Ubuntu安装k8s(纯操作)

发表于 更新于 分类于

1 hostname

1
hostnamectl set-hostname knode1

2 /etc/hosts

1
2
3
172.31.27.5 knode1
172.31.23.162 knode2
172.31.21.12 knode3

3 禁用systemd-resolved

1
2
3
4
5
6
7
systemctl disable systemd-resolved.service
systemctl stop systemd-resolved.service
rm -rf /etc/resolv.conf ; touch /etc/resolv.conf
cat << EOF > /etc/resolv.conf
nameserver 8.8.8.8
nameserver 114.114.114.114
EOF

4 关闭防火墙(不建议)

1
ufw disable

5 修改时区和语言

1
2
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
sudo echo 'LANG="en_US.UTF-8"' >> /etc/profile;source /etc/profile

6 关闭swap

1
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

7 kernel性能调优

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
cat >> /etc/sysctl.conf<<EOF
net.ipv4.ip_forward=1
watchdog_thresh=30
net.bridge.bridge-nf-call-iptables=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.tcp_tw_recycle=0
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
EOF
sysctl -p

8 安装docker

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
国内源
sudo cp /etc/apt/sources.list /etc/apt/sources.list.bak
cat > /etc/apt/sources.list << EOF
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
EOF
sudo curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get -y update
sudo apt-get -y install docker-ce=${install_version} docker-ce-cli=${install_version} --allow-downgrades;
systemctl start docker
systemctl enable docker
sudo apt-mark hold docker-ce docker-ce-cli
## https://dockerhub.azk8s.cn/


国外
## 移除旧包
sudo apt-get remove docker docker-engine docker.io containerd runc
## 安装相关依赖
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent  software-properties-common ifupdown -y
## 安装秘钥
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
## 设置repo
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
## 安装
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io -y
# 启动docker
systemctl start docker
systemctl enable docker
## 锁定docker版本
sudo apt-mark hold docker-ce docker-ce-cli
## 安装特定版本
apt-cache madison docker-ce
sudo apt-get install docker-ce=<VERSION_STRING> docker-ce-cli=<VERSION_STRING> containerd.io

国内镜像加速

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m",
    "max-file": "3"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ],
  "registry-mirrors": ["https://uyah70su.mirror.aliyuncs.com"]
}
EOF

9 解决ubuntu警告No swap limit support

Ubuntu\Debian系统下,默认cgroups未开启swap account功能,这样会导致设置容器内存或者swap资源限制不生效。可以通过以下命令解决:

1
2
3
sudo sed -i 's/en[[:alnum:]]*/eth0/g' /etc/network/interfaces;
sudo sed -i 's/GRUB_CMDLINE_LINUX="\(.*\)"/GRUB_CMDLINE_LINUX="net.ifnames=0 cgroup_enable=memory swapaccount=1 biosdevname=0 \1"/g' /etc/default/grub;
sudo update-grub;

10 安装kubeadm

1
2
3
4
5
6
7
8
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

如果网络比较慢,可以使用阿里的源

1
2
3
4
5
6
7
8
9
10
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF  
apt-get update
## 查看可安装版本
apt policy kubeadm
## 安装
apt-get install -y kubelet kubeadm kubectl

11 Master安装

1
2
3
4
5
6
7
kubeadm init   --apiserver-advertise-address=172.31.27.5   --service-cidr=10.96.0.0/12   --pod-network-cidr=10.244.0.0/16
## 使用阿里源 --image-repository registry.aliyuncs.com/google_containers
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

## kubeadm token create --print-join-command

12 Node节点注册

1
2
kubeadm join 172.31.27.5:6443 --token m9luq4.92yahwonslm8b6xj \
    --discovery-token-ca-cert-hash sha256:cb705c09703f492af8db0ec9576737567aec78dcc4fac27a46bad08d6e46ced4

13 网络插件安装

1
2
3
4
5
6
# 二选一
# 1 flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

# 2 calico
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

14 部署Dashboard

1
2
3
4
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

# 修改NodePort