本文使用的K8S版本已经不是最新,仅供参考。

添加hosts文件

echo "10.40.0.201 hiningmeng-k8s1
      10.40.0.202 hiningmeng-k8s2
      10.40.0.203 hiningmeng-k8s3
      10.40.0.204 hiningmeng-k8s4
" >> /etc/hosts

关闭防火墙、selinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl disable firewalld.service
systemctl stop firewalld.service

配置net.bridge

modprobe br_netfilter
echo "net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
sysctl -p

开启IPVS

cat > /etc/sysconfig/modules/ipvs.modules <<EOF
# !/bin/bash

modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
modprobe -- br_netfilter
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

yum install -y  ipvsadm ipset

安装Docker

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

yum install -y --setopt=obsoletes=0 docker-ce-18.09.2
mkdir /etc/docker

cat << 'EOF' > /etc/docker/daemon.json
{
    "data-root": "/data/docker/docker",
    "iptables": false,
    "log-driver": "json-file",
    "storage-driver": "overlay2",
    "storage-opts": [ "overlay2.override_kernel_check=true"],
    "log-opts": {
        "max-size": "100m"
    },
    "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF

systemctl start docker
systemctl enable docker

关闭swap

swapoff -a
# vim /etc/fstab

安装kubeadm、kubectl

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# yum list --showduplicates | grep 'kubeadm\|kubectl\|kubelet'

yum install -y kubelet-1.14.2 kubeadm-1.14.2 kubectl-1.14.2 --disableexcludes=kubernetes

systemctl enable kubelet

提前准备需要的镜像

# cat docker-pull.sh
# !/bin/bash

images=(k8s.gcr.io/kube-apiserver:v1.14.2
        k8s.gcr.io/kube-controller-manager:v1.14.2
        k8s.gcr.io/kube-scheduler:v1.14.2
        k8s.gcr.io/kube-proxy:v1.14.2
        k8s.gcr.io/pause:3.1
        k8s.gcr.io/etcd:3.3.10
        k8s.gcr.io/coredns:1.3.1
        k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1)
for var in ${images[@]};do
        image=${var/k8s.gcr.io\//registry.cn-hangzhou.aliyuncs.com\/hiningmeng\/}
        docker pull ${image}
        docker tag ${image} ${var}
done

docker pull registry.cn-hangzhou.aliyuncs.com/hiningmeng/flannel:v0.11.0-amd64
docker tag registry.cn-hangzhou.aliyuncs.com/hiningmeng/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64

kubeadm init 安装master

kubeadm init \
  --kubernetes-version=v1.14.2 \
  --pod-network-cidr=192.168.0.0/16 \
  --service-cidr=172.96.0.0/12 \
  --apiserver-advertise-address=10.40.0.201

mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubeadm join 10.40.0.201:6443 --token mjgmyw.kafm9jr4zczzk7z8 --discovery-token-ca-cert-hash sha256:4356ec91b61cf162cc29b76e0c118fbc7bad3a4d25bbfa4ea53ae0a9ed046f4a

安装flannel

wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

......
containers:
      - name: kube-flannel
        image: quay.io/coreos/flannel:v0.11.0-amd64
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        - --iface=eth1
......

kubectl apply -f kube-flannel.yml

配置profile

source <(kubectl completion bash) #这个是命令补全
cat <<EOF>>/etc/profile
source <(kubectl completion bash)
alias k='kubectl'
alias ka='kubectl apply --recursive -f'
alias kex='kubectl exec -i -t'
alias klo='kubectl logs -f'
alias kg='kubectl get'
alias kd='kubectl describe'
EOF

测试DNS

kubectl run curl --image=radial/busyboxplus:curl -it
nslookup kubernetes.default

开启IPVS

# 修改ConfigMap的kube-system/kube-proxy中的config.conf,mode: "ipvs":
kubectl edit cm kube-proxy -n kube-system

# 之后重启各个节点上的kube-proxy pod:
kubectl get pod -n kube-system | grep kube-proxy | awk '{system("kubectl delete pod "$1" -n kube-system")}'

安装helm

wget https://storage.googleapis.com/kubernetes-helm/helm-v2.13.1-linux-amd64.tar.gz
tar -zxvf helm-v2.13.1-linux-amd64.tar.gz
cp linux-amd64/helm /usr/bin/

准备tiller需要的ServiceAccount

# helm-rbac-config.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

kubectl create  -f helm-rbac-config.yaml

helm init

helm init --upgrade --service-account tiller --skip-refresh --tiller-image registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.13.1 --stable-repo-url http://mirror.azure.cn/kubernetes/charts/


helm repo 可以改成阿里的,但是好久没更新了,上面使用的是微软的

helm repo remove stable
helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
helm repo update
#helm search

helm 安装ingress

# cat ingress-nginx.yaml
controller:
  image:
    repository: registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller
    tag: 0.24.1
    pullPolicy: IfNotPresent
  replicaCount: 1
  hostNetwork: true
  nodeSelector:
    node-role.kubernetes.io/edge: ''
  affinity:
    podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
            - key: app
              operator: In
              values:
              - nginx-ingress
            - key: component
              operator: In
              values:
              - controller
          topologyKey: kubernetes.io/hostname
  tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule

defaultBackend:
  image:
    repository: registry.cn-hangzhou.aliyuncs.com/google_containers/defaultbackend
    tag: 1.4
    pullPolicy: IfNotPresent
  nodeSelector:
    node-role.kubernetes.io/edge: ''
  tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule

helm install stable/nginx-ingress -n nginx-ingress --namespace ingress-nginx  -f ingress-nginx.yaml

helm升级应用命令如下

helm upgrade -f ingress-nginx.yaml  nginx-ingress stable/nginx-ingress

helm卸载命令

helm del --purge nginx-ingress

安装 kubernetes-dashboard

# cat kubernetes-dashboard.yaml
image:
  repository: registry.cn-hangzhou.aliyuncs.com/hiningmeng/kubernetes-dashboard-amd64
  tag: v1.10.1
ingress:
  enabled: true
  hosts:
    - k8s.icjl.test
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
  tls:
    - secretName: icjl-test-secret
      hosts:
      - k8s.icjl.test
rbac:
  clusterAdminRole: true

安装dashboard

helm install stable/kubernetes-dashboard \
-n kubernetes-dashboard \
--namespace kubernetes-dashboard  \
-f kubernetes-dashboard.yaml

登录token

kubectl -n kubernetes-dashboard  get secret | grep kubernetes-dashboard-token

安装metrics-server

# cat metrics-server.yaml
args:
- --logtostderr
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP

helm install stable/metrics-server \
-n metrics-server \
--namespace monitoring \
-f metrics-server.yaml