废柴安装k8s1.10

前言:实验室k8s1.10证书到期 防止损坏集群,我现在本地自己安装了一遍,centos7,k8s1.10

事先准备:安装固定版本的docker
见上一篇博客 这里安装的是
废柴安装k8s1.10
1、禁用防火墙

systemctl stop firewalld systemctl disable firewalld

2、禁用SELINUX和关闭swap

setenforce 0
vi /etc/selinux/config

设置SELINUX=disabled

swapoff -a
vi /etc/fstab

注释掉swap那行

编辑 /etc/hosts 文件,添加域名解析。

cat <<EOF >>/etc/hosts
192.168.223.130 master
EOF

3、设置路由

cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl -p /etc/sysctl.d/k8s.conf

4、下载国内镜像到本地,并tag为k8s内镜像

docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/kube-apiserver-amd64:v1.10.0
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/kube-scheduler-amd64:v1.10.0
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/kube-controller-manager-amd64:v1.10.0
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/kube-proxy-amd64:v1.10.0
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/k8s-dns-kube-dns-amd64:1.14.8
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/k8s-dns-dnsmasq-nanny-amd64:1.14.8
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/k8s-dns-sidecar-amd64:1.14.8
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/etcd-amd64:3.1.12
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64
docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/pause-amd64:3.1
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/kube-apiserver-amd64:v1.10.0 k8s.gcr.io/kube-apiserver-amd64:v1.10.0
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/kube-scheduler-amd64:v1.10.0 k8s.gcr.io/kube-scheduler-amd64:v1.10.0
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/kube-controller-manager-amd64:v1.10.0 k8s.gcr.io/kube-controller-manager-amd64:v1.10.0
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/kube-proxy-amd64:v1.10.0 k8s.gcr.io/kube-proxy-amd64:v1.10.0
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/k8s-dns-kube-dns-amd64:1.14.8 k8s.gcr.io/k8s-dns-kube-dns-amd64:1.14.8
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/k8s-dns-dnsmasq-nanny-amd64:1.14.8 k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64:1.14.8
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/k8s-dns-sidecar-amd64:1.14.8 k8s.gcr.io/k8s-dns-sidecar-amd64:1.14.8
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/etcd-amd64:3.1.12 k8s.gcr.io/etcd-amd64:3.1.12
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64
docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/pause-amd64:3.1 k8s.gcr.io/pause-amd64:3.1

5、设置k8s的国内源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

6、安装 kubelet、kubeadm、kubectl

yum install -y  kubernetes-cni-0.6.0  kubelet-1.10.0 kubeadm-1.10.0 kubectl-1.10.0  --disableexcludes=kubernetes

7、配置 kubelet

kubelet生成的配置文件将参数–cgroup-driver和docker的cgroup-driver必须一致

修改文件kubelet的配置文件/etc/systemd/system/kubelet.service.d/10-kubeadm.conf

将其中的KUBELET_CGROUP_ARGS参数更改成cgroupfs:

Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs"

Kubernetes从1.8开始要求关闭系统的 Swap ,可以通过 kubelet 的启动参数–fail-swap-on=false更改这个限制,在上面的配置文件中增加一项配置:

Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"

最后,重新加载配置并启动kubelet

systemctl daemon-reload

systemctl enable kubelet && systemctl start kubelet

8、用kubeadm初始化

注意:如果是flannel网络–pod-network-cidr=10.244.0.0/16, 如果是Calico网络–pod-network-cidr=192.168.0.0/16

kubeadm init   --apiserver-advertise-address=192.168.223.130   --kubernetes-version=v1.10.0 --pod-network-cidr=10.244.0.0/16

如果想要master也可以调度pod,则运行下面命令:

kubectl taint nodes --all node-role.kubernetes.io/master-

9、设置权限

要使kubectl适用于非root用户,请运行以下命令:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

或者,如果您是root用户,则可以运行:

export KUBECONFIG=/etc/kubernetes/admin.conf

10、安装flannel网络

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.10.0/Documentation/kube-flannel.yml

11、查看POD节点

kubectl get pods --all-namespaces

所有节点,状态都是Running,则表示安装成功

上一篇:谷歌助力,快速实现 Java 应用容器化


下一篇:第三方工具---阿里云内容安全