3.1.端口转发
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
3.2.关闭网络管理服务
systemctl stop NetworkManager.service
systemctl disable firewalld.service
3.3.hosts
vim /etc/hosts
#添加
10.2.1.11 k8s-1
10.2.1.12 k8s-2
10.2.1.13 k8s-3
3.4.iptables
#停止firewall
systemctl stop firewalld.service
#禁止firewall开机启动
systemctl disable firewalld.service
#安装 iptables service
yum -y install iptables-services
#添加策略
vim /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2379 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2380 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10250 -j ACCEPT
[所有节点]
#注释此行
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
#添加此行
-A FORWARD -j ACCEPT
#注释此行
-A INPUT -j REJECT --reject-with icmp-host-prohibited
#添加此行
-A INPUT -j ACCEPT
#重启防火墙使配置生效
systemctl restart iptables.service
#设置防火墙开机启动
systemctl enable iptables.service
5.docker
官网安装说明
https://docs.docker.com/engine/installation/linux/centos/
#更新yum
yum update
#配置yum源
vim /etc/yum.repos.d/docker.repo
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
#安装
yum install docker-engine
#下载镜像
docker pull google/pause
docker tag google/pause gcr.io/google_containers/pause-amd64:3.0
docker pull siriuszg/kubernetes-dashboard-amd64:v1.4.0
docker tag siriuszg/kubernetes-dashboard-amd64:v1.4.0 10.2.3.223:5000/kubernetes-dashboard-amd64:v1.4.0
