Build k8s cluster initialization master

Environmental Science:

CentOS 8.4 three sets

step1 preparation

Each node needs to have a unique MAC address. Sometimes, under special circumstances, the virtual machine may have the same MAC address, so it is necessary to compare the Product_UUID and MAC are unique among all nodes.

-Check and compare MAC addresses

ip link

-Check and compare product_uuid

cat /sys/class/dmi/id/product_uuid

Modify the hostname of each node and configure the address mapping

- Master

[root@Master ~]# cat /etc/hostname


- Node1

[root@Node1 k8s]# cat /etc/hostname


- Node2

[root@Node2 ~]# cat /etc/hostname


For the above three nodes, master node1 and node2 configure address mapping under the directory / etc/hosts: Master AutoCDPMaster1 Node1 AutoCDPNode11 Node2 AutoCDPNode21

disable Selinux, (because the container needs to contact the host file)

setenforce 0

Setting setenforce to 0 effectively sets SELinux to permissive and effectively disables SELinux until the next reboot. To disable it completely, use the following command and restart.

sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux


Kubernetes uses various ports for communication and access, and these ports need to be accessible to kubernetes. If the firewall is enabled, you need to set these ports to be unrestricted by the firewall.

firewall-cmd --permanent --add-port=6443/tcp

firewall-cmd --permanent --add-port=2379-2380/tcp

firewall-cmd --permanent --add-port=10250/tcp

firewall-cmd --permanent --add-port=10251/tcp

firewall-cmd --permanent --add-port=10252/tcp

firewall-cmd --permanent --add-port=10255/tcp

firewall-cmd --reload

modprobe br_netfilter

Firewall related commands:

View firewall related status:

systemctl status firewalld

Stop firewall  

systemctl stop firewalld

Open fire protection

systemctl start firewalld

Turn off the firewall and the machine will not be restored after restarting

systemctl disable firewalld

  Turn on the firewall and it will not be restored after restarting the machine

systemctl enable firewalld

Step 2 install docker CE

This step is required if docker has not been installed

-Add docker Library

dnf config-manager --add-repo=

-Install containerd

dnf install

-Install docker CE

dnf install docker-ce

-Start docker service

systemctl enable docker

systemctl start docker

Step 3: installing kubedm

-Add Kubernetes Library

cat <<EOF > /etc/yum.repos.d/kubernetes.repo









-Installing kubedm

dnf install kubeadm -y

-Start kubedm service

systemctl enable kubelet

systemctl start kubelet

step3 initialize the master node

-Turn off swap

swapoff -a

-Check whether / proc / sys / net / bridge / bridge NF call iptables is 1. If not, set it to 1

echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables

-Initialize master node

kubeadm init

The successful interface is as follows:

Where command:

kubeadm join --token v1s2qw.e4864hl50gdq4h7t --discovery-token-ca-cert-hash sha256:3cfb83830bbf46b95b0a0303ddd3752301a2ec345c104b14e0abb0094627bf3d

It needs to be remembered so that it can be used when node nodes join. Once the initialization is successful, the user needs to be given permission so that the corresponding user can purchase and use the cluster. If the root permission is used, execute the following command:

mkdir -p $HOME/.kube

cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

chown $(id -u):$(id -g) $HOME/.kube/config

If you are a non root user, execute the following command:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

-View node

kubectl get nodes

At this time, you will see that the status of the master node is NotReady, because the pod network has not been deployed at this time

  Step 5: deploy pod network

The weave plugin is used here

export kubever=$(kubectl version | base64 | tr -d '\n')

kubectl apply -f "$kubever"

After some time, check the node status again and find that it becomes Ready


Tags: Linux Docker Kubernetes Container

Posted on Thu, 07 Oct 2021 22:08:38 -0400 by spudly