K8S单机安装

K8S单机部署

环境：
CentOS Linux release 7.6

1.关闭centos自带的防火墙

systemctl disable firewalld
systemctl stop firewalld 

2.安装etcd和kubernetes软件（会自动安装docker）

yum install -y etcd kubernetes

修改
vi /etc/sysconfig/docker

OPTIONS='--selinux-enabled=false --insecure-registry gcr.io --log-driver=journald'

vi /etc/kubernetes/apiserver
删除ServiceAccount

#KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

启动所有服务

# systemctl start etcd
# systemctl start docker
# systemctl start kube-apiserver
# systemctl start kube-controller-manager
# systemctl start kube-scheduler
# systemctl start kubelet
# systemctl start kube-proxy

入门实例

docker pull nginx
kubectl run my-nginx --image=nginx --port=80
kubectl get pod
如果无法看到ready 1/1状态，看日志，如果是防火墙导致无法下载googlecontainer，需要手工下载
docker pull googlecontainer/pause-amd64:3.0
docker tag googlecontainer/pause-amd64:3.0 gcr.io/google_containers/pause-amd64:3.0

还是无法启动，测试查看日志
kubectl describe pod my-nginx-379829228-wln18

Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

错误跟证书无法找到有关

yum remove *rhsm* -y
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem

再次查看，显示成功
kubectl get pod -o wide

NAME                       READY     STATUS    RESTARTS   AGE       IP           NODE
my-nginx-379829228-wln18   1/1       Running   0          3m        172.17.0.2   127.0.0.1

运行nginx
curl 172.17.0.2