都是走的国内镜像源 — 鲁迅
关闭 selinux
setenforce 0 #实时动态关闭 selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #禁止重启后自动开启
关闭交换分区
swapoff -a #实时动态关闭交换分区
sed -i '/ swap / s/^/#/' /etc/fstab #禁止重启后自动开启
网络配置文件
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF
modprobe br_netfilter #执行该命令 如果不执行就会在应用 k8s.conf 时出现加载错误
sysctl -p /etc/sysctl.d/k8s.conf #应用配置文件
yum 换国内源
cd /etc/yum.repos.d && \
sudo mv CentOS-Base.repo CentOS-Base.repo.bak && \
sudo wget -O CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo && \
yum clean all && \
yum makecache
配置 k8s 资源的下载地址
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
安装依赖
yum install -y docker kubelet kubeadm kubectl
docker 换源
mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{"registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF
service docker restart
开机启动
systemctl disable firewalld.service && systemctl stop firewalld.service
systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet
下载 k8s 依赖镜像
获取依赖的镜像
kubeadm config images list
国内用户通过阿里云镜像下载 k8s 依赖组件
kubeadm config images list |sed -e 's/^/docker pull /g' -e 's#k8s.gcr.io#registry.cn-hangzhou.aliyuncs.com/google_containers#g' |sh -x
docker images |grep registry.cn-hangzhou.aliyuncs.com/google_containers |awk '{print"docker tag ",$1":"$2,$1":"$2}' |sed -e 's#registry.cn-hangzhou.aliyuncs.com/google_containers#k8s.gcr.io#2' |sh -x
docker images |grep registry.cn-hangzhou.aliyuncs.com/google_containers |awk '{print"docker rmi ", $1":"$2}' |sh -x
主节点初始化
Kubernetes v1.14.3
kubeadm init --kubernetes-version=1.14.3
执行成功后出现
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.31.120:6443 --token 6nelb5.lrc5qbs0k3v64eln \
--discovery-token-ca-cert-hash sha256:c55a113114d664133685430a86f2e39f40e9df6b12ad3f4d65462fd372079e97
node 节点启动
kubeadm join 192.168.31.120:6443 --token 6nelb5.lrc5qbs0k3v64eln \
--discovery-token-ca-cert-hash sha256:c55a113114d664133685430a86f2e39f40e9df6b12ad3f4d65462fd372079e97
就是初始化后的最后一条命令
主节点执行:
[root@localhost ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
localhost.localdomain NotReady master 40m v1.14.3
miwifi-r3-srv NotReady <none> 3m48s v1.14.3
状态还是 notReady
查看文档 https://kubernetes.io/docs/co…
这里选了 weave 插件文档:https://www.weave.works/docs/…
执行命令
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d'\n')"
稍微等几分钟就可以看到正常了
[root@localhost ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
localhost.localdomain Ready master 49m v1.14.3
miwifi-r3-srv Ready <none> 12m v1.14.3
kubeadm token 过期的情况
kubeadm join
用到的 token 有效期是 24h
生成 token, 查看 token
$ kubeadm token create
rugi2c.bb97e7ney91bogbg
$ kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
rugi2c.bb97e7ney91bogbg 23h 2019-06-18T22:28:11+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
生成证书
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
新 token 加入
kubeadm join 192.168.31.120:6443 --token rugi2c.bb97e7ney91bogbg \
--discovery-token-ca-cert-hash sha256:c55a113114d664133685430a86f2e39f40e9df6b12ad3f4d65462fd372079e97
搭建教程
部署 node 节点