一.本实验要求:
要求使用centos7以上的镜像,推荐使用centos镜像7.4(4.21G)
下载链接及提取码:
链接: https://pan.baidu.com/s/1ENVgs7jM-sXC_RuvNX5yaw 提取码: zp43
二.所使用到的虚拟机:
192.168.31.61 k8s-master
192.168.31.62 k8s-node1
192.168.31.63 k8s-node2
三:实验流程:
1.所有节点关闭防火墙并设置开机禁止启动(以下都对所有节点进行操作):

[root@k8s-master ~]# systemctl stop firewalld.service
[root@k8s-master ~]# systemctl disable firewalld.service

2.永久关闭SElinux:

[root@k8s-master ~]# sed -i 's/enforcing/disabled/' /etc/selinux/config
[root@k8s-master ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     disabled - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of disabled.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 


[root@k8s-master ~]# 

3.关闭swap分区:

[root@k8s-master ~]# swapoff -a
进入配置文件,把最后一行删除掉
[root@k8s-master ~]# cat /etc/fstab 

#
# /etc/fstab
# Created by anaconda on Mon Mar 23 19:36:39 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=ecb13695-25d2-4a0d-a277-93db5ec1ef39 /boot                   xfs     defaults        0 0
#/dev/mapper/centos-swap swap                    swap    defaults        0 0

执行命令
[root@k8s-master ~]# echo vm.swappiness=0 >> /etc/sysctl.conf

重启后查看内存:
[root@k8s-master ~]# free -m
              total        used        free      shared  buff/cache   available
Mem:           1823         338         756           8         728        1252
Swap:             0           0           0

4.设置主机名并使用bash生效(分别在对应的节点进行操作):

[root@k8s-master ~]# hostnamectl set-hostname k8s-master(两个node1,node2节点分别执行)
[root@k8s-master ~]# bash
[root@k8s-master ~]# 

5.在所有节点添加hosts:

[root@k8s-master ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.31.61 k8s-master
192.168.31.62 k8s-node1
192.168.31.63 k8s-node2
[root@k8s-master ~]#

6.将桥接的IPV4流量传递到iptables:

[root@k8s-master ~]# cat >> /etc/sysctl.d/k8s.conf << EOF
> net.bridge.bridge-nf-ca11-ip6tables = 1
> net.bridge.bridge-nf-ca11-iptables = 1
> EOF
[root@k8s-master ~]# cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-ca11-ip6tables = 1
net.bridge.bridge-nf-ca11-iptables = 1
[root@k8s-master ~]# 

生效:

[root@k8s-master ~]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
* Applying /etc/sysctl.conf ...
[root@k8s-master ~]# 

7.时间同步:

[root@k8s-master ~]# yum install -y ntpdate
已加载插件:fastestmirror
base                                                                         | 3.6 kB  00:00:00     
extras                                                                       | 2.9 kB  00:00:00     
updates                                                                      | 2.9 kB  00:00:00     
(1/2): extras/7/x86_64/primary_db                                            | 165 kB  00:00:00     
(2/2): updates/7/x86_64/primary_db                                           | 7.6 MB  00:00:01     
Determining fastest mirrors
 * base: mirror.lzu.edu.cn
 * extras: mirror.lzu.edu.cn
 * updates: mirror.lzu.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 ntpdate.x86_64.0.4.2.6p5-29.el7.centos 将被 安装
--> 解决依赖关系完成

依赖关系解决

====================================================================================================
 Package             架构               版本                                 源                大小
====================================================================================================
正在安装:
 ntpdate             x86_64             4.2.6p5-29.el7.centos                base              86 k

事务概要
====================================================================================================
安装  1 软件包

总下载量:86 k
安装大小:121 k
Downloading packages:
ntpdate-4.2.6p5-29.el7.centos.x86_64.rpm                                     |  86 kB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安装    : ntpdate-4.2.6p5-29.el7.centos.x86_64                                            1/1 
  验证中      : ntpdate-4.2.6p5-29.el7.centos.x86_64                                            1/1 

已安装:
  ntpdate.x86_64 0:4.2.6p5-29.el7.centos                                                            

完毕!
[root@k8s-master ~]# ntpdate time.windows.com
16 Apr 13:29:35 ntpdate[12311]: adjust time server 40.81.188.85 offset 0.002105 sec
[root@k8s-master ~]# cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
cp: "/usr/share/zoneinfo/Asia/Shanghai""/etc/localtime" 为同一文件
[root@k8s-master ~]# 

8.安装docker,建议安装18.06.1版本的,最新版本BUG比较多,推荐18.06.1版本:

[root@k8s-master ~]# wget https://mirrors.aliyu.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
[root@k8s-master ~]# cd /etc/yum.repos.d
[root@k8s-master yum.repos.d]# ll
总用量 32
-rw-r--r--. 1 root root 1664 8月  30 2017 CentOS-Base.repo
-rw-r--r--. 1 root root 1309 8月  30 2017 CentOS-CR.repo
-rw-r--r--. 1 root root  649 8月  30 2017 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root  314 8月  30 2017 CentOS-fasttrack.repo
-rw-r--r--. 1 root root  630 8月  30 2017 CentOS-Media.repo
-rw-r--r--. 1 root root 1331 8月  30 2017 CentOS-Sources.repo
-rw-r--r--. 1 root root 3830 8月  30 2017 CentOS-Vault.repo
-rw-r--r--  1 root root  374 4月  16 13:41 docker-ce.repo

如果遇到报错,可以下载我上传的文件直接使用:
链接: https://pan.baidu.com/s/1VqRXGj1rC0fKjvQW5yg0ow 提取码: 543k

安装之前先卸载安装的旧版本:
[root@k8s-master ~]#systemctl stop docker
[root@k8s-master ~]#yum -y remove docker-ce(io)
[root@k8s-master ~]#rm -rf /var/lib/docker
[root@k8s-master ~]# yum install -y gcc
[root@k8s-master ~]# yum install -y gcc-c++
[root@k8s-master ~]# yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotage \
docker-selinux \
docker-engine-selinux \
docker-engine
[root@k8s-master ~]# yum -y install docker-ce-18.06.1.ce-3.el7
已加载插件:fastestmirror
docker-ce-stable                                                             | 3.5 kB  00:00:00     
(1/2): docker-ce-stable/x86_64/primary_db                                    |  41 kB  00:00:00     
(2/2): docker-ce-stable/x86_64/updateinfo                                    |   55 B  00:00:00     
Loading mirror speeds from cached hostfile
 * base: mirror.lzu.edu.cn
 * extras: mirror.lzu.edu.cn
 * updates: mirror.lzu.edu.cn
正在解决依赖关系
--> 正在检查事务
---> 软件包 docker-ce.x86_64.0.18.06.1.ce-3.el7 将被 安装
--> 正在处理依赖关系 container-selinux >= 2.9,它被软件包 docker-ce-18.06.1.ce-3.el7.x86_64 需要
--> 正在处理依赖关系 libcgroup,它被软件包 docker-ce-18.06.1.ce-3.el7.x86_64 需要
--> 正在检查事务
---> 软件包 container-selinux.noarch.2.2.107-3.el7 将被 安装
--> 正在处理依赖关系 selinux-policy-targeted >= 3.13.1-216.el7,它被软件包 2:container-selinux-2.107-3.el7.noarch 需要
--> 正在处理依赖关系 selinux-policy-base >= 3.13.1-216.el7,它被软件包 2:container-selinux-2.107-3.el7.noarch 需要
--> 正在处理依赖关系 selinux-policy >= 3.13.1-216.el7,它被软件包 2:container-selinux-2.107-3.el7.noarch 需要
--> 正在处理依赖关系 policycoreutils-python,它被软件包 2:container-selinux-2.107-3.el7.noarch 需要
---> 软件包 libcgroup.x86_64.0.0.41-21.el7 将被 安装
--> 正在检查事务
---> 软件包 policycoreutils-python.x86_64.0.2.5-33.el7 将被 安装
--> 正在处理依赖关系 policycoreutils = 2.5-33.el7,它被软件包 policycoreutils-python-2.5-33.el7.x86_64 需要
--> 正在处理依赖关系 setools-libs >= 3.3.8-4,它被软件包 policycoreutils-python-2.5-33.el7.x86_64 需要
--> 正在处理依赖关系 libsemanage-python >= 2.5-14,它被软件包 policycoreutils-python-2.5-33.el7.x86_64 需要
--> 正在处理依赖关系 audit-libs-python >= 2.1.3-4,它被软件包 policycoreutils-python-2.5-33.el7.x86_64 需要
--> 正在处理依赖关系 python-IPy,它被软件包 policycoreutils-python-2.5-33.el7.x86_64 需要
--> 正在处理依赖关系 libqpol.so.1(VERS_1.4)(64bit),它被软件包 policycoreutils-python-2.5-33.el7.x86_64 需要
--> 正在处理依赖关系 libqpol.so.1(VERS_1.2)(64bit),它被软件包 policycoreutils-python-2.5-33.el7.x86_64 需要
--> 正在处理依赖关系 libapol.so.4(VERS_4.0)(64bit),它被软件包 policycoreutils-python-2.5-33.el7.x86_64 需要
--> 正在处理依赖关系 checkpolicy,它被软件包 policycoreutils-python-2.5-33.el7.x86_64 需要
--> 正在处理依赖关系 libqpol.so.1()(64bit),它被软件包 policycoreutils-python-2.5-33.el7.x86_64 需要
--> 正在处理依赖关系 libapol.so.4()(64bit),它被软件包 policycoreutils-python-2.5-33.el7.x86_64 需要
---> 软件包 selinux-policy.noarch.0.3.13.1-166.el7 将被 升级
---> 软件包 selinux-policy.noarch.0.3.13.1-252.el7_7.6 将被 更新
--> 正在处理依赖关系 libsemanage >= 2.5-13,它被软件包 selinux-policy-3.13.1-252.el7_7.6.noarch 需要
---> 软件包 selinux-policy-targeted.noarch.0.3.13.1-166.el7 将被 升级
---> 软件包 selinux-policy-targeted.noarch.0.3.13.1-252.el7_7.6 将被 更新
--> 正在检查事务
---> 软件包 audit-libs-python.x86_64.0.2.8.5-4.el7 将被 安装
--> 正在处理依赖关系 audit-libs(x86-64) = 2.8.5-4.el7,它被软件包 audit-libs-python-2.8.5-4.el7.x86_64 需要
---> 软件包 checkpolicy.x86_64.0.2.5-8.el7 将被 安装
---> 软件包 libsemanage.x86_64.0.2.5-8.el7 将被 升级
---> 软件包 libsemanage.x86_64.0.2.5-14.el7 将被 更新
--> 正在处理依赖关系 libsepol >= 2.5-10,它被软件包 libsemanage-2.5-14.el7.x86_64 需要
--> 正在处理依赖关系 libselinux >= 2.5-14,它被软件包 libsemanage-2.5-14.el7.x86_64 需要
---> 软件包 libsemanage-python.x86_64.0.2.5-14.el7 将被 安装
---> 软件包 policycoreutils.x86_64.0.2.5-17.1.el7 将被 升级
---> 软件包 policycoreutils.x86_64.0.2.5-33.el7 将被 更新
--> 正在处理依赖关系 libselinux-utils >= 2.5-14,它被软件包 policycoreutils-2.5-33.el7.x86_64 需要
---> 软件包 python-IPy.noarch.0.0.75-6.el7 将被 安装
---> 软件包 setools-libs.x86_64.0.3.3.8-4.el7 将被 安装
--> 正在检查事务
---> 软件包 audit-libs.x86_64.0.2.7.6-3.el7 将被 升级
--> 正在处理依赖关系 audit-libs(x86-64) = 2.7.6-3.el7,它被软件包 audit-2.7.6-3.el7.x86_64 需要
---> 软件包 audit-libs.x86_64.0.2.8.5-4.el7 将被 更新
---> 软件包 libselinux.x86_64.0.2.5-11.el7 将被 升级
--> 正在处理依赖关系 libselinux(x86-64) = 2.5-11.el7,它被软件包 libselinux-python-2.5-11.el7.x86_64 需要
---> 软件包 libselinux.x86_64.0.2.5-14.1.el7 将被 更新
---> 软件包 libselinux-utils.x86_64.0.2.5-11.el7 将被 升级
---> 软件包 libselinux-utils.x86_64.0.2.5-14.1.el7 将被 更新
---> 软件包 libsepol.x86_64.0.2.5-6.el7 将被 升级
---> 软件包 libsepol.x86_64.0.2.5-10.el7 将被 更新
--> 正在检查事务
---> 软件包 audit.x86_64.0.2.7.6-3.el7 将被 升级
---> 软件包 audit.x86_64.0.2.8.5-4.el7 将被 更新
---> 软件包 libselinux-python.x86_64.0.2.5-11.el7 将被 升级
---> 软件包 libselinux-python.x86_64.0.2.5-14.1.el7 将被 更新
--> 解决依赖关系完成

依赖关系解决

====================================================================================================
 Package                       架构         版本                       源                      大小
====================================================================================================
正在安装:
 docker-ce                     x86_64       18.06.1.ce-3.el7           docker-ce-stable        41 M
为依赖而安装:
 audit-libs-python             x86_64       2.8.5-4.el7                base                    76 k
 checkpolicy                   x86_64       2.5-8.el7                  base                   295 k
 container-selinux             noarch       2:2.107-3.el7              extras                  39 k
 libcgroup                     x86_64       0.41-21.el7                base                    66 k
 libsemanage-python            x86_64       2.5-14.el7                 base                   113 k
 policycoreutils-python        x86_64       2.5-33.el7                 base                   457 k
 python-IPy                    noarch       0.75-6.el7                 base                    32 k
 setools-libs                  x86_64       3.3.8-4.el7                base                   620 k
为依赖而更新:
 audit                         x86_64       2.8.5-4.el7                base                   256 k
 audit-libs                    x86_64       2.8.5-4.el7                base                   102 k
 libselinux                    x86_64       2.5-14.1.el7               base                   162 k
 libselinux-python             x86_64       2.5-14.1.el7               base                   235 k
 libselinux-utils              x86_64       2.5-14.1.el7               base                   151 k
 libsemanage                   x86_64       2.5-14.el7                 base                   151 k
 libsepol                      x86_64       2.5-10.el7                 base                   297 k
 policycoreutils               x86_64       2.5-33.el7                 base                   916 k
 selinux-policy                noarch       3.13.1-252.el7_7.6         updates                492 k
 selinux-policy-targeted       noarch       3.13.1-252.el7_7.6         updates                7.0 M

事务概要
====================================================================================================
安装  1 软件包 (+ 8 依赖软件包)
升级           ( 10 依赖软件包)

总下载量:52 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/19): audit-2.8.5-4.el7.x86_64.rpm                                         | 256 kB  00:00:02     
(2/19): audit-libs-python-2.8.5-4.el7.x86_64.rpm                             |  76 kB  00:00:03     
(3/19): libcgroup-0.41-21.el7.x86_64.rpm                                     |  66 kB  00:00:00     
(4/19): libselinux-2.5-14.1.el7.x86_64.rpm                                   | 162 kB  00:00:00     
(5/19): checkpolicy-2.5-8.el7.x86_64.rpm                                     | 295 kB  00:00:04     
(6/19): libselinux-python-2.5-14.1.el7.x86_64.rpm                            | 235 kB  00:00:00     
(7/19): libsemanage-2.5-14.el7.x86_64.rpm                                    | 151 kB  00:00:00     
(8/19): libselinux-utils-2.5-14.1.el7.x86_64.rpm                             | 151 kB  00:00:00     
(9/19): libsemanage-python-2.5-14.el7.x86_64.rpm                             | 113 kB  00:00:00     
(10/19): audit-libs-2.8.5-4.el7.x86_64.rpm                                   | 102 kB  00:00:05     
(11/19): policycoreutils-python-2.5-33.el7.x86_64.rpm                        | 457 kB  00:00:00     
(12/19): python-IPy-0.75-6.el7.noarch.rpm                                    |  32 kB  00:00:00     
(13/19): libsepol-2.5-10.el7.x86_64.rpm                                      | 297 kB  00:00:00     
(14/19): selinux-policy-3.13.1-252.el7_7.6.noarch.rpm                        | 492 kB  00:00:00     
(15/19): container-selinux-2.107-3.el7.noarch.rpm                            |  39 kB  00:00:05     
(16/19): setools-libs-3.3.8-4.el7.x86_64.rpm                                 | 620 kB  00:00:00     
(17/19): policycoreutils-2.5-33.el7.x86_64.rpm                               | 916 kB  00:00:02     
(18/19): selinux-policy-targeted-3.13.1-252.el7_7.6.noarch.rpm               | 7.0 MB  00:00:05     
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-18.06.1.ce-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
docker-ce-18.06.1.ce-3.el7.x86_64.rpm 的公钥尚未安装
(19/19): docker-ce-18.06.1.ce-3.el7.x86_64.rpm                               |  41 MB  00:00:16     
----------------------------------------------------------------------------------------------------
总计                                                                2.6 MB/s |  52 MB  00:00:20     
从 https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 检索密钥
导入 GPG key 0x621E9F35:
 用户ID     : "Docker Release (CE rpm) <docker@docker.com>"
 指纹       : 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
 来自       : https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在更新    : libsepol-2.5-10.el7.x86_64                                                     1/29 
  正在更新    : libselinux-2.5-14.1.el7.x86_64                                                 2/29 
  正在更新    : audit-libs-2.8.5-4.el7.x86_64                                                  3/29 
  正在更新    : libsemanage-2.5-14.el7.x86_64                                                  4/29 
  正在更新    : libselinux-utils-2.5-14.1.el7.x86_64                                           5/29 
  正在更新    : policycoreutils-2.5-33.el7.x86_64                                              6/29 
  正在更新    : selinux-policy-3.13.1-252.el7_7.6.noarch                                       7/29 
  正在安装    : libcgroup-0.41-21.el7.x86_64                                                   8/29 
  正在更新    : selinux-policy-targeted-3.13.1-252.el7_7.6.noarch                              9/29 
  正在安装    : libsemanage-python-2.5-14.el7.x86_64                                          10/29 
  正在安装    : audit-libs-python-2.8.5-4.el7.x86_64                                          11/29 
  正在安装    : setools-libs-3.3.8-4.el7.x86_64                                               12/29 
  正在更新    : libselinux-python-2.5-14.1.el7.x86_64                                         13/29 
  正在安装    : python-IPy-0.75-6.el7.noarch                                                  14/29 
  正在安装    : checkpolicy-2.5-8.el7.x86_64                                                  15/29 
  正在安装    : policycoreutils-python-2.5-33.el7.x86_64                                      16/29 
  正在安装    : 2:container-selinux-2.107-3.el7.noarch                                        17/29 
setsebool:  SELinux is disabled.
  正在安装    : docker-ce-18.06.1.ce-3.el7.x86_64                                             18/29 
  正在更新    : audit-2.8.5-4.el7.x86_64                                                      19/29 
  清理        : selinux-policy-targeted-3.13.1-166.el7.noarch                                 20/29 
  清理        : selinux-policy-3.13.1-166.el7.noarch                                          21/29 
  清理        : policycoreutils-2.5-17.1.el7.x86_64                                           22/29 
  清理        : libsemanage-2.5-8.el7.x86_64                                                  23/29 
  清理        : libselinux-utils-2.5-11.el7.x86_64                                            24/29 
  清理        : libselinux-python-2.5-11.el7.x86_64                                           25/29 
  清理        : libselinux-2.5-11.el7.x86_64                                                  26/29 
  清理        : audit-2.7.6-3.el7.x86_64                                                      27/29 
  清理        : audit-libs-2.7.6-3.el7.x86_64                                                 28/29 
  清理        : libsepol-2.5-6.el7.x86_64                                                     29/29 
  验证中      : 2:container-selinux-2.107-3.el7.noarch                                         1/29 
  验证中      : policycoreutils-2.5-33.el7.x86_64                                              2/29 
  验证中      : audit-libs-2.8.5-4.el7.x86_64                                                  3/29 
  验证中      : checkpolicy-2.5-8.el7.x86_64                                                   4/29 
  验证中      : selinux-policy-3.13.1-252.el7_7.6.noarch                                       5/29 
  验证中      : python-IPy-0.75-6.el7.noarch                                                   6/29 
  验证中      : setools-libs-3.3.8-4.el7.x86_64                                                7/29 
  验证中      : policycoreutils-python-2.5-33.el7.x86_64                                       8/29 
  验证中      : audit-2.8.5-4.el7.x86_64                                                       9/29 
  验证中      : docker-ce-18.06.1.ce-3.el7.x86_64                                             10/29 
  验证中      : libsemanage-python-2.5-14.el7.x86_64                                          11/29 
  验证中      : libsemanage-2.5-14.el7.x86_64                                                 12/29 
  验证中      : libsepol-2.5-10.el7.x86_64                                                    13/29 
  验证中      : audit-libs-python-2.8.5-4.el7.x86_64                                          14/29 
  验证中      : libselinux-python-2.5-14.1.el7.x86_64                                         15/29 
  验证中      : libselinux-utils-2.5-14.1.el7.x86_64                                          16/29 
  验证中      : selinux-policy-targeted-3.13.1-252.el7_7.6.noarch                             17/29 
  验证中      : libselinux-2.5-14.1.el7.x86_64                                                18/29 
  验证中      : libcgroup-0.41-21.el7.x86_64                                                  19/29 
  验证中      : libselinux-utils-2.5-11.el7.x86_64                                            20/29 
  验证中      : libselinux-2.5-11.el7.x86_64                                                  21/29 
  验证中      : libsepol-2.5-6.el7.x86_64                                                     22/29 
  验证中      : selinux-policy-3.13.1-166.el7.noarch                                          23/29 
  验证中      : audit-libs-2.7.6-3.el7.x86_64                                                 24/29 
  验证中      : audit-2.7.6-3.el7.x86_64                                                      25/29 
  验证中      : policycoreutils-2.5-17.1.el7.x86_64                                           26/29 
  验证中      : libsemanage-2.5-8.el7.x86_64                                                  27/29 
  验证中      : libselinux-python-2.5-11.el7.x86_64                                           28/29 
  验证中      : selinux-policy-targeted-3.13.1-166.el7.noarch                                 29/29 

已安装:
  docker-ce.x86_64 0:18.06.1.ce-3.el7                                                               

作为依赖被安装:
  audit-libs-python.x86_64 0:2.8.5-4.el7         checkpolicy.x86_64 0:2.5-8.el7                    
  container-selinux.noarch 2:2.107-3.el7         libcgroup.x86_64 0:0.41-21.el7                    
  libsemanage-python.x86_64 0:2.5-14.el7         policycoreutils-python.x86_64 0:2.5-33.el7        
  python-IPy.noarch 0:0.75-6.el7                 setools-libs.x86_64 0:3.3.8-4.el7                 

作为依赖被升级:
  audit.x86_64 0:2.8.5-4.el7                   audit-libs.x86_64 0:2.8.5-4.el7                      
  libselinux.x86_64 0:2.5-14.1.el7             libselinux-python.x86_64 0:2.5-14.1.el7              
  libselinux-utils.x86_64 0:2.5-14.1.el7       libsemanage.x86_64 0:2.5-14.el7                      
  libsepol.x86_64 0:2.5-10.el7                 policycoreutils.x86_64 0:2.5-33.el7                  
  selinux-policy.noarch 0:3.13.1-252.el7_7.6   selinux-policy-targeted.noarch 0:3.13.1-252.el7_7.6  

完毕!
[root@k8s-master ~]# 
安装的时候如果报错:
Transaction check error:
  file /usr/bin/docker from install of docker-ce-18.06.1.ce-3.el7.x86_64 conflicts with file from package docker-ce-cli-1:19.03.8-3.el7.x86_64
  file /usr/share/bash-completion/completions/docker from install of docker-ce-18.06.1.ce-3.el7.x86_64 conflicts with file from package docker-ce-cli-1:19.03.8-3.el7.x86_64
  
先卸载错误中的版本,再次安装:
[root@k8s-master ~]# yum erase docker-ce-cli-1:19.03.8-3.el7.x86_64
已加载插件:fastestmirror
正在解决依赖关系
--> 正在检查事务
---> 软件包 docker-ce-cli.x86_64.1.19.03.8-3.el7 将被 删除
--> 解决依赖关系完成

依赖关系解决

===================================================================================================================================================
 Package                            架构                        版本                                  源                                      大小
===================================================================================================================================================
正在删除:
 docker-ce-cli                      x86_64                      1:19.03.8-3.el7                       @docker-ce-stable                      169 M

事务概要
===================================================================================================================================================
移除  1 软件包

安装大小:169 M
是否继续?[y/N]:y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在删除    : 1:docker-ce-cli-19.03.8-3.el7.x86_64                                                                                           1/1 
  验证中      : 1:docker-ce-cli-19.03.8-3.el7.x86_64                                                                                           1/1 

删除:
  docker-ce-cli.x86_64 1:19.03.8-3.el7                                                                                                             

完毕!
[root@k8s-master ~]# yum -y install docker-ce-18.06.1.ce-3.el7
[root@k8s-master ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@k8s-master ~]# systemctl start docker
[root@k8s-master ~]# docker --version
Docker version 18.06.1-ce, build e68fc7a

设置阿里云镜像加速:
[root@k8s-master ~]# cat > /etc/docker/daemon.json << EOF
{
   "registry-mirrors": ["https://l5s01364.mirror.aliyuncs.com"]
}
EOF
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl restart docker
[root@k8s-master ~]# 

9.添加阿里云yum软件源:

[root@k8s-master ~]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
[root@k8s-master ~]# 

10.安装kubeadm,kubelet和kubectl:

[root@k8s-master ~]# yum install -y kubelet-1.17.0 kubeadm-1.17.0 kubectl-1.17.0
已加载插件:fastestmirror
kubernetes                                                                   | 1.4 kB  00:00:00     
kubernetes/primary                                                           |  66 kB  00:00:00     
Loading mirror speeds from cached hostfile
 * base: mirror.lzu.edu.cn
 * extras: mirror.lzu.edu.cn
 * updates: mirror.lzu.edu.cn
kubernetes                                                                                  484/484
正在解决依赖关系
--> 正在检查事务
---> 软件包 kubeadm.x86_64.0.1.17.0-0 将被 安装
--> 正在处理依赖关系 kubernetes-cni >= 0.7.5,它被软件包 kubeadm-1.17.0-0.x86_64 需要
--> 正在处理依赖关系 cri-tools >= 1.13.0,它被软件包 kubeadm-1.17.0-0.x86_64 需要
---> 软件包 kubectl.x86_64.0.1.17.0-0 将被 安装
---> 软件包 kubelet.x86_64.0.1.17.0-0 将被 安装
--> 正在处理依赖关系 socat,它被软件包 kubelet-1.17.0-0.x86_64 需要
--> 正在处理依赖关系 conntrack,它被软件包 kubelet-1.17.0-0.x86_64 需要
--> 正在检查事务
---> 软件包 conntrack-tools.x86_64.0.1.4.4-5.el7_7.2 将被 安装
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.1)(64bit),它被软件包 conntrack-tools-1.4.4-5.el7_7.2.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.0)(64bit),它被软件包 conntrack-tools-1.4.4-5.el7_7.2.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cthelper.so.0(LIBNETFILTER_CTHELPER_1.0)(64bit),它被软件包 conntrack-tools-1.4.4-5.el7_7.2.x86_64 需要
--> 正在处理依赖关系 libnetfilter_queue.so.1()(64bit),它被软件包 conntrack-tools-1.4.4-5.el7_7.2.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cttimeout.so.1()(64bit),它被软件包 conntrack-tools-1.4.4-5.el7_7.2.x86_64 需要
--> 正在处理依赖关系 libnetfilter_cthelper.so.0()(64bit),它被软件包 conntrack-tools-1.4.4-5.el7_7.2.x86_64 需要
---> 软件包 cri-tools.x86_64.0.1.13.0-0 将被 安装
---> 软件包 kubernetes-cni.x86_64.0.0.7.5-0 将被 安装
---> 软件包 socat.x86_64.0.1.7.3.2-2.el7 将被 安装
--> 正在检查事务
---> 软件包 libnetfilter_cthelper.x86_64.0.1.0.0-10.el7_7.1 将被 安装
---> 软件包 libnetfilter_cttimeout.x86_64.0.1.0.0-6.el7_7.1 将被 安装
---> 软件包 libnetfilter_queue.x86_64.0.1.0.2-2.el7_2 将被 安装
--> 解决依赖关系完成

依赖关系解决

====================================================================================================
 Package                        架构           版本                        源                  大小
====================================================================================================
正在安装:
 kubeadm                        x86_64         1.17.0-0                    kubernetes         8.7 M
 kubectl                        x86_64         1.17.0-0                    kubernetes         9.4 M
 kubelet                        x86_64         1.17.0-0                    kubernetes          20 M
为依赖而安装:
 conntrack-tools                x86_64         1.4.4-5.el7_7.2             updates            187 k
 cri-tools                      x86_64         1.13.0-0                    kubernetes         5.1 M
 kubernetes-cni                 x86_64         0.7.5-0                     kubernetes          10 M
 libnetfilter_cthelper          x86_64         1.0.0-10.el7_7.1            updates             18 k
 libnetfilter_cttimeout         x86_64         1.0.0-6.el7_7.1             updates             18 k
 libnetfilter_queue             x86_64         1.0.2-2.el7_2               base                23 k
 socat                          x86_64         1.7.3.2-2.el7               base               290 k

事务概要
====================================================================================================
安装  3 软件包 (+7 依赖软件包)

总下载量:54 M
安装大小:243 M
Downloading packages:
(1/10): conntrack-tools-1.4.4-5.el7_7.2.x86_64.rpm                           | 187 kB  00:00:00     
(2/10): 14bfe6e75a9efc8eca3f638eb22c7e2ce759c67f95b43b16fae4ebabde1549f3-cri | 5.1 MB  00:00:02     
(3/10): bf67b612b185159556555b03e1e3a1ac5b10096afe48e4a7b7f5f9c4542238eb-kub | 9.4 MB  00:00:02     
(4/10): 7d9e0a47eb6eaf5322bd45f05a2360a033c29845543a4e76821ba06becdca6fd-kub |  20 MB  00:00:04     
(5/10): 548a0dcd865c16a50980420ddfa5fbccb8b59621179798e6dc905c9bf8af3b34-kub |  10 MB  00:00:01     
(6/10): libnetfilter_queue-1.0.2-2.el7_2.x86_64.rpm                          |  23 kB  00:00:00     
(7/10): libnetfilter_cthelper-1.0.0-10.el7_7.1.x86_64.rpm                    |  18 kB  00:00:00     
(8/10): libnetfilter_cttimeout-1.0.0-6.el7_7.1.x86_64.rpm                    |  18 kB  00:00:00     
(9/10): socat-1.7.3.2-2.el7.x86_64.rpm                                       | 290 kB  00:00:00     
(10/10): 2c6d2fa074d044b3c58ce931349e74c25427f173242c6a5624f0f789e329bc75-ku | 8.7 MB  00:00:14     
----------------------------------------------------------------------------------------------------
总计                                                                3.7 MB/s |  54 MB  00:00:14     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安装    : libnetfilter_cttimeout-1.0.0-6.el7_7.1.x86_64                                  1/10 
  正在安装    : socat-1.7.3.2-2.el7.x86_64                                                     2/10 
  正在安装    : cri-tools-1.13.0-0.x86_64                                                      3/10 
  正在安装    : libnetfilter_queue-1.0.2-2.el7_2.x86_64                                        4/10 
  正在安装    : libnetfilter_cthelper-1.0.0-10.el7_7.1.x86_64                                  5/10 
  正在安装    : conntrack-tools-1.4.4-5.el7_7.2.x86_64                                         6/10 
  正在安装    : kubernetes-cni-0.7.5-0.x86_64                                                  7/10 
  正在安装    : kubelet-1.17.0-0.x86_64                                                        8/10 
  正在安装    : kubectl-1.17.0-0.x86_64                                                        9/10 
  正在安装    : kubeadm-1.17.0-0.x86_64                                                       10/10 
  验证中      : kubectl-1.17.0-0.x86_64                                                        1/10 
  验证中      : libnetfilter_cthelper-1.0.0-10.el7_7.1.x86_64                                  2/10 
  验证中      : conntrack-tools-1.4.4-5.el7_7.2.x86_64                                         3/10 
  验证中      : libnetfilter_queue-1.0.2-2.el7_2.x86_64                                        4/10 
  验证中      : kubelet-1.17.0-0.x86_64                                                        5/10 
  验证中      : cri-tools-1.13.0-0.x86_64                                                      6/10 
  验证中      : kubernetes-cni-0.7.5-0.x86_64                                                  7/10 
  验证中      : socat-1.7.3.2-2.el7.x86_64                                                     8/10 
  验证中      : libnetfilter_cttimeout-1.0.0-6.el7_7.1.x86_64                                  9/10 
  验证中      : kubeadm-1.17.0-0.x86_64                                                       10/10 

已安装:
  kubeadm.x86_64 0:1.17.0-0        kubectl.x86_64 0:1.17.0-0        kubelet.x86_64 0:1.17.0-0       

作为依赖被安装:
  conntrack-tools.x86_64 0:1.4.4-5.el7_7.2         cri-tools.x86_64 0:1.13.0-0                     
  kubernetes-cni.x86_64 0:0.7.5-0                  libnetfilter_cthelper.x86_64 0:1.0.0-10.el7_7.1 
  libnetfilter_cttimeout.x86_64 0:1.0.0-6.el7_7.1  libnetfilter_queue.x86_64 0:1.0.2-2.el7_2       
  socat.x86_64 0:1.7.3.2-2.el7                    

完毕!
[root@k8s-master ~]# 

然后设置kubelet开机自启动,不要设置启动kubelet:

[root@k8s-master ~]# systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
[root@k8s-master ~]# 

11.使用kubeadm安装(注意:接下来的步骤在master进行操作):

[root@k8s-master ~]# kubeadm init \
> --apiserver-advertise-address=192.168.31.61 \
> --image-repository registry.aliyuncs.com/google_containers \
> --kubernetes-version v1.17.0 \
> --service-cidr=10.96.0.0/12 \
> --pod-network-cidr=10.244.0.0/16
W0416 13:58:38.475124   12941 validation.go:28] Cannot validate kube-proxy config - no validator is available
W0416 13:58:38.475243   12941 validation.go:28] Cannot validate kubelet config - no validator is available
[init] Using Kubernetes version: v1.17.0
[preflight] Running pre-flight checks
	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.31.61]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.31.61 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8s-master localhost] and IPs [192.168.31.61 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
W0416 14:00:47.504439   12941 manifests.go:214] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[control-plane] Creating static Pod manifest for "kube-scheduler"
W0416 14:00:47.505410   12941 manifests.go:214] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[apiclient] All control plane components are healthy after 99.180880 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.17" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k8s-master as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node k8s-master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: fieyef.404f7pggn52d3fxv
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.31.61:6443 --token fieyef.404f7pggn52d3fxv \
    --discovery-token-ca-cert-hash sha256:ea14cbb3cda2026ed72999cc2ccef82790d2096436ad7d50e35e98ac4570dcc2 
[root@k8s-master ~]# 

然后根据给出的提示进行操作:

[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@k8s-master ~]# 

12.安装,首先下载kube-flannel.yml文件并进入修改如下内容:

下载kube-flannel.yml文件如果连接不成功,多尝试几次:
[root@k8s-master ~]# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
--2020-04-16 14:04:30--  https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
正在解析主机 raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.108.133
正在连接 raw.githubusercontent.com (raw.githubusercontent.com)|151.101.108.133|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:14416 (14K) [text/plain]
正在保存至: “kube-flannel.yml”

100%[==========================================================>] 14,416      --.-K/s 用时 0.1s    

2020-04-16 14:04:31 (126 KB/s) - 已保存 “kube-flannel.yml” [14416/14416])

[root@k8s-master ~]# vim kube-flannel.yml

image: quay.io/coreos/flannel:v0.12.0-amd64
替换为
image: hanshuaiping/flannel:v0.11.0-amd64

image: quay.io/coreos/flannel:v0.12.0-amd64
替换为
image: hanshuaiping/flannel:v0.11.0-amd64

[root@k8s-master ~]# cat kube-flannel.yml 
(部分已经省略)
      hostNetwork: true
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: flannel
      initContainers:
      - name: install-cni
        image: hanshuaiping/flannel:v0.11.0-amd64
        command:
        - cp
        args:
        - -f
        - /etc/kube-flannel/cni-conf.json
        - /etc/cni/net.d/10-flannel.conflist
        volumeMounts:
        - name: cni
          mountPath: /etc/cni/net.d
        - name: flannel-cfg
          mountPath: /etc/kube-flannel/
      containers:
      - name: kube-flannel
        image: hanshuaiping/flannel:v0.11.0-amd64
        command:
        - /opt/bin/flanneld
        args:
        - --ip-masq
        - --kube-subnet-mgr
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
[root@k8s-master ~]#

使文件生效:

[root@k8s-master ~]# kubectl apply -f kube-flannel.yml
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created
[root@k8s-master ~]#

查看pods信息(重点查看kube-flannel-ds-amd64-vf7fb是否为READY状态,因为需要下载文件,不显示READY状态的话多查看几次):

[root@k8s-master ~]# kubectl get pods -n kube-system
NAME                                 READY   STATUS     RESTARTS   AGE
coredns-9d85f5447-fxfk7              0/1     Pending    0          2m47s
coredns-9d85f5447-zsvv5              0/1     Pending    0          2m47s
etcd-k8s-master                      1/1     Running    0          3m4s
kube-apiserver-k8s-master            1/1     Running    0          3m4s
kube-controller-manager-k8s-master   1/1     Running    0          3m3s
kube-flannel-ds-amd64-sftbm          0/1     Init:0/1   0          23s
kube-proxy-nr7m4                     1/1     Running    0          2m47s
kube-scheduler-k8s-master            1/1     Running    0          3m4s
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-9d85f5447-fxfk7              0/1     Pending   0          2m48s
coredns-9d85f5447-zsvv5              0/1     Pending   0          2m48s
etcd-k8s-master                      1/1     Running   0          3m5s
kube-apiserver-k8s-master            1/1     Running   0          3m5s
kube-controller-manager-k8s-master   1/1     Running   0          3m4s
kube-flannel-ds-amd64-sftbm          1/1     Running   0          24s
kube-proxy-nr7m4                     1/1     Running   0          2m48s
kube-scheduler-k8s-master            1/1     Running   0          3m5s

查看(查看master是否为Ready状态):

[root@k8s-master ~]# kubectl get node
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   Ready    master   8m19s   v1.17.0
[root@k8s-master ~]# 

在两个node节点执行第11步中Then you can join any number of worker nodes by running the following on each as root:下面的指令:
node1:

[root@k8s-node1 ~]# kubeadm join 192.168.31.61:6443 --token fieyef.404f7pggn52d3fxv \
>     --discovery-token-ca-cert-hash sha256:ea14cbb3cda2026ed72999cc2ccef82790d2096436ad7d50e35e98ac4570dcc2 
W0416 14:13:58.827579    3743 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.17" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@k8s-node1 ~]# 

node2:

[root@k8s-node2 ~]# kubeadm join 192.168.31.61:6443 --token fieyef.404f7pggn52d3fxv \
>     --discovery-token-ca-cert-hash sha256:ea14cbb3cda2026ed72999cc2ccef82790d2096436ad7d50e35e98ac4570dcc2 
W0416 14:14:02.444693    3797 join.go:346] [preflight] WARNING: JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set.
[preflight] Running pre-flight checks
	[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.17" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[root@k8s-node2 ~]#

执行完之后在master节点执行kubectl get node查看信息,因为需要下载文件,不是READY状态的话多查看几次:

[root@k8s-master ~]# kubectl get pods -n kube-system
NAME                                 READY   STATUS     RESTARTS   AGE
coredns-9d85f5447-fxfk7              1/1     Running    0          6m7s
coredns-9d85f5447-zsvv5              1/1     Running    0          6m7s
etcd-k8s-master                      1/1     Running    0          6m24s
kube-apiserver-k8s-master            1/1     Running    0          6m24s
kube-controller-manager-k8s-master   1/1     Running    0          6m23s
kube-flannel-ds-amd64-45qqs          1/1     Running    0          64s
kube-flannel-ds-amd64-4bb6b          0/1     Init:0/1   0          56s
kube-flannel-ds-amd64-sftbm          1/1     Running    0          3m43s
kube-proxy-2s5n2                     1/1     Running    0          64s
kube-proxy-nr7m4                     1/1     Running    0          6m7s
kube-proxy-wkglz                     1/1     Running    0          56s
kube-scheduler-k8s-master            1/1     Running    0          6m24s
[root@k8s-master ~]# kubectl get node
NAME         STATUS     ROLES    AGE     VERSION
k8s-master   Ready      master   6m39s   v1.17.0
k8s-node1    NotReady   <none>   70s     v1.17.0
k8s-node2    NotReady   <none>   62s     v1.17.0
[root@k8s-master ~]# kubectl get pods -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-9d85f5447-fxfk7              1/1     Running   0          6m22s
coredns-9d85f5447-zsvv5              1/1     Running   0          6m22s
etcd-k8s-master                      1/1     Running   0          6m39s
kube-apiserver-k8s-master            1/1     Running   0          6m39s
kube-controller-manager-k8s-master   1/1     Running   0          6m38s
kube-flannel-ds-amd64-45qqs          1/1     Running   0          79s
kube-flannel-ds-amd64-4bb6b          1/1     Running   0          71s
kube-flannel-ds-amd64-sftbm          1/1     Running   0          3m58s
kube-proxy-2s5n2                     1/1     Running   0          79s
kube-proxy-nr7m4                     1/1     Running   0          6m22s
kube-proxy-wkglz                     1/1     Running   0          71s
kube-scheduler-k8s-master            1/1     Running   0          6m39s
[root@k8s-master ~]# kubectl get node
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   Ready    master   6m50s   v1.17.0
k8s-node1    Ready    <none>   81s     v1.17.0
k8s-node2    Ready    <none>   73s     v1.17.0
[root@k8s-master ~]# 

13.安装Dashboard(在master执行):

[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[root@k8s-master ~]# 

查看dashboard,如果还处在NotReady就多查看几次:

[root@k8s-master ~]# kubectl get pods -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-76585494d8-vsdgm   1/1     Running   0          96s
kubernetes-dashboard-5996555fd8-g898v        1/1     Running   0          96s
[root@k8s-master ~]# 

下载recommended.yaml文件并修改spec下的内容:

[root@k8s-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
--2020-04-16 15:00:49--  https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
正在解析主机 raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.108.133
正在连接 raw.githubusercontent.com (raw.githubusercontent.com)|151.101.108.133|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:7568 (7.4K) [text/plain]
正在保存至: “recommended.yaml”

100%[=========================================================>] 7,568       --.-K/s 用时 0.004s  

2020-04-16 15:00:49 (1.67 MB/s) - 已保存 “recommended.yaml” [7568/7568])

查看文件内容,只显示修改部分,其余部分已经省略:
[root@k8s-master ~]# cat recommended.yaml
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30001
  selector:
    k8s-app: kubernetes-dashboard

---

执行命令使文件生效:

[root@k8s-master ~]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard configured
secret/kubernetes-dashboard-certs unchanged
secret/kubernetes-dashboard-csrf configured
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
secret/kubernetes-dashboard-key-holder configured
configmap/kubernetes-dashboard-settings unchanged
role.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
deployment.apps/kubernetes-dashboard unchanged
service/dashboard-metrics-scraper unchanged
deployment.apps/dashboard-metrics-scraper unchanged

14.查看kubetrnetes后台界面:
进入浏览器并输入node1节点IP信息(注意前面加上https://):
在这里插入图片描述制作token:

[root@k8s-master ~]# kubectl create serviceaccount dashboard-admin -n kube-system
serviceaccount/dashboard-admin created
[root@k8s-master ~]# kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created
[root@k8s-master ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Name:         attachdetach-controller-token-rdgwj
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: attachdetach-controller
              kubernetes.io/service-account.uid: 73f61dbc-997b-4047-8272-c1609f45d1a0

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IkM5a3ZkelJBVjVEOGdCbThkaFlkR3hIVEZrNmdxbkpkb3BvTTA1RmgyYncifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhdHRhY2hkZXRhY2gtY29udHJvbGxlci10b2tlbi1yZGd3aiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhdHRhY2hkZXRhY2gtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjczZjYxZGJjLTk5N2ItNDA0Ny04MjcyLWMxNjA5ZjQ1ZDFhMCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphdHRhY2hkZXRhY2gtY29udHJvbGxlciJ9.3_UuE4MOm41Bxkd5qoEJ2-xrxkyzE7Ja2telFS4ABJTfUpy8OVvrAFp-Whcarf2RpqTVPLcJTcfvUFQi3rioOu2NPNhHYhocR4nAbxKej0XkuNEcOPe3I_5hblLQIgeNTIE4wZiIO15kNENxxU5m5DPX3C4vAz2cCtnNQpfj8u3k-fXviaqGcaOjzhoebq1gv4N2ho15uK-Rcaf8ZDoVzso5bjYjnAUAv2NxWZ9vZJNUUV_KSjjeGFeiJUAVYfGFrKfDJgMWhDaX5bDKL9VjVQ9lF21VbH6DIcRGNcHjkaTOPmqkAWxXLBQjA9oF6EQaqDVTv9eqtiKVlpgK2sBupw

打开浏览器:
选择高级:

在这里插入图片描述接受风险并继续,输入命令行中生成的token:
在这里插入图片描述至此,kubernetes安装完成:
在这里插入图片描述如有疑问请联系WX,备注"kubernetes"。方便日后一起学习讨论,随时欢迎指正本文章:
在这里插入图片描述

Logo

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐