一改化、檢查操作系統(tǒng)版本信息沐祷、內(nèi)核版本
[root@k8s-master1 /root]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
[root@k8s-master1 /root]# uname -r
3.10.0-957.1.3.el7.x86_64
二鸵鸥、配置selinux和firewalld
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
systemctl disable firewalld --now
三哩簿、內(nèi)核參數(shù)修改航邢、加載內(nèi)核模塊
- 修改內(nèi)核參數(shù)
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system - 加載內(nèi)核模塊
modprobe br_netfilter
lsmod | grep br_netfilter
四、yum源配置
- Base repo
cd /etc/yum.repos.d
mv CentOS-Base.repo CentOS-Base.repo.bak
curl -o CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/CentOS-Base.repo - docker repo
curl -o docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo - kubernetes repo
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF - makecache
yum clean all
yum makecache
yum repolist
[root@k8s-master1 /root]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
*base: mirrors.aliyun.com
*epel: mirrors.tuna.tsinghua.edu.cn
*extras: mirrors.aliyun.com
*updates: mirrors.aliyun.com
repo id repo name status
base/7/x86_64 CentOS-7 - Base - mirrors.aliyun.com 10,019
docker-ce-stable/x86_64 Docker CE Stable - x86_64 36
*epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 13,016
extras/7/x86_64 CentOS-7 - Extras - mirrors.aliyun.com 382
kubernetes Kubernetes 336
updates/7/x86_64 CentOS-7 - Updates - mirrors.aliyun.com 1,477
repolist: 25,266
五溯革、禁用Swap
- 禁用Swap
swapoff -a
echo "vm.swappiness = 0">> /etc/sysctl.conf - 生效
sysctl -p
六泌射、docker安裝
yum list docker-ce --showduplicates | sort -r
image.png
yum install docker-ce或者yum install docker-ce-18.09.3(此處不指定版本默認(rèn)為最高版本)
- 啟動(dòng)docker
systemctl enable docker --now - 查看服務(wù)狀態(tài)
systemctl status docker
image.png
七、安裝kubeadm鬓照、kubelet、kubectl
- 安裝kubeadm孤紧、kubelet豺裆、kubectl
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes - 啟動(dòng)kubelet
systemctl enable --now kubelet
八、鏡像
- 國(guó)內(nèi)訪問不到k8s.gcr.io,所以通過從可以下載的國(guó)內(nèi)鏡像源拉取鏡像(比如mirrorgooglecontainers)臭猜,重新打成k8s.gcr.io格式的tag名來解決這個(gè)問題
docker pull docker.io/mirrorgooglecontainers/kube-apiserver-amd64:v1.13.3
docker tag docker.io/mirrorgooglecontainers/kube-apiserver-amd64:v1.13.3 k8s.gcr.io/kube-apiserver:v1.13.3
docker pull docker.io/mirrorgooglecontainers/kube-controller-manager-amd64:v1.13.3
docker tag docker.io/mirrorgooglecontainers/kube-controller-manager-amd64:v1.13.3 k8s.gcr.io/kube-controller-manager:v1.13.3
docker pull docker.io/mirrorgooglecontainers/kube-scheduler-amd64:v1.13.3
docker tag docker.io/mirrorgooglecontainers/kube-scheduler-amd64:v1.13.3 k8s.gcr.io/kube-scheduler:v1.13.3
docker pull docker.io/mirrorgooglecontainers/kube-proxy-amd64:v1.13.3
docker tag docker.io/mirrorgooglecontainers/kube-proxy-amd64:v1.13.3 k8s.gcr.io/kube-proxy:v1.13.3
docker pull docker.io/mirrorgooglecontainers/pause-amd64:3.1
docker tag docker.io/mirrorgooglecontainers/pause-amd64:3.1 k8s.gcr.io/pause:3.1
docker pull docker.io/mirrorgooglecontainers/etcd-amd64:3.2.24
docker tag docker.io/mirrorgooglecontainers/etcd-amd64:3.2.24 k8s.gcr.io/etcd:3.2.24
docker pull docker.io/coredns/coredns:1.2.6
docker tag docker.io/coredns/coredns:1.2.6 k8s.gcr.io/coredns:1.2.6
九躺酒、安裝k8s master
- 初始化
kubeadm init --pod-network-cidr=10.100.0.0/16 - 創(chuàng)建文件夾
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config - flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml - 檢查node狀態(tài)
kubectl get node(下圖是我通過join命令添加工作node節(jié)點(diǎn)之后的狀態(tài))
image.png - 如果環(huán)境始終都是NotReady,檢查一下pod狀態(tài)
kubectl get pod -n kube-system
