都是走的国内镜像源 -- 鲁迅
关闭 selinux
setenforce 0 #实时动态关闭 selinuxsed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #禁止重启后自动开启关闭交换分区
swapoff -a #实时动态关闭交换分区sed -i '/ swap / s/^/#/' /etc/fstab #禁止重启后自动开启网络配置文件
cat <<EOF > /etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1vm.swappiness=0EOFmodprobe br_netfilter #执行该命令 如果不执行就会在应用k8s.conf时出现加载错误sysctl -p /etc/sysctl.d/k8s.conf #应用配置文件yum换国内源
cd /etc/yum.repos.d && \sudo mv CentOS-Base.repo CentOS-Base.repo.bak && \sudo wget -O CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo && \yum clean all && \yum makecache配置k8s资源的下载地址
cat <<EOF > /etc/yum.repos.d/kubernetes.repo[kubernetes]name=Kubernetesbaseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64enabled=1gpgcheck=0repo_gpgcheck=0gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF安装依赖
yum install -y docker kubelet kubeadm kubectl docker换源
mkdir -p /etc/dockersudo tee /etc/docker/daemon.json <<-'EOF'{"registry-mirrors": ["https://registry.docker-cn.com"]}EOFservice docker restart开机启动
systemctl disable firewalld.service && systemctl stop firewalld.service systemctl enable docker && systemctl start dockersystemctl enable kubelet && systemctl start kubelet下载k8s依赖镜像
获取依赖的镜像
kubeadm config images list国内用户通过阿里云镜像下载k8s依赖组件
kubeadm config images list |sed -e 's/^/docker pull /g' -e 's#k8s.gcr.io#registry.cn-hangzhou.aliyuncs.com/google_containers#g' |sh -xdocker images |grep registry.cn-hangzhou.aliyuncs.com/google_containers |awk '{print "docker tag ",$1":"$2,$1":"$2}' |sed -e 's#registry.cn-hangzhou.aliyuncs.com/google_containers#k8s.gcr.io#2' |sh -xdocker images |grep registry.cn-hangzhou.aliyuncs.com/google_containers |awk '{print "docker rmi ", $1":"$2}' |sh -x主节点初始化
Kubernetes v1.14.3
kubeadm init --kubernetes-version=1.14.3执行成功后出现
To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/configYou should now deploy a pod network to the cluster.Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.31.120:6443 --token 6nelb5.lrc5qbs0k3v64eln \ --discovery-token-ca-cert-hash sha256:c55a113114d664133685430a86f2e39f40e9df6b12ad3f4d65462fd372079e97 node节点启动
kubeadm join 192.168.31.120:6443 --token 6nelb5.lrc5qbs0k3v64eln \ --discovery-token-ca-cert-hash sha256:c55a113114d664133685430a86f2e39f40e9df6b12ad3f4d65462fd372079e97 就是初始化后的最后一条命令
主节点执行:
[root@localhost ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONlocalhost.localdomain NotReady master 40m v1.14.3miwifi-r3-srv NotReady <none> 3m48s v1.14.3状态还是notReady
查看文档 https://kubernetes.io/docs/co...
这里选了 weave 插件文档: https://www.weave.works/docs/...
执行命令
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"稍微等几分钟就可以看到正常了
[root@localhost ~]# kubectl get nodesNAME STATUS ROLES AGE VERSIONlocalhost.localdomain Ready master 49m v1.14.3miwifi-r3-srv Ready <none> 12m v1.14.3kubeadm token 过期的情况
kubeadm join 用到的token有效期是24h
生成 token, 查看token
$ kubeadm token createrugi2c.bb97e7ney91bogbg$ kubeadm token listTOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPSrugi2c.bb97e7ney91bogbg 23h 2019-06-18T22:28:11+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token生成证书
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'新token加入
kubeadm join 192.168.31.120:6443 --token rugi2c.bb97e7ney91bogbg \ --discovery-token-ca-cert-hash sha256:c55a113114d664133685430a86f2e39f40e9df6b12ad3f4d65462fd372079e97搭建教程
部署node节点