一. K8S(V1.10)安装前提条件:
1.所有节点关闭swap分区,确保Kubelet正常工作
#swapoff -a #cat /proc/meminfo | grep -i swap SwapCached: 0 kB SwapTotal: 0 kB SwapFree: 0 kB
2.OS版本: 7.4
3.Docker版本:17.03.2
4.所有节点安装docker v17.03.2
#yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo
#yum makecache fast
#yum list docker-ce --showduplicates | sort -r * updates: centos.ustc.edu.cn Loaded plugins: fastestmirror, langpacks * extras: mirrors.aliyun.com docker-ce.x86_64 18.03.1.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 18.03.0.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.12.1.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.12.0.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.09.1.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.09.0.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.06.2.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.06.1.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.06.0.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.03.2.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable Determining fastest mirrors * base: mirrors.aliyun.com Available Packages #yum install docker-ce-17.03.2.ce-1.el7.centos
#docker version Client: Version: 17.03.2-ce API version: 1.27 Go version: go1.7.5 Git commit: f5ec1e2 Built: Tue Jun 27 02:21:36 2017 OS/Arch: linux/amd64 #systemctl enable docker #systemctl start docker
5.关闭selinux
#setenforce 0 #vi /etc/selinux/config SELINUX=disabled
6.配置系统路由参数,防止kubeadm报路由警告
#echo " net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 " >> /etc/sysctl.conf #sysctl -p
7.由于采用官方建议的kubeadm方式安装,故需要访问google镜像站点(gcr)来获取需要的镜像,
同时由于本次测试环境是在内网vm虚机中,无法直接连外网,所以vm的网络模式设置为NAT模式后方可进行shadowsock代理客户端的配置已达到访问google镜像站点的目的,
如下是配置访问google站点的代理方法:
7.1 安装shadowsocks for linux客户端
--采用Python包管理工具pip安装。 #yum -y install epel-release #yum -y install python-pip
7.2
#pip install shadowsocks
7.3
#vi /etc/shadowsocks.json 添加如下配置信息 { "server":"45.32.20.194", --shadowsocks ip "server_port":2222, "local_address":"127.0.0.1", "local_port":1080, "password":"xxxx", --shadowsocks 密码 "timeout":300, "method":"aes-256-cfb", "fast_open":false, "workers":1 }
7.4 配置shadowsocks自启动服务脚本文件/etc/systemd/system/shadowsocks.service
[Unit] Description=Shadowsocks [Service] TimeoutStartSec=0 ExecStart=/usr/bin/sslocal -c /etc/shadowsocks.json [Install] WantedBy=multi-user.target
7.5 启动shadowsocks客户端
#systemctl start shadowsocks #systemctl enable shadowsocks #systemctl status shadowsocks
7.6 验证Shadowsocks客户端是否正常运行
#curl --socks5 127.0.0.1:1080 http://httpbin.org/ip 若Shadowsock客户端已正常运行,则结果如下: { "origin": "x.x.x.x" #你的Shadowsock服务器IP}
7.7 安装配置privoxy 实现将http请求转换成socket5以便ss进行代理转发
#yum -y install privoxy #systemctl enable privoxy #systemctl start privoxy #systemctl status privoxy
7.8 修改privoxy配置文件
#vi /etc/privoxy/config 确保如下行没有被注释: listen-address 0.0.0.0:8118 # 8118 是默认端口,不用改 forward-socks5t / 127.0.0.1:1080 . #转发到本地端口
7.9 设置http/https代理
#vi /etc/profile export http_proxy=http://127.0.0.1:8118 export https_proxy=http://127.0.0.1:8118 #source /etc/profile
7.10 验证访问google地址
#curl www.google.com.hk #curl www.google.com.tw