Kubernetes入门至精通集群搭建

　　系统初始化
　　设置系统主机名以及Host文件的相互解析hostnamectlsethostnamek8smaster01
　　安装依赖包yuminstallyconntrackntpdatentpipvsadmipsetiptablescurlsysstatlibseccompwgetvimnettoolsgit
　　修改时间同步服务器并重启master01修改etcchrony。confserverntp1。aliyun。comiburstserverntp2。aliyun。comiburstserverntp3。aliyun。comiburstallow192。168。88。024localstratum10node01和node02修改etcchrony。confserver192。168。88。11iburst重启依赖于系统时间的服务systemctlrestartchronydsystemctlenablechronyd
　　设置防火墙为Iptables并设置空规则systemctlstopfirewalldsystemctldisablefirewalldyumyinstalliptablesservicessystemctlstartiptablessystemctlenableiptablesiptablesFserviceiptablessave
　　关闭SELINUXswapoffasediswaps（。）1getcfstabsetenforce0sedisSELINUX。SELINUXdisabledetcselinuxconfig
　　调整内核参数，对于K8Scatkubernetes。confEOFnet。bridge。bridgenfcalliptables1net。bridge。bridgenfcallip6tables1net。ipv4。ipforward1net。ipv4。tcptwrecycle0vm。swappiness0禁止使用swap空间，只有当系统OOM时才允许使用它vm。overcommitmemory1不检查物理内存是否够用vm。paniconoom0开启OOMfs。inotify。maxuserinstances8192fs。inotify。maxuserwatches1048576fs。filemax52706963fs。nropen52706963net。ipv6。conf。all。disableipv61net。netfilter。nfconntrackmax2310720EOFcpkubernetes。confetcsysctl。dkubernetes。confsysctlpetcsysctl。dkubernetes。conf
　　调整系统时区
　　设置系统时区为中国上海timedatectlsettimezoneAsiaShanghai将当前的UTC时间写入硬件时钟timedatectlsetlocalrtc0重启依赖于系统时间的服务systemctlrestartrsyslogsystemctlrestartcrond
　　关闭系统不需要服务systemctlstoppostfixsystemctldisablepostfix
　　设置rsyslogd和systemdjournaldmkdirvarlogjournal持久化保存日志的目录mkdiretcsystemdjournald。conf。dcatetcsystemdjournald。conf。d99prophet。confEOF〔Journal〕持久化保存到磁盘Storagepersistent压缩ahrefhttps：www。q578。coml140targetblankclassinfotextkey历史a日志CompressyesSyncIntervalSec5mRateLimitInterval30sRateLimitBurst1000最大占用空间10GSystemMaxUse10G单日志文件最大200MSystemMaxFileSize200M日志保存时间2周MaxRetentionSec2week不将日志转发到syslogForwardToSyslognoEOFsystemctlrestartsystemdjournald
　　升级系统内核为4。44
　　CentOS7。x系统自带的3。10。x内核存在一些Bugs，导致运行的Docker、Kubernetes不稳定，例如：rpmUvhhttp：www。elrepo。orgelreporelease7。03。el7。elrepo。noarch。rpmrpmUvhhttp：www。elrepo。orgelreporelease7。03。el7。elrepo。noarch。rpm安装完成后检查bootgrub2grub。cfg中对应内核menuentry中是否包含initrd16配置，如果没有，再安装一次！yumenablerepoelrepokernelinstallykernellt或者下载kernellt4。4。2221。el7。elrepo。x8664。rpm离线后安装yumyinstallrootkernellt4。4。2221。el7。elrepo。x8664。rpm设置开机从新内核启动grub2setdefaultCentOSLinux（4。4。1891。el7。elrepo。x8664）7（Core）关机后拍个快照shutdownhnowKubeadm部署安装
　　kubeproxy开启ipvs的前置条件modprobebrnetfiltercatetcsysconfigmodulesipvs。modulesEOF！binbashmodprobeipvsmodprobeipvsrrmodprobeipvswrrmodprobeipvsshmodprobenfconntrackipv4EOFchmod755etcsysconfigmodulesipvs。modulesbashetcsysconfigmodulesipvs。moduleslsmodgrepeipvsenfconntrackipv4
　　安装Docker软件yuminstallyyumutilsdevicemapperpersistentdatalvm2yumconfigmanageraddrepohttp：mirrors。aliyun。comdockercelinuxcentosdockerce。repoyuminstallydockerce创建etcdocker目录mkdiretcdocker配置daemon。catetcdockerdaemon。jsonEOF｛execopts：〔native。cgroupdriversystemd〕，logdriver：jsonfile，logopts：｛maxsize：100m｝，insecureregistries：〔harbor。hongfu。com〕，registrymirrors：〔https：kfp63jaj。mirror。aliyuncs。com〕｝EOFmkdirpetcsystemdsystemdocker。service。d重启docker服务systemctldaemonreloadsystemctlrestartdockersystemctlenabledocker
　　安装Kubeadm（主从配置）catEOFetcyum。repos。dkubernetes。repo〔kubernetes〕nameKubernetesbaseurlhttp：mirrors。aliyun。comkubernetesyumreposkubernetesel7x8664enabled1gpgcheck0repogpgcheck0gpgkeyhttp：mirrors。aliyun。comkubernetesyumdocyumkey。gpghttp：mirrors。aliyun。comkubernetesyumdocrpmpackagekey。gpgEOFyumyinstallkubeadm1。15。1kubectl1。15。1kubelet1。15。1systemctlenablekubelet。service
　　上传镜像拷贝kubeadmbasic。images。tar。gz至服务器中systemctlenablekubelettarzxvfkubeadmbasic。images。tar。gzvimloadimages。sh！binbashlsrootkubeadmbasic。imagestmpimages。cacheforiin（cattmpimages。cache）dodockerloadirootkubeadmbasic。imagesidonermrftmpimages。cachechmodaxloadimages。sh。loadimages。sh
　　初始化主节点kubeadmconfigprintinitdefaultskubeadmconfig。yamlvikubeadmconfig。yamllocalAPIEndpoint：advertiseAddress：192。168。88。11修改kubernetesVersion：v1。15。1修改networking：podSubnet：10。244。0。016添加添加该行及以下内容apiVersion：kubeproxy。config。k8s。iov1alpha1kind：KubeProxyConfigurationfeatureGates：SupportIPVSProxyMode：truemode：ipvskubeadminitconfigkubeadmconfig。yamlexperimentaluploadcertsteekubeadminit。log
　　加入主节点以及其余工作节点执行安装日志中的加入命令即可mkdirpHOME。kubesudocpietckubernetesadmin。confHOME。kubeconfigsudochown（idu）：（idg）HOME。kubeconfig其他节点运行kubeadmjoin192。168。88。11：6443tokenabcdef。0123456789abcdefdiscoverytokencacerthashsha256：ed7e6ca7683fb6423e4dc561d32672398b4a1db2e0426dbf57fd25eaf5a5af2d
　　部署网络kubectlapplyfhttps：raw。githubusercontent。comcoreosflannelmasterDocumentationkubeflannel。yml
　　关机拍快照