K8S (1) : Quickly deploy a Kubernetes cluster

System initialization

Set the mutual resolution of the system Host name and Host file

hostnamectl set-hostname k8s-master01
Copy the code

Installing dependency packages

yum install -y conntrack ntpdate ntp ipvsadm ipset jq iptables curl sysstat libseccomp wget vim net-tools git
Copy the code

Set the firewall toIptablesAnd set the null rule

systemctl stop firewalld && systemctl disable firewalld 
yum -y install iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
Copy the code

Shut downSELINUX

swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
Copy the code

Adjust kernel parameters for K8S

cat > kubernetes.conf <<EOF net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 Net.ipv4. ip_forward=1 net.ipv4.tcp_tw_recycle=0 vm.swappiness=0 Overcommit_memory =1 # Do not check whether physical memory is sufficient for vm. Panic_on_oom =0 # Enable OOM fs.inotify. Max_user_instances =8192 fs.inotify.max_user_watches=1048576 fs.file-max=52706963 fs.nr_open=52706963 net.ipv6.conf.all.disable_ipv6=1 net.netfilter.nf_conntrack_max=2310720 EOF cp kubernetes.conf /etc/sysctl.d/kubernetes.conf sysctl -p /etc/sysctl.d/kubernetes.confCopy the code

Adjusting the System Time Zone

#Set the system time zone to China/Shanghai
timedatectl set-timezone Asia/Shanghai 
#Writes the current UTC time to the hardware clock
timedatectl set-local-rtc 0 
#Restart services that depend on system time
systemctl restart rsyslog 
systemctl restart crond
Copy the code

No service is required to shut down the system

systemctl stop postfix && systemctl disable postfix
Copy the code

Set up thersyslogdandsystemd journald

Mkdir/var/log/journal # persisted log directory mkdir/etc/systemd journald. Conf. D. cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF [Journal]#Persistent storage to disk
Storage=persistent 
#Compressing historical logs
Compress=yes 
SyncIntervalSec=5m 
RateLimitInterval=30s 
RateLimitBurst=1000 
#The maximum footprint is 10G
SystemMaxUse=10G 
#The maximum number of a single log file
200M SystemMaxFileSize=200M
#Logs are saved for 2 weeks
MaxRetentionSec=2week 
#Logs are not forwarded to
syslog ForwardToSyslog=no 
EOF 
systemctl restart systemd-journald
Copy the code

Upgrade the system kernel to 4.44

The RPM - Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
#After the installation is complete, check whether the kernel menuEntry in /boot/grub2/grub. CFG contains the initrd16 configuration. If it does not, install it again.
yum --enablerepo=elrepo-kernel install -y kernel-lt 

#Setup boot from the new kernelGrub2-set-default 'CentOS Linux (4.4.189-1.el7.elrebo.x86_64) 7 (Core)'Copy the code

Install Kubernetes

kube-proxyopenipvsPreconditions of

modprobe br_netfilter

cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#! /bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
Copy the code

Install Docker/kubeadm/kubelet on all nodes

Kubernetes default CRI (container runtime) is Docker, so install Docker first. 1. Install Docker

$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo $ yum -y Install docker - ce - 18.06.1. Ce - 3. $systemctl el7enableDocker && systemctl start docker $docker --version docker version 18.06.1- CE, build e68fc7a
Copy the code

$ cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://zlyp9***.mirror.aliyuncs.com"]
}
EOF
Copy the code

2. Add aliyun yum

$ cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
Copy the code

Install kubeadm, kubelet and kubectl

Since version updates are frequent, specify version number deployment here:

$yum install -y kubelet-1.17.0 kubeadm-1.17.0 kubectl-1.17.0 $systemctlenable kubelet
Copy the code

3.5 Deploying Kubernetes Master

Run the command at 192.168.31.61 (Master).

$kubeadm init \ --apiserver-advertise-address=192.168.188.13 \ --image-repository Registry.aliyuncs.com/google_containers \ - kubernetes - version v1.17.0 \ - service - cidr = 10.96.0.0/12 \ - pod - network - cidr = 10.244.0.0/16Copy the code

The default address k8s.gcr. IO cannot be accessed in China. Therefore, specify the address of the Aliyun mirror warehouse.

Using kubectl tools:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
$ kubectl get nodes
Copy the code

3.6 Installing a Pod Network Plug-in (CNI)

$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Copy the code

Make sure you have access to the quay. IO registery.

If Pod image download failed, can change to the mirror address: lizhenliang/flannel: v0.11.0 – amd64

3.7 Adding a Kubernetes Node

Run this command at 192.168.31.62/63 (Node).

To add a new node to the cluster, execute the kubeadm join command output in kubeadm init:

$kubeadm join 192.168.31.61:6443 --token esce21.q6hetwm8si29qxwn \ --discovery-token-ca-cert-hash sha256:00603a05805807501d7181c3d60b478788408cfe6cedefedb1f97569708be9c5Copy the code

The default validity period of the token is 24 hours. After the validity period expires, the token is unavailable. Create the token as follows:

# kubeadm token create
# kubeadm token list
# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | penssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924

# kubeadm join 192.168.31.61:6443 --token nuja6n.o3jrhsffiqs9swnu --discovery-token-ca-cert-hash sha256:63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924
Copy the code

kubeadm token create –print-join-command

Kubernetes. IO/docs/refere…