一. 安裝docker

1.安裝依賴包

sudo yum install -y yum-utils device-mapper-persistent-data lvm2 

2.設(shè)置阿里云鏡像源

sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 

使用docker腳本一鍵安裝

curl -fsSL "https://get.docker.com/" | sh
systemctl enable --now docker

3.安裝Docker-CE

Install Docker CE

Set up the repository

Install required packages.

yum install yum-utils device-mapper-persistent-data lvm2

Add Docker repository.

yum-config-manager \
  --add-repo \
  https://download.docker.com/linux/centos/docker-ce.repo

Install Docker CE.

yum update && yum install docker-ce-18.06.2.ce

Create /etc/docker directory.

mkdir /etc/docker

Setup daemon.

cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF

mkdir -p /etc/systemd/system/docker.service.d

Restart Docker

systemctl daemon-reload
systemctl restart docker

安裝k8s

在Docker安裝完成的基礎(chǔ)上，完成一下步驟

使用阿里云鏡像源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
EOF

關(guān)閉SElinux

setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

安裝kubelet kubeadm kubectl

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

systemctl enable --now kubelet  #
開機(jī)啟動(dòng)kubelet

centos7用戶還需要設(shè)置路由：

yum install -y bridge-utils.x86_64
modprobe  br_netfilter  # 加載br_netfilter模塊昔园，使用lsmod查看開啟的模塊
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system  # 重新加載所有配置文件

systemctl disable --now firewalld  # 關(guān)閉防火墻

k8s要求關(guān)閉swap (qxl)

swapoff -a && sysctl -w vm.swappiness=0  # 關(guān)閉swap
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab  # 取消開機(jī)掛載swap

國外服務(wù)器

kubeadm config images pull #拉取集群所需鏡像厂财，這個(gè)需要翻墻

國內(nèi)服務(wù)器

kubeadm config images list #列出所需鏡像锰提，根據(jù)所需鏡像安裝

(不是一定是下面的,根據(jù)實(shí)際情況來選擇版本)

建議節(jié)點(diǎn)中也進(jìn)行此操作安裝

根據(jù)所需鏡像名字先拉取國內(nèi)資源

docker pull mirrorgooglecontainers/kube-apiserver:v1.14.2
docker pull mirrorgooglecontainers/kube-controller-manager:v1.14.2
docker pull mirrorgooglecontainers/kube-scheduler:v1.14.2
docker pull mirrorgooglecontainers/kube-proxy:v1.14.2
docker pull mirrorgooglecontainers/pause:3.1
docker pull mirrorgooglecontainers/etcd:3.3.10
docker pull coredns/coredns:1.3.1  # 這個(gè)在mirrorgooglecontainers中沒有

# 修改鏡像tag
docker tag mirrorgooglecontainers/kube-apiserver:v1.14.2 k8s.gcr.io/kube-apiserver:v1.14.2
docker tag mirrorgooglecontainers/kube-controller-manager:v1.14.2 k8s.gcr.io/kube-controller-manager:v1.14.2
docker tag mirrorgooglecontainers/kube-scheduler:v1.14.2 k8s.gcr.io/kube-scheduler:v1.14.2
docker tag mirrorgooglecontainers/kube-proxy:v1.14.2 k8s.gcr.io/kube-proxy:v1.14.2
docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1
docker tag mirrorgooglecontainers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1


# 把所需的鏡像下載好庐冯，init的時(shí)候就不會(huì)再拉鏡像吐绵，由于無法連接google鏡像庫導(dǎo)致出錯(cuò)

# 刪除原來的鏡像
docker rmi mirrorgooglecontainers/kube-apiserver:v1.14.2
docker rmi mirrorgooglecontainers/kube-controller-manager:v1.14.2
docker rmi mirrorgooglecontainers/kube-scheduler:v1.14.2
docker rmi mirrorgooglecontainers/kube-proxy:v1.14.2
docker rmi mirrorgooglecontainers/pause:3.1
docker rmi mirrorgooglecontainers/etcd:3.3.10
docker rmi coredns/coredns:1.3.1

cat >> kubeadm-config.yaml <<EOF
apiServer:
  timeoutForControlPlane: 4m0s
  extraArgs:
    enable-admission-plugins: NamespaceLifecycle,LimitRanger,ServiceAccount,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,PersistentVolumeClaimResize,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota
    runtime-config: "api/all=true"
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: stable
#下面是master的ip
controlPlaneEndpoint: "master節(jié)點(diǎn)的ip:8443"
dns:
  type: "CoreDNS"
networking:
  dnsDomain: cluster.local
  podSubnet: "10.244.0.0/16"
EOF

初始化k8s

kubeadm reset --force #重置集群彼哼，初始化出錯(cuò)可以使用

#k8s初始化
#對hostname命名也有規(guī)范对妄，報(bào)hostname不規(guī)范修改/etc/hostname，然后reboot就行了
kubeadm init --config=kubeadm-config.yaml --experimental-upload-certs 

初始化成功會(huì)生成token

#每個(gè)機(jī)器創(chuàng)建的master以下部分都不同,需要自己保存好,用于添加k8s節(jié)點(diǎn)
kubeadm join ip:8443 --token xxx \
    --discovery-token-ca-cert-hash sha256:xxxx

普通用戶設(shè)置權(quán)限

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

安裝網(wǎng)絡(luò)calico敢朱、flannel

# use calico cni
kubectl apply -f https://docs.projectcalico.org/v3.7/manifests/canal.yaml
# use standard flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.11.0/Documentation/kube-flannel.yml

node加入集群中

• node需要安裝docker和kubectl\kubecadm\kubelet,且版本與master的版本一致剪菱。

#主節(jié)點(diǎn)初始化生成的token摩瞎，在節(jié)點(diǎn)中使用
kubeadm join master_ip:8443 --token xxx \
    --discovery-token-ca-cert-hash sha256:xxxx
    
# 加入成功后查看master的nodes數(shù)目，稍等節(jié)點(diǎn)進(jìn)行初始化孝常，然后從notready到ready的狀態(tài)旗们。
    ```