This is the sixth day of my participation in the August More text Challenge. For details, see: August More Text Challenge
1. Preparation
1. Check the environment
Swapoff -a // Disable swap setenforce 0 // Temporarily disable selinuxCopy the codeThe following contents cannot be the same for each machine
Sudo cat/sys/class/dmi/id/product_uuid / / each machine at the same uuid cannot ifconfig - a / / IP cannot be the sameCopy the code2. Open the port
| agreement | The direction of | Port range | role | The user |
|---|---|---|---|---|
| TCP | The inbound | 6443 | Kubernetes API server | All of the components |
| TCP | The inbound | 2379-2380. | Etcd Server client API | kube-apiserver, etcd |
| TCP | The inbound | 10250 | Kubelet API | Kubelet itself, control plane components |
| TCP | The inbound | 10251 | kube-scheduler | Kube – the scheduler itself |
| TCP | The inbound | 10252 | kube-controller-manager | Kube – controller – manager itself |
| TCP | The inbound | 8080 | kubelet | Kubelet itself |
| agreement | The direction of | Port range | role | The user |
|---|---|---|---|---|
| TCP | The inbound | 10250 | Kubelet API | Kubelet itself, control plane components |
| TCP | The inbound | 30000-32767. | NodePort service † | All of the components |
3. Allow iptables to check bridge traffic
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
Copy the code2. Install
1. Install kubeadm, Kubectl, kubelet
Add mirror cat < < EOF | sudo tee/etc/yum repos. D/kubernetes. '[kubernetes] name = kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 EOF # Sudo setenforce 0 sudo sed -i 's/^ SELinux =enforcing$/ SELinux =permissive/' sudo setenforce 0 sudo sed -i 's/^ SELinux =enforcing$/ SELinux =permissive/' /etc/selinux/config sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes sudo systemctl enable Kubeadm version kubectl version --client kubelet --versionCopy the codeIf the following information is displayed, the installation is successful and the installed version is visible.
2. Install the plug-in
yum -y install socat conntrack-tools
Copy the code3. Change the docker group to systemd
Docker needs to be installed in advance
sudo mkdir /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
sudo systemctl enable docker
sudo systemctl daemon-reload
sudo systemctl restart docker
Copy the codeThe above steps can not be modified, but there will be a warning.
4. K8s pull the required mirror
The kubeadm config images pull command can be used to download the image, but there is a high probability that the connection will fail, so use the Ali image command!
If v1.21.0 is used, the statement can be the same as the owner, otherwise, please pull it according to the above command.
Docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.21.1 docker pull Registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.21.1 docker pull Registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.21.1 docker pull Registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.21.1 docker pull Registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.4.1 docker pull Registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0 docker pull coredns/coredns: 1.8.0 comes withCopy the codeWhen installing k8S, the image with the prefix k8s.gcr. IO will be obtained by default, so change the name of the image downloaded above.
Docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver:v1.21.1 k8s. GCR. IO/kube - apiserver: v1.21.1 Docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.21.1 k8s. GCR. IO/kube - proxy: v1.21.1 docker The tag registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager:v1.21.1 K8s. GCR. IO/kube - controller - manager: v1.21.1 docker tag Registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.21.1 k8s. GCR. IO/kube - the scheduler: v1.21.1 docker tag Registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.4.1 k8s. GCR. IO/pause: 3.4.1 track docker tag coredns/coredns: 1.8.0 comes with K8s. GCR. IO/coredns/coredns: v1.8.0 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0 K8s. GCR. IO/etcd: 3.4.13-0Copy the codeThe above steps are the same as the master installation.
5. Join the master
Modifying a Host Mapping
vi /etc/hosts
Copy the code
Kubeadm join 192.168.18.15:6443 --token ry0rwa.oly8kisb7ruceenx --discovery-token-ca-cert-hash sha256:16928607989901f182d2f835fb12f450de6bd9e7571b84bf7a93408af917d5e3Copy the codeChange the kubelet startup group to systemd. If the kubelet startup group is already systemd, do not change the value
vi /var/lib/kubelet/config.yaml
Copy the code
If the login fails, the token may be invalid. You can run kubeadm token create to obtain a new token.
6. Specify the configuration file
export KUBECONFIG=/etc/kubernetes/kubelet.conf
Copy the codeRemember that flannel does not need to be installed for Nodes
7. Verify
kubectl get nodes
Copy the codeIf the following words appear, it will be successful.
Attention!! In master and Node installations, file downloads fail and errors are reported. The most typical is the master /opt/cni/bin file download often failed if encountered this error. So need many times next time, or directly redo the system, many times to download, until the file download success!!