master
---安装docker---
# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum install -y docker-ce docker-ce-cli containerd.io
# systemctl start docker
# systemctl enable docker
# docker run hello-world
# cat /etc/docker/daemon.json
{
"registry-mirrors": ["http://271d509e.m.daocloud.io"],
"insecure-registries": ["quay.io","daocloud.io","aliyuncs.com"],
"dns": ["172.31.27.224"],
"bip": "192.168.2.1/24",
"fixed-cidr": "192.168.2.0/25"
}
# systemctl restart docker
---0准备----
关闭防火墙
# systemctl stop firewalld
# systemctl disable firewalld
修改主机名
# vi /etc/hostname
# vi /etc/hosts
# systemctl reboot
设置selinux disable
# setenforce 0
# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
以下命令是让swapoff永久生效。如果不好用,就每次手动执行 swapoff -a吧
# sed -ri 's/.*swap.*/#&/' /etc/fstab
# vi /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
# modprobe br_netfilter
# sysctl -p /etc/sysctl.d/k8s.conf
---1安装kubelet、kubeadm、kubectl----
# vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
如果这步不成功,就多试几次。如果实在不行就把上一步的repo文件中的https改成http
# systemctl enable --now kubelet
---2拉取镜像----
# kubeadm config images list |sed -e 's/^/docker pull /g' -e 's#k8s.gcr.io#daocloud.io/daocloud#g'|sh -x
如果 x509: certificate signed by unknown authority,那么如下两步:
1.# echo -n | openssl s_client -showcerts -connect dseasb33srnrn.cloudfront.net:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> /etc/ssl/certs/ca-certificates.crt
2.# systemctl restart docker
或者加参数 --insecure-registry daocloud.io
# docker images |grep daocloud.io/daocloud |awk '{print "docker tag",$1":"$2,$1":"$2}' |sed -e 's/daocloud.io\/daocloud/k8s.gcr.io/2' |sh -x
# docker images |grep daocloud.io/daocloud |awk '{print "docker rmi """$1""":"""$2}' |sh -x
---3安装Flannel插件-----
# kubeadm init --pod-network-cidr=10.244.0.0/16
# export KUBECONFIG=/etc/kubernetes/admin.conf
# vi ~/.bash_profile
在最后写入这行:(这是为了永久生效的)
export KUBECONFIG=/etc/kubernetes/admin.conf
# systemctl start kubelet
---4 下载网络插件-----
# docker pull quay.io/coreos/flannel:v0.11.0-amd64
---5 安装网络插件----
# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
如果提示x509什么的,就用把本文件同目录下的kube-flannel.yml文件搞到Master机器。使用本地文件重新搞一次就行。
---6设置master也可以运行Pod----
# kubectl taint nodes --all node-role.kubernetes.io/master-
------------------------------------------------------------
Node
---安装docker---
# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# yum install -y docker-ce docker-ce-cli containerd.io
# systemctl start docker
# systemctl enable docker
# docker run hello-world
# cat /etc/docker/daemon.json
{
"registry-mirrors": ["http://271d509e.m.daocloud.io"],
"insecure-registries": ["quay.io","daocloud.io","aliyuncs.com"],
"dns": ["172.2.67.233"],
"bip": "192.168.2.1/24",
"fixed-cidr": "192.168.2.0/25"
}
# systemctl restart docker
---0准备----
关闭防火墙
# systemctl stop firewalld
# systemctl disable firewalld
修改主机名
# vi /etc/hostname
# vi /etc/hosts
# systemctl reboot
设置selinux disable
# setenforce 0
# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
以下命令是让swapoff永久生效。如果不好用,就每次手动执行 swapoff -a吧
# sed -ri 's/.*swap.*/#&/' /etc/fstab
# vi /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
# modprobe br_netfilter
# sysctl -p /etc/sysctl.d/k8s.conf
---1安装kubelet、kubeadm、kubectl----
# vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
如果这步不成功,就把上一步的repo文件中的https改成http
# systemctl enable --now kubelet
---2拉取镜像----
# kubeadm config images list |sed -e 's/^/docker pull /g' -e 's#k8s.gcr.io#daocloud.io/daocloud#g'|sh -x
如果 x509: certificate signed by unknown authority,那么如下两步:
1.# echo -n | openssl s_client -showcerts -connect dseasb33srnrn.cloudfront.net:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> /etc/ssl/certs/ca-certificates.crt
2.# systemctl restart docker
或者加参数 --insecure-registry daocloud.io
# docker images |grep daocloud.io/daocloud |awk '{print "docker tag",$1":"$2,$1":"$2}' |sed -e 's/daocloud.io\/daocloud/k8s.gcr.io/2' |sh -x
# docker images |grep daocloud.io/daocloud |awk '{print "docker rmi """$1""":"""$2}' |sh -x
---3 下载网络插件-----
# docker pull quay.io/coreos/flannel:v0.11.0-amd64
---4 加入节点-----
运行 kubeadm init 输出中记录的那一行
# systemctl start kubelet
------------------------------------------------------------
Master
----7验证---
# kubectl get nodes
# kubectl get pods --all-namespaces