### 集群網絡規劃 阿里云vpc:10.34.0.0/16 cluser-ip:10.35.0.0/16 pod-ip：10.36.0.0/16 ### 節點信息 | IP address |HOST NAME | | | | --- | --- | --- | --- | | | | | | | | | | | ### 修改內核 vi /etc/sysctl.conf # docker net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 # swap off vm.swappiness = 0 ## 配置 kubespray ### 安裝基礎軟件 # 安裝 git yum -y install git # 安裝 centos 額外的yum源 yum install -y epel-release # make 緩存 yum clean all && yum makecache # 安裝 軟件 yum install -y python-pip python34 python-netaddr python34-pip ansible # 升級 Jinja2 pip install --upgrade Jinja2 ### 下載源碼 git clone https://github.com/kubernetes-incubator/kubespray # Install dependencies from ``requirements.txt`` pip install -r requirements.txt ### 修改鏡像下載源 sed -i 's/gcr\.io\/google_containers\//harbor-infra.aliyun-cn-shanghai-e.dr.dianrong.io\/google_containers\//g' roles/download/defaults/main.yml sed -i 's/gcr\.io\/google_containers\//harbor-infra.aliyun-cn-shanghai-e.dr.dianrong.io\/google_containers\//g' roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2 sed -i 's/gcr\.io\/google_containers\//harbor-infra.aliyun-cn-shanghai-e.dr.dianrong.io\/google_containers\//g' roles/kubernetes-apps/ansible/defaults/main.yml sed -i 's/gcr\.io\/google-containers\//harbor-infra.aliyun-cn-shanghai-e.dr.dianrong.io\/google-containers\//g' roles/download/defaults/main.yml ### Flannel configuration file should have been created there cat /run/flannel/subnet.env FLANNEL_NETWORK=10.233.0.0/18 FLANNEL_SUBNET=10.233.16.0/24 FLANNEL_MTU=1450 FLANNEL_IPMASQ=false > flannel 配置文件需要手動在每個節點創建 ### 安裝失敗清理 rm -rf /etc/kubernetes/ rm -rf /var/lib/kubelet rm -rf /var/lib/etcd rm -rf /usr/local/bin/kubectl rm -rf /etc/systemd/system/calico-node.service rm -rf /etc/systemd/system/kubelet.service systemctl stop etcd.service systemctl disable etcd.service systemctl stop calico-node.service systemctl disable calico-node.service docker stop $(docker ps -q) docker rm $(docker ps -a -q) service docker restart ### 刪除taint kubectl taint node --all node.cloudprovider.kubernetes.io/uninitialized- ### ingress 修改dns 策略 ingress 服務使用host 模式部署，所以dns 地址會繼承宿主機地址。導致無法解析service cat ingress-nginx-controller-ds.yml --- apiVersion: apps/v1 kind: DaemonSet metadata: name: ingress-nginx-controller namespace: kube-system labels: k8s-app: ingress-nginx version: v0.15.0 annotations: prometheus.io/port: '10254' prometheus.io/scrape: 'true' spec: selector: matchLabels: k8s-app: ingress-nginx version: v0.15.0 template: metadata: labels: k8s-app: ingress-nginx version: v0.15.0 annotations: prometheus.io/port: '10254' prometheus.io/scrape: 'true' spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet # 此處修改DNS策略 nodeSelector: node-role.kubernetes.io/ingress: "true" terminationGracePeriodSeconds: 60 containers: - name: ingress-nginx-controller image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.15.0 imagePullPolicy: IfNotPresent args: - /nginx-ingress-controller - --default-backend-service=$(POD_NAMESPACE)/ingress-nginx-default-backend - --configmap=$(POD_NAMESPACE)/ingress-nginx - --tcp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-tcp-services - --udp-services-configmap=$(POD_NAMESPACE)/ingress-nginx-udp-services - --annotations-prefix=nginx.ingress.kubernetes.io env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: http containerPort: 80 hostPort: 80 - name: https containerPort: 443 hostPort: 443 livenessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 securityContext: runAsNonRoot: false serviceAccountName: ingress-nginx ### Linux上配置http上網代理 因為下載二進制程序包及gcr.io