安装多主集群

初始化系统

#!/bin/bash

echo "安装必要的软件包: "
yum install -y vim wget curl epel-release chronyd redhat-lsb lsof
yum update -y kernel glibc

echo "设置时区: "
timedatectl set-timezone Asia/Shanghai

echo "禁用swap: "
echo "vm.swappiness = 0" >> /etc/sysctl.conf
swapoff -a
sysctl -p
sed -i '/swap/s/^/#/' /etc/fstab

echo "启用使用同步服务器: "
systemctl start chronyd
systemctl enable chronyd

echo "设置docker-ce清华大学yum源: "
cat > /etc/yum.repos.d/docker-ce.repo <<'EOF'
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-edge]
name=Docker CE Edge - $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-edge-debuginfo]
name=Docker CE Edge - Debuginfo $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/debug-$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-edge-source]
name=Docker CE Edge - Sources
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/source/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg
EOF

echo "安装docker-ce: "
yum remove docker-ce
yum install -y docker-ce-18* docker-ce-cli-18*

systemctl restart docker
systemctl enable docker

echo "配置/etc/docker/daemon.json: "
cat > /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": [
    "https://docker.mirrors.ustc.edu.cn"
  ],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF

systemctl restart docker

echo "设置kernel参数: "
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system

echo "启用内核模块: "
echo 'modprobe br_netfilter' > /etc/sysconfig/modules/br_netfilter.modules
chmod 755 /etc/sysconfig/modules/br_netfilter.modules
modprobe br_netfilter

# Set SELinux in permissive mode
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# Stop and disable firewalld
systemctl disable firewalld --now

echo "使用kubernetes阿里云yum源: "
cat <<EOF > /etc/yum.repos.d/k8s.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

echo "安装kuber: "
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet
systemctl start kubelet

echo "安装haproxy: "
yum install haproxy -y

echo "设置KUBECONFIG: "
echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> /etc/profile

部署HAproxy

[root@master-01 k8s]# yum install haproxy -y
[root@master-01 k8s]# cat <<EOF > /etc/haproxy/haproxy.cfg
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

defaults
    mode                    tcp
    log                     global
    retries                 3
    timeout connect         10s
    timeout client          1m
    timeout server          1m

frontend kube-apiserver
    bind *:18080 # 指定前端端口
    mode tcp
    default_backend master

backend master # 指定后端机器及端口，负载方式为轮询
    balance roundrobin
    server master-01   x.x.x.x:6443  check maxconn 2000
    server master-02   x.x.x.x:6443  check maxconn 2000
    server master-03   x.x.x.x:6443  check maxconn 2000

EOF

[root@master-01 k8s]# systemctl restart haproxy
[root@master-01 k8s]# systemctl enable haproxy

准备kubeadm-config.yaml

# 在yaml/init里面已经准备好了.这步可以跳过
[root@master-01 k8s]# kubeadm config print init-defaults --kubeconfig ClusterConfiguration > kubeadm-config.yaml

编辑yaml/init/kubeadm-config.yaml

  advertiseAddress: x.x.x.x  # 本机ip
imageRepository: gcr.azk8s.cn/google_containers
kubernetesVersion: v1.15.2
controlPlaneEndpoint: "x.x.x.x:xxxx"
  dnsDomain: test.com
  podSubnet: 10.244.0.0/16 # 添加在network下面

kubeadm init

[root@master-01 k8s]# kubeadm init --config=yaml/init/kubeadm-config.yaml --upload-certs
# 看到Your Kubernetes control-plane has initialized successfully!就说明init成功了.

注: 记录下最后的join命令. 方便后续join node操作.

安装flannel

[root@master-01 k8s]# kubectl apply -f yaml/init/flannel.yaml

join master node

[root@master-02 ~]# kubeadm join x.x.x.x:xxxxx --token xxxxxx.xxxxxxxxxxxxxxxx \
>     --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
>     --control-plane --certificate-key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
>     --node-name kube-master-2


[root@master-03 ~]# kubeadm join x.x.x.x:xxxxx --token xxxxxx.xxxxxxxxxxxxxxxx \
>     --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
>     --control-plane --certificate-key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
>     --node-name kube-master-3

安装检验

[root@master-01 k8s]# kubectl get po -A
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE
kube-system   coredns-cf8fb6d7f-9tqp4                 1/1     Running   0          3m36s
kube-system   coredns-cf8fb6d7f-dkbv8                 1/1     Running   0          3m36s
kube-system   etcd-kube-master-1                      1/1     Running   0          2m50s
kube-system   etcd-kube-master-2                      1/1     Running   0          2m39s
kube-system   etcd-kube-master-3                      1/1     Running   0          108s
kube-system   kube-apiserver-kube-master-1            1/1     Running   0          2m47s
kube-system   kube-apiserver-kube-master-2            1/1     Running   0          2m39s
kube-system   kube-apiserver-kube-master-3            1/1     Running   1          26s
kube-system   kube-controller-manager-kube-master-1   1/1     Running   1          2m44s
kube-system   kube-controller-manager-kube-master-2   1/1     Running   0          2m39s
kube-system   kube-controller-manager-kube-master-3   1/1     Running   0          47s
kube-system   kube-flannel-ds-amd64-6p84w             1/1     Running   0          18s
kube-system   kube-flannel-ds-amd64-72dnx             1/1     Running   0          18s
kube-system   kube-flannel-ds-amd64-xb75q             1/1     Running   0          18s
kube-system   kube-proxy-pncpd                        1/1     Running   0          3m36s
kube-system   kube-proxy-pprrn                        1/1     Running   0          2m39s
kube-system   kube-proxy-rkvpp                        1/1     Running   0          109s
kube-system   kube-scheduler-kube-master-1            1/1     Running   1          2m49s
kube-system   kube-scheduler-kube-master-2            1/1     Running   0          2m38s
kube-system   kube-scheduler-kube-master-3            1/1     Running   0          62s

[root@master-01 k8s]# kubectl get nodes
NAME            STATUS   ROLES    AGE     VERSION
kube-master-1   Ready    master   4m29s   v1.15.2
kube-master-2   Ready    master   3m12s   v1.15.2
kube-master-3   Ready    master   2m22s   v1.15.2

join node

[root@node-01 ~]# kubeadm join x.x.x.x:xxxxx --token xxxxxx.xxxxxxxxxxxxxxxx \
>     --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
>     --node-name kube-node-1

[root@node-02 ~]# kubeadm join x.x.x.x:xxxxx --token xxxxxx.xxxxxxxxxxxxxxxx \
>     --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
>     --node-name kube-node-2

[root@node-03 ~]# kubeadm join x.x.x.x:xxxxx --token xxxxxx.xxxxxxxxxxxxxxxx \
>     --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
>     --node-name kube-node-3

再次检验

[root@master-01 k8s]# kubectl get nodes
NAME            STATUS   ROLES    AGE     VERSION
kube-master-1   Ready    master   7m28s   v1.15.2
kube-master-2   Ready    master   6m11s   v1.15.2
kube-master-3   Ready    master   5m21s   v1.15.2
kube-node-1     Ready    <none>   108s    v1.15.2
kube-node-2     Ready    <none>   83s     v1.15.2
kube-node-3     Ready    <none>   66s     v1.15.2
[root@master-01 k8s]# kubectl get po -A
NAMESPACE     NAME                                    READY   STATUS    RESTARTS   AGE
kube-system   coredns-cf8fb6d7f-9tqp4                 1/1     Running   0          7m11s
kube-system   coredns-cf8fb6d7f-dkbv8                 1/1     Running   0          7m11s
kube-system   etcd-kube-master-1                      1/1     Running   0          6m25s
kube-system   etcd-kube-master-2                      1/1     Running   0          6m14s
kube-system   etcd-kube-master-3                      1/1     Running   0          5m23s
kube-system   kube-apiserver-kube-master-1            1/1     Running   0          6m22s
kube-system   kube-apiserver-kube-master-2            1/1     Running   0          6m14s
kube-system   kube-apiserver-kube-master-3            1/1     Running   1          4m1s
kube-system   kube-controller-manager-kube-master-1   1/1     Running   1          6m19s
kube-system   kube-controller-manager-kube-master-2   1/1     Running   0          6m14s
kube-system   kube-controller-manager-kube-master-3   1/1     Running   0          4m22s
kube-system   kube-flannel-ds-amd64-6p84w             1/1     Running   0          3m53s
kube-system   kube-flannel-ds-amd64-72dnx             1/1     Running   0          3m53s
kube-system   kube-flannel-ds-amd64-p4vjh             1/1     Running   0          69s
kube-system   kube-flannel-ds-amd64-tg7v9             1/1     Running   0          111s
kube-system   kube-flannel-ds-amd64-wv79t             1/1     Running   0          86s
kube-system   kube-flannel-ds-amd64-xb75q             1/1     Running   0          3m53s
kube-system   kube-proxy-2nfr5                        1/1     Running   0          69s
kube-system   kube-proxy-9cb6s                        1/1     Running   0          111s
kube-system   kube-proxy-kwt58                        1/1     Running   0          86s
kube-system   kube-proxy-pncpd                        1/1     Running   0          7m11s
kube-system   kube-proxy-pprrn                        1/1     Running   0          6m14s
kube-system   kube-proxy-rkvpp                        1/1     Running   0          5m24s
kube-system   kube-scheduler-kube-master-1            1/1     Running   1          6m24s
kube-system   kube-scheduler-kube-master-2            1/1     Running   0          6m13s
kube-system   kube-scheduler-kube-master-3            1/1     Running   0          4m37s

安装dashboard

[root@master-01 k8s]# bash ./shell/dashboard-cert-secret.sh

[root@master-01 k8s]# kubectl create secret generic kubernetes-dashboard-certs \
    -n kube-system --from-file=dashborad.crt=cert/picchealth.com.crt \
    --from-file=dashboard.key=cert/picchealth.com.key
secret/kubernetes-dashboard-certs created

[root@master-01 k8s]# kubectl create -f yaml/init/kubernetes-dashboard.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/kubernetes-metrics-scraper created
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

找到token

[root@master-01 k8s]# kubectl -n kube-system describe secret \
     $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

安装ingress-control

[root@master-01 k8s]# kubectl apply -f yaml/init/nginx-ingress-control-mandatory.yaml
namespace/ingress-nginx created
configmap/nginx-configuration created
configmap/tcp-services created
configmap/udp-services created
serviceaccount/nginx-ingress-serviceaccount created
clusterrole.rbac.authorization.k8s.io/nginx-ingress-clusterrole created
role.rbac.authorization.k8s.io/nginx-ingress-role created
rolebinding.rbac.authorization.k8s.io/nginx-ingress-role-nisa-binding created
clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress-clusterrole-nisa-binding created
deployment.apps/nginx-ingress-controller created

检验ingress-control

[root@master-01 k8s]# kubectl get pods -A
NAMESPACE       NAME                                        READY   STATUS    RESTARTS   AGE
ingress-nginx   nginx-ingress-controller-7995bd9c47-srnpn   1/1     Running   0          65s

PreviousKubernetes Next更新集群证书

Last updated 6 years ago

Was this helpful?