1.临时禁用selinux
setenforce 0

2.永久关闭
修改/etc/sysconfig/selinux文件设置

sed -i \'s/SELINUX=permissive/SELINUX=disabled/\' /etc/sysconfig/selinux

3.临时关闭swap
swapoff -a

4.永久关闭

注释/etc/fstab文件里swap相关的行

5.开启forward

Docker从1.13版本开始调整了默认的防火墙规则禁用了iptables filter表中FOWARD链,可能会引起Kubernetes集群中跨Node的Pod之间无法通信
iptables -P FORWARD ACCEPT#

6.配置转发相关参数

cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
EOF

sysctl --system

7.加载ipvs相关内核模块

如果重新开机，需要重新加载modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
modprobe nf_conntrack_ipv4
lsmod | grep ip_vs

8.配置开启自动加载，防止出错

cat >/etc/modules-load.d/k8s-ipvs.conf<<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack_ipv4
EOF

开启ip_forward

查看当前配置
cat /proc/sys/net/ipv4/ip_forward
临时修改配置
echo 1 > /proc/sys/net/ipv4/ip_forward

永久生效需要修改/etc/sysctl.conf文件，修改下面一行的值： 
net.ipv4.ip_forward = 1
sysctl -p /etc/sysctl.conf

修改机器名称

vi /etc/hosts
输入
172.30.252.1 k8s-master

部署master节点

master 节点运行如下组件：
kube-apiserver
kube-proxy
kube-scheduler
kube-controller-manager

下载二进制安装包

进入kubernetes的github地址 https://github.com/kubernetes/kubernetes 找到需要安装的版本，选最新即可，比如CHANGELOG-1.8.md点击进去
下载Server Binaries， linux版本的地址是https://dl.k8s.io/v1.8.15/kubernetes-server-linux-amd64.tar.gz

下载后的文件列表如下：
https://cdn2.izhong.me/blog/k8s/k8s%20bin%E6%96%87%E4%BB%B6.JPG?x-oss-process=style/dolphin

将二进制文件复制到bin目录
sudo cp kube-apiserver kube-controller-manager kube-proxy kube-scheduler kubelet kubectl /usr/local/bin/

配置apiserver

和apiserver直接通信安全需要密钥，采用的是PKI体系，可以通过openssl来生成相关密钥，主要有ca.crt，server.crt，server.key

[root@ku0 kubernetes]# vi /etc/kubernetes/apiserver 

KUBE_API_ADDRESS="--insecure-bind-address=172.30.252.157"
KUBE_API_PORT="--insecure-port=8010"
KUBE_ETCD_SERVERS="--etcd-servers=http://172.30.252.157:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.99.100.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,ServiceAccount,LimitRanger,ResourceQuota"
KUBE_API_LOG="--logtostderr=false --log-dir=/var/log/kubernetes --v=2"
KUBE_API_ARGS="--client-ca-file=/etc/kubernetes/pki/ca.crt --tls-cert-file=/etc/kubernetes/pki/server.crt --tls-private-key-file=/etc/kubernetes/pki/server.key"

设置systemd启动脚本

[jjzhong@k8s-master kubernetes]$ vi /etc/systemd/system/kube-apiserver.service

输入一下内容

[unit]
Description=Kubernetes API Server
After=etcd.service
Wants=etcd.service

[Service]
EnvironmentFile=/etc/kubernetes/apiserver
ExecStart=/usr/local/bin/kube-apiserver  \\
        $KUBE_ETCD_SERVERS \\
        $KUBE_API_ADDRESS \\
        $KUBE_API_PORT \\
        $KUBE_SERVICE_ADDRESSES \\
        $KUBE_ADMISSION_CONTROL \\
        $KUBE_API_LOG \\
        $KUBE_API_ARGS 
Restart=on-failure
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

启动apiserver
[jjzhong@k8s-master kubernetes]$ sudo systemctl start kube-apiserver
[jjzhong@k8s-master kubernetes]$ sudo systemctl enable kube-apiserver
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /etc/systemd/system/kube-apiserver.service.

配置kubelet

新建一个公共配置文件, 涉及了一个/etc/kubernetes/kubeconfig文件，生成方式参考 https://izhong.me/index.php/archives/150/

[jjzhong@k8s-master kubernetes]$ vi config

# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"

# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"

# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"

# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://172.30.252.157:8010"

#访问kubeapi的配置文件
KUBELET_CONFIG="--kubeconfig /etc/kubernetes/kubeconfig"

设置kubelet的配置文件

[jjzhong@k8s-master kubernetes]$ vi kubelet

KUBELET_ADDRESS="--address=172.30.252.157"
KUBELET_HOSTNAME="--hostname-override=k8s-master"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_ARGS="--cluster-dns=172.30.252.157 --cluster-domain=cluster.local --fail-swap-on=false"

设置kubelet systemd启动脚本

[jjzhong@k8s-master kubernetes]$ vi /etc/systemd/system/kubelet.service

[Unit]
Description=Kubernetes Kubelet Server2
After=docker.service
Requires=docker.service

[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/kubelet
ExecStart=/usr/local/bin/kubelet --kubeconfig=/etc/kubernetes/kubeconfig \\
            $KUBE_LOGTOSTDERR \\
            $KUBE_LOG_LEVEL \\
            $KUBE_CONFIG \\
            $KUBELET_HOSTNAME \\
            $KUBE_ALLOW_PRIV \\
            $KUBELET_POD_INFRA_CONTAINER \\
            $KUBELET_ARGS

Restart=on-failure
[Install]
WantedBy=multi-user.target

设置开机启动

systemctl enable kubelet

配置 controller-manager

增加controller-manager的配置文件

vi /etc/kubernetes/controller-manager

KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/etc/kubernetes/pki/server.key --root-ca-file=/etc/kubernetes/pki/ca.crt "

增加controller-manager的systemd文件

vi /etc/systemd/system/kube-controller-manager.service

[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service 
Requires=kube-apiserver.service

[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/controller-manager
ExecStart=/usr/local/bin/kube-controller-manager \\
        $KUBE_CONFIG  \\
        $KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
```\\
增加开机启动

[jjzhong@k8s-master kubernetes]$ sudo systemctl enable kube-controller-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /etc/systemd/system/kube-controller-manager.service.

#### 配置 scheduler

增加scheduler配置文件

vi /etc/kubernetes/scheduler
KUBE_SCHEDULER_ARGS="--logtostderr=true --log-dir=/var/log/kubernetes --v=2"

增加scheduler的systemd文件

sudo vi /etc/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
After=kube-apiserver.service
Requires=kube-apiserver.service

[Service]
User=root
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/scheduler
ExecStart=/usr/local/bin/kube-scheduler \
$KUBE_CONFIG \
$KUBE_SCHEDULER_ARGS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

设置开机启动

systemctl enable kube-apiserver

#### 配置 kube-proxy

增加kube-proxy配置文件,目前无具体配置参数

vi /etc/kubernetes/proxy

KUBE_PROXY_ARGS=""

增加kube-proxy的systemd文件

[jjzhong@k8s-master kubernetes]$ vi /etc/systemd/system/kube-proxy.service

[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/proxy
ExecStart=/usr/local/bin/kube-proxy \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_CONFIG \
$KUBE_PROXY_ARGS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

设置开机启动

[jjzhong@k8s-master kubernetes]$ sudo systemctl enable kube-proxy
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /etc/systemd/system/kube-proxy.service.

![请输入图片描述][1]


  [1]: https://cdn2.izhong.me/blog/k8s/kubernetes.png?x-oss-process=style/dolphin