centos7安装kubernetes k8s 1.16

#初始化服务器

echo 'export LC_ALL="en_US.UTF-8"' >> /etc/profile

source /etc/profile

#!/bin/bash
#1. 新服务器建议把一些软件通过yum安装上，因为只是占用很小的磁盘空间，但是比较常用

yum -y install wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake\
libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel\
wget vim ncurses-devel autoconf automake zlib-devel  python-devel\
epel-release lrzsz  openssh-server socat  ipvsadm conntrack bind-utils epel-release libffi-devel
#2. 关闭firewalld防火墙，禁止开机启动，安装iptables，并且禁用开机启动，如有需要请另行设置iptables规则

systemctl stop firewalld  && systemctl  disable  firewalld
yum install iptables-services -y
iptables -F && service iptables save
service iptables stop && systemctl disable iptables
#3. 修改时区，时间同步

mv -f /etc/localtime /etc/localtime.bak
/bin/cp -rf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'ZONE="CST"' > /etc/sysconfig/clock
ntpdate cn.pool.ntp.org
#计划任务,crontab -e
#* */1 * * * /usr/sbin/ntpdate   cn.pool.ntp.org
#4.关闭selinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
setenforce 0
#新服务器建议reboot让永久生效
#5. 放开文件描述符的最大值限制，默认是1024

echo "ulimit -n 65536" >> /etc/profile
echo "root soft nofile 65536" >> /etc/security/limits.conf
echo "root hard nofile 65536" >> /etc/security/limits.conf
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf
source /etc/profile
#6. 如果没有swap，建议设置个swap

#请根据自己的内存，调节swap的大小，例如调大count的值
#dd if=/dev/zero of=/swapfile bs=1k count=2048000
#mkswap /swapfile
#chmod 0600 /swapfile
#swapon /swapfile
#echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
#如果安装k8s等特殊场景，需要禁用swap请

#swapoff -a
#sed -i 's/.*swap.*/#&/' /etc/fstab
#7. centos 7 修改主机名

#请根据自己的情况，修改自己的主机名
#hostnamectl set-hostname localhost
#根据自己的情况，修改/etc/hosts中旧的主机名
#8. 修改内核参数

#请根据具体场景修改内核参数，暂时没有很好的建议
#如果是k8s请先作如下配置
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl -p
#9. 设置免密登陆的密钥

#一直回车
#默认相关内容放在/root/.ssh/下面
#如果/root/.ssh/下面没有authorized_keys文件，请touch #/root/.ssh/authorized_keys && chmod 600 #/root/.ssh/authorized_keys
#ssh-keygen -t rsa
# 10. 修改yum源

#备份原来的yum源
mv -f /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
#下载阿里的yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

#配置k8s 的yum源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
EOF

#配置docker 的yum源，及查看支持的docker版本

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates |sort -r 

#下载18.09版本的docker

yum clean all
yum makecache fast
yum install -y docker-ce-18.09.9-3.el7
systemctl enable docker && systemctl start docker
systemctl status docker 

# 安装k8s 1.16.4

#在k8s-master和k8s-node上安装kubeadm和kubelet
#kubelet设置开机启动
yum install -y kubeadm-1.16.4-0.x86_64 kubelet-1.16.4-0.x86_64
systemctl enable kubelet

#手动上传docker镜像到k8s_master和k8s_node节点

#正式环境一般都是配置docker harbor 镜像仓库

cd /usr/local/src/
wget http://download.zhufunin.com/k8s_1.16/addon.tar.gz
wget http://download.zhufunin.com/k8s_1.16/apiserver_1_16.tar.gz
wget http://download.zhufunin.com/k8s_1.16/cordns_1_6_2.tar.gz
wget http://download.zhufunin.com/k8s_1.16/etcd_3_3_15.tar.gz
wget http://download.zhufunin.com/k8s_1.16/kube-controller-manager_1_16.tar.gz
wget http://download.zhufunin.com/k8s_1.16/kube-proxy_1_16.tar.gz
wget http://download.zhufunin.com/k8s_1.16/kube-scheduler_1_16.tar.gz
wget http://download.zhufunin.com/k8s_1.16/kubernetes-dashboard_1_10.tar.gz
wget http://download.zhufunin.com/k8s_1.16/metrics-server-amd64_0_3_1.tar.gz
wget http://download.zhufunin.com/k8s_1.16/pause_3_1.tar.gz
wget http://download.zhufunin.com/k8s_1.16/traefik_1_7_9.tar.gz

#手动解压镜像
docker load -i  apiserver_1_16.tar.gz
docker load -i  cordns_1_6_2.tar.gz
docker load -i  etcd_3_3_15.tar.gz
docker load -i   kube-controller-manager_1_16.tar.gz
docker load -i  kube-proxy_1_16.tar.gz
docker load -i  kubernetes-dashboard_1_10.tar.gz
docker load -i   kube-scheduler_1_16.tar.gz
docker load -i  metrics-server-amd64_0_3_1.tar.gz
docker load -i  pause_3_1.tar.gz
docker load -i traefik_1_7_9.tar.gz
docker load -i  addon.tar.gz

#在k8s_master节点初始化k8s集群

#192.168.1.202为master的IP地址，请根据自己的情况修改
kubeadm init --apiserver-advertise-address 192.168.1.202 --kubernetes-version=v1.16.4 --pod-network-cidr=10.244.0.0/16

#在k8s-master节点执行如下，这样才能有权限操作k8s资源

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

#把k8s-node节点加入到k8s集群，在node节点操作

#在slave服务器上，跑如下命令
#192.168.1.202为master的IP
#token请根据自己的情况做相应的修改
kubeadm join 192.168.1.202:6443 --token fegy3d.0c2ovmf4unkpbssk \
    --discovery-token-ca-cert-hash sha256:fde13ccab75a1da4a0bedaa9a66c6ed82eacae63c98f22961f4cea12f3b8c589 

#在k8s-master节点查看k8s的组员，都是notready

kubectl get nodes

#在k8s-master节点安装calico网络插件

wget http://download.zhufunin.com/k8s_1.16/calico.yaml
kubectl apply -f calico.yaml

#在k8s-master节点查看STATUS状态, 应该都是ready状态

kubectl get nodes

#在k8s-master节点安装dashboard界面

wget http://download.zhufunin.com/k8s_1.16/kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard.yaml

#在k8s-master节点安装metrics监控插件

wget http://download.zhufunin.com/k8s_1.16/metrics.yaml
kubectl apply -f metrics.yaml

#上面组件都安装之后，kubectl get pods -n kube-system，查看组件安装是否正常，STATUS状态是Running，说明组件正常

kubectl get pods -n kube-system