Docker安装

环境:CentOS/RHEL 7.4+

Install prerequisites.

1

yum install -y yum-utils device-mapper-persistent-data lvm2

Add docker repository.

1
2
3

yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

Install docker.

1

yum update && yum install -y docker-ce-18.06.1.ce

Create /etc/docker directory.

1

mkdir /etc/docker

Setup daemon.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF

mkdir -p /etc/systemd/system/docker.service.d

Restart docker.

1

systemctl daemon-reload && systemctl enable docker && systemctl restart docker

安装环境准备

Disable SELinux

1
2

setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

Disable swap

1
2
3

swapoff -a
yes | cp /etc/fstab /etc/fstab_bak
cat /etc/fstab_bak |grep -v swap > /etc/fstab

Stop and disable firewalld

1

systemctl stop firewalld && systemctl disable firewalld

Add sysctl settings

1
2
3
4
5
6
7

cat >>/etc/sysctl.d/kubernetes.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness = 0
EOF

sysctl -p

Sync time

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

# 调整系统 TimeZone
timedatectl set-timezone Asia/Shanghai

# 将当前的 UTC 时间写入硬件时钟
timedatectl set-local-rtc 0

# 重启依赖于系统时间的服务
systemctl restart rsyslog && systemctl restart crond
yum install -y ntpdate
ntpdate cn.pool.ntp.org

升级内核

1
2
3
4
5

rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm ;yum --enablerepo=elrepo-kernel install kernel-ml-devel kernel-ml -y
# 检查默认内核版本是否大于4.14,否则请调整默认启动参数
grub2-editenv list
#重启以更换内核
reboot

开启ipvs

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
# 
yum install -y ipset ipvsadm

Kubernetes安装

Add yum repo file for Kubernetes

Google

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

cat >>/etc/yum.repos.d/kubernetes.repo<<EOF
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
        https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

Aliyun

1
2
3
4
5
6
7

cat>>/etc/yum.repos.d/kubrenetes.repo<<EOF
[kubernetes]
name=Kubernetes Repo
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
EOF

查询下当前版本需要哪些docker image

1

kubeadm config images list --kubernetes-version v1.11.2

Installing kubeadm, kubelet and kubectl

1
2

yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet

Install kubeadm master

1

kubeadm init --kubernetes-version=v1.13.1 --apiserver-advertise-address 172.17.8.101 --pod-network-cidr=10.244.0.0/16

Install flannel

1

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

查看

1
2
3
4

# 节点状态
kubectl get nodes
# pod状态
kubectl get pods --all-namespaces -o wide

Install dashboard

在$HOME/certs下生成dashboard.keydashboard.crt

1 Self-signed certificate

1
2
3
4
5
6

# Generate private key
openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
rm dashboard.pass.key
# Generate certificate signing request
openssl req -new -key dashboard.key -out dashboard.csr

2 Generate SSL certificate

1

openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt

3 Create secret

1

kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system

4 Deploy Dashboard

1

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

Join worker node

安装kubeadm

1
2

yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet

安装

1

kubeadm join 172.17.8.101:6443 --token jy66dz.ywycabclc9s66v4h --discovery-token-ca-cert-hash sha256:3452048d1e4350c609c1e5abb31a57e0814446fa223179e6a62a3ad058a8fc81

查看token

1
2
3
4
5
6
7
8
9

> kubeadm token list
> # 重新生成新的token
> kubeadm token create
> kubeadm token create --print-join-command
> # 获取ca证书sha256编码hash值
> openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
> ```

#### Other

docker save -o flannel-v0.10.0-amd64.tar quay.io/coreos/flannel:v0.10.0-amd64

1
2
3

#### 从集群中移除Node

节点信息

kubectl get nodes NAME STATUS ROLES AGE VERSION node1 Ready master 16m v1.13.0 node2 Ready 4m5s v1.13.0

1
2
3

例如:从集群中移除node2这个Node执行下面的命令

在master节点上执行

kubectl drain node2 –delete-local-data –force –ignore-daemonsets kubectl delete node node2

1

在node2上执行

kubeadm reset ifconfig cni0 down ip link delete cni0 ifconfig flannel.1 down ip link delete flannel.1 rm -rf /var/lib/cni/ ```