1.开局一张架构图

image.png

2.修改IP、主机名和相互host解析

10.0.0.11  k8s-master
10.0.0.12  k8s-node-1
10.0.0.13  k8s-node-2

3.master节点安装etcd(数据库)

yum install etcd -y

vim /etc/etcd/etcd.conf  
6行：ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
21行：ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"

systemctl start etcd.service
systemctl enable etcd.service

4.master节点安装kubernetes

yum install kubernetes-master.x86_64 -y

vim /etc/kubernetes/apiserver 
8行: KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"  
11行：KUBE_API_PORT="--port=8080"  
14行： KUBELET_PORT="--kubelet-port=10250"  
17行：KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.0.11:2379"  
23行：KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"  
23行是删除了一个插件，注意对比

vim /etc/kubernetes/config  
22行：KUBE_MASTER="--master=http://10.0.0.11:8080"

systemctl enable kube-apiserver.service  
systemctl restart kube-apiserver.service  
systemctl enable kube-controller-manager.service  
systemctl restart kube-controller-manager.service  
systemctl enable kube-scheduler.service  
systemctl restart kube-scheduler.service

5.node节点安装kubernetes

yum install kubernetes-node.x86_64 -y

vim /etc/kubernetes/config 
22行：KUBE_MASTER="--master=http://10.0.0.11:8080"

vim /etc/kubernetes/kubelet  
5行：KUBELET_ADDRESS="--address=0.0.0.0"  
8行：KUBELET_PORT="--port=10250"  
11行：KUBELET_HOSTNAME="--hostname-override=10.0.0.12"    注意13节点此IP为10.0.0.13
14行：KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080"

systemctl enable kubelet.service  
systemctl start kubelet.service  
systemctl enable kube-proxy.service  
systemctl start kube-proxy.service

master节点检查node节点有没有注册进来

[root@k8s-master ~]# kubectl get nodes
NAME        STATUS    AGE
10.0.0.12   Ready     37s
10.0.0.13   Ready     39s

6.所有节点配置flannel网络

所有节点
yum install flannel -y
sed -i 's#http://127.0.0.1:2379#http://10.0.0.11:2379#g' /etc/sysconfig/flanneld

master节点：
etcdctl mk /atomic.io/network/config '{ "Network": "172.16.0.0/16" }'

yum install docker -y  
systemctl enable flanneld.service 
systemctl restart flanneld.service 
service docker restart  
systemctl restart kube-apiserver.service  
systemctl restart kube-controller-manager.service  
systemctl restart kube-scheduler.service

node节点：  
systemctl enable flanneld.service 
systemctl restart flanneld.service 
service docker restart  
systemctl restart kubelet.service  
systemctl restart kube-proxy.service

所有节点下载镜象(测试)

wget http://192.168.12.201/docker_image/docker_busybox.tar.gz
所有节点导入镜象  
docker load -i docker_busybox.tar.gz  
所有节点启动容器  
docker run -it docker.io/busybox:latest  

flannel会自动修改iptables规则，此时发现容器不能互ping了
解决：再给它改成接受模式，注意是所有节点:
iptables -P FORWARD ACCEPT

但是这是临时的，永久生效方法:
vim /usr/lib/systemd/system/docker.service
17行下边：
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT

重启生效
systemctl daemon-reload
重启docker测试网络是否还是通的
systemctl restart docker

7.配置master为镜像仓库

所有节点  
vim /etc/sysconfig/docker
把原来的OPTIONS注释掉，加上下边的一行
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=[https://registry.docker-cn.com](https://registry.docker-cn.com) --insecure-registry=10.0.0.11:5000'

systemctl restart kubelet.service

master节点起动一个registry仓库,需要先上传镜象，略

docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry  registry

任意一个node节点测试私有仓库
打标签
docker tag docker.io/busybox
10.0.0.11:5000/docker.io/busybox
上传到私有仓库
docker push 10.0.0.11:5000/docker.io/busybox