1. master and worker 关闭防火墙以及SElinux
防火墙
firewall-cmd --state
systemctl stop firewalld.service
systemctl disable firewalld.service
SElinux
getenforce
setenforce 0
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
2.允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
3.install Container runtimes
{安装 docker 网址}
1)Install the yum-utils package
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
2)Install Docker Engine
sudo yum install docker-ce docker-ce-cli containerd.io
3)Start Docker
sudo systemctl start docker
4)Verify that Docker Engine is installed correctly by running the hello-world image.
docker run hello-world
5)配置 Docker 守护程序,尤其是使用 systemd 来管理容器的 cgroup
sudo mkdir /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
6)重新启动 Docker 并启用开机自启动
sudo systemctl enable docker
sudo systemctl daemon-reload
sudo systemctl restart docker
4.install kubeadm、kubelet、kubectl
1)基于CentOS
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
|