kubeadm 部署kuberneters 1.17.4高可用集群

一、操作系统参数设置

三个master

HOST	IP
master1	192.168.0.11
master2	192.168.0.12
master3	192.168.0.13
VIP	192.168.0.14

1、设置系统主机名以及Host文件
hostnamectl set-hostname k8s-master01
修改hosts
192.168.0.11 master01
192.168.0.12 master02
192.168.0.13 master03

2、安装工具
yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git

3、设置防火墙为iptables并设置空规则
systemctl stop firewalld && systemctl disable firewalld
yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save

4、关闭SELINUX
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

5、调整内核
调整内核参数,对于K8S
cat > kubernetes.conf < /etc/sysconfig/modules/ipvs.modules < /etc/docker/daemon.json < /etc/sysconfig/modules/ipvs.modules < /dev/null 2>&1
 if [ $? -eq 0 ]; then
 /sbin/modprobe \${kernel_module}
 fi
done
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
 
11、安装kubeadm命令
安装kubeadm (主从配置)
cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
 

yum -y install kubeadm-1.17.4 kubectl-1.17.4 kubelet-1.17.4

二、配置haproxy代理

拉取haproxy镜像
docker pull haproxy:1.7.8-alpine

mkdir /etc/haproxy
cat >/etc/haproxy/haproxy.cfg<

三、部署keepalived

1、拉取keepalived镜像
docker pull osixia/keepalived:1.4.4
 
2、启动keepalived
#注意网卡eth0为本次实验192.168.0.0/24网段的所在网卡
KEEPALIVED_VIRTUAL_IPS为VIP
KEEPALIVED_UNICAST_PEERS为所有实际节点IP
 
 docker run --net=host --cap-add=NET_ADMIN \
-e KEEPALIVED_INTERFACE=eth0 \
-e KEEPALIVED_VIRTUAL_IPS="#PYTHON2BASH:['192.168.0.14']" \
-e KEEPALIVED_UNICAST_PEERS="#PYTHON2BASH:['192.168.0.11','192.168.0.12','192.168.0.13']" \
-e KEEPALIVED_PASSWORD=hello \
--name k8s-keepalived \
--restart always \
-d osixia/keepalived:1.4.4
 
3、如果失败后清理后
docker rm -f k8s-keepalived
ip a del 192.168.0.14/32 dev eth0

四、kubeadm部署集群

1、初始化主节点

kubeadm config print init-defaults > kubeadm-config.yaml

vi kubeadm-config.yaml

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
 - system:bootstrappers:kubeadm:default-node-token
 token: abcdef.0123456789abcdef
 ttl: 24h0m0s
 usages:
 - signing
 - authentication
kind: InitConfiguration
localAPIEndpoint:
 advertiseAddress: 192.168.0.11
 bindPort: 6443
nodeRegistration:
 criSocket: /var/run/dockershim.sock
 name: k8s-master01
 taints:
 - effect: NoSchedule
   key: node-role.kubernetes.io/master
---
apiServer:
 timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: 192.168.0.14:8443
controllerManager: {}
dns:
 type: CoreDNS
etcd:
 local:
   dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.17.4
networking:
 dnsDomain: cluster.local
 serviceSubnet: 10.96.0.0/12
 podSubnet: "10.244.0.0/16"
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
 SupportIPVSProxyMode: true
mode: ipvs

kubeadm init --config=kubeadm-config.yaml --upload-certs | tee kubeadm-init.log

2、为kubectl准备Kubeconfig文件

kubectl默认会在执行的用户家目录下面的.kube目录下寻找config文件。这里是将在初始化时[kubeconfig]步骤生成的admin.conf拷贝到.kube/config。
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

kubectl get nodes

3、 拷贝证书文件到其他master节点

传输公钥

ssh-keygen
ssh-copy-id 192.168.0.12
 ssh-copy-id 192.168.0.13
USER=root
CONTROL_PLANE_IPS="192.168.0.12 192.168.0.13"
for host in ${CONTROL_PLANE_IPS}; do
    ssh "${USER}"@$host "mkdir -p /etc/kubernetes/pki/etcd"
    scp /etc/kubernetes/pki/ca.* "${USER}"@$host:/etc/kubernetes/pki/
    scp /etc/kubernetes/pki/sa.* "${USER}"@$host:/etc/kubernetes/pki/
    scp /etc/kubernetes/pki/front-proxy-ca.* "${USER}"@$host:/etc/kubernetes/pki/
    scp /etc/kubernetes/pki/etcd/ca.* "${USER}"@$host:/etc/kubernetes/pki/etcd/
    scp /etc/kubernetes/admin.conf "${USER}"@$host:/etc/kubernetes/
done

4、 添加master集群节点

kubeadm join 192.168.0.189:8443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:005bf2fc71dddd3b1s5adddb8bf0a02ccd4ab507819434913fe9e9a9eb762ee   --control-plane

安装完成后需要systemctl enable kubelet 设置kubelet自启动，否则节点重启后不能恢复

5、 flannel

wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ym
kubectl create -f kube-flannel.yml