1、安装centos7
2、网络设置
- vi /etc/sysconfig/network-scripts/ifcfg-enp**
- ONBOOT=yes
- 重启网络服务
- service network restart或者systemctl start network.service
- 查看IP:ip addr
- 运行 vim **/etc/ssh/sshd_config 命令
- 2、在键盘上按 I 键,进入编辑状态。 将 22 端口修改 成目标 端口** ,以 1022 端口 为例,在Port 22下输入 Port 1022
- 3、在键盘上按 ESC,输入:wq 退出编辑状态。
3、配置hosts
- 192.168.31.253 k8s-master01
- 192.168.31.138 k8s-node01
- 192.168.20.10 k8s-master-lb # vip
- 修改hostname hostnamectl set-hostname k8s-master01
4 关闭防火墙、selinux、dnsmasq、swap
- firewalld-cmd --list-all
- systemctl disable --now firewalld
- systemctl disable --now dnsmasq
- systemctl disable --now NetworkManager
- swapoff -a && sysctl -w vm.swappiness=0
- setenforce 0
- SELINUX=disabled
# /etc/sysconfig/selinux文件中的SELINUX改为disabled
#grep -vE "#|^$" /etc/sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targeted
5 修改内核参数 (配置iptables)
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
#swappiness参数调整,修改/etc/sysctl.d/k8s.conf添加下面一行:
vm.swappiness=0
执行sysctl -p /etc/sysctl.d/k8s.conf使修改生效
sysctl --system
6 所有节点同步时间
# 所有节点同步时间。所有节点同步时间是必须的,并且需要加到开机自启动和计划中,如果节点时间不同步
# 会造成Etcd存储Kubernetes信息的键-值(key - value)数据库同步数据不正常,也会造成证书出现问题。时间同步配置如下:
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' > /etc/timezone
# 安装ntpdate
ntpdate time2.aliyun.com
# 加入到crontab
crontab -e
*/5 * * * * ntpdate time2.aliyun.com
# 加入到开机自动同步
vi /etc/rc.local
ntpdate time2.aliyun.com
#####
# 所有节点配置limit
ulimit -SHn 65535
vi /etc/security/limits.conf
soft nofile 655360
hard nofile 131072
soft ntproc 655350
hard ntproc 655350
soft memlock unlimited
hard memlock unlimited
7 免登录主机证书安装
# 免密登陆其他主机: ssh-copy-id -i /root/.ssh/id_rsa.pub $remote_ip
# sshpass -p $pwds ssh-copy-id -i /root/.ssh/id_rsa.pub $remote_ip -o StrictHostKeyChecking=no
ssh-keygen -t rsa
for i in k8s-master01 k8s-node01;do
ssh-copy-id -i .ssh/id_rsa.pub $i;done
# master01节点子啊崽安装文件,安装文件都在 chap01/1.1目录中
for i in k8s-master01 k8s-node01;do
scp -r /root/k8s/chap01/1.1/repo/ $i:/opt ;done
8 常用工具安装
# tools
yum install wget jq psmisc vim net-tools -y
9 内核升级(默认升级到5.x,网卡未开启,退回安装4.x,问题待解决)
查看版本kernel: uname -srm
wget http://mirrors.aliyun.com/elrepo/kernel/el7/x86_64/RPMS/kernel-lt-4.4.184-1.el7.elrepo.x86_64.rpm
yum install kernel-lt-4.4.184-1.el7.elrepo.x86_64.rpm -y
# 设置内核默认启动顺序
grub2-set-default 0 && grub2-mkconfig -o /etc/grub2.cfg
grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
reboot
# 同时装了3 4 5,会按倒序排列,设为0则默认启动5,设为1则默认启动4
10 docker安装
yum install -y yum-utils
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
# yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
### 以上默认安装最新版本20.x
# yum list docker-ce --showduplicates | sort -r
# yum install docker-ce-<VERSION_STRING> docker-ce-cli-<VERSION_STRING> containerd.io docker-compose-plugin
yum install -y docker-ce-19.03.12 docker-ce-cli-19.03.12 containerd.io docker-compose-plugin
### 修改镜像源
# vi /etc/docker/daemon.json
{
"registry-mirrors" : ["https://q5bf287q.mirror.aliyuncs.com", "https://registry.docker-cn.com","http://hub-mirror.c.163.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries":["192.168.31.138"]
}
# 192.168.31.138 为私有仓库地址
#重新加载配置
systemctl daemon-reload
#重启docker
systemctl restart docker
systemctl enable docker 设置docker开机自启
11 k8s master节点环境安装
# kubernetes repo
cat <<EOF > kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#清除缓存
yum clean all
#把服务器的包信息下载到本地电脑缓存起来,makecache建立一个缓存
yum makecache -y
# 报错信息
failure: repodata/repomd.xml from kubernetes: [Errno 256] No more mirrors to try.
https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno -1] repomd.xml signature could not be verified for kubernetes
# 编辑 /etc/yum.repos.d/kubernetes.repo 文件
# 修改一下参数:
# repo_gpgcheck=0
mv kubernetes.repo /etc/yum.repos.d/
# master节点 安装指定版本的kubelet,kubeadm,kubectl
yum install -y kubelet-1.19.3-0 kubeadm-1.19.3-0 kubectl-1.19.3-0
# node节点无需安装kubectl
yum install -y kubelet-1.19.3-0 kubeadm-1.19.3-0 --disableexcludes=kubernetes
启动kubelet并设置开机启动服务
#重新加载配置文件
systemctl daemon-reload
#启动kubelet
systemctl start kubelet
#查看kubelet启动状态
systemctl status kubelet
#没启动成功,报错先不管,后面的kubeadm init会拉起
#设置开机自启动
systemctl enable kubelet
#查看kubelet开机启动状态 enabled:开启, disabled:关闭
systemctl is-enabled kubelet
#查看日志
journalctl -xefu kubelet
# 初始化k8s集群Master
# master 节点
kubeadm init --image-repository registry.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.31.253 --kubernetes-version=v1.19.3 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.1.0.0/16
# 按提示要求执行如下命令:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# node节点 join master节点
kubeadm join 192.168.31.253:6443 --token fu9o5w.9sakylb77sawmoon \
--discovery-token-ca-cert-hash sha256:4d83a199abf5238aff732548c199256f9e04f6b9010fd8679cb3f0b201c9f257
# 查看节点, NotReady是还未安装CNI网络插件
kubectl get nodes
#输出如下:
NAME STATUS ROLES AGE VERSION
k8s-master001 NotReady master 14h v1.19.3
k8s-node001 NotReady <none> 14h v1.19.3
#####
## 安装flannel网络插件(CNI)
----------------------------------------------------------------
# 安装错误 版本不匹配
error: unable to recognize "calico.yaml": no matches for kind "PodDisruptionBudget" in version "policy/v1"
----------------------------------------------------------------
curl -O https://docs.projectcalico.org/v3.20/manifests/calico.yaml
kubectl apply -f calico.yaml
kubectl get nodes
#输出如下:
NAME STATUS ROLES AGE VERSION
k8s-master001 Ready master 14h v1.19.3
k8s-node001 Ready <none> 14h v1.19.3
安装中出现的错误处理
### 错误:kubectl get cs => connection refused
/etc/kubernetes/manifests下的kube-controller-manager.yaml和kube-scheduler.yaml设置的默认端口是0,在文件中注释掉就可以了
kube-controller-manager.yaml文件修改:注释掉27行
kube-scheduler.yaml配置修改:注释掉19行
机器均重启kubelet
systemctl restart kubelet.service
[root@k8s-master0001 manifests]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true"}
#############################
### kubectl get nodes => notready
------
关闭各个节点的防火墙:
systemctl status firewalld
systemctl stop firewalld
systemctl enable firewalld
重启node节点:
systemctl daemon-reload
systemctl restart docker
systemctl restart kubelet
systemctl restart kube-proxy
------
### 安装失败,重新安装
- kubeadm reset
- kubeadm init
------
### 机器重启
12 centos 安装图形界面
1 列出所有可用的[Environment]Groups
yum group list
yum groupinfo "GNOME Desktop"
2 选择GNOME Desktop软件包组进行安装
yum groupinstall -y 'GNOME Desktop'
3 如果要通过[GUI]配置网络需要安装Server with GUI
yum groups install -y "Server with GUI"
4 修改default target启用GUI
systemctl set-default graphical.target
systemctl get-default
reboot
