centos 7.7 kubernetes 1.17.0 安装

#centos 7.7 
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 10
EOF
#挂载 br_netfilter
modprobe br_netfilter

#使配置生效
sysctl -p /etc/sysctl.d/k8s.conf

#查看是否生成相关文件
ls /proc/sys/net/bridge

#配置 IPVS 模块
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
#修改脚本权限
chmod 755 /etc/sysconfig/modules/ipvs.modules 

#执行脚本
bash /etc/sysconfig/modules/ipvs.modules 

#查看是否已经正确加载所需的内核模块
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
#配置资源限制
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf
echo "* soft nproc 65536"  >> /etc/security/limits.conf
echo "* hard nproc 65536"  >> /etc/security/limits.conf
echo "* soft memlock  unlimited"  >> /etc/security/limits.conf
echo "* hard memlock  unlimited"  >> /etc/security/limits.conf

#阿里云yum源
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

#修改主机名
hostnamectl set-hostname k8s-master0
hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2
hostnamectl set-hostname k8s-node3

#修改ssh连接慢问题
sed -i '/^#UseDNS yes/cUseDNS no' /etc/ssh/sshd_config

# 安装 nfs-utils
# 必须先安装 nfs-utils 才能挂载 nfs 网络存储
yum install -y nfs-utils wget socat

# 关闭 防火墙
systemctl stop firewalld
systemctl disable firewalld

# 关闭 SeLinux
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

# 关闭 swap
swapoff -a
yes | cp /etc/fstab /etc/fstab_bak
cat /etc/fstab_bak |grep -v swap > /etc/fstab

# 设置 yum repository
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

#安装docker
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce-18.09.9-3.el7
sudo mkdir -p /etc/docker
cat > /etc/docker/daemon.json << EOF

{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": [
      "https://dockerhub.azk8s.cn",
      "http://hub-mirror.c.163.com/",
      "https://registry.docker-cn.com"
  ],
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  }
}

EOF
systemctl start docker && systemctl enable docker
systemctl daemon-reload
systemctl restart docker

#设置镜像存储目录,找到大点的挂载的目录进行存储
vi /lib/systemd/system/docker.service
#找到这行,往后面加上存储目录,例如这里是 --graph /apps/docker
ExecStart=/usr/bin/docker --graph /apps/docker

#配置hosts
echo "192.168.1.240   k8s-master0" >> /etc/hosts
echo "192.168.1.241   k8s-node1" >> /etc/hosts
echo "192.168.1.242   k8s-node2" >> /etc/hosts
echo "192.168.1.243   k8s-node3" >> /etc/hosts

#安装 kubelet、kubectl、kubeadm(全部节点)
#配置可用的国内 yum 源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF
yum list kubelet --showduplicates | sort -r
#注意安装顺序,一定不要先安装 kubeadm,因为 kubeadm 会自动安装最新版本的 kubelet 与 kubectl,导致版本不一致问题
#安装 kubelet
yum install -y kubelet-1.17.0-0 
#安装 kubectl
yum install -y kubectl-1.17.0-0
#安装 kubeadm
yum install -y kubeadm-1.17.0-0

#启动 kubelet 并配置开机启动
systemctl start kubelet && systemctl enable kubelet

#初始化master
export MASTER_IP=192.168.1.240
export APISERVER_NAME=apiserver.demo
export POD_SUBNET=10.100.0.1/16
echo "${MASTER_IP}   ${APISERVER_NAME}" >> /etc/hosts
#生成默认配置
kubeadm config print init-defaults > kubeadm-init.yaml
#自定义配置
cat > kubeadm-config.yaml.tmpl << EOF
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.17.0
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
controlPlaneEndpoint: "apiserver.demo:6443"
apiServer:
#ExtraArgs:
  extraArgs:
    service-node-port-range: 30000-50000
networking:
  serviceSubnet: "10.96.0.0/16"
  podSubnet: "10.100.0.1/16"
  dnsDomain: "cluster.local"
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"
ipvs:
  scheduler: lc
  minSyncPeriod: 5s
  syncPeriod: 15s
EOF

kubeadm config images list --config=kubeadm-config.yaml.tmpl
kubeadm config images pull --config=kubeadm-config.yaml.tmpl
kubeadm init --config=kubeadm-config.yaml.tmpl --upload-certs --v=5

#如果初始化失败执行一下命令
kubeadm reset

#cni网络插件calico
wget https://kuboard.cn/install-script/calico/calico-3.9.2.yaml
sed -i "s#192\.168\.0\.0/16#${POD_SUBNET}#" calico-3.9.2.yaml
kubectl apply -f calico-3.9.2.yaml

#配置 kubectl
rm -rf /root/.kube/
mkdir /root/.kube/
cp -i /etc/kubernetes/admin.conf /root/.kube/config
kubectl get node
systemctl status kubelet
kubectl get cs
#查看配置
kubectl -n kube-system get cm kubeadm-config -oyaml

#获取work节点token(在master上执行)
kubeadm token create --print-join-command
kubeadm join apiserver.demo:6443 --token 2nae97.4f52qgeyhrqi6ndc     --discovery-token-ca-cert-hash sha256:b2313c178f0ef70b3e7eb75d4abf2eb0e56e46aa22ac3b11b765145b7b28d216

#在所有worker节点上执行
export MASTER_IP=192.168.1.240
export APISERVER_NAME=apiserver.demo
export POD_SUBNET=10.100.0.1/16
echo "${MASTER_IP}   ${APISERVER_NAME}" >> /etc/hosts
kubeadm join apiserver.demo:6443 --token 2nae97.4f52qgeyhrqi6ndc     --discovery-token-ca-cert-hash sha256:b2313c178f0ef70b3e7eb75d4abf2eb0e56e46aa22ac3b11b765145b7b28d216

#kubectl 补全命令
yum install bash-completion -y 
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc

#查看是否开启 IPVS(Master 节点)
kubectl get pod -n kube-system | grep kube-proxy
#选择其中一个 Pod ,查看该 Pod 中的日志信息中是否存在 ipvs 信息:
kubectl logs kube-proxy-6tg55 -n kube-system

#安装ipvsadm 
yum install -y ipvsadm
#查看转发规则
ipvsadm -Ln
#查看ipvs模块的转发情况统计
ipvsadm -Ln --stats | --rate
ipvsadm -lnc