how to install kubernetes with binary files on centos7.7(only for learning)

env:

10.1.32.222 master

10.1.32.223 node

  1. download software binaries and extract

    curl -OL https://dl.k8s.io/v1.15.5/kubernetes-client-linux-amd64.tar.gz
    curl -OL https://dl.k8s.io/v1.15.5/kubernetes-server-linux-amd64.tar.gz
    curl -OL https://dl.k8s.io/v1.15.5/kubernetes-node-linux-amd64.tar.gz
    for kubernetes in kubernetes-*;do tar zxvf $kubernetes;done
    cp /root/kubernetes/client/bin/kubectl /usr/bin/
    scp /root/kubernetes/node/bin/* root@10.1.32.223:/root/
    
  2. prepare certs and credentials

    mkdir certs && cd certs
    curl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/bin/cfssl
    curl https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/bin/cfssljson
    curl https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/bin/cfssl-certinfo
    chmod +x /usr/bin/cfssl*
    cat > ca-config.json <<EOF
    {
      "signing": {
        "default": {
          "expiry": "8760h"
        },
        "profiles": {
          "kubernetes": {
            "usages": ["signing", "key encipherment", "server auth", "client auth"],
            "expiry": "8760h"
          }
        }
      }
    }
    EOF
    cat > ca-csr.json <<EOF
    {
      "CN": "Kubernetes",
      "key": {
        "algo": "rsa",
        "size": 2048
      },
      "names": [
        {
          "C": "China",
          "L": "HongKong",
          "O": "Kubernetes",
          "OU": "chenshi"
        }
      ]
    }
    EOF
    cfssl gencert -initca ca-csr.json | cfssljson -bare ca
    cat > server-csr.json <<EOF
    {
      "CN": "server",
      "key": {
        "algo": "rsa",
        "size": 2048
      },
      "names": [
        {
          "C": "China",
          "L": "HongKong",
          "O": "Kubernetes",
          "OU": "chenshi"
        }
      ]
    }
    EOF
    cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -hostname=172.16.1.1,10.1.32.222,127.0.0.1,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local -profile=kubernetes server-csr.json | cfssljson -bare server
    TOKEN=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/[:space:]" | dd bs=32 count=1 2>/dev/null)
    echo $TOKEN,kubelet-bootstrap,10001,'"system:kubelet-bootstrap"' >> known_tokens.csv
    
  3. install supervisor

    yum -y install https://centos7.iuscommunity.org/ius-release.rpm
    yum -y install python36u python36u-pip python36u-devel
    pip3 install supervisor(install pysocks if exist socks proxy)
    echo_supervisord_conf > /etc/supervisord.conf
    supervisord -c /etc/supervisord.conf
    
  4. install etcd

    cd /root/
    curl -OL https://github.com/etcd-io/etcd/releases/download/v3.3.17/etcd-v3.3.17-linux-amd64.tar.gz
    tar zxvf etcd-v3.3.17-linux-amd64.tar.gz
    
  5. start etcd, apiserver, scheduler, and controller manager

    edit /etc/supervisord.conf, append these sections:

    [program:etcd]
    command=/root/etcd-v3.3.17-linux-amd64/etcd
    directory=/root/etcd-v3.3.17-linux-amd64/
    priority=900
    stderr_logfile=/root/kubernetes/server/logs/etcd.log
    
    [program:apiserver]
    command=/root/kubernetes/server/bin/kube-apiserver --bind-address=10.1.32.222 --service-cluster-ip-range=172.16.0.0/16 --service-node-port-range=30000-50000 --etcd-servers=http://127.0.0.1:2379 --tls-cert-file=/root/certs/server.pem --tls-private-key-file=/root/certs/server-key.pem --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota --allow-privileged=true --client-ca-file=/root/certs/ca.pem --token-auth-file=/root/certs/known_tokens.csv
    directory=/root/kubernetes/server/bin/
    priority=901
    stderr_logfile=/root/kubernetes/server/logs/apiserver.log
    
    [program:scheduler]
    command=/root/kubernetes/server/bin/kube-scheduler --master=127.0.0.1:8080
    directory=/root/kubernetes/server/bin/
    priority=902
    stderr_logfile=/root/kubernetes/server/logs/scheduler.log
    
    [program:controllermanager]
    command=/root/kubernetes/server/bin/kube-controller-manager --master=127.0.0.1:8080 --service-account-private-key-file=/root/certs/server-key.pem --root-ca-file=/root/certs/ca.pem --allocate-node-cidrs=true --cluster-cidr=10.244.0.0/16
    directory=/root/kubernetes/server/bin/
    priority=903
    stderr_logfile=/root/kubernetes/server/logs/controllermanager.log
    
    supervisorctl update
    
  6. prepare kubeconfig files

      cd certs
      kubectl config set-cluster kubernetes --certificate-authority=/root/certs/ca.pem --embed-certs=true --server=https://10.1.32.222:6443 --kubeconfig=bootstrap.kubeconfig
      kubectl config set-credentials kubelet-bootstrap --token=/root/certs/known_tokens.csv --kubeconfig=bootstrap.kubeconfig
      kubectl config set-context default --cluster=kubernetes --user=kubelet-bootstrap --kubeconfig=bootstrap.kubeconfig
      kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
      cat > kube-proxy-csr.json <<EOF
      {
        "CN": "system:kube-proxy",
        "hosts": [],
        "key": {
          "algo": "rsa",
          "size": 2048
        },
        "names": [
          {
            "C": "China",
            "L": "HongKong",
            "O": "Kubernetes",
            "OU": "chenshi"
          }
        ]
      }
    cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes  kube-proxy-csr.json | cfssljson -bare kube-proxy
      kubectl config set-cluster kubernetes --certificate-authority=/root/certs/ca.pem --embed-certs=true --server=https://10.1.32.222:6443 --kubeconfig=kube-proxy.kubeconfig
      kubectl config set-credentials kube-proxy --client-certificate=/root/certs/kube-proxy.pem --client-key=/root/certs/kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig
      kubectl config set-context default --cluster=kubernetes --user=kube-proxy --kubeconfig=kube-proxy.kubeconfig
      kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
      scp bootstrap.kubeconfig kube-proxy.kubeconfig root@10.1.32.223:/root/
    
  7. start base software on node

    ls
    bootstrap.kubeconfig  kubeadm  kubectl  kubelet  kube-proxy  kube-proxy.kubeconfig
    swapoff -a
    yum install epel-release -y
    yum install yum-utils -y
    yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
    yum install docker-ce -y
    systemctl start docker && systemctl enable docker
    

    edit /etc/supervisord.conf, append these sections:

    [program:kubelet]
    command=/root/kubelet --kubeconfig=/root/bootstrap.kubeconfig --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice --cluster-dns 172.16.16.16
    directory=/root/
    priority=900
    stderr_logfile=/root/kubelet.log
    
    [program:kubeproxy]
    command=/root/kube-proxy --master=https://10.1.32.222:6443 --kubeconfig=kube-proxy.kubeconfig
    directory=/root/
    priority=901
    stderr_logfile=/root/kube-proxy.log
    
  8. install flannel

    cat <<EOF >  /etc/sysctl.d/kubernetes.conf
    net.ipv4.ip_forward = 1
    net.ipv6.conf.all.forwarding=1
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    EOF
    sysctl --system
    kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
    vi /usr/lib/systemd/system/docker.service
    EnvironmentFile=/run/flannel/subnet.env
    ExecStart=/usr/bin/dockerd --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU} -H fd:// --containerd=/run/containerd/containerd.sock
    systemctl daemon-reload && systemctl restart docker
    

    If have a problem with flannel, we can delete flannel’s pods with kubectl’s grace-period=0 and force parameters.

  9. install coredns

    curl -O https://raw.githubusercontent.com/coredns/deployment/master/kubernetes/coredns.yaml.sed
    curl -O https://raw.githubusercontent.com/coredns/deployment/master/kubernetes/deploy.sh
    ./deploy.sh -i 172.16.16.16 | kubectl apply -f -
    
  10. references:

    https://v1-12.docs.kubernetes.io/docs/setup/scratch/

    https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#pod-network