CentOS 7 安装 docker、 Kubernetes 2020-01-16 10:39:11 | viperasi ### 修改yum仓库 ***阿里云跳过*** 1. 安装yum工具 ``` yum install -y yum-utils device-mapper-persistent-data lvm2 ``` 2. 备份原仓库文件 ``` mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup ``` 3. 添加阿里云仓库文件 ``` yum-config-manager --add-repo http://mirrors.aliyun.com/repo/Centos-7.repo ``` 4. 修改为基础仓库文件 ``` mv /etc/yum.repos.d/Centos-7.repo /etc/yum.repos.d/CentOS-Base.repo ``` 5. 添加docker的阿里云源 ``` yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo ``` 6. 更新缓存 ``` yum makecache fast ``` ### 安装docker-ce 1. yum安装docker ``` yum install -y docker-ce ``` 2. 配置镜像加速器 ``` mkdir -p /etc/docker vim /etc/docker/daemon.json { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ] } systemctl daemon-reload systemctl restart docker ``` ### 禁用linux swap 1. 编辑`/etc/fstab`,注释swap行 2. 输入`swapoff -a` 3. 重启 ### 禁用selinux ``` setenforce 0 ``` ### 关闭防火墙 ``` systemctl disable firewalld systemctl stop firewalld ``` ### 设置k8s源 ``` vim /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg ``` ### 安装kubectl ``` yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes vim /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 sysctl --system systemctl daemon-reload systemctl restart kubelet ``` ### 设置自启动 ``` systemctl enable docker && systemctl start docker systemctl enable kubelet && systemctl start kubelet ``` ### 拉取镜像  ### 初始化kubeadm #### 基于flannel  ### 取消污点 ``` kubectl taint nodes --all node-role.kubernetes.io/master- ``` ### 安装flannel ``` docker pull quay.azk8s.cn/coreos/flannel:v0.11.0-amd64 docker tag quay.azk8s.cn/coreos/flannel:v0.11.0-amd64 quay.io/coreos/flannel:v0.11.0-amd64 docker rmi quay.azk8s.cn/coreos/flannel:v0.11.0-amd64 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml ``` ### 安装dashboard ``` wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml kubectl apply -f kubernetes-dashboard.yaml ``` ### 修改dashboard类型 ``` kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard type: NodePort kubectl get svc kubernetes-dashboard -n kubernetes-dashboard ``` ### 创建管理员 ``` #Create a new ServiceAccount kubectl create serviceaccount k8sadmin -n kube-system #Create a ClusterRoleBinding with Cluster Admin Privileges kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin #Get the token kubectl get secret -n kube-system | grep k8sadmin | cut -d " " -f1 | xargs -n 1 | xargs kubectl get secret -o 'jsonpath={.data.token}' -n kube-system | base64 --decode ``` ### 登录 ``` kubectl get secret --all-namespaces kubectl describe secret admin-token-xxx -n kube-system ``` ***使用firefox打开 `https://<master-ip>:<svc-port>`*** ### 增加nodes 1. 创建token(master) ``` kubeadm token create ``` 2. 获取token(master) ``` kubeadm token list ``` 3. 获取hash(master) ``` openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \ openssl dgst -sha256 -hex | sed 's/^.* //' ``` 4. 修改hostname(node) ``` vim /etc/hostname reboot ``` 5. 添加(node) ``` kubeadm join --token=9o4dwm.u0pdm2tdf95gidqq 192.168.1.109:6443 --discovery-token-ca-cert-hash sha256:8be084a0278361aa8ec776f366f51b64195e444ae70388af5d8460bbf6844fff ``` ### 其他命令 重制(可能失效): `kubeadm reset` ### 国内镜像表 |全局|国内|格式|例子| |-|-|-|-| |gcr.io|gcr.azk8s.cn|gcr.azk8s.cn/<repo-name>/<image-name>:<version>|gcr.azk8s.cn/google_containers/hyperkube-amd64:v1.13.5| |quay.io|quay.azk8s.cn|quay.azk8s.cn/<repo-name>/<image-name>:<version>|quay.azk8s.cn/deis/go-dev:v1.10.0|