# 参考文档
* https://www.kubernetes.org.cn/3805.html
# 登陆
ssh root@106.75.52.120
# 关闭防火墙
systemctl stop firewalld.service
firewall-cmd --state
# 关闭SELinux
setenforce 0
# 关闭swap
swapoff -a
$ vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
# 配置生效
$ sysctl -p
#? 如果出现错误:
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
解决办法:
$ modprobe br_netfilter
$ ls /proc/sys/net/bridge
$ sysctl -p
# 配置阿里的k8s yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
EOF
yum -y install epel-release
yum clean all
yum makecache
$ yum -y install docker kubelet kubeadm kubectl kubernetes-cni
$ systemctl enable docker && systemctl start docker
$ systemctl enable kubelet && systemctl start kubelet
# 配置阿里云加速器:https://cr.console.aliyun.com/?spm=5176.100239.blogcont29941.12.ZHezpK&accounttraceid=b1470ebf-4d43-4297-a1b3-53a301489251&accounttraceid=763124e6-2a9d-44c1-b2af-d1838e893cce&accounttraceid=3d71343f-02e9-4cc6-bfc8-a851f69d25ac&accounttraceid=7be50ad2-2a4a-4426-a2c1-3ca7d19ea03f&accounttraceid=68fe30b8-f535-4db3-aee8-7f12f2a453be#/accelerator
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://jx5nyh7c.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
# 脚本下载k8s镜像
#!/bin/bash
images=(kube-proxy-amd64:v1.10.0 kube-scheduler-amd64:v1.10.0 kube-controller-manager-amd64:v1.10.0 kube-apiserver-amd64:v1.10.0
etcd-amd64:3.1.12 pause-amd64:3.1 kubernetes-dashboard-amd64:v1.8.3 k8s-dns-sidecar-amd64:1.14.8 k8s-dns-kube-dns-amd64:1.14.8
k8s-dns-dnsmasq-nanny-amd64:1.14.8)
for imageName in ${images[@]} ; do
docker pull keveon/$imageName
docker tag keveon/$imageName k8s.gcr.io/$imageName
docker rmi keveon/$imageName
done
$ kubeadm init --kubernetes-version=v1.10.0 --pod-network-cidr=10.244.0.0/16
# 开启使用集群
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 拷贝记住token值(示例)
kubeadm join 10.6.5.93:6443 --token pstun8.9h4o4iw10gz7fe6n --discovery-token-ca-cert-hash sha256:9b495669f5128e46e737fb0feb0f40df5d144492b5dcb81a9fc403755cdc5b85
# 安装flannel网络
mkdir -p /etc/cni/net.d/
cat <<EOF> /etc/cni/net.d/10-flannel.conf
{
“name”: “cbr0”,
“type”: “flannel”,
“delegate”: {
“isDefaultGateway”: true
}
}
EOF
mkdir /usr/share/oci-umount/oci-umount.d -p
mkdir /run/flannel/
cat <<EOF> /run/flannel/subnet.env
FLANNEL_NETWORK=10.244.0.0/16
FLANNEL_SUBNET=10.244.1.0/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true
EOF
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.yml
# 添加docker信任仓库生成secret(***替换为相应值)
$ kubectl create secret docker-registry *** --docker-server=*** --docker-username=*** --docker-password=*** --docker-email=*** -n ***
$ kubectl -n dev get secret
# 将master节点也作为一个node节点
$ kubectl taint nodes --all node-role.kubernetes.io/master-
# 安装docker-compose
$ sudo curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
注意:
1、Service Port Range 默认为:30000-32767
2、外网ip的防火墙需要开启对应端口
网友评论