docker在运行先停止)
systemctl enable flanneld
systemctl start flanneld
2.3 安装master
# 在master节点执行安装
yum -y install kubernetes-master kubernetes-client

# 配置scheduler,controller(共用一个配置)
# 配置连接apiserver的地址即可
vim /etc/kubernetes/config
KUBE_MASTER="--master=http://10.0.0.10:8080"

# 配置apiserver(这里删除ServiceAccount)
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBELET_PORT="--kubelet-port=10250"
KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.0.10:2379"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

# 启动服务
systemctl enable kube-apiserver kube-controller-manager kube-scheduler
systemctl start kube-apiserver kube-controller-manager kube-scheduler

# 查看状态
[root@k8s-master ~]# kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
etcd-0               Healthy   {"health":"true"}
scheduler            Healthy   ok
controller-manager   Healthy   ok
2.4 安装node
# 在所有node节点上安装
yum -y install kubernetes-node

# 配置连接apiserver地址
vim /etc/kubernetes/config
KUBE_MASTER="--master=http://10.0.0.10:8080"

# 配置代理工具
vim /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=10.0.0.27" #监听地址(根据本机ip而定)
KUBELET_PORT="--port=10250"  #与api的通信端口,需要与apiserver保持一致
KUBELET_HOSTNAME="--hostname-override=k8s-node1"  #node节点标签,建议使用主机名并配置好hosts解析(根据本机名称而定)
KUBELET_API_SERVER="--api-servers=http://10.0.0.10:8080" #apiserver的地址
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=10.0.0.27:5000/pod-infrastructure:latest" #这里指向私服的地址
2.5 拉取pod
# 配置docker镜像地址
cat > /etc/docker/daemon.json <<eof
{
  "registry-mirrors": ["http://ef017c13.m.daocloud.io"],
  "live-restore": true,
  "insecure-registries": ["10.0.0.27:5000"]
}
eof

# 启动一下docker服务(安装node节点时会自动安装)
systemctl daemon-reload
systemctl enable docker
systemctl start docker

# 拉取pod镜像
docker pull tianyebj/pod-infrastructure:latest

# 运行一个私服仓库
docker pull registry:latest
docker run -d -p 5000:5000 --restart=always \
--name registry registry:latest

# 推送pod到仓库
docker tag tianyebj/pod-infrastructure:latest 10.0.0.27:5000/pod-infrastructure:latest
docker push 10.0.0.27:5000/pod-infrastructure:latest
2.5 启动集群
# 运行node节点服务
systemctl enable kubelet kube-proxy docker
systemctl start kubelet kube-proxy docker

# 检查集群(master)
[root@k8s-master ~]# kubectl get nodes
NAME        STATUS    AGE
k8s-node1   Ready     1m
k8s-node2   Ready     1m
2.6 转发规则
#为了避免主机重启后规则失效,需要永久保留规则,执行如下(所有安装docker的节点)
vim /usr/lib/systemd/system/docker.service
#添加,在ExecStart上面一行添加即可
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT

#重启服务
systemctl daemon-reload
systemctl restart docker
2.7 测试网络
# 在两个节点上运行两个容器测试互通性(能ping通则正常)
docker run -id --name vm1 10.0.0.27:5000/alpine:v1
docker run -id --name vm2 10.0.0.27:5000/alpine:v1