搭建高可用Kubernetes集群之kubernetes集群搭建

---

在搭建kubernetes集群之前，请参考我的文章搭建高可用Kubernetes集群之etcd集群搭建篇（一）完成各节点配置

Docker

每一个kubernetes集群节点都需要安装

• 添加Docker源
  wget https://download.docker.com/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
• 列出docker版本
  yum list docker-ce.x86_64 --showduplicates | sort -r
• 安装docker
  yum install docker-ce-18.06.1.ce -y
• 配置docker
  因为Docker自1.13版本起会自动设置iptables的FORWARD默认策略为DROP，这可能会影响Kubernetes集群依赖的报文转发功能，因此，需要在docker服务启动后，重新将FORWARD链的默认策略设置为ACCEPT。
  vim /usr/lib/systemd/system/docker.service
  在如下位置增加ExecStartPost这一行

image.png

systemctl daemon-reload
systemctl start docker.service
systemctl enable docker.service

因为DockerHub下载镜像的速度较缓慢，所以我这里使用我自己的阿里云加速镜像加速服务。
vim /etc/docker/daemon.json

image.png

systemctl restart docker.service

安装kubeadm kubelet kubectl

• 添加Kubernetes源
  vim /etc/yum.repos.d/kubernetes.repo

image.png

• 安装kubeadm kubelet kubectl
  yum install kubelet kubeadm kubectl

• 配置kubelet
  因为我需要使用swap，所以需要添加如下来取消swap限制
  vim /etc/sysconfig/kubelet

KUBELET_EXTRA_ARGS="--fail-swap-on=false"

systemctl enable kubelet.service

配置初始化文件

• master1
  vim kubeadm-config.yaml

apiVersion: kubeadm.k8s.io/v1alpha2
kind: MasterConfiguration
kubernetesVersion: v1.12.4
tokenTTL: 0
api:
  advertiseAddress: 192.168.88.97
  bindPort: 6443
  controlPlaneEndpoint: "192.168.88.201:6443"
apiServerCertSANs:   #每一个需要去访问apiserver的ip
- master1
- master2
- master3
- lb1
- lb2
- lb3
- gfs0
- gfs1
- gfs2
- 192.168.88.94
- 192.168.88.95
- 192.168.88.96
- 192.168.88.97
- 192.168.88.98
- 192.168.88.99
- 127.0.0.1
- 192.168.88.200
- 192.168.88.201 #vip
- 192.168.88.130
- 192.168.88.131
- 192.168.88.132
etcd:
  external:
    endpoints:
    - "https://192.168.88.90:2379"
    - "https://192.168.88.92:2379"
    - "https://192.168.88.93:2379"
    caFile: /etc/kubernetes/pki/etcd/etcd-ca.pem
    certFile: /etc/kubernetes/pki/etcd/etcd.pem
    keyFile: /etc/kubernetes/pki/etcd/etcd-key.pem
imageRepository: registry.cn-hangzhou.aliyuncs.com/csdc
kubeProxy:
  config:
    mode: "ipvs"
    ipvs:
      ExcludeCIDRs: null
      minSyncPeriod: 0s
      scheduler: ""
      syncPeriod: 30s
kubeletConfiguration:
  baseConfig:
    cgroupDriver: cgroupfs
    clusterDNS:
    - 10.96.0.10
    clusterDomain: cluster.local
    failSwapOn: false
    resolvConf: /etc/resolv.conf
    staticPodPath: /etc/kubernetes/manifests
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12

• master2
  vim kubeadm-config.yaml

apiVersion: kubeadm.k8s.io/v1alpha2
kind: MasterConfiguration
kubernetesVersion: v1.12.4
tokenTTL: 0
api:
  advertiseAddress: 192.168.88.98
  bindPort: 6443
  controlPlaneEndpoint: "192.168.88.201:6443"
apiServerCertSANs:   #每一个需要去访问apiserver的ip
- master1
- master2
- master3
- lb1
- lb2
- lb3
- gfs0
- gfs1
- gfs2
- 192.168.88.94
- 192.168.88.95
- 192.168.88.96
- 192.168.88.97
- 192.168.88.98
- 192.168.88.99
- 127.0.0.1
- 192.168.88.200
- 192.168.88.201 #vip
- 192.168.88.130
- 192.168.88.131
- 192.168.88.132
etcd:
  external:
    endpoints:
    - "https://192.168.88.90:2379"
    - "https://192.168.88.92:2379"
    - "https://192.168.88.93:2379"
    caFile: /etc/kubernetes/pki/etcd/etcd-ca.pem
    certFile: /etc/kubernetes/pki/etcd/etcd.pem
    keyFile: /etc/kubernetes/pki/etcd/etcd-key.pem
imageRepository: registry.cn-hangzhou.aliyuncs.com/csdc
kubeProxy:
  config:
    mode: "ipvs"
    ipvs:
      ExcludeCIDRs: null
      minSyncPeriod: 0s
      scheduler: ""
      syncPeriod: 30s
kubeletConfiguration:
  baseConfig:
    cgroupDriver: cgroupfs
    clusterDNS:
    - 10.96.0.10
    clusterDomain: cluster.local
    failSwapOn: false
    resolvConf: /etc/resolv.conf
    staticPodPath: /etc/kubernetes/manifests
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12

• master3
  vim kubeadm-config.yaml

apiVersion: kubeadm.k8s.io/v1alpha2                     
kind: MasterConfiguration                               
kubernetesVersion: v1.12.4                              
tokenTTL: 0                                             
api:                                                    
  advertiseAddress: 192.168.88.99                       
  bindPort: 6443                                        
  controlPlaneEndpoint: "192.168.88.201:6443"           
apiServerCertSANs:   #每一个需要去访问apiserver的ip              
- master1                                               
- master2                                               
- master3                                               
- lb1                                                   
- lb2                                                   
- lb3                                                   
- gfs0                                                  
- gfs1                                                  
- gfs2                                                  
- 192.168.88.94                                         
- 192.168.88.95                                         
- 192.168.88.96                                         
- 192.168.88.97                                         
- 192.168.88.98                                         
- 192.168.88.99                                         
- 127.0.0.1                                             
- 192.168.88.200                                        
- 192.168.88.201 #vip                                   
- 192.168.88.130                                        
- 192.168.88.131                                        
- 192.168.88.132                                        
etcd:                                                   
  external:                                             
    endpoints:                                          
    - "https://192.168.88.90:2379"                      
    - "https://192.168.88.92:2379"                      
    - "https://192.168.88.93:2379"                      
    caFile: /etc/kubernetes/pki/etcd/etcd-ca.pem        
    certFile: /etc/kubernetes/pki/etcd/etcd.pem         
    keyFile: /etc/kubernetes/pki/etcd/etcd-key.pem      
imageRepository: registry.cn-hangzhou.aliyuncs.com/csdc 
kubeProxy:                                              
  config:                                               
    mode: "ipvs"                                        
    ipvs:                                               
      ExcludeCIDRs: null                                
      minSyncPeriod: 0s                                 
      scheduler: ""                                     
      syncPeriod: 30s                                   
kubeletConfiguration:                                   
  baseConfig:                                           
    cgroupDriver: cgroupfs                              
    clusterDNS:                                         
    - 10.96.0.10                                        
    clusterDomain: cluster.local                        
    failSwapOn: false                                   
    resolvConf: /etc/resolv.conf                        
    staticPodPath: /etc/kubernetes/manifests            
networking:                                             
  dnsDomain: cluster.local                              
  podSubnet: 10.244.0.0/16                              
  serviceSubnet: 10.96.0.0/12                           

需要把之前生成的etcd密钥放在master1节点的这个文件下 /etc/kubernetes/pki/etcd/
上述的镜像仓库地址是我的阿里云镜像仓库，上面已经有需要的镜像了，可以直接使用来下载。

拉取镜像

kubeadm config images pull --config kubeadm-config.yaml
并把pause镜像的名称改回原来的名称，如下
docker tag registry.cn-hangzhou.aliyuncs.com/csdc /pause:3.1 k8s.gcr.io/pause:3.1

初始化集群

做完以上操作之后，就可执行如下命令进行初始化

• master1
  kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=Swap
  执行成功会像下面一样

image.png

按照提示的操作执行命令：

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

把kubernetes生成的密钥文件复制到各个master节点，如下：
scp -r /etc/kubernetes/pki root@master2:/etc/kubernetes/
scp -r /etc/kubernetes/pki root@master3:/etc/kubernetes/
补全操作：

cat << EOF > /etc/profile.d/kubernetes.sh 
source <(kubectl completion bash)
EOF
source /etc/profile.d/kubernetes.sh

• master2
  删除其他master节点的apiserver的密钥防止冲突，如下
  rm -fr /etc/kubernetes/pki/{apiserver.crt,apiserver.key}
kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=Swap

按照提示的操作执行命令：

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

补全操作：

cat << EOF > /etc/profile.d/kubernetes.sh 
source <(kubectl completion bash)
EOF
source /etc/profile.d/kubernetes.sh

• master3
  删除其他master节点的apiserver的密钥防止冲突，如下
  rm -fr /etc/kubernetes/pki/{apiserver.crt,apiserver.key}
kubeadm init --config kubeadm-config.yaml --ignore-preflight-errors=Swap

按照提示的操作执行命令：

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

补全操作：

cat << EOF > /etc/profile.d/kubernetes.sh 
source <(kubectl completion bash)
EOF
source /etc/profile.d/kubernetes.sh

• 在所有node主机上执行加入集群的命令
  kubeadm join 192.168.88.201:6443 --token 60yl6g.256rf16jt7a --discovery-token-ca-cert-hash sha256:8ece398f27a70cba97491a7cbeb8c93435fc7f0e7d8e1cb8aa4b0eee84 --ignore-preflight-errors=Swap

• 查看集群状态（在任一主节点执行）
  kubectl get node

image.png

安装网络插件

从上图可以看出各个节点的状态还是未准备的状态，这是因为没有安装网络插件

• 下载flannel插件
  任选一个主节点执行下列命令进行下载
  wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
  然后把文件里的 - --iface=**改成你本机的网卡名就行，例如我的网卡名是eth0
  那么 - --iface=eth0（一共有五个地方需要修改）
  修改完成执行下面命令进行安装
  kubectl apply -f kube-flannel.yml

image.png

至此，Kubernetes的一些基本组件全部安装完成，如果你喜欢，请不要吝啬你的赞。如果有任何疑问，请直接评论或者私信我。