准备工作

修改主机名称及hosts

sudo vim /etc/cloud/cloud.cfg，将preserve_hostname开关设置为true

sudo vim /etc/hostname修改主机名

修改hosts

sudo vim /etc/hosts

192.168.1.49    cluster.kube.com #虚拟浮动IP

192.168.1.50    master1          #主节点1

192.168.1.51    master2          #主节点2

修改系统参数

sudo vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

net.ipv4.ip_nonlocal_bind = 1

sysctl -p

sudo vim /etc/sysctl.d/k8s.conf

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

net.ipv4.ip_nonlocal_bind = 1

net.ipv4.ip_forward = 1

vm.swappiness=0

sysctl --system

1.安装配置keepalived(主节点和备用节点配置稍有不同，如下)

（1）安装

sudo apt install -y keepalived

（2）修改配置文件

sudo vim /etc/keepalived/keepalived.conf

###################################################################################

! Configuration File for keepalived

global_defs {

   router_id LVS_DEVEL

}

vrrp_script check_haproxy {

    script "killall -0 haproxy"

    interval 3

    weight -2

    fall 10

    rise 2

}

vrrp_instance VI_1

    state BACKUP  #主节点MASTER  其它节点BACKUP

    interface ens33 #查看本地网卡实际名称

    virtual_router_id 51

    priority 250  #每个节点不同

    advert_int 1

    authentication {

        auth_type PASS

        auth_pass 35f18af7190d51c9f7f78f37300a0cbd

    }

    virtual_ipaddress {

        192.168.1.49 #浮动虚拟ip，确保没有被占用

    }

    track_script {

        check_haproxy

    }

}

###################################################################################

（3）重启并查看状态

sudo systemctl enable keepalived.service && sudo systemctl start keepalived.service && sudo systemctl status keepalived.service

ip address show ens33

2.安装配置haproxy（主节点和备用节点完全相同）

（1）安装

sudo apt install -y haproxy

（2）修改配置

sudo vim /etc/haproxy/haproxy.cfg

###################################################################################

#---------------------------------------------------------------------

# kubernetes apiserver frontend which proxys to the backends

#---------------------------------------------------------------------

frontend kubernetes-apiserver

    mode                 tcp

    bind                 *:16443

    option               tcplog

    default_backend      kubernetes-apiserver

#---------------------------------------------------------------------

# round robin balancing between the various backends

#---------------------------------------------------------------------

backend kubernetes-apiserver

    mode        tcp

    balance     roundrobin

    server  master1 192.168.1.50:6443 check

    server  master2 192.168.1.51:6443 check

#---------------------------------------------------------------------

# collection haproxy statistics message

#---------------------------------------------------------------------

listen stats

    bind                 *:1080

    stats auth           admin:awesomePassword

    stats refresh        5s

    stats realm          HAProxy\ Statistics

    stats uri            /admin?stats

###################################################################################

(3)重启并查看状态

sudo systemctl enable haproxy.service && sudo systemctl start haproxy.service && sudo systemctl status haproxy.service && sudo ss -lnt | grep -E "16443|1080"

3.安装kubelet

最好安装特定版本--》 安装特定版本kubernetes

4.初始化集群（master上）

使用kubeadm config print init-defaults > kubeadm-config.yaml 打印出默认配置，然后在根据自己的环境修改配置

以此文件内容为准---》： kubeadm-config.yaml

apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: v1.13.4
apiServer:
controlPlaneEndpoint: "192.168.1.49:16443"
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
networking:
  podSubnet: "192.168.0.0/16"

**执行初始化 **

sudo kubeadm init --config kubeadm-config.yaml

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubectl get pods --all-namespaces

5.创建网络

创建网络

sudo kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml

sudo kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
``
或者文件下载到本地：


sudo kubectl apply -f rbac-kdd.yaml

sudo kubectl apply -f calico.yaml # 可以修改默认网络段192.168.0.0/16再执行

6.master加入集群

(1)将证书及配置文件复制到其它master机器

USER=root

CONTROL_PLANE_IPS="master2,master3"

for host in ${CONTROL_PLANE_IPS}; do

    ssh "${USER}"@$host "mkdir -p /etc/kubernetes/pki/etcd"

    scp /etc/kubernetes/pki/ca.* "${USER}"@$host:/etc/kubernetes/pki/

    scp /etc/kubernetes/pki/sa.* "${USER}"@$host:/etc/kubernetes/pki/

    scp /etc/kubernetes/pki/front-proxy-ca.* "${USER}"@$host:/etc/kubernetes/pki/

    scp /etc/kubernetes/pki/etcd/ca.* "${USER}"@$host:/etc/kubernetes/pki/etcd/

    scp /etc/kubernetes/admin.conf "${USER}"@$host:/etc/kubernetes/

done

（2）master加入集群

kubeadm join cluster.kube.com:16443 --token rhs7lq.hbnxtghe8176kbas --discovery-token-ca-cert-hash sha256:7dcd41bc338235780a4b200ee066e08392ea6f1bf0c25cd93c5295ff7c05512f --experimental-control-plane

7.node加入集群

kubeadm join 192.168.1.50:6443 --token 63wyoi.svz5o3snjvies9gm --discovery-token-ca-cert-hash sha256:717caa098d581b827bf129f73fc646403c77b937541539d5fdd580fe8c313b9f

增加私有仓库

vim /etc/docker/daemon.json

{ "insecure-registries":["192.168.1.60:5000"] }

启用防火墙规则

iptables -P FORWARD ACCEPT