1.基础环境
ip hostname cpu/memory
192.168.200.11 master01 2C4G
192.168.200.12 master02 2C4G
192.168.200.13 master03 2C4G
192.168.200.14 node01 4C8G
192.168.200.15 node02 4C8G
192.168.200.50 lb 1C2G
modprobe br_netfilter
cat >> /etc/sysctl.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF
sysctl -p
cat > /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules
source /etc/sysconfig/modules/ipvs.modules
yum -y install ipvsadm ipset
2.配置负载均衡节点
yum -y install nginx keepalived
yum -y install nginx-all-modules.noarch
cat >> /etc/nginx/nginx.conf << EOF
stream {
log_format proxy '$time_local|$remote_addr|$upstream_addr|$protocol|$status|'
'$session_time|$upstream_connect_time|$bytes_sent|$bytes_received|'
'$upstream_bytes_sent|$upstream_bytes_received' ;
upstream kube-apiserver {
server 192.168.200.11:6443;
server 192.168.200.12:6443;
server 192.168.200.13:6443;
}
server {
listen 6443 backlog=65535 so_keepalive=on;
allow 10.10.0.0/16;
allow 172.16.0.0/16;
allow 192.168.200.0/24;
deny all;
proxy_connect_timeout 3s;
proxy_next_upstream on;
proxy_next_upstream_timeout 5;
proxy_next_upstream_tries 1;
proxy_pass kube-apiserver;
access_log /var/log/nginx/kube-apiserver.log proxy;
}
}
EOF
systemctl enable nginx
systemctl start nginx
3.安装容器运行时环境
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
mkdir -p /etc/docker
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl start docker
systemctl enable docker
4.部署kubernetes主节点
cat > /etc/yum.repos.d/kubeadm.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubeadm kubelet kubectl
systemctl enable kubelet.service
kubeadm init --control-plane-endpoint "192.168.200.50:6443" --pod-network-cidr 10.10.0.0/16 --service-cidr 172.16.0.0/16 \
--image-repository registry.aliyuncs.com/google_containers --upload-certs | tee kubeadm-init.log
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
5.部署cni网络插件
wget -O calico.yaml --no-check-certificate https://docs.projectcalico.org/manifests/calico.yaml
vim calico.yaml
- name: CALICO_IPV4POOL_CIDR
value: "10.10.0.0/16"
kubectl apply -f calico.yaml
6.修改service调度策略和禁用组件非安全端口
kubectl edit cm kube-proxy -n kube-system # mode: "ipvs"
kubectl get pod -n kube-system | grep kube-proxy | awk '{print $1}' | xargs kubectl -n kube-system delete pod
sed -i '/--port=0/s/^/#/g' /etc/kubernetes/manifests/kube-scheduler.yaml
sed -i '/--port=0/s/^/#/g' /etc/kubernetes/manifests/kube-controller-manager.yaml
7.kubectl命令补全
yum install bash-completion -y
source /usr/share/bash-completion/bash_completion
kubectl completion bash > /etc/bash_completion.d/kubectl
source /etc/bash_completion.d/kubectl
8.查看集群信息
[root@master01 ~]# kubectl get nodes -owide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
master01 Ready control-plane,master 102m v1.22.3 192.168.200.11 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.10
master02 Ready control-plane,master 33m v1.22.3 192.168.200.12 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.10
master03 Ready control-plane,master 34m v1.22.3 192.168.200.13 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.10
node01 Ready <none> 69m v1.22.3 192.168.200.14 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.10
node02 Ready <none> 69m v1.22.3 192.168.200.15 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://20.10.10
[root@master01 ~]# kubectl get all --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/calico-kube-controllers-5d995d45d6-pqlg9 1/1 Running 0 21m
kube-system pod/calico-node-2tndn 1/1 Running 0 21m
kube-system pod/calico-node-5xrnv 1/1 Running 0 21m
kube-system pod/calico-node-dq8rm 1/1 Running 0 21m
kube-system pod/calico-node-qmffw 1/1 Running 0 21m
kube-system pod/calico-node-wgbhj 1/1 Running 0 21m
kube-system pod/coredns-7f6cbbb7b8-fnl98 1/1 Running 0 102m
kube-system pod/coredns-7f6cbbb7b8-krvbv 1/1 Running 0 102m
kube-system pod/etcd-master01 1/1 Running 0 102m
kube-system pod/etcd-master02 1/1 Running 0 33m
kube-system pod/etcd-master03 1/1 Running 0 34m
kube-system pod/kube-apiserver-master01 1/1 Running 0 102m
kube-system pod/kube-apiserver-master02 1/1 Running 1 (34m ago) 11m
kube-system pod/kube-apiserver-master03 1/1 Running 0 34m
kube-system pod/kube-controller-manager-master01 1/1 Running 0 100s
kube-system pod/kube-controller-manager-master02 1/1 Running 0 97s
kube-system pod/kube-controller-manager-master03 1/1 Running 0 94s
kube-system pod/kube-proxy-ddg24 1/1 Running 0 8m22s
kube-system pod/kube-proxy-g8qw6 1/1 Running 0 8m23s
kube-system pod/kube-proxy-qvp4b 1/1 Running 0 8m22s
kube-system pod/kube-proxy-shqjg 1/1 Running 0 8m23s
kube-system pod/kube-proxy-vzfpd 1/1 Running 0 8m23s
kube-system pod/kube-scheduler-master01 1/1 Running 0 99s
kube-system pod/kube-scheduler-master02 1/1 Running 0 97s
kube-system pod/kube-scheduler-master03 1/1 Running 0 94s
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 172.16.0.1 <none> 443/TCP 102m
kube-system service/kube-dns ClusterIP 172.16.0.10 <none> 53/UDP,53/TCP,9153/TCP 102m
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-system daemonset.apps/calico-node 5 5 5 5 5 kubernetes.io/os=linux 21m
kube-system daemonset.apps/kube-proxy 5 5 5 5 5 kubernetes.io/os=linux 102m
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/calico-kube-controllers 1/1 1 1 21m
kube-system deployment.apps/coredns 2/2 2 2 102m
NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/calico-kube-controllers-5d995d45d6 1 1 1 21m
kube-system replicaset.apps/coredns-7f6cbbb7b8 2 2 2 102m
[root@master01 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.16.0.1:443 rr
-> 192.168.200.11:6443 Masq 1 0 0
-> 192.168.200.12:6443 Masq 1 0 0
-> 192.168.200.13:6443 Masq 1 0 0
TCP 172.16.0.10:53 rr
-> 172.16.196.130:53 Masq 1 0 0
-> 172.16.196.131:53 Masq 1 0 0
TCP 172.16.0.10:9153 rr
-> 172.16.196.130:9153 Masq 1 0 0
-> 172.16.196.131:9153 Masq 1 0 0
UDP 172.16.0.10:53 rr
-> 172.16.196.130:53 Masq 1 0 0
-> 172.16.196.131:53 Masq 1 0 0
[root@master01 ~]#