都是走的国内镜像源

关闭 selinux

1
2

setenforce 0 #实时动态关闭 selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config #禁止重启后自动开启

关闭交换分区

1
2

swapoff -a #实时动态关闭交换分区
sed -i '/ swap / s/^/#/' /etc/fstab #禁止重启后自动开启

网络配置文件

1
2
3
4
5
6
7
8
9

cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF

modprobe br_netfilter  #执行该命令 如果不执行就会在应用k8s.conf时出现加载错误
sysctl -p /etc/sysctl.d/k8s.conf #应用配置文件

yum换国内源

1
2
3
4
5

cd /etc/yum.repos.d  && \
sudo mv CentOS-Base.repo CentOS-Base.repo.bak && \
sudo wget -O CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo && \
yum clean all && \
yum makecache

配置k8s资源的下载地址

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

cat <<EOF > /etc/yum.repos.d/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
        http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安装依赖

1

yum install -y docker kubelet kubeadm kubectl

docker换源

1
2
3
4
5
6
7
8

mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF

service docker restart

开机启动

1
2
3

systemctl disable firewalld.service  && systemctl stop firewalld.service 
systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet

下载k8s依赖镜像

获取依赖的镜像

1

kubeadm config images list

国内用户通过阿里云镜像下载k8s依赖组件

1
2
3
4
5

kubeadm config images list |sed -e 's/^/docker pull /g' -e 's#k8s.gcr.io#registry.cn-hangzhou.aliyuncs.com/google_containers#g' |sh -x

docker images |grep registry.cn-hangzhou.aliyuncs.com/google_containers |awk '{print "docker tag ",$1":"$2,$1":"$2}' |sed -e 's#registry.cn-hangzhou.aliyuncs.com/google_containers#k8s.gcr.io#2' |sh -x

docker images |grep registry.cn-hangzhou.aliyuncs.com/google_containers |awk '{print "docker rmi ", $1":"$2}' |sh -x

主节点初始化

Kubernetes v1.14.3

1

kubeadm init --kubernetes-version=1.14.3

执行成功后出现

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.31.120:6443 --token 6nelb5.lrc5qbs0k3v64eln \
    --discovery-token-ca-cert-hash sha256:c55a113114d664133685430a86f2e39f40e9df6b12ad3f4d65462fd372079e97

node节点启动

1
2

kubeadm join 192.168.31.120:6443 --token 6nelb5.lrc5qbs0k3v64eln \
    --discovery-token-ca-cert-hash sha256:c55a113114d664133685430a86f2e39f40e9df6b12ad3f4d65462fd372079e97

就是初始化后的最后一条命令

主节点执行:

1
2
3
4

[root@localhost ~]# kubectl get nodes
NAME                    STATUS     ROLES    AGE     VERSION
localhost.localdomain   NotReady   master   40m     v1.14.3
miwifi-r3-srv           NotReady   <none>   3m48s   v1.14.3

状态还是notReady

查看文档 https://kubernetes.io/docs/concepts/cluster-administration/addons/

这里选了 weave 插件文档: https://www.weave.works/docs/net/latest/kubernetes/kube-addon/ 执行命令

1

kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"

稍微等几分钟就可以看到正常了

1
2
3
4

[root@localhost ~]# kubectl get nodes
NAME                    STATUS     ROLES    AGE   VERSION
localhost.localdomain   Ready      master   49m   v1.14.3
miwifi-r3-srv           Ready      <none>   12m   v1.14.3

kubeadm token 过期的情况

kubeadm join 用到的token有效期是24h

生成 token, 查看token

1
2
3
4
5

$ kubeadm token create
rugi2c.bb97e7ney91bogbg
$ kubeadm token list
TOKEN                     TTL       EXPIRES                     USAGES                   DESCRIPTION   EXTRA GROUPS
rugi2c.bb97e7ney91bogbg   23h       2019-06-18T22:28:11+08:00   authentication,signing   <none>        system:bootstrappers:kubeadm:default-node-token

生成证书

1

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

新token加入

1
2

kubeadm join 192.168.31.120:6443 --token rugi2c.bb97e7ney91bogbg \
    --discovery-token-ca-cert-hash sha256:c55a113114d664133685430a86f2e39f40e9df6b12ad3f4d65462fd372079e97

搭建教程 部署node节点