搭建k8s环境

1、关闭防火墙
systemctl disable firewalld
systemctl stop firewalld
2、关闭selinux
# 临时禁用selinux
setenforce 0
# 永久关闭 修改/etc/sysconfig/selinux文件设置
sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
3、禁用交换分区
swapoff -a
# 永久禁用，打开/etc/fstab注释掉swap那一行。
sed -i 's/.*swap.*/#&/' /etc/fstab
4、配置centos8软件源：http://mirrors.sangfor.org/help/2018/01/13/centos.html
5、安装docker
安装libcgroup
yum install libcgroup
安装 container-selinux
yum install -y container-selinux
安装 containerd.io
rpm -iv containerd.io-1.4.4-3.1.el7.x86_64.rpm --nodeps --force
安装 docker-ce-cli
rpm -iv docker-ce-cli-18.09.9-3.el7.x86_64.rpm
安装 docker-ce
rpm -iv docker-ce-18.09.9-3.el7.x86_64.rpm
设置开机启动 dockerd
chkconfig docker on
6、修改hostname，并修改本地dns解析/etc/hosts，或者虚拟机前台修改主机名（设置-详细信息）
7、配置kubenetes软件源: /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.sangfor.org/nexus/repository/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.sangfor.org/nexus/repository/kubernetes/yum/doc/yum-key.gpg http://mirrors.sangfor.org/nexus/repository/kubernetes/yum/doc/rpm-package-key.gpg
8、配置docker镜像源: 修改/etc/docker/daemon.json (没有则创建，需要重启docker: systemctl restart docker)
{
"registry-mirrors": ["https://mirrors.sangfor.com"],
"insecure-registries": [
"10.82.55.200:5000"
]
}
重启docker: systemctl restart docker
9、安装kubectl-1.21.1
yum install -y kubectl-1.21.1 kubeadm-1.21.1 kubelet-1.21.1
启动kubelet：systemctl enable kubelet
公司镜像源的coredns镜像不对，tag不符合kubeadm的需求，coredns的镜像需要手动下载(自行确认需要的coredns版本，k8s v1.21.1需要的是coredns:v1.8.0)，并打上kubeadm能识别的tag，执行下面三个命令
docker pull mirrors.sangfor.com/google_containers/coredns:1.8.0

docker tag mirrors.sangfor.com/google_containers/coredns:1.8.0 mirrors.sangfor.com/google_containers/coredns/coredns:v1.8.0

kubeadm init --apiserver-advertise-address=0.0.0.0 --kubernetes-version v1.21.1 --apiserver-cert-extra-sans=127.0.0.1 --image-repository mirrors.sangfor.com/google_containers --pod-network-cidr=10.18.0.0/16
执行后会输出token，记得保留token，复制下面这段话
示例：Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.59.13.81:6443 --token qsgohg.1sy057keook768zi
--discovery-token-ca-cert-hash sha256:c04bffcfc37fdf6938b6d4338333d05c67058362ceff0d87d74b987c8cab3604
10、配置k8s命令行工具使用的证书
root用户：
echo "export KUBEConFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile
11、配置网络
到外网下载calico描述文件，并放到master节点：
https://docs.projectcalico.org/manifests/calico.yaml
kubectl apply -f calico.yaml
12、获取节点状态，状态应该是ready
kubectl get node
13、配置worker节点
（1）重复步骤1-8
（2）安装kubeadm-1.21.1
yum install -y kubelet-1.21.1 kubeadm-1.21.1
启动kubeadm-1.21.1：systemctl enable kubelet
（3）输入刚刚保留的token：
kubeadm join 10.59.13.81:6443 --token qsgohg.1sy057keook768zi
--discovery-token-ca-cert-hash sha256:c04bffcfc37fdf6938b6d4338333d05c67058362ceff0d87d74b987c8cab3604
（4）检查节点状态
kubectl get node