k8s Docker 安装

时间:2020-09-20
本文章向大家介绍k8s Docker 安装,主要包括k8s Docker 安装使用实例、应用技巧、基本知识点总结和需要注意事项,具有一定的参考价值,需要的朋友可以参考一下。

k8s Docker 安装

一、运行环境

Centos 7.7
虚拟机内核为 3.10
基础组件版本:
k8s.gcr.io/kube-apiserver:v1.16.0
k8s.gcr.io/kube-controller-manager:v1.16.0
k8s.gcr.io/kube-scheduler:v1.16.0

k8s.gcr.io/kube-proxy:v1.16.0

k8s.gcr.io/pause:3.1

k8s.gcr.io/etcd:3.3.15-0

k8s.gcr.io/coredns:1.6.2

hostname ip resource role
hsjry-16-114-128 172.16.114.128 2c2G master
hsjry-16-114-129 172.16.114.129 2c2G node1
hsjry-16-114-130 172.16.114.130 2c2G node2

二、介质准备

需要下载安装 docker 所需要的依赖和 docker 本身。
需要下载上述组件的镜像包
准备 kubeadm kubectl kubelet

 cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
enabled=1
EOF
yum list kubeadm --showduplicates
yum remove kubectl kubeadm kubelet
yum -y install kubectl-1.16.0-0 kubeadm-1.16.0-0 kubelet-1.16.0-0

三、安装 docker

1.残余卸载

安装之前先将原有的

yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-selinux \
                  docker-engine-selinux \
                  docker-engine
rm -rf /etc/systemd/system/docker.service.d
rm -rf /var/lib/docker
rm -rf /var/run/docker

2.前期准备

# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
# 关闭 SELinux
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
# 关闭 swapoff
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

3.rpm 安装 docker

rpm -ivh *.rpm --nodeps --force

4.收尾设置

这里的资源管理方式采用 systemd(可自行根据情况选择)

systemctl enable docker
systemctl start docker
cat << EOF >> /etc/docker/daemon.json 
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "insecure-registries": ["0.0.0.0/0"]
}
EOF
systemctl restart docker

四、安装 kubernetes

1.前期配置

这个阶段的内容需要在各个节点上执行

base_dir=./k8s
# 加载内核参数
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
if [[ $(uname -r |cut -d . -f1) -ge 4 && $(uname -r |cut -d . -f2) -ge 19 ]]; then
  modprobe -- nf_conntrack
else
  modprobe -- nf_conntrack_ipv4
fi

cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
# 立即生效
sysctl --system
sysctl -w net.ipv4.ip_forward=1
systemctl stop firewalld && systemctl disable firewalld
swapoff -a || true
setenforce 0 || true

# 这里是将下载好的直接 cp,也可选择 rpm 安装的方式
chmod a+x $base_dir/bin/*
cp $base_dir/bin/* /usr/bin
cp $base_dir/conf/kubelet.service /etc/systemd/system/
mkdir /etc/systemd/system/kubelet.service.d
cp $base_dir/conf/10-kubeadm.conf /etc/systemd/system/kubelet.service.d/

# 获取 docker 的 cgroupDriver
cgroupDriver=$(docker info|grep Cg)
driver=${cgroupDriver##*: }
echo "driver is ${driver}"

mkdir -p /var/lib/kubelet/ || true
# 声明 kubelete 的配置内容
cat <<EOF > /var/lib/kubelet/config.yaml
address: 0.0.0.0
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 2m0s
    enabled: true
  x509:
    clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 5m0s
    cacheUnauthorizedTTL: 30s
cgroupDriver: ${driver}
cgroupsPerQOS: true
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
configMapAndSecretChangeDetectionStrategy: Watch
containerLogMaxFiles: 5
containerLogMaxSize: 10Mi
contentType: application/vnd.kubernetes.protobuf
cpuCFSQuota: true
cpuCFSQuotaPeriod: 100ms
cpuManagerPolicy: none
cpuManagerReconcilePeriod: 10s
enableControllerAttachDetach: true
enableDebuggingHandlers: true
enforceNodeAllocatable:
- pods
eventBurst: 10
eventRecordQPS: 5
evictionHard:
  imagefs.available: 15%
  memory.available: 100Mi
  nodefs.available: 10%
  nodefs.inodesFree: 5%
evictionPressureTransitionPeriod: 5m0s
failSwapOn: true
fileCheckFrequency: 20s
hairpinMode: promiscuous-bridge
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 20s
imageGCHighThresholdPercent: 85
imageGCLowThresholdPercent: 80
imageMinimumGCAge: 2m0s
iptablesDropBit: 15
iptablesMasqueradeBit: 14
kind: KubeletConfiguration
kubeAPIBurst: 10
kubeAPIQPS: 5
makeIPTablesUtilChains: true
maxOpenFiles: 1000000
maxPods: 110
nodeLeaseDurationSeconds: 40
nodeStatusUpdateFrequency: 10s
oomScoreAdj: -999
podPidsLimit: -1
port: 10250
registryBurst: 10
registryPullQPS: 5
resolvConf: /etc/resolv.conf
rotateCertificates: true
runtimeRequestTimeout: 2m0s
serializeImagePulls: true
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 4h0m0s
syncFrequency: 1m0s
volumeStatsAggPeriod: 1m0s
EOF
# 加载镜像包
docker load -i $base_dir/images/images.tar.gz || true

systemctl enable kubelet

2.初始化 master

本次通过 kubeadm 的方式初始化 master 节点

base_dir=./k8s
kubeadm init --config $base_dir/conf/kubeadm.yaml
mkdir ~/.kube
cp /etc/kubernetes/admin.conf ~/.kube/config
kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl apply -f $base_dir/conf/kube-flannel.yaml
sleep 5
kubectl apply -f $base_dir/conf/traefik-config.yaml

这里结束后会输出一个命令,需要 cp 这个命令到 node 节点上敲下,就可以加入master 了

2.初始化 node

# 需执行上述 1 的内容
# 通过 kubeadm create token 创建的 token ,过期时间是24小时,这就是为什么过了一天无法再次使用之前记录的 kube join 原生脚本的原因,也可以运行 kubeadm token create --ttl 0生成一个永不过期的 token,

4.验证

到 master 节点上敲 kubectl get nodes 就可以看到这个集群的信息咯

五、安装 ingress

这里采用 traefix 来作为服务暴露的方式。
kubectl apply -f $base_dir/conf/traefik-config.yaml

六、附件

github


原文地址:https://www.cnblogs.com/zhengyuan/p/13701118.html