虚拟机安装

本次使用virtualbox+vagrant方式安装三台linux虚拟机，版本均为centos7，ssh工具为mobaxterm

下载完成直接安装，无需特殊配置。

安装完成在任意空文件夹执行

vagrant init

将会生成一个Vagrant文件，由于k8s至少需要2台机器(一主一从)，所以需要修改Vagrant文件，生成至少2个虚拟机(两个文件夹执行两次vagrant init也是可以的，但是不建议这么做，本次是k8s学习，不要纠结于虚拟机)，修改后如下

Vagrant.configure("2") do |config|
#for循环创建3台虚拟机
	(1..3).each do |i|
		config.vm.define "host#{i}" do |node|
		#linux发行版本，可根据个人习惯从https://app.vagrantup.com/boxes/search寻找版本
			node.vm.box = "centos/7"
			node.vm.hostname = "host#{i}"
			# 创建3台虚拟机，ip分别为 192.168.56.101/102/103，此处ip 192.168.56需要根据自己安装virtualbox生成的虚拟网卡修改，查看方式为点击virtualbox工具右侧三条横杠，选择网络，查看IPV4地址	
			node.vm.network "private_network", ip: "192.168.56.#{100+i}", netmask: "255.255.255.0"
			node.vm.provider "virtualbox" do |vb|
				vb.name = "host#{i}"
				vb.memory = "2048"
				#至少分配2核，否则k8s会安装不成功
				vb.cpus = 2
			end
		end
	end
end

保存文件，执行启动命令,由于需要从官方拉取镜像并创建3台虚拟机，所以此处须等待较长时间

vagrant up

命令执行结果

D:\tool\vms
$ vagrant up
Bringing machine 'host1' up with 'virtualbox' provider...
Bringing machine 'host2' up with 'virtualbox' provider...
Bringing machine 'host3' up with 'virtualbox' provider...
==> host1: Importing base box 'centos/7'...
==> host1: Matching MAC address for NAT networking...
==> host1: Checking if box 'centos/7' version '2004.01' is up to date...
==> host1: Setting the name of the VM: host1
==> host1: Clearing any previously set network interfaces...
==> host1: Preparing network interfaces based on configuration...
    host1: Adapter 1: nat
    host1: Adapter 2: hostonly
==> host1: Forwarding ports...
    host1: 22 (guest) => 2222 (host) (adapter 1)
==> host1: Running 'pre-boot' VM customizations...
==> host1: Booting VM...
==> host1: Waiting for machine to boot. This may take a few minutes...
    host1: SSH address: 127.0.0.1:2222
    host1: SSH username: vagrant
    host1: SSH auth method: private key
    host1:
    host1: Vagrant insecure key detected. Vagrant will automatically replace
    host1: this with a newly generated keypair for better security.
    host1:
    host1: Inserting generated public key within guest...
    host1: Removing insecure key from the guest if it's present...
    host1: Key inserted! Disconnecting and reconnecting using new SSH key...
==> host1: Machine booted and ready!
==> host1: Checking for guest additions in VM...
    host1: No guest additions were detected on the base box for this VM! Guest
    host1: additions are required for forwarded ports, shared folders, host only
    host1: networking, and more. If SSH fails on this machine, please install
    host1: the guest additions and repackage the box to continue.
    host1:
    host1: This is not an error message; everything may continue to work properly,
    host1: in which case you may ignore this message.
==> host1: Setting hostname...
==> host1: Configuring and enabling network interfaces...
==> host1: Rsyncing folder: /cygdrive/d/tool/vms/ => /vagrant
==> host2: Importing base box 'centos/7'...
==> host2: Matching MAC address for NAT networking...
==> host2: Checking if box 'centos/7' version '2004.01' is up to date...
==> host2: Setting the name of the VM: host2
==> host2: Fixed port collision for 22 => 2222. Now on port 2200.
==> host2: Clearing any previously set network interfaces...
==> host2: Preparing network interfaces based on configuration...
    host2: Adapter 1: nat
    host2: Adapter 2: hostonly
==> host2: Forwarding ports...
    host2: 22 (guest) => 2200 (host) (adapter 1)
==> host2: Running 'pre-boot' VM customizations...
==> host2: Booting VM...
==> host2: Waiting for machine to boot. This may take a few minutes...
    host2: SSH address: 127.0.0.1:2200
    host2: SSH username: vagrant
    host2: SSH auth method: private key
    host2:
    host2: Vagrant insecure key detected. Vagrant will automatically replace
    host2: this with a newly generated keypair for better security.
    host2:
    host2: Inserting generated public key within guest...
    host2: Removing insecure key from the guest if it's present...
    host2: Key inserted! Disconnecting and reconnecting using new SSH key...
==> host2: Machine booted and ready!
==> host2: Checking for guest additions in VM...
    host2: No guest additions were detected on the base box for this VM! Guest
    host2: additions are required for forwarded ports, shared folders, host only
    host2: networking, and more. If SSH fails on this machine, please install
    host2: the guest additions and repackage the box to continue.
    host2:
    host2: This is not an error message; everything may continue to work properly,
    host2: in which case you may ignore this message.
==> host2: Setting hostname...
==> host2: Configuring and enabling network interfaces...
==> host2: Rsyncing folder: /cygdrive/d/tool/vms/ => /vagrant
==> host3: Importing base box 'centos/7'...
==> host3: Matching MAC address for NAT networking...
==> host3: Checking if box 'centos/7' version '2004.01' is up to date...
==> host3: Setting the name of the VM: host3
==> host3: Fixed port collision for 22 => 2222. Now on port 2201.
==> host3: Clearing any previously set network interfaces...
==> host3: Preparing network interfaces based on configuration...
    host3: Adapter 1: nat
    host3: Adapter 2: hostonly
==> host3: Forwarding ports...
    host3: 22 (guest) => 2201 (host) (adapter 1)
==> host3: Running 'pre-boot' VM customizations...
==> host3: Booting VM...
==> host3: Waiting for machine to boot. This may take a few minutes...
    host3: SSH address: 127.0.0.1:2201
    host3: SSH username: vagrant
    host3: SSH auth method: private key
    host3:
    host3: Vagrant insecure key detected. Vagrant will automatically replace
    host3: this with a newly generated keypair for better security.
    host3:
    host3: Inserting generated public key within guest...
    host3: Removing insecure key from the guest if it's present...
    host3: Key inserted! Disconnecting and reconnecting using new SSH key...
==> host3: Machine booted and ready!
==> host3: Checking for guest additions in VM...
    host3: No guest additions were detected on the base box for this VM! Guest
    host3: additions are required for forwarded ports, shared folders, host only
    host3: networking, and more. If SSH fails on this machine, please install
    host3: the guest additions and repackage the box to continue.
    host3:
    host3: This is not an error message; everything may continue to work properly,
    host3: in which case you may ignore this message.
==> host3: Setting hostname...
==> host3: Configuring and enabling network interfaces...
==> host3: Rsyncing folder: /cygdrive/d/tool/vms/ => /vagrant

D:\tool\vms
$

命令执行成功后，由于新创建的虚拟机暂不支持密码和root用户登录，需要在当前命令行分别对三台虚拟机修改ssh配置，以host1为例

vagrant ssh host1

切换到root用户，密码vagrant

su - root

修改/etc/ssh/sshd_confg，放开root远程登录(PermitRootLogin yes)和密码登录(PasswordAuthentication yes)

[root@host1 ~]# cat /etc/ssh/sshd_config
#       $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

重启sshd服务

systemctl restart sshd

然后执行两次exit退出host1，对host2和host3执行上述操作，至此，3台虚拟机都可以通过ssh工具进行远程连接了。

docker安装

使用mobaxterm连接三台虚拟机，使用multiexec模式对所有终端进行操作

$ sudo yum install -y yum-utils

$ sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo
$ sudo yum install docker-ce docker-ce-cli containerd.io

安装完成，启动docker

sudo systemctl start docker

设置为开机启动

sudo systemctl enable docker

设置docker的国内镜像加速器，登录dev.aliyun.com,点击控制台，搜索，容器镜像服务，找到镜像加速器，按照自己的虚拟机版本执行命令，例

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://2t5ue6h6.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

Kubernetes部署环境准备

关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

关闭selinux

sed -i 's/enforcing/disabled/' /etc/selinux/config  #永久
setenforce 0  #临时

关闭swap（k8s禁止虚拟内存以提高性能）

sed -ri 's/.*swap.*/#&/' /etc/fstab #永久
swapoff -a #临时

在master添加hosts

cat >> /etc/hosts << EOF
192.168.56.101 k8smaster
192.168.56.102 k8snode1
192.168.56.103 k8snode2
EOF

设置网桥参数

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system  #生效

时间同步

yum install ntpdate -y
ntpdate time.windows.com