对象式编程语言:
- 以数据为中心,代码服务于数据
- 数据:对象
- 代码:方法
- class:类
- 属性,方法
K8S api: REST API(http/https)
- resource -> object
- method: GET ,PUT ,POST, DELETE, PATCH…
k8s:cluster,容器编排系统
- 核心任务:容器编排
- 容器:应用程序
- Pod Controller, Deployment
Kubernetes Network
部署要点
- 测试环境
- 可以使用单Master节点,单etcd实例;
- Node主机数量按需而定
- nfs或glusterfs等存储系统;
- 生产环境
- 高可用etcd集群,建立3、5或7个节点
- 高可用Master
- kube-apiserver无状态,可多实例
- 借助于keepalive进行vip流动实现多实例冗余;
- 或在多实例前端通过HAProxy或Nginx反代,并借助keepalive对代理服务器进行冗余;
- kube-scheduler 及kube-controller-manager各自只能有一个活动实例,但可以有多个备用;
- 各自自带leader选举的功能,并且默认处于启用状态;
- kube-apiserver无状态,可多实例
- 多Node主机,数量越多,冗余能力越强;
- ceph, glusterfs, iSCSI, FC SAN及各种云存储等;
部署工具
-
常用的部署环境
- IaaS公有云环境:AWS, GCE, Azure等
- IaaS私有云或公有云环境:OpenStack和vSphere等;
- Baremetal环境:物理服务器或独立的虚拟机等;
-
常用的部署工具
- kubeadm
- kops
- kubespray
- Kontena Pharos
- …
-
其他二次封装的常用发行版
- Rancher
- Tectonic
- Openshift
- …
-
Master , Node
-
Client -> Master(API Server)
-
Registry:Docker Hub, gcr.io, quay.io
[root@iZ2vcdx512qke62ysebmttZ ~]# systemctl status chronyed
Unit chronyed.service could not be found.
[root@iZ2vcdx512qke62ysebmttZ ~]# date
Fri Jun 4 16:46:30 CST 2021
[root@iZ2vcdx512qke62ysebmttZ ~]# clear
[root@iZ2vcdx512qke62ysebmttZ ~]# systemctl stop firewalld
[root@iZ2vcdx512qke62ysebmttZ ~]# systemctl disable firewalld
[root@iZ2vcdx512qke62ysebmttZ ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config
[root@iZ2vcdx512qke62ysebmttZ ~]# setenforce 0
setenforce: SELinux is disabled
[root@iZ2vcdx512qke62ysebmttZ ~]# swapoff -a
[root@iZ2vcdx512qke62ysebmttZ ~]# sed -ri 's/.*swap.*/#&/' /etc/fstab
[root@iZ2vcdx512qke62ysebmttZ ~]# hostnamectl set-hostname
Invalid number of arguments.
[root@iZ2vcdx512qke62ysebmttZ ~]# hostnamectl set-hostname master
[root@iZ2vcdx512qke62ysebmttZ ~]# cat >> /etc/hosts << EOF
> 47.109.19.74 master
> 47.109.21.242 node01
> 47.109.21.247 node02
> 47.109.23.91 node03
> EOF
[root@iZ2vcdx512qke62ysebmttZ ~]# cat > /etc/sysctl.d/k8s.conf << EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
[root@iZ2vcdx512qke62ysebmttZ ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
vm.swappiness = 0
kernel.sysrq = 1
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
* Applying /etc/sysctl.d/k8s.conf ...
* Applying /etc/sysctl.conf ...
vm.swappiness = 0
kernel.sysrq = 1
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
[root@iZ2vcdx512qke62ysebmttZ ~]# yum install ntpdate -y
Loaded plugins: fastestmirror
Determining fastest mirrors
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/7): epel/x86_64/group_gz | 96 kB 00:00:00
(2/7): base/7/x86_64/group_gz | 153 kB 00:00:00
(3/7): epel/x86_64/updateinfo | 1.0 MB 00:00:00
(4/7): extras/7/x86_64/primary_db | 236 kB 00:00:00
(5/7): epel/x86_64/primary_db | 6.9 MB 00:00:00
(6/7): updates/7/x86_64/primary_db | 8.0 MB 00:00:00
(7/7): base/7/x86_64/primary_db | 6.1 MB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ntpdate.x86_64 0:4.2.6p5-29.el7.centos.2 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================================================
Installing:
ntpdate x86_64 4.2.6p5-29.el7.centos.2 base 87 k
Transaction Summary
====================================================================================================================================================================================
Install 1 Package
Total download size: 87 k
Installed size: 121 k
Downloading packages:
ntpdate-4.2.6p5-29.el7.centos.2.x86_64.rpm | 87 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Installing : ntpdate-4.2.6p5-29.el7.centos.2.x86_64 1/1
Verifying : ntpdate-4.2.6p5-29.el7.centos.2.x86_64 1/1
Installed:
ntpdate.x86_64 0:4.2.6p5-29.el7.centos.2
Complete!
[root@iZ2vcdx512qke62ysebmttZ ~]# ntpdate time.windows.com
4 Jun 17:02:24 ntpdate[1594]: adjust time server 52.231.114.183 offset -0.008640 sec
[root@iZ2vcdx512qke62ysebmttZ ~]# yum -y install gcc
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package gcc.x86_64 0:4.8.5-44.el7 will be installed
--> Processing Dependency: libgomp = 4.8.5-44.el7 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: cpp = 4.8.5-44.el7 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: libgcc >= 4.8.5-44.el7 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: libmpfr.so.4()(64bit) for package: gcc-4.8.5-44.el7.x86_64
--> Processing Dependency: libmpc.so.3()(64bit) for package: gcc-4.8.5-44.el7.x86_64
--> Running transaction check
---> Package cpp.x86_64 0:4.8.5-44.el7 will be installed
---> Package glibc-devel.x86_64 0:2.17-324.el7_9 will be installed
--> Processing Dependency: glibc-headers = 2.17-324.el7_9 for package: glibc-devel-2.17-324.el7_9.x86_64
--> Processing Dependency: glibc = 2.17-324.el7_9 for package: glibc-devel-2.17-324.el7_9.x86_64
--> Processing Dependency: glibc-headers for package: glibc-devel-2.17-324.el7_9.x86_64
---> Package libgcc.x86_64 0:4.8.5-39.el7 will be updated
---> Package libgcc.x86_64 0:4.8.5-44.el7 will be an update
---> Package libgomp.x86_64 0:4.8.5-39.el7 will be updated
---> Package libgomp.x86_64 0:4.8.5-44.el7 will be an update
---> Package libmpc.x86_64 0:1.0.1-3.el7 will be installed
---> Package mpfr.x86_64 0:3.1.1-4.el7 will be installed
--> Running transaction check
---> Package glibc.x86_64 0:2.17-307.el7.1 will be updated
--> Processing Dependency: glibc = 2.17-307.el7.1 for package: nscd-2.17-307.el7.1.x86_64
--> Processing Dependency: glibc = 2.17-307.el7.1 for package: glibc-common-2.17-307.el7.1.x86_64
---> Package glibc.x86_64 0:2.17-324.el7_9 will be an update
---> Package glibc-headers.x86_64 0:2.17-324.el7_9 will be installed
--> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.17-324.el7_9.x86_64
--> Processing Dependency: kernel-headers for package: glibc-headers-2.17-324.el7_9.x86_64
--> Running transaction check
---> Package glibc-common.x86_64 0:2.17-307.el7.1 will be updated
---> Package glibc-common.x86_64 0:2.17-324.el7_9 will be an update
---> Package kernel-headers.x86_64 0:3.10.0-1160.25.1.el7 will be installed
---> Package nscd.x86_64 0:2.17-307.el7.1 will be updated
---> Package nscd.x86_64 0:2.17-324.el7_9 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================================================
Installing:
gcc x86_64 4.8.5-44.el7 base 16 M
Installing for dependencies:
cpp x86_64 4.8.5-44.el7 base 5.9 M
glibc-devel x86_64 2.17-324.el7_9 updates 1.1 M
glibc-headers x86_64 2.17-324.el7_9 updates 691 k
kernel-headers x86_64 3.10.0-1160.25.1.el7 updates 9.0 M
libmpc x86_64 1.0.1-3.el7 base 51 k
mpfr x86_64 3.1.1-4.el7 base 203 k
Updating for dependencies:
glibc x86_64 2.17-324.el7_9 updates 3.6 M
glibc-common x86_64 2.17-324.el7_9 updates 12 M
libgcc x86_64 4.8.5-44.el7 base 103 k
libgomp x86_64 4.8.5-44.el7 base 159 k
nscd x86_64 2.17-324.el7_9 updates 288 k
Transaction Summary
====================================================================================================================================================================================
Install 1 Package (+6 Dependent packages)
Upgrade ( 5 Dependent packages)
Total download size: 49 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/12): glibc-common-2.17-324.el7_9.x86_64.rpm | 12 MB 00:00:00
(2/12): gcc-4.8.5-44.el7.x86_64.rpm | 16 MB 00:00:00
(3/12): cpp-4.8.5-44.el7.x86_64.rpm | 5.9 MB 00:00:00
(4/12): glibc-2.17-324.el7_9.x86_64.rpm | 3.6 MB 00:00:00
(5/12): glibc-devel-2.17-324.el7_9.x86_64.rpm | 1.1 MB 00:00:00
(6/12): glibc-headers-2.17-324.el7_9.x86_64.rpm | 691 kB 00:00:00
(7/12): libgomp-4.8.5-44.el7.x86_64.rpm | 159 kB 00:00:00
(8/12): libmpc-1.0.1-3.el7.x86_64.rpm | 51 kB 00:00:00
(9/12): kernel-headers-3.10.0-1160.25.1.el7.x86_64.rpm | 9.0 MB 00:00:00
(10/12): libgcc-4.8.5-44.el7.x86_64.rpm | 103 kB 00:00:00
(11/12): mpfr-3.1.1-4.el7.x86_64.rpm | 203 kB 00:00:00
(12/12): nscd-2.17-324.el7_9.x86_64.rpm | 288 kB 00:00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 100 MB/s | 49 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : libgcc-4.8.5-44.el7.x86_64 1/17
Updating : glibc-common-2.17-324.el7_9.x86_64 2/17
Updating : glibc-2.17-324.el7_9.x86_64 3/17
Installing : mpfr-3.1.1-4.el7.x86_64 4/17
Installing : libmpc-1.0.1-3.el7.x86_64 5/17
Installing : cpp-4.8.5-44.el7.x86_64 6/17
Updating : libgomp-4.8.5-44.el7.x86_64 7/17
Installing : kernel-headers-3.10.0-1160.25.1.el7.x86_64 8/17
Installing : glibc-headers-2.17-324.el7_9.x86_64 9/17
Installing : glibc-devel-2.17-324.el7_9.x86_64 10/17
Installing : gcc-4.8.5-44.el7.x86_64 11/17
Updating : nscd-2.17-324.el7_9.x86_64 12/17
Cleanup : libgomp-4.8.5-39.el7.x86_64 13/17
Cleanup : nscd-2.17-307.el7.1.x86_64 14/17
Cleanup : glibc-common-2.17-307.el7.1.x86_64 15/17
Cleanup : glibc-2.17-307.el7.1.x86_64 16/17
Cleanup : libgcc-4.8.5-39.el7.x86_64 17/17
Verifying : kernel-headers-3.10.0-1160.25.1.el7.x86_64 1/17
Verifying : nscd-2.17-324.el7_9.x86_64 2/17
Verifying : glibc-2.17-324.el7_9.x86_64 3/17
Verifying : glibc-common-2.17-324.el7_9.x86_64 4/17
Verifying : mpfr-3.1.1-4.el7.x86_64 5/17
Verifying : glibc-headers-2.17-324.el7_9.x86_64 6/17
Verifying : cpp-4.8.5-44.el7.x86_64 7/17
Verifying : glibc-devel-2.17-324.el7_9.x86_64 8/17
Verifying : gcc-4.8.5-44.el7.x86_64 9/17
Verifying : libmpc-1.0.1-3.el7.x86_64 10/17
Verifying : libgcc-4.8.5-44.el7.x86_64 11/17
Verifying : libgomp-4.8.5-44.el7.x86_64 12/17
Verifying : nscd-2.17-307.el7.1.x86_64 13/17
Verifying : libgcc-4.8.5-39.el7.x86_64 14/17
Verifying : libgomp-4.8.5-39.el7.x86_64 15/17
Verifying : glibc-2.17-307.el7.1.x86_64 16/17
Verifying : glibc-common-2.17-307.el7.1.x86_64 17/17
Installed:
gcc.x86_64 0:4.8.5-44.el7
Dependency Installed:
cpp.x86_64 0:4.8.5-44.el7 glibc-devel.x86_64 0:2.17-324.el7_9 glibc-headers.x86_64 0:2.17-324.el7_9 kernel-headers.x86_64 0:3.10.0-1160.25.1.el7 libmpc.x86_64 0:1.0.1-3.el7
mpfr.x86_64 0:3.1.1-4.el7
Dependency Updated:
glibc.x86_64 0:2.17-324.el7_9 glibc-common.x86_64 0:2.17-324.el7_9 libgcc.x86_64 0:4.8.5-44.el7 libgomp.x86_64 0:4.8.5-44.el7 nscd.x86_64 0:2.17-324.el7_9
Complete!
[root@iZ2vcdx512qke62ysebmttZ ~]# yum -y install gcc-c++
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package gcc-c++.x86_64 0:4.8.5-44.el7 will be installed
--> Processing Dependency: libstdc++-devel = 4.8.5-44.el7 for package: gcc-c++-4.8.5-44.el7.x86_64
--> Processing Dependency: libstdc++ = 4.8.5-44.el7 for package: gcc-c++-4.8.5-44.el7.x86_64
--> Running transaction check
---> Package libstdc++.x86_64 0:4.8.5-39.el7 will be updated
---> Package libstdc++.x86_64 0:4.8.5-44.el7 will be an update
---> Package libstdc++-devel.x86_64 0:4.8.5-44.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================================================
Installing:
gcc-c++ x86_64 4.8.5-44.el7 base 7.2 M
Installing for dependencies:
libstdc++-devel x86_64 4.8.5-44.el7 base 1.5 M
Updating for dependencies:
libstdc++ x86_64 4.8.5-44.el7 base 306 k
Transaction Summary
====================================================================================================================================================================================
Install 1 Package (+1 Dependent package)
Upgrade ( 1 Dependent package)
Total download size: 9.0 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/3): libstdc++-4.8.5-44.el7.x86_64.rpm | 306 kB 00:00:00
(2/3): libstdc++-devel-4.8.5-44.el7.x86_64.rpm | 1.5 MB 00:00:00
(3/3): gcc-c++-4.8.5-44.el7.x86_64.rpm | 7.2 MB 00:00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 48 MB/s | 9.0 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : libstdc++-4.8.5-44.el7.x86_64 1/4
Installing : libstdc++-devel-4.8.5-44.el7.x86_64 2/4
Installing : gcc-c++-4.8.5-44.el7.x86_64 3/4
Cleanup : libstdc++-4.8.5-39.el7.x86_64 4/4
Verifying : libstdc++-4.8.5-44.el7.x86_64 1/4
Verifying : gcc-c++-4.8.5-44.el7.x86_64 2/4
Verifying : libstdc++-devel-4.8.5-44.el7.x86_64 3/4
Verifying : libstdc++-4.8.5-39.el7.x86_64 4/4
Installed:
gcc-c++.x86_64 0:4.8.5-44.el7
Dependency Installed:
libstdc++-devel.x86_64 0:4.8.5-44.el7
Dependency Updated:
libstdc++.x86_64 0:4.8.5-44.el7
Complete!
[root@iZ2vcdx512qke62ysebmttZ ~]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-06-04 16:38:09 CST; 25min ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Main PID: 570 (chronyd)
CGroup: /system.slice/chronyd.service
└─570 /usr/sbin/chronyd
Jun 04 16:38:09 AliYun systemd[1]: Starting NTP client/server...
Jun 04 16:38:09 AliYun chronyd[570]: chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 +DEBUG)
Jun 04 16:38:09 AliYun chronyd[570]: Frequency -32.455 +/- 0.741 ppm read from /var/lib/chrony/drift
Jun 04 16:38:09 AliYun systemd[1]: Started NTP client/server.
Jun 04 16:38:46 iZ2vcdx512qke62ysebmttZ chronyd[570]: Selected source 100.100.61.88
Jun 04 16:38:46 iZ2vcdx512qke62ysebmttZ chronyd[570]: System clock wrong by 0.602640 seconds, adjustment started
[root@iZ2vcdx512qke62ysebmttZ ~]# date
Fri Jun 4 17:05:08 CST 2021
[root@iZ2vcdx512qke62ysebmttZ ~]# systemctl restart chronyed
Failed to restart chronyed.service: Unit not found.
[root@iZ2vcdx512qke62ysebmttZ ~]# systemcyl restart chronyd
-bash: systemcyl: command not found
[root@iZ2vcdx512qke62ysebmttZ ~]# systemctl restart chronyd
[root@iZ2vcdx512qke62ysebmttZ ~]# cat /etc/chrony.conf
# Use Alibaba NTP server
# Public NTP
# Alicloud NTP
server ntp.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp.aliyun.com minpoll 4 maxpoll 10 iburst
server ntp1.aliyun.com minpoll 4 maxpoll 10 iburst
server ntp1.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp10.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp11.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp12.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp2.aliyun.com minpoll 4 maxpoll 10 iburst
server ntp2.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp3.aliyun.com minpoll 4 maxpoll 10 iburst
server ntp3.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp4.aliyun.com minpoll 4 maxpoll 10 iburst
server ntp4.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp5.aliyun.com minpoll 4 maxpoll 10 iburst
server ntp5.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp6.aliyun.com minpoll 4 maxpoll 10 iburst
server ntp6.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp7.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp8.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
server ntp9.cloud.aliyuncs.com minpoll 4 maxpoll 10 iburst
# Ignore stratum in source selection.
stratumweight 0.05
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Enable kernel RTC synchronization.
rtcsync
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
makestep 10 3
# Allow NTP client access from local network.
#allow 192.168/16
# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
# Disable logging of client accesses.
noclientlog
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5
logdir /var/log/chrony
#log measurements statistics tracking
[root@iZ2vcdx512qke62ysebmttZ ~]# cat /etc/hosts
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
172.31.197.177 iZ2vcdx512qke62ysebmttZ iZ2vcdx512qke62ysebmttZ
47.109.19.74 master
47.109.21.242 node01
47.109.21.247 node02
47.109.23.91 node03
[root@iZ2vcdx512qke62ysebmttZ ~]# systemctl status iptables
Unit iptables.service could not be found.
[root@iZ2vcdx512qke62ysebmttZ ~]# getenforce
Disabled
[root@iZ2vcdx512qke62ysebmttZ ~]# free -m
total used free shared buff/cache available
Mem: 7551 143 6489 0 919 7167
Swap: 0 0 0
[root@iZ2vcdx512qke62ysebmttZ ~]# cd /usr/lib/modules
[root@iZ2vcdx512qke62ysebmttZ modules]# ls
3.10.0-1127.19.1.el7.x86_64 3.10.0-1127.el7.x86_64
[root@iZ2vcdx512qke62ysebmttZ modules]# uname -r
3.10.0-1127.19.1.el7.x86_64
[root@iZ2vcdx512qke62ysebmttZ modules]# cd 3.10.0-1127.19.1.el7.x86_64/
[root@iZ2vcdx512qke62ysebmttZ 3.10.0-1127.19.1.el7.x86_64]# ls
build kernel modules.alias.bin modules.builtin modules.dep modules.devname modules.modesetting modules.order modules.symbols source vdso
extra modules.alias modules.block modules.builtin.bin modules.dep.bin modules.drm modules.networking modules.softdep modules.symbols.bin updates weak-updates
[root@iZ2vcdx512qke62ysebmttZ 3.10.0-1127.19.1.el7.x86_64]# cd ku
-bash: cd: ku: No such file or directory
[root@iZ2vcdx512qke62ysebmttZ 3.10.0-1127.19.1.el7.x86_64]# cd kernel/
[root@iZ2vcdx512qke62ysebmttZ kernel]# ls
arch crypto drivers fs kernel lib mm net sound virt
[root@iZ2vcdx512qke62ysebmttZ kernel]# cd net/
[root@iZ2vcdx512qke62ysebmttZ net]# ls
6lowpan 8021q bluetooth can core dns_resolver ipv4 key llc mac802154 netlink packet rfkill sctp unix wireless
802 atm bridge ceph dccp ieee802154 ipv6 l2tp mac80211 netfilter openvswitch psample sched sunrpc vmw_vsock xfrm
[root@iZ2vcdx512qke62ysebmttZ net]# cd netfilter/
[root@iZ2vcdx512qke62ysebmttZ netfilter]# cd ipvs
[root@iZ2vcdx512qke62ysebmttZ ipvs]# pwd
/usr/lib/modules/3.10.0-1127.19.1.el7.x86_64/kernel/net/netfilter/ipvs
[root@iZ2vcdx512qke62ysebmttZ ipvs]# ls
ip_vs_dh.ko.xz ip_vs.ko.xz ip_vs_lblcr.ko.xz ip_vs_nq.ko.xz ip_vs_rr.ko.xz ip_vs_sh.ko.xz ip_vs_wrr.ko.xz
ip_vs_ftp.ko.xz ip_vs_lblc.ko.xz ip_vs_lc.ko.xz ip_vs_pe_sip.ko.xz ip_vs_sed.ko.xz ip_vs_wlc.ko.xz
[root@iZ2vcdx512qke62ysebmttZ ipvs]# vim /etc/sysconfig/modules/ipvs.modules
[root@iZ2vcdx512qke62ysebmttZ ipvs]# cd ..
[root@iZ2vcdx512qke62ysebmttZ netfilter]# cd ..
[root@iZ2vcdx512qke62ysebmttZ net]# cd ..
[root@iZ2vcdx512qke62ysebmttZ kernel]# cd ..
[root@iZ2vcdx512qke62ysebmttZ 3.10.0-1127.19.1.el7.x86_64]# cd ..
[root@iZ2vcdx512qke62ysebmttZ modules]# cd ..
[root@iZ2vcdx512qke62ysebmttZ lib]# cd ..
[root@iZ2vcdx512qke62ysebmttZ usr]# cd ..
[root@iZ2vcdx512qke62ysebmttZ /]# cd /etc/yum.repos.d/
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# ls
CentOS-Base.repo epel.repo
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
--2021-06-04 18:35:52-- https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 39.96.118.193, 39.96.118.191, 39.96.118.195, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|39.96.118.193|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2081 (2.0K) [application/octet-stream]
Saving to: ‘/etc/yum.repos.d/docker-ce.repo’
100%[==========================================================================================================================================>] 2,081 --.-K/s in 0s
2021-06-04 18:35:52 (451 MB/s) - ‘/etc/yum.repos.d/docker-ce.repo’ saved [2081/2081]
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# yum -y install docker-ce
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
docker-ce-stable | 3.5 kB 00:00:00
(1/2): docker-ce-stable/7/x86_64/updateinfo | 55 B 00:00:00
(2/2): docker-ce-stable/7/x86_64/primary_db | 62 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package docker-ce.x86_64 3:20.10.7-3.el7 will be installed
--> Processing Dependency: container-selinux >= 2:2.74 for package: 3:docker-ce-20.10.7-3.el7.x86_64
--> Processing Dependency: containerd.io >= 1.4.1 for package: 3:docker-ce-20.10.7-3.el7.x86_64
--> Processing Dependency: docker-ce-cli for package: 3:docker-ce-20.10.7-3.el7.x86_64
--> Processing Dependency: docker-ce-rootless-extras for package: 3:docker-ce-20.10.7-3.el7.x86_64
--> Processing Dependency: libcgroup for package: 3:docker-ce-20.10.7-3.el7.x86_64
--> Running transaction check
---> Package container-selinux.noarch 2:2.119.2-1.911c772.el7_8 will be installed
--> Processing Dependency: policycoreutils-python for package: 2:container-selinux-2.119.2-1.911c772.el7_8.noarch
---> Package containerd.io.x86_64 0:1.4.6-3.1.el7 will be installed
---> Package docker-ce-cli.x86_64 1:20.10.7-3.el7 will be installed
--> Processing Dependency: docker-scan-plugin(x86-64) for package: 1:docker-ce-cli-20.10.7-3.el7.x86_64
---> Package docker-ce-rootless-extras.x86_64 0:20.10.7-3.el7 will be installed
--> Processing Dependency: fuse-overlayfs >= 0.7 for package: docker-ce-rootless-extras-20.10.7-3.el7.x86_64
--> Processing Dependency: slirp4netns >= 0.4 for package: docker-ce-rootless-extras-20.10.7-3.el7.x86_64
---> Package libcgroup.x86_64 0:0.41-21.el7 will be installed
--> Running transaction check
---> Package docker-scan-plugin.x86_64 0:0.8.0-3.el7 will be installed
---> Package fuse-overlayfs.x86_64 0:0.7.2-6.el7_8 will be installed
--> Processing Dependency: libfuse3.so.3(FUSE_3.2)(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64
--> Processing Dependency: libfuse3.so.3(FUSE_3.0)(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64
--> Processing Dependency: libfuse3.so.3()(64bit) for package: fuse-overlayfs-0.7.2-6.el7_8.x86_64
---> Package policycoreutils-python.x86_64 0:2.5-34.el7 will be installed
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-34.el7.x86_64
--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-34.el7.x86_64
---> Package slirp4netns.x86_64 0:0.4.3-4.el7_8 will be installed
--> Running transaction check
---> Package audit-libs-python.x86_64 0:2.8.5-4.el7 will be installed
---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed
---> Package fuse3-libs.x86_64 0:3.6.1-4.el7 will be installed
---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed
---> Package python-IPy.noarch 0:0.75-6.el7 will be installed
---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================================================
Installing:
docker-ce x86_64 3:20.10.7-3.el7 docker-ce-stable 27 M
Installing for dependencies:
audit-libs-python x86_64 2.8.5-4.el7 base 76 k
checkpolicy x86_64 2.5-8.el7 base 295 k
container-selinux noarch 2:2.119.2-1.911c772.el7_8 extras 40 k
containerd.io x86_64 1.4.6-3.1.el7 docker-ce-stable 34 M
docker-ce-cli x86_64 1:20.10.7-3.el7 docker-ce-stable 33 M
docker-ce-rootless-extras x86_64 20.10.7-3.el7 docker-ce-stable 9.2 M
docker-scan-plugin x86_64 0.8.0-3.el7 docker-ce-stable 4.2 M
fuse-overlayfs x86_64 0.7.2-6.el7_8 extras 54 k
fuse3-libs x86_64 3.6.1-4.el7 extras 82 k
libcgroup x86_64 0.41-21.el7 base 66 k
libsemanage-python x86_64 2.5-14.el7 base 113 k
policycoreutils-python x86_64 2.5-34.el7 base 457 k
python-IPy noarch 0.75-6.el7 base 32 k
setools-libs x86_64 3.3.8-4.el7 base 620 k
slirp4netns x86_64 0.4.3-4.el7_8 extras 81 k
Transaction Summary
====================================================================================================================================================================================
Install 1 Package (+15 Dependent packages)
Total download size: 108 M
Installed size: 444 M
Downloading packages:
(1/16): container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm | 40 kB 00:00:00
(2/16): audit-libs-python-2.8.5-4.el7.x86_64.rpm | 76 kB 00:00:00
(3/16): checkpolicy-2.5-8.el7.x86_64.rpm | 295 kB 00:00:00
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-20.10.7-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY.6 MB/s | 53 MB 00:00:15 ETA
Public key for docker-ce-20.10.7-3.el7.x86_64.rpm is not installed
(4/16): docker-ce-20.10.7-3.el7.x86_64.rpm | 27 MB 00:00:14
(5/16): containerd.io-1.4.6-3.1.el7.x86_64.rpm | 34 MB 00:00:17
(6/16): docker-ce-rootless-extras-20.10.7-3.el7.x86_64.rpm | 9.2 MB 00:00:05
(7/16): libcgroup-0.41-21.el7.x86_64.rpm | 66 kB 00:00:00
(8/16): libsemanage-python-2.5-14.el7.x86_64.rpm | 113 kB 00:00:00
(9/16): policycoreutils-python-2.5-34.el7.x86_64.rpm | 457 kB 00:00:00
(10/16): python-IPy-0.75-6.el7.noarch.rpm | 32 kB 00:00:00
(11/16): fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm | 54 kB 00:00:00
(12/16): setools-libs-3.3.8-4.el7.x86_64.rpm | 620 kB 00:00:00
(13/16): fuse3-libs-3.6.1-4.el7.x86_64.rpm | 82 kB 00:00:00
(14/16): slirp4netns-0.4.3-4.el7_8.x86_64.rpm | 81 kB 00:00:00
(15/16): docker-scan-plugin-0.8.0-3.el7.x86_64.rpm | 4.2 MB 00:00:02
(16/16): docker-ce-cli-20.10.7-3.el7.x86_64.rpm | 33 MB 00:00:18
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 3.3 MB/s | 108 MB 00:00:32
Retrieving key from https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
Importing GPG key 0x621E9F35:
Userid : "Docker Release (CE rpm) <docker@docker.com>"
Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
From : https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libcgroup-0.41-21.el7.x86_64 1/16
Installing : 1:docker-ce-cli-20.10.7-3.el7.x86_64 2/16
Installing : docker-scan-plugin-0.8.0-3.el7.x86_64 3/16
Installing : setools-libs-3.3.8-4.el7.x86_64 4/16
Installing : python-IPy-0.75-6.el7.noarch 5/16
Installing : slirp4netns-0.4.3-4.el7_8.x86_64 6/16
Installing : libsemanage-python-2.5-14.el7.x86_64 7/16
Installing : audit-libs-python-2.8.5-4.el7.x86_64 8/16
Installing : fuse3-libs-3.6.1-4.el7.x86_64 9/16
Installing : fuse-overlayfs-0.7.2-6.el7_8.x86_64 10/16
Installing : checkpolicy-2.5-8.el7.x86_64 11/16
Installing : policycoreutils-python-2.5-34.el7.x86_64 12/16
Installing : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch 13/16
setsebool: SELinux is disabled.
Installing : containerd.io-1.4.6-3.1.el7.x86_64 14/16
Installing : docker-ce-rootless-extras-20.10.7-3.el7.x86_64 15/16
Installing : 3:docker-ce-20.10.7-3.el7.x86_64 16/16
Verifying : containerd.io-1.4.6-3.1.el7.x86_64 1/16
Verifying : checkpolicy-2.5-8.el7.x86_64 2/16
Verifying : fuse3-libs-3.6.1-4.el7.x86_64 3/16
Verifying : audit-libs-python-2.8.5-4.el7.x86_64 4/16
Verifying : docker-scan-plugin-0.8.0-3.el7.x86_64 5/16
Verifying : libsemanage-python-2.5-14.el7.x86_64 6/16
Verifying : slirp4netns-0.4.3-4.el7_8.x86_64 7/16
Verifying : 2:container-selinux-2.119.2-1.911c772.el7_8.noarch 8/16
Verifying : python-IPy-0.75-6.el7.noarch 9/16
Verifying : policycoreutils-python-2.5-34.el7.x86_64 10/16
Verifying : 3:docker-ce-20.10.7-3.el7.x86_64 11/16
Verifying : 1:docker-ce-cli-20.10.7-3.el7.x86_64 12/16
Verifying : setools-libs-3.3.8-4.el7.x86_64 13/16
Verifying : docker-ce-rootless-extras-20.10.7-3.el7.x86_64 14/16
Verifying : fuse-overlayfs-0.7.2-6.el7_8.x86_64 15/16
Verifying : libcgroup-0.41-21.el7.x86_64 16/16
Installed:
docker-ce.x86_64 3:20.10.7-3.el7
Dependency Installed:
audit-libs-python.x86_64 0:2.8.5-4.el7 checkpolicy.x86_64 0:2.5-8.el7 container-selinux.noarch 2:2.119.2-1.911c772.el7_8
containerd.io.x86_64 0:1.4.6-3.1.el7 docker-ce-cli.x86_64 1:20.10.7-3.el7 docker-ce-rootless-extras.x86_64 0:20.10.7-3.el7
docker-scan-plugin.x86_64 0:0.8.0-3.el7 fuse-overlayfs.x86_64 0:0.7.2-6.el7_8 fuse3-libs.x86_64 0:3.6.1-4.el7
libcgroup.x86_64 0:0.41-21.el7 libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-34.el7
python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-4.el7 slirp4netns.x86_64 0:0.4.3-4.el7_8
Complete!
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# ls
CentOS-Base.repo docker-ce.repo epel.repo
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# scp CentOS-Base.repo node01:/etc/yum.repos.d/
The authenticity of host 'node01 (47.109.21.242)' can't be established.
ECDSA key fingerprint is SHA256:go6vGDLG4NRuNdDwepj9DuWoiH4vZvkHLPbvAycmnGo.
ECDSA key fingerprint is MD5:87:77:4a:bf:8d:ab:b0:3d:cf:7e:e8:15:aa:d5:03:58.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added 'node01,47.109.21.242' (ECDSA) to the list of known hosts.
root@node01's password:
CentOS-Base.repo 100% 675 1.4MB/s 00:00
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# scp CentOS-Base.repo node02:/etc/yum.repos.d/
The authenticity of host 'node02 (47.109.21.247)' can't be established.
ECDSA key fingerprint is SHA256:6eNAk2WLSNk3Y6/KXN9eqvPCoNzutlFIKJpI8eQGH0M.
ECDSA key fingerprint is MD5:ae:52:d2:f3:42:2c:02:67:be:c6:4a:66:10:ca:53:00.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node02,47.109.21.247' (ECDSA) to the list of known hosts.
root@node02's password:
CentOS-Base.repo 100% 675 1.5MB/s 00:00
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# scp CentOS-Base.repo node03:/etc/yum.repos.d/
The authenticity of host 'node03 (47.109.23.91)' can't be established.
ECDSA key fingerprint is SHA256:5b+GE1ish7pfy23pksKu2lLSPBHF8eY8tEZdgXC7ulY.
ECDSA key fingerprint is MD5:da:d4:d8:3d:5d:93:ae:c7:f2:65:99:7b:de:0f:ea:25.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node03,47.109.23.91' (ECDSA) to the list of known hosts.
root@node03's password:
CentOS-Base.repo 100% 675 1.6MB/s 00:00
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# cd
[root@iZ2vcdx512qke62ysebmttZ ~]# vim /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
Environment="HTTPS_PROXY=http://www.ik8s.io:10070"
Environment="NO_PROXY=127.0.0.0/8,127.18.0.0/16"
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
-- INSERT --
[root@iZ2vcdx512qke62ysebmttZ ~]# systemctl daemon-reload
[root@iZ2vcdx512qke62ysebmttZ ~]# systemctl start docker
[root@iZ2vcdx512qke62ysebmttZ ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.7
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1127.19.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.375GiB
Name: master
ID: V6X4:CRO5:GNNO:QO7Z:4SRY:PO6A:UDKS:QF3F:5ONN:6CP7:YIOE:B37K
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTPS Proxy: http://www.ik8s.io:10070
No Proxy: 127.0.0.0/8,127.18.0.0/16
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
[root@iZ2vcdx512qke62ysebmttZ ~]# iptables -vnL
Chain INPUT (policy ACCEPT 1078 packets, 141K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 724 packets, 100K bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
[root@iZ2vcdx512qke62ysebmttZ ~]# sysctl -a | grep bridge
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-filter-pppoe-tagged = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0
net.bridge.bridge-nf-pass-vlan-input-dev = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.docker0.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
[root@iZ2vcdx512qke62ysebmttZ ~]# vim /etc/sysctl.conf
[root@iZ2vcdx512qke62ysebmttZ ~]# vim /etc/sysctl.d/k8s.conf
[root@iZ2vcdx512qke62ysebmttZ ~]# sysctl -p /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@iZ2vcdx512qke62ysebmttZ ~]#
[root@iZ2vcdx512qke62ysebmttZ ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@iZ2vcdx512qke62ysebmttZ ~]# cd /etc/yum.repos.d
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# ls
CentOS-Base.repo docker-ce.repo epel.repo
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# vim kubernetes.repo
[kubernetes]
name=Kubernetes Repository
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
repo id repo name status
base/7/x86_64 CentOS-7 10,072
docker-ce-stable/7/x86_64 Docker CE Stable - x86_64 117
epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 13,606
extras/7/x86_64 CentOS-7 476
updates/7/x86_64 CentOS-7 2,189
repolist: 26,460
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# yum list all | grep "^kube"
kubernetes.x86_64 1.5.2-0.7.git269f928.el7 extras
kubernetes-ansible.noarch 0.6.0-0.1.gitd65ebd5.el7 epel
kubernetes-client.x86_64 1.5.2-0.7.git269f928.el7 extras
kubernetes-master.x86_64 1.5.2-0.7.git269f928.el7 extras
kubernetes-node.x86_64 1.5.2-0.7.git269f928.el7 extras
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
> https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# yum install -y kubelet kubeadm kubectl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
kubernetes | 1.4 kB 00:00:00
kubernetes/primary | 90 kB 00:00:00
kubernetes 666/666
Resolving Dependencies
--> Running transaction check
---> Package kubeadm.x86_64 0:1.21.1-0 will be installed
--> Processing Dependency: kubernetes-cni >= 0.8.6 for package: kubeadm-1.21.1-0.x86_64
--> Processing Dependency: cri-tools >= 1.13.0 for package: kubeadm-1.21.1-0.x86_64
---> Package kubectl.x86_64 0:1.21.1-0 will be installed
---> Package kubelet.x86_64 0:1.21.1-0 will be installed
--> Processing Dependency: socat for package: kubelet-1.21.1-0.x86_64
--> Processing Dependency: conntrack for package: kubelet-1.21.1-0.x86_64
--> Running transaction check
---> Package conntrack-tools.x86_64 0:1.4.4-7.el7 will be installed
--> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.1)(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
--> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.0)(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
--> Processing Dependency: libnetfilter_cthelper.so.0(LIBNETFILTER_CTHELPER_1.0)(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
--> Processing Dependency: libnetfilter_queue.so.1()(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
--> Processing Dependency: libnetfilter_cttimeout.so.1()(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
--> Processing Dependency: libnetfilter_cthelper.so.0()(64bit) for package: conntrack-tools-1.4.4-7.el7.x86_64
---> Package cri-tools.x86_64 0:1.13.0-0 will be installed
---> Package kubernetes-cni.x86_64 0:0.8.7-0 will be installed
---> Package socat.x86_64 0:1.7.3.2-2.el7 will be installed
--> Running transaction check
---> Package libnetfilter_cthelper.x86_64 0:1.0.0-11.el7 will be installed
---> Package libnetfilter_cttimeout.x86_64 0:1.0.0-7.el7 will be installed
---> Package libnetfilter_queue.x86_64 0:1.0.2-2.el7_2 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================================================
Installing:
kubeadm x86_64 1.21.1-0 kubernetes 9.5 M
kubectl x86_64 1.21.1-0 kubernetes 9.8 M
kubelet x86_64 1.21.1-0 kubernetes 20 M
Installing for dependencies:
conntrack-tools x86_64 1.4.4-7.el7 base 187 k
cri-tools x86_64 1.13.0-0 kubernetes 5.1 M
kubernetes-cni x86_64 0.8.7-0 kubernetes 19 M
libnetfilter_cthelper x86_64 1.0.0-11.el7 base 18 k
libnetfilter_cttimeout x86_64 1.0.0-7.el7 base 18 k
libnetfilter_queue x86_64 1.0.2-2.el7_2 base 23 k
socat x86_64 1.7.3.2-2.el7 base 290 k
Transaction Summary
====================================================================================================================================================================================
Install 3 Packages (+7 Dependent packages)
Total download size: 64 M
Installed size: 280 M
Downloading packages:
(1/10): conntrack-tools-1.4.4-7.el7.x86_64.rpm | 187 kB 00:00:00
(2/10): 14bfe6e75a9efc8eca3f638eb22c7e2ce759c67f95b43b16fae4ebabde1549f3-cri-tools-1.13.0-0.x86_64.rpm | 5.1 MB 00:00:01
(3/10): e0511a4d8d070fa4c7bcd2a04217c80774ba11d44e4e0096614288189894f1c5-kubeadm-1.21.1-0.x86_64.rpm | 9.5 MB 00:00:03
(4/10): 3944a45bec4c99d3489993e3642b63972b62ed0a4ccb04cc7655ce0467fddfef-kubectl-1.21.1-0.x86_64.rpm | 9.8 MB 00:00:02
(5/10): libnetfilter_cthelper-1.0.0-11.el7.x86_64.rpm | 18 kB 00:00:00
(6/10): libnetfilter_cttimeout-1.0.0-7.el7.x86_64.rpm | 18 kB 00:00:00
(7/10): libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm | 23 kB 00:00:00
(8/10): socat-1.7.3.2-2.el7.x86_64.rpm | 290 kB 00:00:00
(9/10): c47efa28c5935ed2ffad234e2b402d937dde16ab072f2f6013c71d39ab526f40-kubelet-1.21.1-0.x86_64.rpm | 20 MB 00:00:06
(10/10): db7cb5cb0b3f6875f54d10f02e625573988e3e91fd4fc5eef0b1876bb18604ad-kubernetes-cni-0.8.7-0.x86_64.rpm | 19 MB 00:00:05
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 6.1 MB/s | 64 MB 00:00:10
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libnetfilter_cthelper-1.0.0-11.el7.x86_64 1/10
Installing : socat-1.7.3.2-2.el7.x86_64 2/10
Installing : libnetfilter_cttimeout-1.0.0-7.el7.x86_64 3/10
Installing : cri-tools-1.13.0-0.x86_64 4/10
Installing : kubectl-1.21.1-0.x86_64 5/10
Installing : libnetfilter_queue-1.0.2-2.el7_2.x86_64 6/10
Installing : conntrack-tools-1.4.4-7.el7.x86_64 7/10
Installing : kubernetes-cni-0.8.7-0.x86_64 8/10
Installing : kubelet-1.21.1-0.x86_64 9/10
Installing : kubeadm-1.21.1-0.x86_64 10/10
Verifying : conntrack-tools-1.4.4-7.el7.x86_64 1/10
Verifying : kubernetes-cni-0.8.7-0.x86_64 2/10
Verifying : kubeadm-1.21.1-0.x86_64 3/10
Verifying : libnetfilter_queue-1.0.2-2.el7_2.x86_64 4/10
Verifying : kubectl-1.21.1-0.x86_64 5/10
Verifying : cri-tools-1.13.0-0.x86_64 6/10
Verifying : libnetfilter_cttimeout-1.0.0-7.el7.x86_64 7/10
Verifying : socat-1.7.3.2-2.el7.x86_64 8/10
Verifying : libnetfilter_cthelper-1.0.0-11.el7.x86_64 9/10
Verifying : kubelet-1.21.1-0.x86_64 10/10
Installed:
kubeadm.x86_64 0:1.21.1-0 kubectl.x86_64 0:1.21.1-0 kubelet.x86_64 0:1.21.1-0
Dependency Installed:
conntrack-tools.x86_64 0:1.4.4-7.el7 cri-tools.x86_64 0:1.13.0-0 kubernetes-cni.x86_64 0:0.8.7-0 libnetfilter_cthelper.x86_64 0:1.0.0-11.el7
libnetfilter_cttimeout.x86_64 0:1.0.0-7.el7 libnetfilter_queue.x86_64 0:1.0.2-2.el7_2 socat.x86_64 0:1.7.3.2-2.el7
Complete!
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# rpm -ql kubelet
/etc/kubernetes/manifests
/etc/sysconfig/kubelet
/usr/bin/kubelet
/usr/lib/systemd/system/kubelet.service
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# rpm -ql kubeadm
/usr/bin/kubeadm
/usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# rpm -ql kubelet
/etc/kubernetes/manifests
/etc/sysconfig/kubelet
/usr/bin/kubelet
/usr/lib/systemd/system/kubelet.service
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# cat /usr/lib/systemd/system/kubelet.service
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# kubeadm -h #查看有哪些命令
Usage:
kubeadm [command]
Available Commands:
certs Commands related to handling kubernetes certificates
completion Output shell completion code for the specified shell (bash or zsh)
config Manage configuration for a kubeadm cluster persisted in a ConfigMap in the cluster
help Help about any command
init Run this command in order to set up the Kubernetes control plane
join Run this on any machine you wish to join an existing cluster
kubeconfig Kubeconfig file utilities
reset Performs a best effort revert of changes made to this host by 'kubeadm init' or 'kubeadm join'
token Manage bootstrap tokens
upgrade Upgrade your cluster smoothly to a newer version with this command
version Print the version of kubeadm
Flags:
--add-dir-header If true, adds the file directory to the header of the log messages
-h, --help help for kubeadm
--log-file string If non-empty, use this log file
--log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--one-output If true, only write logs to their native severity level (vs also writing to each lower severity level)
--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files
-v, --v Level number for the log level verbosity
Use "kubeadm [command] --help" for more information about a command.
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# kubeadm config print init-defaults
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: node
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: 1.21.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]#kubeadm init --kubernetes-version="1.21.0" --pod-network-cidr="10.244.0.0/16" --dry-run
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.31.197.177:6443 --token mxyz5h.x2nkn71uq1w2dn2n \
--discovery-token-ca-cert-hash sha256:48e6caa9d8b2d083f59ed4523c75997dedac628c57d7bec57d4a6070482f971b
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.21.1
k8s.gcr.io/kube-controller-manager:v1.21.1
k8s.gcr.io/kube-scheduler:v1.21.1
k8s.gcr.io/kube-proxy:v1.21.1
k8s.gcr.io/pause:3.4.1
k8s.gcr.io/etcd:3.4.13-0
k8s.gcr.io/coredns/coredns:v1.8.0
kubeadm config images pull --image-repository=https://lank8s.cn
kubeadm init --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.21.1
docker pull mirrorgooglecontainers/kube-apiserver-amd64:v1.21.1
docker pull mirrorgooglecontainers/kube-controller-manager-amd64:v1.21.1
docker pull mirrorgooglecontainers/kube-scheduler-amd64:v1.21.1
docker pull mirrorgooglecontainers/kube-proxy-amd64:v1.21.1
docker pull mirrorgooglecontainers/pause:3.4.1
docker pull mirrorgooglecontainers/etcd-amd64:3.4.13-0
docker pull coredns/coredns:1.8.0
docker pull kry1702/kube-apiserver:v1.21.1
docker pull kry1702/kube-controller-manager:v1.21.1
docker pull kry1702/kube-scheduler:v1.21.1
docker pull kry1702/kube-proxy:v1.21.1
docker pull kry1702/pause:3.4.1
docker pull kry1702/etcd:3.4.13-0
docker pull kry1702/coredns:1.8.0
#把master节点的内容拷贝到其他node节点的操作(这个是不依赖右键的发送键盘输入的所有会话 上面的操作是依赖右键的发送键盘输入的所有会话,就不用一个一个单独处理)
scp /etc/sysctl.d/k8s.conf node01:/etc/sysctl.d/
scp /etc/sysctl.d/k8s.conf node02:/etc/sysctl.d/
scp /etc/sysctl.d/k8s.conf node03:/etc/sysctl.d/
scp /usr/lib/systemd/system/docker.service node01:/usr/lib/systemd/system/docker.service
scp /usr/lib/systemd/system/docker.service node02:/usr/lib/systemd/system/docker.service
scp /usr/lib/systemd/system/docker.service node03:/usr/lib/systemd/system/docker.service
#3个node节点都要执行
systemctl daemon-reload && systemctl start docker
docker info
systemctl enable docker
- flannel: 10.244.0.0/16 (默认地址)
- calico: 192.168.0.0/16 (默认地址)
出现的错误
[root@iZ2vcdx512qke62ysebmttZ yum.repos.d]# kubeadm init --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.21.1
[init] Using Kubernetes version: v1.21.1
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING Service-Kubelet]: kubelet service is not enabled, please run 'systemctl enable kubelet.service'
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR ImagePull]: failed to pull image registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.1: output: Error response from daemon: Get https://registry.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.1: output: Error response from daemon: Get https://registry.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.1: output: Error response from daemon: Get https://registry.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.aliyuncs.com/google_containers/kube-proxy:v1.21.1: output: Error response from daemon: Get https://registry.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.aliyuncs.com/google_containers/pause:3.4.1: output: Error response from daemon: Get https://registry.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.aliyuncs.com/google_containers/etcd:3.4.13-0: output: Error response from daemon: Get https://registry.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[ERROR ImagePull]: failed to pull image registry.aliyuncs.com/google_containers/coredns/coredns:v1.8.0: output: Error response from daemon: Get https://registry.aliyuncs.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher