Kubernetes1.7 cluster deployment

By Load Balance

kubernetes1.7 cluster deployment

Environment

os: CentOS Linux release 7.4.1708 (Core) kernel: 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09 :27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Preparations

#Uninstall the firewall
systemctl stop firewalld && sudo systemctl disable firewalld && yum remove -y firewalld

#Kernel parameter settings
setenforce 0
sed -i's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
echo "net.ipv6. conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
echo " net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl- p

#Load overlay module
modprobe overlay
lsmod | grep overlay
echo "overlay"> /etc/modules-load.d/overlay.conf

#Change mirror to Ali mirror
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos -7.repo

#Add kubernetes mirror
$ cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name =Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck= 1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key. gpg
[docker]
name=Docker
baseurl=https://mirrors.aliyun.com/docker-engine/yum/repo/main/centos/7/
enabled =1
gpgcheck=0
repo_gpgcheck=0
EOF

#Install the specified version of docker-1.12.6
yum install -y yum-versionlock docker-engine-selinux-1.12.6-1.el7.centos.noarch docker-engine-1.12.6-1.el7.centos.x86_64 
yum versionlock add docker-engine-selinux docker-engine

#Install kubernetes components
yum install -y kubelet kubectl kubeadm
#yum versionlock add kubelet kubectl

sed -i "s/cgroup-driver=systemd/ cgroup-driver=cgroupfs/g" /etc/systemd/system/kubelet. service.d/10-kubeadm.conf

# Configure mirror acceleration
mkdir /etc/docker
tee /etc/docker/daemon.json <<-'EOF'< br />{
 "storage-driver": "overlay2",
 "storage-opts": [
 "overlay2.override_kernel_check=true"
 ],
 "selinux-enabled": false,
 "registry-mirrors": ["https://w6gp6d0a.mirror.aliyuncs.com"]
}
EOF
systemctl enable docker && systemctl restart docker
#systemctl enable kubelet && systemctl restart kubelet
docker info

#Configure docker log automatic archiving
tee /etc/logrotate.d/docker < <-'EOF'
/var/lib/docker/containers/*/*.log
{
 size 50M
 rotate 0
 missingok
 nocreate 
 #compress
 copytruncate
 nodelaycompress
 notifempty
}
EOF

master

cat < config.yaml 
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
etcd:
 image: "registry.cn-hangzhou.aliyuncs.com/kube_containers/etcd -amd64:3.1.10 "
networking:
 podSubnet: 10.1.0.0/16
kubernetesVersion: 1.10.2
imageRepository: "registry.cn-hangzhou.aliyuncs.com/kube_containers"
 tokenTTL: "0"
featureGates:
 CoreDNS: true
EOF

kubeadm init --config config.yaml

#production environment : Use calico
kubectl apply -f https://raw.githubusercontent.com/inspireso/docker/kubernetes/kubernetes/addon/calico/calico1.7.yaml

dashboard

#Prepare the certificate (the last one needs to enter the host name of the master)
mkdir dashboard-certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout dashboard.key -x509 -days 365- out dashboard.crt
kubectl -n kube-system create secret generic kubernetes-dashboard-certs --from-file=./dashboard-certs

#Install dashboard
kubectl apply -f https://raw.githubusercontent.com/inspireso/docker/kubernetes/kubernetes/google_containers/kubernetes-dashboard1.8.yaml

#add administrator
$ kubectl apply -f https://raw.githubusercontent.com/inspireso/docker/kubernetes/kubernetes/goog le_containers/kubernetes-dashboard-admin.rbac.yaml

#Find token
$ kubectl -n kube-system get secret | grep kubernetes-dashboard-admin
$ kubectl describe- n kube-system secret/kubernetes-dashboard-admin-token-XXX

node

yum install -y nfs-utils

kubeadm join --token =xxxxxxxxxxxxx xxx.xxx.xxx.xxx

Monitoring

heapster

# influxdb
$ kubectl apply -f https://raw.githubusercontent .com/inspireso/docker/kubernetes/kubernetes/heapster/influxdb-deployment.yaml
# heapster
$ kubectl apply -f https://raw.githubusercontent.com/inspireso/docker/kubernetes/kubernetes /heapster/heapster-deployment.yaml.yaml

prometheus

#setup
kubectl apply -f https://raw.githubusercontent.com/inspireso/docker/kubernetes /kubernetes/prometheus/setup.yaml

#prometheus
kubectl apply -f https://raw.githubusercontent.com/inspireso/docker/kubernetes/kubernetes/prometheus/prometheus.yaml< br />
#kube-state-m etrics
kubectl apply -f https://raw.githubusercontent.com/inspireso/docker/kubernetes/kubernetes/prometheus/kube-state-metrics.yaml

ingress

#Initial configuration
kubectl apply -f https://raw.githubusercontent.com/inspireso/docker/kubernetes/kubernetes/google_containers/ingress-nginx-config-map.yaml
#Deploy nginx-ingress 
kubectl apply -f https://raw.githubusercontent.com/inspireso/docker/kubernetes/kubernetes/google_containers/ingress-nginx.yaml

helm

$ curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get> get_helm.sh
$ chmod 700 get_helm.sh
$ ./get_helm.sh

helm init --tiller-image=registry.cn-hangzhou.aliyuncs.com/kube_containers/tiller:latest --stable-repo-url https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tille r
kubectl patch deploy --namespace kube-system tiller-deploy -p'{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' 
FAQ
 
networks have same bridge namer
 
ip link del docker0 && rm -rf /var/docker/network/* && mkdir -p /var/docker/ network/files
systemctl start docker
# delete all containers
docker rm -f $(docker ps -a -q)


master node->work load 


$ kubectl taint nodes --all dedicated-
$ kubectl taint nodes kuben1 kube


node -> unschedulable


$ kubectl taint nodes kuben0 dedicated=master :NoSchedule


reset


$ kubeadm reset
$ rm /var/etcd/ -rf
$ docker rm -f $(docker ps -a -q )


Upgrade linux kernel


$ rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org && rpm -Uvh http:// www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm && yum clean all && yum --enablerepo=elrepo-kernel install kernel-ml && grub2-set-default 0
< br /># View
$ grub2-editen v list

#View startup items
$ awk -F\''$1=="menuentry "{print i++": "$2}' /etc/grub2.cfg
 
#View the installed kernel
$ rpm -qa | grep kernel


OverlayFS


modprobe overlay
lsmod | grep overlay
 echo "overlay"> /etc/modules-load.d/overlay.conf

$ sed -i -e'/^ExecStart=/ s/$/ --storage-driver=overlay/' /usr/lib/systemd/system/docker.service rm /var/lib/docker -rf


Maintenance


kubectl cordon kuben6
kubectl drain --ignore-daemonsets kuben6
kubectl uncordon kuben6
, , ,

Leave a Comment

Your email address will not be published.