目录(一)环境准备工作31.服务器要求32.安装网络组件33.配置网络信息3(二)安装docker服务41.docker安装包下载42.安装docker服务53.修改docker启动文件54.启动docker服务5(三)部署私有仓库51.镜像下载52.验证registry6(四)部署etcd服务61.防火墙策略修改62.node1上执行63.node2上执行74.node3上执行75.验证部署7(五)部署kube-apiserver服务81.先打开防火墙:82.node1运行以下命令83.node2运行以下命令84.node3运行以下命令95.验证运行情况9(六)部署kube-controller-manager, kube-scheduler, kube-kubelet, kube-proxy服务101.导入镜像到docker中102.上传docker私有仓库113.编辑kublelet脚本114.编辑kube-proxy.sh脚本125.创建程序目录136.复制kubernetes执行程序到程序/bin目录147.编辑kube-controller-manager启动模版文件148.编辑kube-scheduler.yaml启动模版文件159.执行kubelet.sh脚本1610.执行kube-proxy.sh脚本1611.集群配置16(七)验证集群完成情况17(一) 环境准备工作1. 服务器要求server1: 10.10.23.1 centos7 server2: 10.10.24.1 centos7 server3: 10.10.25.1 centos7 需要部署以下服务docker、registry、etcd、pause-amd64、kube-apiserver、kube-controller-manager, kube-scheduler, kube-kubelet, kube-proxy2. 安装网络组件yum install net-tools yyum install bridge-utils y1. 关闭自带firewalld防火墙，安装iptables防火墙并启动systemctl stop firewalld.servicesystemctl disable firewalld.serviceyum install iptables-services -ysystemctl start iptables.servicesystemctl enable iptables.service3. 配置网络信息 使用Openstack虚拟机需要修改mtu为1454，默认为1500，宿主机不用设置mtu值，并创建kbr0桥接网卡增加bridge网卡配置，并修改为混杂模式重启网卡/etc/init.d/network restart(二) 安装docker服务1. docker安装包下载https:/yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-1.12.1-1.el7.centos.x86_64.rpmhttps:/yum.dockerproject.org/repo/main/centos/7/Packages/docker-engine-selinux-1.12.1-1.el7.centos.noarch.rpm2. 安装docker服务yum localinstall -y docker-engine-selinux-1.12.1-1.el7.centos.noarch.rpmyum localinstall -y docker-engine-1.12.1-1.el7.centos.x86_64.rpm3. 修改docker启动文件4. 启动docker服务systemctl start docker.servicesystemctl enable docker.service(三) 部署私有仓库1. 镜像下载docker pull registry:2.5.1docker run d -v /work/docker/registry:/work/data/registry -privileged=true -e STORAGE_PATH=/work/data/registry -p 5000:5000 -name registry registry:2.5.12. 验证registry(四) 部署etcd服务1. 防火墙策略修改iptables -I INPUT -p tcp -dport 2380 -j ACCEPT iptables -I INPUT -p tcp -dport 2379 -j ACCEPT iptables -I INPUT -p tcp -dport 4001 -j ACCEPT2. node1上执行docker run -d -v /work/data/etcd:/work/etcd -p 4001:4001 -p 2380:2380 -p 2379:2379 -name etcd0 quay.io/coreos/etcd:v3.0.9 /usr/local/bin/etcd -data-dir=/work/etcd/data -name etcd0 -advertise-client-urls http:/10.10.23.1:2379,http:/10.10.23.1:4001 -listen-client-urls http:/0.0.0.0:2379,http:/0.0.0.0:4001 -initial-advertise-peer-urls http:/10.10.23.1:2380 -listen-peer-urls http:/0.0.0.0:2380 -initial-cluster-token etcd-cluster-1 -initial-cluster etcd0=http:/10.10.23.1:2380,etcd1=http:/10.10.24.1:2380,etcd2=http:/10.10.25.1:2380 -initial-cluster-state new3. node2上执行docker run -d -v /work/data/etcd:/work/etcd -p 4001:4001 -p 2380:2380 -p 2379:2379 -name etcd1 quay.io/coreos/etcd:v3.0.9 /usr/local/bin/etcd -data-dir=/work/etcd/data -name etcd1 -advertise-client-urls http:/10.10.24.1:2379,http:/10.10.24.1:4001 -listen-client-urls http:/0.0.0.0:2379,http:/0.0.0.0:4001 -initial-advertise-peer-urls http:/10.10.24.1:2380 -listen-peer-urls http:/0.0.0.0:2380 -initial-cluster-token etcd-cluster-1 -initial-cluster etcd0=http:/10.10.23.1:2380,etcd1=http:/10.10.24.1:2380,etcd2=http:/10.10.25.1:2380 -initial-cluster-state new4. node3上执行docker run -d -v /work/data/etcd:/work/etcd -p 4001:4001 -p 2380:2380 -p 2379:2379 -name etcd2 quay.io/coreos/etcd:v3.0.9 /usr/local/bin/etcd -data-dir=/work/etcd/data -name etcd2 -advertise-client-urls http:/10.10.25.1:2379,http:/10.10.25.1:4001 -listen-client-urls http:/0.0.0.0:2379,http:/0.0.0.0:4001 -initial-advertise-peer-urls http:/10.10.25.1:2380 -listen-peer-urls http:/0.0.0.0:2380 -initial-cluster-token etcd-cluster-1 -initial-cluster etcd0=http:/10.10.23.1:2380,etcd1=http:/10.10.24.1:2380,etcd2=http:/10.10.25.1:2380 -initial-cluster-state new5. 验证部署curl http:/10.10.23.1:2379/v2/membersmembers:id:80c6f3d20f8e7366,name:etcd1,peerURLs:http:/10.10.24.1:2380,clientURLs:http:/10.10.24.1:2379,http:/10.10.24.1:4001,id:95030195a3e51af5,name:etcd0,peerURLs:http:/10.10.23.1:2380,clientURLs:http:/10.10.23.1:2379,http:/10.10.23.1:4001,id:e724653b7eda920a,name:etcd2,peerURLs:http:/10.10.25.1:2380,clientURLs:http:/10.10.25.1:2379,http:/10.10.25.1:4001(五) 部署kube-apiserver服务1. 先打开防火墙:iptables -I INPUT -p tcp -dport 8080 -j ACCEPTiptables -I INPUT -p tcp -dport 443 -j ACCEPTiptables -L n2. node1运行以下命令docker run -d -name=kube-apiserver -net=host 10.10.23.1:5000/kube-apiserver:1.3.6 kube-apiserver -insecur