• master 节点要求 cpu 至少两核
• 使用 root
• 使当前主机名可在内网访问
• 确保每台机器时间同步

• yum install -y yum-utils device-mapper-persistent-data lvm2
• yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
• yum -y install docker-ce docker-ce-cli containerd.io
• GPG key fingerprint: 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35

• mkdir /etc/docker

• 修改配置文件

  cat > /etc/docker/daemon.json <<EOF
  {
    "registry-mirrors": ["https://dockerhub.azk8s.cn", "https://reg-mirror.qiniu.com"],
    "exec-opts": ["native.cgroupdriver=systemd"],
    "log-driver": "json-file",
    "log-opts": {
      "max-size": "100m"
    },
    "storage-driver": "overlay2",
    "storage-opts": [
      "overlay2.override_kernel_check=true"
    ]
  }
  EOF
  

• systemctl daemon-reload

• systemctl enable docker

• vim /usr/lib/systemd/system/docker.service
• Environment="HTTPS_PROXY=http://<ip>:<port>"
• Environment="HTTP_PROXY=http://<ip>:<port>"
• Environment="NO_PROXY=localhost, 127.0.0.1"
• systemctl daemon-reload

• systemctl start docker
• docker info

• 增加 kubernetes 的 repo （使用阿里云镜像）

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF

• setenforce 0
• sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
• yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
• systemctl enable kubelet
• systemctl start kubelet

• swapoff -a
• sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

• 修改系统配置

cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

• sysctl --system

• systemctl stop firewalld
• systemctl disable firewalld

• 切换到 Master 主机
• kubeadm config print init-defaults > ./kubeadm-init.yaml
• 修改 advertiseAddress 为主机IP地址
• 修改 kubernetesVersion 为需要安装的版本号
• 修改 podSubnet 为 10.244.0.0/16 （flannel 默认网段）
• 删除默认 token
• kubeadm config images pull --config ./kubeadm-init.yaml
• kubeadm init --config ./kubeadm-init.yaml
• 成功后记录最后生成的 join 命令
• 若 token 过期可使用如下命令再生成
• kubeadm token create --print-join-command

• mkdir -p $HOME/.kube
• sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
• sudo chown $(id -u):$(id -g) $HOME/.kube/config

• 参考地址 https://kubernetes.io/docs/concepts/cluster-administration/addons/
• wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
• kubectl apply -f kube-flannel.yml

• 切换到 Node 主机
• 执行刚才记录的 kubeadm join 完整命令
• kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>
• 如果 join 卡住，可以使用 -v10 打印具体日志