環(huán)境

三臺(tái) CentOS 7.4 服務(wù)器：kube1 宙刘、kube2 诗赌、kube3 丢郊，配置：2 核 16G

關(guān)閉秋忙、禁用防火墻：

systemctl stop firewalld

systemctl disable firewalld

禁用SELINUX：

setenforce 0

創(chuàng)建 /etc/sysctl.d/k8s.conf 文件彩掐，添加如下內(nèi)容：

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

執(zhí)行如下命令使修改生效：

modprobe br_netfilter

sysctl -p /etc/sysctl.d/k8s.conf

安裝 Docker

# step 1: 安裝必要的一些系統(tǒng)工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2

# Step 2: 添加軟件源信息
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# Step 3: 更新并安裝 Docker-CE
sudo yum makecache fast
sudo yum -y install docker-ce

# Step 4: 開啟Docker服務(wù)
sudo service docker start

# Step 5: 設(shè)置開機(jī)啟動(dòng)
sudo systemctl enable docker

配置阿里云鏡像加速器：

mkdir -p /etc/docker

tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://obww7jh1.mirror.aliyuncs.com"]
}
EOF

systemctl daemon-reload

systemctl restart docker

安裝 kubelet kubeadm kubectl

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum install -y kubelet kubeadm kubectl

systemctl enable --now kubelet

構(gòu)建 Kubernetes 集群

1、初始化 Master 節(jié)點(diǎn) kube1

kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers

• --pod-network-cidr ：后續(xù)安裝 flannel 的前提條件灰追，且值為 10.244.0.0/16堵幽， 參考資料
• --image-repository ：指定鏡像倉庫

輸出日志：

.....
[addons] Applied essential addon: kube-dns
[addons] Applied essential addon: kube-proxy

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join 172.17.58.201:6443 --token 831rfg.dw0vyb1h3beab5as --discovery-token-ca-cert-hash sha256:623681fde5b2bf564a8631942f31797f9bef75f40b14a86ef75e1d31b43709f1

從日志中，可以看出弹澎，要使用集群朴下，需要執(zhí)行如下命令：

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

還需要部署一個(gè) Pod Network 到集群中，此處選擇 flannel ：

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/62e44c867a2846fefb68bd5f178daf4da3095ccb/Documentation/kube-flannel.yml

至此苦蒿，Master 節(jié)點(diǎn)初始化完畢殴胧，查看集群相關(guān)信息：

# 查看集群信息
$ kubectl cluster-info
Kubernetes master is running at https://172.17.58.201:6443
KubeDNS is running at https://172.17.58.201:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

# 查看節(jié)點(diǎn)信息
$ kubectl get nodes
NAME           STATUS    ROLES     AGE       VERSION
lab-backend1   Ready     master    1m        v1.15.0

# 查看 Pods 信息
$ kubectl get pods --all-namespaces
NAMESPACE     NAME                            READY   STATUS    RESTARTS   AGE
kube-system   coredns-bccdc95cf-qp4wl         1/1     Running   0          14m
kube-system   coredns-bccdc95cf-z9nwp         1/1     Running   0          14m
kube-system   etcd-k8s-1                      1/1     Running   0          13m
kube-system   kube-apiserver-k8s-1            1/1     Running   0          14m
kube-system   kube-controller-manager-k8s-1   1/1     Running   0          13m
kube-system   kube-scheduler-k8s-1            1/1     Running   0          13m

如果初始化過程出現(xiàn)問題，使用如下命令重置：

kubeadm reset

rm -rf /var/lib/cni/

rm -f $HOME/.kube/config

2佩迟、添加 Worker 節(jié)點(diǎn)

方式 ① 使用 kubeadm init 時(shí)返回的信息加入集群 kube2 / kube3

kubeadm join 172.17.58.201:6443 --token 831rfg.dw0vyb1h3beab5as --discovery-token-ca-cert-hash sha256:623681fde5b2bf564a8631942f31797f9bef75f40b14a86ef75e1d31b43709f1

方式 ② 重新生成 token kube1

kubeadm token generate

kubeadm token create <generated-token> --print-join-command --ttl=24h

• --ttl=24h 代表這個(gè)Token 的有效期為 24 小時(shí)团滥，初始化默認(rèn)生成的 token 有效期也為 24 小時(shí)

加入集群 kube2 / kube3

kubeadm join 172.17.58.201:6443 --token 41ts3r.n2vw06xbniouo6u5 --discovery-token-ca-cert-hash sha256:f958e234e8554c2352127f356a7eb7dad422c10df9a749156df36e5972cba38b

再次查看集群節(jié)點(diǎn) kube1

$ kubectl get nodes
NAME           STATUS    ROLES     AGE       VERSION
lab-backend1   Ready     master    6m        v1.15.0
lab-backend2   Ready     <none>    56s       v1.15.0
lab-backend3   Ready     <none>    14s       v1.15.0

至此免胃，1 Master + 2 Worker 的 kubernetes 集群就創(chuàng)建成功了。