kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具。

这个工具能通过两条指令完成一个kubernetes集群的部署:

  1. # 创建一个 Master 节点
  2. kubeadm init
  4. # 将一个 Node 节点加入到当前集群中
  5. kubeadm join <Master节点的IP和端口 >

1. 安装要求

在开始之前,部署Kubernetes集群机器需要满足以下几个条件:

  • 一台或多台机器,操作系统 CentOS7.x-86_x64
  • 硬件配置:2GB或更多RAM,2个CPU或更多CPU,硬盘30GB或更多
  • 集群中所有机器之间网络互通
  • 可以访问外网,需要拉取镜像
  • 禁止swap分区

2. 学习目标

  1. 在所有节点上安装Docker和kubeadm
  2. 部署Kubernetes Master
  3. 部署容器网络插件
  4. 部署 Kubernetes Node,将节点加入Kubernetes集群中
  5. 部署Dashboard Web页面,可视化查看Kubernetes资源

3. 准备环境

  1. 关闭防火墙:
  2. # systemctl stop firewalld
  3. # systemctl disable firewalld
  5. 关闭selinux
  6. # sed -i 's/enforcing/disabled/' /etc/selinux/config
  7. # setenforce 0
  9. 关闭swap
  10. # swapoff -a  # 临时
  11. # vim /etc/fstab  # 永久
  13. 添加主机名与IP对应关系):
  14. # cat /etc/hosts
  15. 192.168.31.61 k8s-master
  16. 192.168.31.62 k8s-node1
  17. 192.168.31.63 k8s-node2
  19. 设置主机名:
  20. # hostnamectl set-hostname  k8s-master
  22. 将桥接的IPv4流量传递到iptables的链:
  23. # cat > /etc/sysctl.d/k8s.conf << EOF
  24. net.bridge.bridge-nf-call-ip6tables = 1
  25. net.bridge.bridge-nf-call-iptables = 1
  26. EOF
  27. # sysctl --system

4. 所有节点安装Docker/kubeadm/kubelet

Kubernetes默认CRI(容器运行时)为Docker,因此先安装Docker。

4.1 安装Docker

每台机器上安装Docker,建议使用18.09版本。

  1. # wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
  2. # yum list docker-ce --showduplicates | sort -r
  3. # yum -y install docker-ce-18.09.9-3.el7

设置cgroup驱动,推荐systemd:

  1. # cat > /etc/docker/daemon.json <<EOF
  2. {
  3.   "exec-opts": ["native.cgroupdriver=systemd"],
  4.   "log-driver": "json-file",
  5.   "log-opts": {
  6.     "max-size": "100m"
  7.   },
  8.   "storage-driver": "overlay2"
  9. }
  10. EOF
  12. # systemctl enable --now docker

镜像下载加速: "registry-mirrors": ["https://h8s866yf.mirror.aliyuncs.com"]

  1. {
  2.  "registry-mirrors": ["https://h8s866yf.mirror.aliyuncs.com"],
  3.   "exec-opts": ["native.cgroupdriver=systemd"],
  4.   "log-driver": "json-file",
  5.   "log-opts": {
  6.     "max-size": "100m"
  7.   },
  8.   "storage-driver": "overlay2"
  9. }

4.2 添加阿里云YUM软件源

  1. # cat > /etc/yum.repos.d/kubernetes.repo << EOF
  2. [kubernetes]
  3. name=Kubernetes
  4. baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
  5. enabled=1
  6. gpgcheck=0
  7. repo_gpgcheck=0
  8. gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
  9. EOF

4.3 安装kubeadm,kubelet和kubectl

由于版本更新频繁,这里指定版本号部署:

  1. # yum install -y kubelet-1.16.0 kubeadm-1.16.0 kubectl-1.16.0
  2. # systemctl enable kubelet

5. 部署Kubernetes Master

在192.168.31.61(Master)执行。

  1. # kubeadm init \
  2.   --apiserver-advertise-address=192.168.31.61 \
  3.   --image-repository registry.aliyuncs.com/google_containers \
  4.   --kubernetes-version v1.16.0 \
  5.   --service-cidr=10.1.0.0/16 \
  6.   --pod-network-cidr=10.244.0.0/16

由于默认拉取镜像地址k8s.gcr.io国内无法访问,这里指定阿里云镜像仓库地址。

使用kubectl工具:

  1. mkdir -p $HOME/.kube
  2. sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  3. sudo chown $(id -u):$(id -g) $HOME/.kube/config
  4. # kubectl get nodes

6. 安装Pod网络插件(CNI)

  1. # cat >  kube-flannel.yml << eof
  2. ---
  3. apiVersion: policy/v1beta1
  4. kind: PodSecurityPolicy
  5. metadata:
  6.   name: psp.flannel.unprivileged
  7.   annotations:
  8.     seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
  9.     seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
  10.     apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
  11.     apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
  12. spec:
  13.   privileged: false
  14.   volumes:
  15.     - configMap
  16.     - secret
  17.     - emptyDir
  18.     - hostPath
  19.   allowedHostPaths:
  20.     - pathPrefix: "/etc/cni/net.d"
  21.     - pathPrefix: "/etc/kube-flannel"
  22.     - pathPrefix: "/run/flannel"
  23.   readOnlyRootFilesystem: false
  24.   # Users and groups
  25.   runAsUser:
  26.     rule: RunAsAny
  27.   supplementalGroups:
  28.     rule: RunAsAny
  29.   fsGroup:
  30.     rule: RunAsAny
  31.   # Privilege Escalation
  32.   allowPrivilegeEscalation: false
  33.   defaultAllowPrivilegeEscalation: false
  34.   # Capabilities
  35.   allowedCapabilities: ['NET_ADMIN']
  36.   defaultAddCapabilities: []
  37.   requiredDropCapabilities: []
  38.   # Host namespaces
  39.   hostPID: false
  40.   hostIPC: false
  41.   hostNetwork: true
  42.   hostPorts:
  43.   - min: 0
  44.     max: 65535
  45.   # SELinux
  46.   seLinux:
  47.     # SELinux is unsed in CaaSP
  48.     rule: 'RunAsAny'
  49. ---
  50. kind: ClusterRole
  51. apiVersion: rbac.authorization.k8s.io/v1beta1
  52. metadata:
  53.   name: flannel
  54. rules:
  55.   - apiGroups: ['extensions']
  56.     resources: ['podsecuritypolicies']
  57.     verbs: ['use']
  58.     resourceNames: ['psp.flannel.unprivileged']
  59.   - apiGroups:
  60.       - ""
  61.     resources:
  62.       - pods
  63.     verbs:
  64.       - get
  65.   - apiGroups:
  66.       - ""
  67.     resources:
  68.       - nodes
  69.     verbs:
  70.       - list
  71.       - watch
  72.   - apiGroups:
  73.       - ""
  74.     resources:
  75.       - nodes/status
  76.     verbs:
  77.       - patch
  78. ---
  79. kind: ClusterRoleBinding
  80. apiVersion: rbac.authorization.k8s.io/v1beta1
  81. metadata:
  82.   name: flannel
  83. roleRef:
  84.   apiGroup: rbac.authorization.k8s.io
  85.   kind: ClusterRole
  86.   name: flannel
  87. subjects:
  88. - kind: ServiceAccount
  89.   name: flannel
  90.   namespace: kube-system
  91. ---
  92. apiVersion: v1
  93. kind: ServiceAccount
  94. metadata:
  95.   name: flannel
  96.   namespace: kube-system
  97. ---
  98. kind: ConfigMap
  99. apiVersion: v1
  100. metadata:
  101.   name: kube-flannel-cfg
  102.   namespace: kube-system
  103.   labels:
  104.     tier: node
  105.     app: flannel
  106. data:
  107.   cni-conf.json: |
  108.     {
  109.       "cniVersion": "0.2.0",
  110.       "name": "cbr0",
  111.       "plugins": [
  112.         {
  113.           "type": "flannel",
  114.           "delegate": {
  115.             "hairpinMode": true,
  116.             "isDefaultGateway": true
  117.           }
  118.         },
  119.         {
  120.           "type": "portmap",
  121.           "capabilities": {
  122.             "portMappings": true
  123.           }
  124.         }
  125.       ]
  126.     }
  127.   net-conf.json: |
  128.     {
  129.       "Network": "10.244.0.0/16",
  130.       "Backend": {
  131.         "Type": "vxlan"
  132.       }
  133.     }
  134. ---
  135. apiVersion: apps/v1
  136. kind: DaemonSet
  137. metadata:
  138.   name: kube-flannel-ds-amd64
  139.   namespace: kube-system
  140.   labels:
  141.     tier: node
  142.     app: flannel
  143. spec:
  144.   selector:
  145.     matchLabels:
  146.       app: flannel
  147.   template:
  148.     metadata:
  149.       labels:
  150.         tier: node
  151.         app: flannel
  152.     spec:
  153.       affinity:
  154.         nodeAffinity:
  155.           requiredDuringSchedulingIgnoredDuringExecution:
  156.             nodeSelectorTerms:
  157.               - matchExpressions:
  158.                   - key: beta.kubernetes.io/os
  159.                     operator: In
  160.                     values:
  161.                       - linux
  162.                   - key: beta.kubernetes.io/arch
  163.                     operator: In
  164.                     values:
  165.                       - amd64
  166.       hostNetwork: true
  167.       tolerations:
  168.       - operator: Exists
  169.         effect: NoSchedule
  170.       serviceAccountName: flannel
  171.       initContainers:
  172.       - name: install-cni
  173.         image: lizhenliang/flannel:v0.11.0-amd64
  174.         command:
  175.         - cp
  176.         args:
  177.         - -f
  178.         - /etc/kube-flannel/cni-conf.json
  179.         - /etc/cni/net.d/10-flannel.conflist
  180.         volumeMounts:
  181.         - name: cni
  182.           mountPath: /etc/cni/net.d
  183.         - name: flannel-cfg
  184.           mountPath: /etc/kube-flannel/
  185.       containers:
  186.       - name: kube-flannel
  187.         image: lizhenliang/flannel:v0.11.0-amd64
  188.         command:
  189.         - /opt/bin/flanneld
  190.         args:
  191.         - --ip-masq
  192.         - --kube-subnet-mgr
  193.         resources:
  194.           requests:
  195.             cpu: "100m"
  196.             memory: "50Mi"
  197.           limits:
  198.             cpu: "100m"
  199.             memory: "50Mi"
  200.         securityContext:
  201.           privileged: false
  202.           capabilities:
  203.              add: ["NET_ADMIN"]
  204.         env:
  205.         - name: POD_NAME
  206.           valueFrom:
  207.             fieldRef:
  208.               fieldPath: metadata.name
  209.         - name: POD_NAMESPACE
  210.           valueFrom:
  211.             fieldRef:
  212.               fieldPath: metadata.namespace
  213.         volumeMounts:
  214.         - name: run
  215.           mountPath: /run/flannel
  216.         - name: flannel-cfg
  217.           mountPath: /etc/kube-flannel/
  218.       volumes:
  219.         - name: run
  220.           hostPath:
  221.             path: /run/flannel
  222.         - name: cni
  223.           hostPath:
  224.             path: /etc/cni/net.d
  225.         - name: flannel-cfg
  226.           configMap:
  227.             name: kube-flannel-cfg
  229. eof
  230. #
  231. # kubectl apply -f kube-flannel.yml
  232. # kubectl get pods -n kube-system

确保能够访问到quay.io这个registery。

如果下载失败,可以改成这个镜像地址:lizhenliang/flannel:v0.11.0-amd64

7. 加入Kubernetes Node

在192.168.31.62/63(Node)执行。

向集群添加新节点,执行在kubeadm init输出的kubeadm join命令:

  1. # kubeadm join 192.168.31.61:6443 --token esce21.q6hetwm8si29qxwn \
  2.     --discovery-token-ca-cert-hash sha256:00603a05805807501d7181c3d60b478788408cfe6cedefedb1f97569708be9c5

如果忘记了上面的 join 命令可以使用命令kubeadm token create --print-join-command重新获取。

默认token有效期为24小时,当过期之后,该token就不可用了。这时就需要重新创建token,操作如下:


  2. # kubeadm token create
  3. # kubeadm token list
  4. # openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
  5. 63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924
  7. # kubeadm join 192.168.31.61:6443 --discovery-token nuja6n.o3jrhsffiqs9swnu --discovery-token-ca-cert-hash 63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924

https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-join/

8. 测试kubernetes集群

在Kubernetes集群中创建一个pod,验证是否正常运行:

  1. # kubectl create deployment nginx --image=nginx
  2. # kubectl expose deployment nginx --port=80 --type=NodePort
  3. # kubectl get pod,svc

访问地址:http://NodeIP:Port

9. 部署 Dashboard

  1. # cat > kubernetes-dashboard.yaml << eof
  2. # Copyright 2017 The Kubernetes Authors.
  3. #
  4. # Licensed under the Apache License, Version 2.0 (the "License");
  5. # you may not use this file except in compliance with the License.
  6. # You may obtain a copy of the License at
  7. #
  8. #     http://www.apache.org/licenses/LICENSE-2.0
  9. #
  10. # Unless required by applicable law or agreed to in writing, software
  11. # distributed under the License is distributed on an "AS IS" BASIS,
  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. # See the License for the specific language governing permissions and
  14. # limitations under the License.
  16. apiVersion: v1
  17. kind: Namespace
  18. metadata:
  19.   name: kubernetes-dashboard
  21. ---
  23. apiVersion: v1
  24. kind: ServiceAccount
  25. metadata:
  26.   labels:
  27.     k8s-app: kubernetes-dashboard
  28.   name: kubernetes-dashboard
  29.   namespace: kubernetes-dashboard
  31. ---
  33. kind: Service
  34. apiVersion: v1
  35. metadata:
  36.   labels:
  37.     k8s-app: kubernetes-dashboard
  38.   name: kubernetes-dashboard
  39.   namespace: kubernetes-dashboard
  40. spec:
  41.   type: NodePort
  42.   ports:
  43.     - port: 443
  44.       targetPort: 8443
  45.       nodePort: 30001
  46.   selector:
  47.     k8s-app: kubernetes-dashboard
  49. ---
  51. apiVersion: v1
  52. kind: Secret
  53. metadata:
  54.   labels:
  55.     k8s-app: kubernetes-dashboard
  56.   name: kubernetes-dashboard-certs
  57.   namespace: kubernetes-dashboard
  58. type: Opaque
  60. ---
  62. apiVersion: v1
  63. kind: Secret
  64. metadata:
  65.   labels:
  66.     k8s-app: kubernetes-dashboard
  67.   name: kubernetes-dashboard-csrf
  68.   namespace: kubernetes-dashboard
  69. type: Opaque
  70. data:
  71.   csrf: ""
  73. ---
  75. apiVersion: v1
  76. kind: Secret
  77. metadata:
  78.   labels:
  79.     k8s-app: kubernetes-dashboard
  80.   name: kubernetes-dashboard-key-holder
  81.   namespace: kubernetes-dashboard
  82. type: Opaque
  84. ---
  86. kind: ConfigMap
  87. apiVersion: v1
  88. metadata:
  89.   labels:
  90.     k8s-app: kubernetes-dashboard
  91.   name: kubernetes-dashboard-settings
  92.   namespace: kubernetes-dashboard
  94. ---
  96. kind: Role
  97. apiVersion: rbac.authorization.k8s.io/v1
  98. metadata:
  99.   labels:
  100.     k8s-app: kubernetes-dashboard
  101.   name: kubernetes-dashboard
  102.   namespace: kubernetes-dashboard
  103. rules:
  104.   # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  105.   - apiGroups: [""]
  106.     resources: ["secrets"]
  107.     resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
  108.     verbs: ["get", "update", "delete"]
  109.     # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
  110.   - apiGroups: [""]
  111.     resources: ["configmaps"]
  112.     resourceNames: ["kubernetes-dashboard-settings"]
  113.     verbs: ["get", "update"]
  114.     # Allow Dashboard to get metrics.
  115.   - apiGroups: [""]
  116.     resources: ["services"]
  117.     resourceNames: ["heapster", "dashboard-metrics-scraper"]
  118.     verbs: ["proxy"]
  119.   - apiGroups: [""]
  120.     resources: ["services/proxy"]
  121.     resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
  122.     verbs: ["get"]
  124. ---
  126. kind: ClusterRole
  127. apiVersion: rbac.authorization.k8s.io/v1
  128. metadata:
  129.   labels:
  130.     k8s-app: kubernetes-dashboard
  131.   name: kubernetes-dashboard
  132. rules:
  133.   # Allow Metrics Scraper to get metrics from the Metrics server
  134.   - apiGroups: ["metrics.k8s.io"]
  135.     resources: ["pods", "nodes"]
  136.     verbs: ["get", "list", "watch"]
  138. ---
  140. apiVersion: rbac.authorization.k8s.io/v1
  141. kind: RoleBinding
  142. metadata:
  143.   labels:
  144.     k8s-app: kubernetes-dashboard
  145.   name: kubernetes-dashboard
  146.   namespace: kubernetes-dashboard
  147. roleRef:
  148.   apiGroup: rbac.authorization.k8s.io
  149.   kind: Role
  150.   name: kubernetes-dashboard
  151. subjects:
  152.   - kind: ServiceAccount
  153.     name: kubernetes-dashboard
  154.     namespace: kubernetes-dashboard
  156. ---
  158. apiVersion: rbac.authorization.k8s.io/v1
  159. kind: ClusterRoleBinding
  160. metadata:
  161.   name: kubernetes-dashboard
  162.   namespace: kubernetes-dashboard
  163. roleRef:
  164.   apiGroup: rbac.authorization.k8s.io
  165.   kind: ClusterRole
  166.   name: kubernetes-dashboard
  167. subjects:
  168.   - kind: ServiceAccount
  169.     name: kubernetes-dashboard
  170.     namespace: kubernetes-dashboard
  172. ---
  174. kind: Deployment
  175. apiVersion: apps/v1
  176. metadata:
  177.   labels:
  178.     k8s-app: kubernetes-dashboard
  179.   name: kubernetes-dashboard
  180.   namespace: kubernetes-dashboard
  181. spec:
  182.   replicas: 1
  183.   revisionHistoryLimit: 10
  184.   selector:
  185.     matchLabels:
  186.       k8s-app: kubernetes-dashboard
  187.   template:
  188.     metadata:
  189.       labels:
  190.         k8s-app: kubernetes-dashboard
  191.     spec:
  192.       containers:
  193.         - name: kubernetes-dashboard
  194.           image: kubernetesui/dashboard:v2.0.0-beta4
  195.           imagePullPolicy: Always
  196.           ports:
  197.             - containerPort: 8443
  198.               protocol: TCP
  199.           args:
  200.             - --auto-generate-certificates
  201.             - --namespace=kubernetes-dashboard
  202.             # Uncomment the following line to manually specify Kubernetes API server Host
  203.             # If not specified, Dashboard will attempt to auto discover the API server and connect
  204.             # to it. Uncomment only if the default does not work.
  205.             # - --apiserver-host=http://my-address:port
  206.           volumeMounts:
  207.             - name: kubernetes-dashboard-certs
  208.               mountPath: /certs
  209.               # Create on-disk volume to store exec logs
  210.             - mountPath: /tmp
  211.               name: tmp-volume
  212.           livenessProbe:
  213.             httpGet:
  214.               scheme: HTTPS
  215.               path: /
  216.               port: 8443
  217.             initialDelaySeconds: 30
  218.             timeoutSeconds: 30
  219.       volumes:
  220.         - name: kubernetes-dashboard-certs
  221.           secret:
  222.             secretName: kubernetes-dashboard-certs
  223.         - name: tmp-volume
  224.           emptyDir: {}
  225.       serviceAccountName: kubernetes-dashboard
  226.       # Comment the following tolerations if Dashboard must not be deployed on master
  227.       tolerations:
  228.         - key: node-role.kubernetes.io/master
  229.           effect: NoSchedule
  231. ---
  233. kind: Service
  234. apiVersion: v1
  235. metadata:
  236.   labels:
  237.     k8s-app: dashboard-metrics-scraper
  238.   name: dashboard-metrics-scraper
  239.   namespace: kubernetes-dashboard
  240. spec:
  241.   ports:
  242.     - port: 8000
  243.       targetPort: 8000
  244.   selector:
  245.     k8s-app: dashboard-metrics-scraper
  247. ---
  249. kind: Deployment
  250. apiVersion: apps/v1
  251. metadata:
  252.   labels:
  253.     k8s-app: dashboard-metrics-scraper
  254.   name: dashboard-metrics-scraper
  255.   namespace: kubernetes-dashboard
  256. spec:
  257.   replicas: 1
  258.   revisionHistoryLimit: 10
  259.   selector:
  260.     matchLabels:
  261.       k8s-app: dashboard-metrics-scraper
  262.   template:
  263.     metadata:
  264.       labels:
  265.         k8s-app: dashboard-metrics-scraper
  266.     spec:
  267.       containers:
  268.         - name: dashboard-metrics-scraper
  269.           image: kubernetesui/metrics-scraper:v1.0.1
  270.           ports:
  271.             - containerPort: 8000
  272.               protocol: TCP
  273.           livenessProbe:
  274.             httpGet:
  275.               scheme: HTTP
  276.               path: /
  277.               port: 8000
  278.             initialDelaySeconds: 30
  279.             timeoutSeconds: 30
  280.           volumeMounts:
  281.           - mountPath: /tmp
  282.             name: tmp-volume
  283.       serviceAccountName: kubernetes-dashboard
  284.       # Comment the following tolerations if Dashboard must not be deployed on master
  285.       tolerations:
  286.         - key: node-role.kubernetes.io/master
  287.           effect: NoSchedule
  288.       volumes:
  289.         - name: tmp-volume
  290.           emptyDir: {}
  292. eof
  293. # kubectl apply -f kubernetes-dashboard.yaml
  294. # kubectl get pods -n kubernetes-dashboard

访问地址:http://NodeIP:30001

创建service account并绑定默认cluster-admin管理员集群角色:

  1. # kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
  2. # kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
  3. # kubectl describe secrets -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/dashboard-admin/{print $1}')

使用输出的token登录Dashboard。

k8s 命令自动补全

  1. yum install -y bash-completion
  2. source /usr/share/bash-completion/bash_completion
  3. source <(kubectl completion bash)
  4. echo "source <(kubectl completion bash)" >> ~/.bashrc

查看iptables规则:

  1. iptables-save

加载ipvs模块:

  1. cat > /etc/sysconfig/modules/ipvs.modules <<EOF
  2. #!/bin/bash
  3. modprobe -- ip_vs
  4. modprobe -- ip_vs_rr
  5. modprobe -- ip_vs_wrr
  6. modprobe -- ip_vs_sh
  7. modprobe -- nf_conntrack_ipv4
  8. EOF
  9. chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod |grep -e  ip_vs  -e   nf_conntrack_ipv4
  10. #如果系统内核版本大于4,modprobe -- nf_conntrack_ipv4 应该改成 modprobe -- nf_conntrack

修改为ipvs模式

  1. kubectl edit configmap kube-proxy -n kube-system
  2. mode: "ipvs"

重建kube-proxy生效配置:

  1. kubectl delete pod kube-proxy-xxx -n kube-system

工具查看规则:

  1. yum install ipvsadm -y
  2. ipvsadm -L -n

kubeadm部署k8s集群的更多相关文章

  1. 使用kubeadm部署k8s集群[v1.18.0]

    使用kubeadm部署k8s集群 环境 IP地址 主机名 节点 10.0.0.63 k8s-master1 master1 10.0.0.63 k8s-master2 master2 10.0.0.6 ...

  2. 【02】Kubernets:使用 kubeadm 部署 K8S 集群

    写在前面的话 通过上一节,知道了 K8S 有 Master / Node 组成,但是具体怎么个组成法,就是这一节具体谈的内容.概念性的东西我们会尽量以实验的形式将其复现. 部署 K8S 集群 互联网常 ...

  3. (二)Kubernetes kubeadm部署k8s集群

    kubeadm介绍 kubeadm是Kubernetes项目自带的及集群构建工具,负责执行构建一个最小化的可用集群以及将其启动等的必要基本步骤,kubeadm是Kubernetes集群全生命周期的管理 ...

  4. kubeadm部署K8S集群v1.16.3

    本次先更新kubeadm快速安装K8S,二进制安装上次没写文档,后续更新,此次最新的版本是V1.16.3 1.关闭防火墙.关闭selinux.关闭swapoff -a systemctl stop f ...

  5. kubernetes系列03—kubeadm安装部署K8S集群

    本文收录在容器技术学习系列文章总目录 1.kubernetes安装介绍 1.1 K8S架构图 1.2 K8S搭建安装示意图 1.3 安装kubernetes方法 1.3.1 方法1:使用kubeadm ...

  6. 使用Kubeadm创建k8s集群之部署规划(三十)

    前言 上一篇我们讲述了使用Kubectl管理k8s集群,那么接下来,我们将使用kubeadm来启动k8s集群. 部署k8s集群存在一定的挑战,尤其是部署高可用的k8s集群更是颇为复杂(后续会讲).因此 ...

  7. 使用Kubeadm创建k8s集群之节点部署(三十一)

    前言 本篇部署教程将讲述k8s集群的节点(master和工作节点)部署,请先按照上一篇教程完成节点的准备.本篇教程中的操作全部使用脚本完成,并且对于某些情况(比如镜像拉取问题)还提供了多种解决方案.不 ...

  8. 通过kubeadm工具部署k8s集群

    1.概述 kubeadm是一工具箱,通过kubeadm工具,可以快速的创建一个最小的.可用的,并且符合最佳实践的k8s集群. 本文档介绍如何通过kubeadm工具快速部署一个k8s集群. 2.主机规划 ...

  9. 部署K8S集群

    1.Kubernetes 1.1.概念 kubernetes(通常称为k8s)用于自动部署.扩展和管理容器化应用程序的开源系统.它旨在提供“跨主机集群的自动部署.扩展以及运行应用程序容器的平台”.支持 ...

随机推荐

  1. Android 编译笔记20191205

    gradle下载很慢 解决问题的方法如下: 使用文件管理器 打开用户主目录 windows平台: c:\Users\用户名\.gradle macos平台: /Users/用户名/.gradle li ...

  2. win10 + VS2015 编译 ARPACK

    step 1: 下载ARPACK , mingw-w64-install 和 mingw-get-inst-20120426.exe: step 2: 安装 MinGW-64默认安装路径即可. ste ...

  3. Android动画效果 translate、scale、alpha、rotate 切换Activity动画 控件位置调整

    2011.10.28注:如果需要控件停在动画后的位置,需要设置android:fillAfter属性为true,在set节点中.默认在动画结束后回到动画前位置.设置android:fillAfter后 ...

  4. delphi遍历指定目录下指定类型文件的函数

    遍历指定目录下指定类型文件的函数// ================================================================// 遍历某个文件夹下某种文件,/ ...

  5. AcWing 231. 天码 (容斥)打卡

    题目:https://www.acwing.com/problem/content/233/ 题意:给你n个不同的数,让你选取一个四元组,gcd为1,让你求这样的四元组数量是多少 思路:我们单独直接去 ...

  6. vue2 打包部署(vue-cli )

    1.一般打包 :直接 npm run build.(webpack的文件,根据不同的命令,执行不同的代码的) 注:这种打包的静态文件,只能放在web服务器中的根目录下才能运行. 2.在服务器中 非根目 ...

  7. ASP.NET Error Handling

    https://docs.microsoft.com/en-us/aspnet/web-forms/overview/getting-started/getting-started-with-aspn ...

  8. tp5.0如何获取header的Authorization值

    tp5.0如何获取header的Authorization值$request->header();好像没有这个值的但是发送请求头部有的 解决方案: 在.htaccess 文件中加入 设置 Set ...

  9. python 反转列表的3种方式

    转载自:https://blog.csdn.net/bookaswine/article/details/42468735 方式一:使用reversed()函数 a=[1,2,3,4,5,6,7,8, ...

  10. java并发编程笔记(三)——线程安全性

    java并发编程笔记(三)--线程安全性 线程安全性: ​ 当多个线程访问某个类时,不管运行时环境采用何种调度方式或者这些进程将如何交替执行,并且在主调代码中不需要任何额外的同步或协同,这个类都能表现 ...