registry安装
软件:yum install -y docker-distribution
起服务:systemctl enable --now docker-distribution
查询:curl -s http://registry:5000/v2/_catalog
kube-master安装
环境准备:
禁用 selinux:sed '/^SELINUX/s/enforcing/disabled/' -i /etc/selinux/config
禁用 swap: sed 's/.swap./# &/' -i /etc/fstab
卸载 firewalld-*:yum -y remove firewalld-*
安装k8s工具包
软件:yum install -y kubeadm kubelet kubectl docker-ce
配置/etc/docker/daemon.json
{
"exec-opts":["native.cgroupdriver=systemd"],
"registry-mirrors":["http://registry:5000"],
"insecure-registries":["registry:5000","192.168.1.30:5000"]
}起服务:systemctl enable --now docker kubelet
安装代理软件包:yum install -y ipvsadm ipset
加载内核模块:
for i in overlay br_netfilter;do
modprobe ${i}
echo "${i}" >>/etc/modules-load.d/containerd.conf
done
配置内核参数:
cat >/etc/sysctl.d/99-kubernetes-cri.conf<<EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
与内核交互:sysctl --system
使用kubeadm部署
kubeadm init --config=init/kubeadm-init.yaml --dry-run
kubeadm init --config=init/kubeadm-init.yaml |tee init/init.log
计算节点安装
删除 token:kubeadm token delete abcdef.0123456789abcdef
创建 token:kubeadm token create --ttl=0 --print-join-command
创建yaml文件:使用ansible部署
• name: Join K8S cluster
vars:
master: "192.168.88.50:6443"
token: "85i08x.2d9g83hvd8t1ca73"
token_hash: "sha256:67301f8557220f5873465a2325eaa6f8a4ca1a270d133d08ac91ae3fa8f1a5d5"
hosts: nodes
tasks:
• name: install k8s node packages
yum:
name: kubeadm,kubelet,ipvsadm,ipset,nfs-utils,docker-ce
state: latest
update_cache: yes• name: create a directory if it does not exist
file:
path: /etc/docker
state: directory
mode: '0755'• name: create daemon.json
copy:
dest: /etc/docker/daemon.json
owner: root
group: root
mode: '0644'
content: |
{
"exec-opts":["native.cgroupdriver=systemd"],
"registry-mirrors":["http://192.168.88.88:5000","http://registry:5000","https://hub-mirror.c.163.com"],
"insecure-registries":["192.168.88.88:5000","registry:5000"]
}• name: create containerd.conf
copy:
dest: /etc/modules-load.d/containerd.conf
owner: root
group: root
mode: '0644'
content: |
overlay
br_netfilter• name: Add the overlay,br_netfilter module
modprobe:
name: "{{ item }}"
state: present
loop:
• overlay
• br_netfilter
• name: create 99-kubernetes-cri.conf
sysctl:
name: "{{ item }}"
value: "1"
sysctl_set: yes
sysctl_file: /etc/sysctl.d/99-kubernetes-cri.conf
loop:
• net.ipv4.ip_forward
• net.bridge.bridge-nf-call-iptables
• net.bridge.bridge-nf-call-ip6tables
• name: set /etc/hosts
copy:
dest: /etc/hosts
owner: root
group: root
mode: '0644'
content: |
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.88.88 registry
192.168.88.50 master
{% for i in groups.all %}
{{ hostvars[i].ansible_eth0.ipv4.address }} {{ hostvars[i].ansible_hostname }}
{% endfor %}• name: enable k8s kubelet,runtime service
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
• docker
• kubelet
• name: check node state
stat:
path: /etc/kubernetes/kubelet.conf
register: result• name: node join cluster
shell: |
kubeadm join '{{ master }}' --token '{{ token }}' --discovery-token-ca-cert-hash '{{ token_hash }}'
args:
executable: /bin/bash
when: result.stat.exists == False
网络插件安装配置
使用对象资源文件部署
kubectl apply -f kube-flannel.yml
欢迎交流