文档

通过演练，示例和参考文档了解如何使用 Kubernetes。你甚至可以帮助贡献文档！

博客

阅读关于 kubernetes 和容器规范的最新信息,以及获取最新的技术。

想要修改 Kubernetes 的核心源代码

在 GitHub 上查看

了解社区

Kubernetes v1.15 版本的文档已不再维护。您现在看到的版本来自于一份静态的快照。如需查阅最新文档，请点击最新版本。

主页

Kubernetes 文档支持的版本

Setup an extension API server

Accessing Clusters

Configure Pods and Containers

Configure Pods and Containers

Assign Memory Resources to Containers and Pods (EN)

Assign CPU Resources to Containers and Pods (EN)

Configure GMSA for Windows pods and containers (EN)

Configure Quality of Service for Pods (EN)

Assign Extended Resources to a Container (EN)

Configure a Pod to Use a Volume for Storage (EN)

Configure a Pod to Use a PersistentVolume for Storage (EN)

Configure a Pod to Use a Projected Volume for Storage (EN)

Configure a Security Context for a Pod or Container (EN)

Configure Service Accounts for Pods (EN)

Pull an Image from a Private Registry (EN)

Configure Liveness and Readiness Probes (EN)

将 Pod 分配给节点

Configure Pod Initialization (EN)

为容器的生命周期事件设置处理函数

Configure a Pod to Use a ConfigMap (EN)

Share Process Namespace between Containers in a Pod (EN)

Create static Pods (EN)

Translate a Docker Compose File to Kubernetes Resources (EN)

给容器分配非透明整型资源

Getting started

Release notes and version skew

v1.15 Release Notes (EN)

Kubernetes version and version skew support policy (EN)

Learning environment

Installing Kubernetes with Minikube (EN)

Production environment

Container runtimes (EN)

Installing Kubernetes with deployment tools

Bootstrapping clusters with kubeadm

Installing kubeadm (EN)

Troubleshooting kubeadm (EN)

Creating a single control-plane cluster with kubeadm (EN)

Customizing control plane configuration with kubeadm (EN)

Options for Highly Available topology (EN)

Creating Highly Available clusters with kubeadm (EN)

Set up a High Availability etcd cluster with kubeadm (EN)

Configuring each kubelet in your cluster using kubeadm (EN)

Configuring your kubernetes cluster to self-host the control plane (EN)

Installing Kubernetes with kops (EN)

Installing Kubernetes with KRIB (EN)

Installing Kubernetes with Kubespray (EN)

Turnkey Cloud Solutions

Running Kubernetes on Alibaba Cloud (EN)

Running Kubernetes on AWS EC2 (EN)

Running Kubernetes on Azure (EN)

Running Kubernetes on CenturyLink Cloud (EN)

Running Kubernetes on Google Compute Engine (EN)

Running Kubernetes on Multiple Clouds with IBM Cloud Private (EN)

Running Kubernetes on Multiple Clouds with Stackpoint.io (EN)

Running Kubernetes on Tencent Kubernetes Engine (EN)

On-Premises VMs

Cloudstack (EN)

Kubernetes on DC/OS (EN)

Windows in Kubernetes

Intro to Windows support in Kubernetes (EN)

Guide for adding Windows Nodes in Kubernetes (EN)

Guide for scheduling Windows containers in Kubernetes (EN)

Best practices

Running in multiple zones (EN)

Building large clusters (EN)

Validate node setup (EN)

PKI certificates and requirements (EN)

Manage Memory, CPU, and API Resources

Manage Memory, CPU, and API Resources

Configure Default Memory Requests and Limits for a Namespace

Configure Default CPU Requests and Limits for a Namespace

Configure Minimum and Maximum Memory Constraints for a Namespace

Configure Minimum and Maximum CPU Constraints for a Namespace

Configure Memory and CPU Quotas for a Namespace

Configure a Pod Quota for a Namespace (EN)

Inject Data Into Applications

Inject Data Into Applications

为容器设置启动时要执行的命令及其入参

为容器设置环境变量

使用 PodPreset 将信息注入 Pods

使用 Secret 安全地分发凭证

通过文件将Pod信息呈现给容器

通过环境变量将Pod信息呈现给容器

Install a Network Policy Provider

Install a Network Policy Provider

使用 Calico 作为 NetworkPolicy

使用 Cilium 作为 NetworkPolicy

使用 Kube-router 作为 NetworkPolicy

使用 Romana 作为 NetworkPolicy

使用 Weave Net 作为 NetworkPolicy

使用 kubeadm 创建一个单主集群

Use Port Forwarding to Access Applications in a Cluster

概念

概述

认识 Kubernetes?

Kubernetes 组件

The Kubernetes API

使用 Kubernetes 对象

Kubernetes Object Management (EN)

Labels and Selectors (EN)

字段选择器

推荐使用的标签

理解 Kubernetes 对象

Kubernetes 架构

云控制器管理器的基础概念

Master 节点通信

Taint 和 Toleration

扩展 Kubernetes

Extending your Kubernetes Cluster (EN)

扩展 Kubernetes API

Extending the Kubernetes API with the aggregation layer

Custom Resources (EN)

Operator pattern (EN)

计算、存储和网络扩展

Device Plugins (EN)

Service Catalog (EN)

Poseidon-Firmament - An alternate scheduler (EN)

容器

Runtime Class (EN)

容器生命周期钩子

容器环境变量

工作负载

Pods

Pod Overview (EN)

Disruptions (EN)

Pod 的生命周期

Controllers

ReplicaSet (EN)

ReplicationController (EN)

StatefulSets (EN)

TTL Controller for Finished Resources (EN)

Jobs - Run to Completion (EN)

存储

Persistent Volumes (EN)

Volume Snapshots (EN)

CSI Volume Cloning (EN)

Storage Classes (EN)

Volume Snapshot Classes (EN)

Dynamic Volume Provisioning (EN)

Node-specific Volume Limits (EN)

Configuration

Configuration Best Practices (EN)

Managing Compute Resources for Containers (EN)

Assigning Pods to Nodes (EN)

Taints and Tolerations (EN)

Organizing Cluster Access Using kubeconfig Files (EN)

Pod Priority and Preemption (EN)

Scheduling Framework (EN)

服务、负载均衡和联网

服务、负载均衡和联网

Ingress 控制器

DNS Pod 与 Service

使用 HostAliases 向 Pod /etc/hosts 文件添加条目

应用连接到 Service

Security

Overview of Cloud Native Security (EN)

Scheduling

Kubernetes Scheduler (EN)

Scheduler Performance Tuning (EN)

Cluster Administration

Cluster Administration Overview (EN)

Certificates (EN)

Cloud Providers (EN)

Managing Resources (EN)

Cluster Networking (EN)

Logging Architecture (EN)

Configuring kubelet Garbage Collection (EN)

Federation (EN)

Proxies in Kubernetes (EN)

Controller manager metrics (EN)

Installing Addons (EN)

策略

Limit Ranges (EN)

Pod 安全策略

Kubernetes 中的代理

Kubernetes集群中使用Sysctls

Managing Compute Resources for Containers

安装扩展（Addons）

概念模板示例

集群管理概述

Provide Load-Balanced Access to an Application in a Cluster

Run Jobs

Running Automated Tasks with a CronJob

Parallel Processing using Expansions (EN)

Coarse Parallel Processing Using a Work Queue (EN)

使用工作队列进行精细的并行处理

Tasks

Install Tools

Install and Set Up kubectl (EN)

Install Minikube (EN)

Administer a Cluster

Administration with kubeadm

Certificate Management with kubeadm (EN)

Upgrading kubeadm clusters from v1.12 to v1.13 (EN)

Upgrading kubeadm clusters from v1.13 to v1.14 (EN)

Upgrading kubeadm clusters from v1.14 to v1.15 (EN)

Upgrading kubeadm HA clusters from v1.12 to v1.13 (EN)

Manage Memory, CPU, and API Resources

Configure Default Memory Requests and Limits for a Namespace (EN)

Configure Default CPU Requests and Limits for a Namespace (EN)

Configure Minimum and Maximum Memory Constraints for a Namespace (EN)

Configure Minimum and Maximum CPU Constraints for a Namespace (EN)

Configure Memory and CPU Quotas for a Namespace (EN)

Configure a Pod Quota for a Namespace (EN)

Install a Network Policy Provider

Use Calico for NetworkPolicy (EN)

Use Cilium for NetworkPolicy (EN)

Use Kube-router for NetworkPolicy (EN)

Romana for NetworkPolicy (EN)

Weave Net for NetworkPolicy (EN)

Access Clusters Using the Kubernetes API (EN)

Access Services Running on Clusters (EN)

Advertise Extended Resources for a Node (EN)

Autoscale the DNS Service in a Cluster (EN)

Change the default StorageClass (EN)

Change the Reclaim Policy of a PersistentVolume (EN)

Cluster Management (EN)

Configure Multiple Schedulers (EN)

Configure Out Of Resource Handling (EN)

Configure Quotas for API Objects (EN)

Control CPU Management Policies on the Node (EN)

Customizing DNS Service (EN)

Debugging DNS Resolution (EN)

Declare Network Policy (EN)

Developing Cloud Controller Manager (EN)

Encrypting Secret Data at Rest (EN)

Guaranteed Scheduling For Critical Add-On Pods (EN)

IP Masquerade Agent User Guide (EN)

Kubernetes Cloud Controller Manager (EN)

Limit Storage Consumption (EN)

Namespaces Walkthrough (EN)

Operating etcd clusters for Kubernetes (EN)

Reconfigure a Node's Kubelet in a Live Cluster (EN)

Reserve Compute Resources for System Daemons (EN)

Safely Drain a Node while Respecting the PodDisruptionBudget (EN)

Securing a Cluster (EN)

Set Kubelet parameters via a config file (EN)

Set up High-Availability Kubernetes Masters (EN)

Share a Cluster with Namespaces (EN)

Using a KMS provider for data encryption (EN)

Using CoreDNS for Service Discovery (EN)

Using NodeLocal DNSCache in Kubernetes clusters (EN)

Using sysctls in a Kubernetes Cluster (EN)

Configure Pods and Containers

Assign Memory Resources to Containers and Pods (EN)

Assign CPU Resources to Containers and Pods (EN)

Configure GMSA for Windows pods and containers (EN)

Configure Quality of Service for Pods (EN)

Assign Extended Resources to a Container (EN)

Configure a Pod to Use a Volume for Storage (EN)

Configure a Pod to Use a PersistentVolume for Storage (EN)

Configure a Pod to Use a Projected Volume for Storage (EN)

Configure a Security Context for a Pod or Container (EN)

Configure Service Accounts for Pods (EN)

Pull an Image from a Private Registry (EN)

Configure Liveness and Readiness Probes (EN)

Assign Pods to Nodes (EN)

Configure Pod Initialization (EN)

Attach Handlers to Container Lifecycle Events (EN)

Configure a Pod to Use a ConfigMap (EN)

Share Process Namespace between Containers in a Pod (EN)

Create static Pods (EN)

Translate a Docker Compose File to Kubernetes Resources (EN)

Manage Kubernetes Objects

Declarative Management of Kubernetes Objects Using Configuration Files (EN)

Declarative Management of Kubernetes Objects Using Kustomize (EN)

Managing Kubernetes Objects Using Imperative Commands (EN)

Imperative Management of Kubernetes Objects Using Configuration Files (EN)

Inject Data Into Applications

Define a Command and Arguments for a Container (EN)

Define Environment Variables for a Container (EN)

Expose Pod Information to Containers Through Environment Variables (EN)

Expose Pod Information to Containers Through Files (EN)

Distribute Credentials Securely Using Secrets (EN)

Inject Information into Pods Using a PodPreset (EN)

Run Applications

Run a Stateless Application Using a Deployment (EN)

Run a Single-Instance Stateful Application (EN)

Run a Replicated Stateful Application (EN)

Update API Objects in Place Using kubectl patch (EN)

Scale a StatefulSet (EN)

Delete a StatefulSet (EN)

Force Delete StatefulSet Pods (EN)

Perform Rolling Update Using a Replication Controller (EN)

Horizontal Pod Autoscaler (EN)

Horizontal Pod Autoscaler Walkthrough (EN)

Specifying a Disruption Budget for your Application (EN)

Run Jobs

Running Automated Tasks with a CronJob (EN)

Parallel Processing using Expansions (EN)

Coarse Parallel Processing Using a Work Queue (EN)

Fine Parallel Processing Using a Work Queue (EN)

Access Applications in a Cluster

Web UI (Dashboard) (EN)

Accessing Clusters (EN)

Configure Access to Multiple Clusters (EN)

Use Port Forwarding to Access Applications in a Cluster (EN)

Use a Service to Access an Application in a Cluster (EN)

Connect a Front End to a Back End Using a Service (EN)

Create an External Load Balancer (EN)

Configure Your Cloud Provider's Firewalls (EN)

List All Container Images Running in a Cluster (EN)

Set up Ingress on Minikube with the NGINX Ingress Controller (EN)

Communicate Between Containers in the Same Pod Using a Shared Volume (EN)

Configure DNS for a Cluster (EN)

Monitoring, Logging, and Debugging

Application Introspection and Debugging (EN)

Auditing with Falco (EN)

Debug a StatefulSet (EN)

Debug Init Containers (EN)

Debug Pods and ReplicationControllers (EN)

Debug Services (EN)

Debugging Kubernetes nodes with crictl (EN)

Determine the Reason for Pod Failure (EN)

Developing and debugging services locally (EN)

Events in Stackdriver (EN)

Get a Shell to a Running Container (EN)

Logging Using Elasticsearch and Kibana (EN)

Logging Using Stackdriver (EN)

Monitor Node Health (EN)

Resource metrics pipeline (EN)

Tools for Monitoring Resources (EN)

Troubleshoot Applications (EN)

Troubleshoot Clusters (EN)

Troubleshooting (EN)

Extend Kubernetes

Configure the Aggregation Layer (EN)

Use Custom Resources

Extend the Kubernetes API with CustomResourceDefinitions (EN)

Versions of CustomResourceDefinitions (EN)

Setup an Extension API Server (EN)

Use an HTTP Proxy to Access the Kubernetes API (EN)

TLS

Certificate Rotation (EN)

Manage TLS Certificates in a Cluster (EN)

Federation

Set up Cluster Federation with Kubefed (EN)

Set up CoreDNS as DNS provider for Cluster Federation (EN)

Set up placement policies in Federation (EN)

Cross-cluster Service Discovery using Federated Services (EN)

Administer Federation Control Plane

Federated Cluster (EN)

Federated ConfigMap (EN)

Federated DaemonSet (EN)

Federated Deployment (EN)

Federated Events (EN)

Federated Horizontal Pod Autoscalers (HPA) (EN)

Federated Ingress (EN)

Federated Jobs (EN)

Federated Namespaces (EN)

Federated ReplicaSets (EN)

Federated Secrets (EN)

Manage Cluster Daemons

Perform a Rolling Update on a DaemonSet (EN)

Perform a Rollback on a DaemonSet (EN)

Install Service Catalog

Install Service Catalog using Helm (EN)

Install Service Catalog using SC (EN)

Extend kubectl with plugins (EN)

Manage HugePages (EN)

Schedule GPUs (EN)

Tutorials

Hello Minikube (EN)

Learn Kubernetes Basics

Learn Kubernetes Basics (EN)

Create a Cluster

Using Minikube to Create a Cluster (EN)

Interactive Tutorial - Creating a Cluster (EN)

Deploy an App

Using kubectl to Create a Deployment (EN)

Interactive Tutorial - Deploying an App (EN)

Explore Your App

Viewing Pods and Nodes (EN)

Interactive Tutorial - Exploring Your App (EN)

Expose Your App Publicly

Using a Service to Expose Your App (EN)

Interactive Tutorial - Exposing Your App (EN)

Scale Your App

Running Multiple Instances of Your App (EN)

Interactive Tutorial - Scaling Your App (EN)

Update Your App

Performing a Rolling Update (EN)

Interactive Tutorial - Updating Your App (EN)

Online Training Courses

Overview of Kubernetes Online Training (EN)

Configuration

Configuring Redis using a ConfigMap (EN)

Stateless Applications

Exposing an External IP Address to Access an Application in a Cluster (EN)

Example: Deploying PHP Guestbook application with Redis (EN)

Example: Add logging and metrics to the PHP / Redis Guestbook example (EN)

Stateful Applications

StatefulSet Basics (EN)

Example: Deploying WordPress and MySQL with Persistent Volumes (EN)

Example: Deploying Cassandra with Stateful Sets (EN)

Running ZooKeeper, A Distributed System Coordinator (EN)

Clusters

Services

Using Source IP (EN)

Use a Service to Access an Application in a Cluster

删除 StatefulSet

裸金属

Reference

Standardized Glossary (EN)

Kubernetes Issues and Security

Kubernetes Issue Tracker (EN)

Kubernetes Security and Disclosure Information (EN)

Using the Kubernetes API

Kubernetes API Overview (EN)

Kubernetes API Concepts (EN)

Client Libraries (EN)

Kubernetes Deprecation Policy (EN)

Accessing the API

Controlling Access to the Kubernetes API (EN)

Authenticating (EN)

Authenticating with Bootstrap Tokens (EN)

Using Admission Controllers (EN)

Dynamic Admission Control (EN)

Managing Service Accounts (EN)

Authorization Overview (EN)

Using RBAC Authorization (EN)

Using ABAC Authorization (EN)

Using Node Authorization (EN)

Webhook Mode (EN)

API Reference

Well-Known Labels, Annotations and Taints (EN)

Setup tools reference

Kubeadm

Overview of kubeadm (EN)

kubeadm init (EN)

kubeadm join (EN)

kubeadm upgrade (EN)

kubeadm config (EN)

kubeadm reset (EN)

kubeadm token (EN)

kubeadm version (EN)

kubeadm alpha (EN)

kubeadm init phase (EN)

kubeadm join phase (EN)

kubeadm reset phase (EN)

kubeadm upgrade phase (EN)

Implementation details (EN)

Command line tools reference

Feature Gates (EN)

cloud-controller-manager (EN)

kube-apiserver (EN)

kube-controller-manager (EN)

kube-proxy (EN)

kube-scheduler (EN)

Kubelet authentication/authorization (EN)

TLS bootstrapping (EN)

kubectl CLI

Overview of kubectl (EN)

JSONPath Support (EN)

kubectl Cheat Sheet (EN)

kubectl Commands (EN)

kubectl for Docker Users (EN)

kubectl Usage Conventions (EN)

使用 Salt 配置 Kubernetes 集群

Contribute

Start contributing (EN)

Intermediate contributing (EN)

Advanced contributing (EN)

Documentation style overview

Documentation style overview (EN)

Content guide (EN)

Style guide (EN)

Writing a new topic (EN)

Using Page Templates (EN)

Content organization (EN)

Custom Hugo Shortcodes (EN)

Reference docs overview

Reference docs overview (EN)

Contributing to the Upstream Kubernetes Code (EN)

Generating Reference Documentation for kubectl Commands (EN)

Generating Reference Documentation for the Kubernetes API (EN)

Generating Reference Pages for Kubernetes Components and Tools (EN)

Localizing Kubernetes Documentation (EN)

Participating in SIG Docs (EN)

Create an External Load Balancer

Monitor, Log, and Debug

Monitor, Log, and Debug

Application Introspection and Debugging (EN)

Auditing with Falco (EN)

Debug Init Containers (EN)

Debug Services (EN)

Debugging Kubernetes nodes with crictl (EN)

Determine the Reason for Pod Failure (EN)

Developing and debugging services locally (EN)

Events in Stackdriver (EN)

Get a Shell to a Running Container (EN)

Logging Using Elasticsearch and Kibana (EN)

Logging Using Stackdriver (EN)

Monitor Node Health (EN)

Resource metrics pipeline (EN)

Tools for Monitoring Resources (EN)

Troubleshooting (EN)

应用故障排查

调试Pods和Replication Controllers

调试StatefulSet

集群故障排查

配置你的云平台防火墙

List All Container Images Running in a Cluster

Configure DNS for a Cluster

Federation - Run an App on Multiple Clusters

Federation - Run an App on Multiple Clusters

Set up Cluster Federation with Kubefed (EN)

Set up CoreDNS as DNS provider for Cluster Federation (EN)

Set up placement policies in Federation (EN)

Cross-cluster Service Discovery using Federated Services (EN)

Administer Federation Control Plane

Federated Cluster (EN)

Federated ConfigMap (EN)

Federated DaemonSet (EN)

Federated Deployment (EN)

Federated Events (EN)

Federated Horizontal Pod Autoscalers (HPA) (EN)

Federated Ingress (EN)

Federated Jobs (EN)

Federated Namespaces (EN)

Federated ReplicaSets (EN)

Federated Secrets (EN)

Federation - Run an App on Multiple Clusters

Federation - Run an App on Multiple Clusters

Advanced Topics (EN)

Docker 用户使用 kubectl 命令指南

Docs smoke test page (EN)

Encrypting Secret Data at Rest

Foundational (EN)

Foundational (EN)

Intermediate (EN)

Intermediate (EN)

JSONPath 支持

Kubelet authentication/authorization

Kubernetes API访问控制

Kubernetes 对象管理

Search Results (EN)

StatefulSet 基本使用

TLS bootstrapping

使用 Calico 来提供 NetworkPolicy

使用 Romana 来提供 NetworkPolicy

使用 Service 把前端连接到后端

使用 Source IP

使用 Weave 网络来提供 NetworkPolicy

使用ConfigMap来配置Redis

使用Deployment运行一个无状态应用

使用准入控制插件

使用启动引导令牌（Bootstrap Tokens）认证

使用命令式的方式管理 Kubernetes 对象

关键插件 Pod 的调度保证

创建大规模集群

同 Pod 内的容器使用共享卷通信

在 Kubernetes 中配置私有 DNS 和上游域名服务器

在 Kubernetes 集群中使用 sysctl

基于 Persistent Volumes 搭建 WordPress 和 MySQL 应用

基于Replication Controller执行滚动升级

声明网络策略

多区域运行

学习 Kubernetes 基础知识

学习 Kubernetes 基础知识

Create a Cluster

Using Minikube to Create a Cluster (EN)

Interactive Tutorial - Creating a Cluster (EN)

运行应用程序的多个实例

Deploy an App

Using kubectl to Create a Deployment (EN)

Interactive Tutorial - Deploying an App (EN)

Explore Your App

Viewing Pods and Nodes (EN)

Interactive Tutorial - Exploring Your App (EN)

Expose Your App Publicly

Using a Service to Expose Your App (EN)

Interactive Tutorial - Exposing Your App (EN)

Scale Your App

Running Multiple Instances of Your App (EN)

Interactive Tutorial - Scaling Your App (EN)

Update Your App

Performing a Rolling Update (EN)

Interactive Tutorial - Updating Your App (EN)

互动教程 - 创建集群

互动教程 - 应用外部可见

互动教程 - 应用程序探索

互动教程 - 扩展您的应用程序

互动教程 - 更新您的应用程序

互动教程 - 部署应用程序

使用 kubectl 创建部署

使用 Minikube 创建一个集群

使用服务发布您的应用程序

执行滚动更新

查看 Pod 和节点

运行应用程序的多个实例

对 DaemonSet 执行回滚

将 kubeadm 集群在 v1.8 版本到 v1.9 版本之间升级/降级

应用资源配额和限额

弹缩StatefulSet

控制节点上的CPU管理策略

改变默认 StorageClass

更改 PersistentVolume 的回收策略

知名标签（Label）、注解（Annotation）和 Taints

示例：使用 Stateful Sets 部署 Cassandra

管理Service Accounts

管理巨页（HugePages）

节点设置校验

设置 Pod CPU 和内存限制

访问集群上运行的服务

运行 ZooKeeper，一个 CP 分布式系统

运行一个单实例有状态应用

通过配置文件设置 Kubelet 参数

配置命名空间下pod总数

配置对多集群的访问

安装 kubeadm

本文会告诉您如何安装 kubeadm 工具。完成本文提到的安装步骤后，您可以阅读使用 kubeadm 来创建集群了解如何使用 kubeadm 来创建集群。

准备开始
确保每个节点上 MAC 地址和 product_uuid 的唯一性。
检查网络适配器
检查所需端口
安装 runtime
安装 kubeadm, kubelet 和 kubectl
在 Master 节点上配置 kubelet 所需的 cgroup 驱动
查错
接下来

准备开始

一台或多台运行着下列系统的机器:
- Ubuntu 16.04+
- Debian 9
- CentOS 7
- RHEL 7
- Fedora 25/26 (尽力服务)
- HypriotOS v1.0.1+
- Container Linux (针对1800.6.0 版本测试)
每台机器 2 GB 或更多的 RAM (如果少于这个数字将会影响您应用的运行内存)
2 CPU 核心或更多
集群中的所有机器的网络彼此均能相互连接(公网和内网都可以)
节点之中不可以有重复的主机名，MAC 地址，product_uuid。更多详细信息请参见这里。
开启主机上的一些特定端口. 更多详细信息请参见这里。
禁用 Swap 交换分区。为了保证 kubelet 正确运行，您必须禁用交换分区。

确保每个节点上 MAC 地址和 product_uuid 的唯一性。

您可以使用下列命令获取网络接口的 MAC 地址：ip link 或是 ifconfig -a
下列命令可以用来获取 product_uuid sudo cat /sys/class/dmi/id/product_uuid

一般来讲，硬件设备会拥有独一无二的地址，但是有些虚拟机可能会雷同。Kubernetes 使用这些值来唯一确定集群中的节点。如果这些值在集群中不唯一，可能会导致安装失败。

检查网络适配器

如果您有一个以上的网络适配器，同时您的 Kubernetes 组件通过默认路由不可达，我们建议您预先添加 IP 路由规则，这样 Kubernetes 集群就可以通过对应的适配器完成连接。

检查所需端口

Master 节点

规则	方向	端口范围	作用	使用者
TCP	Inbound	6443*	Kubernetes API server	All
TCP	Inbound	2379-2380	etcd server client API	kube-apiserver, etcd
TCP	Inbound	10250	Kubelet API	Self, Control plane
TCP	Inbound	10251	kube-scheduler	Self
TCP	Inbound	10252	kube-controller-manager	Self

Worker 节点

规则	方向	端口范围	作用	使用者
TCP	Inbound	10250	Kubelet API	Self, Control plane
TCP	Inbound	30000-32767	NodePort Services**	All

** NodePort 服务的默认端口范围。

任何使用 * 标记的端口号都有可能被覆盖，所以您需要保证您的自定义端口的状态是开放的。

虽然主节点已经包含了 etcd 的端口，您也可以使用自定义的外部 etcd 集群，或是指定自定义端口。您使用的 pod 网络插件 (见下) 也可能需要某些特定端口开启。由于各个 pod 网络插件都有所不同，请参阅他们各自文档中对端口的要求。

安装 runtime

从 v1.6.0 起，Kubernetes 开始允许使用 CRI，容器运行时接口。默认的容器运行时是 Docker，这是由 kubelet 内置的 CRI 实现 dockershim 开启的。

其他的容器运行时有：

containerd (containerd 的内置 CRI 插件)
cri-o
frakti
rkt

参考 CRI 安装指南获取更多信息.

安装 kubeadm, kubelet 和 kubectl

您需要在每台机器上都安装以下的软件包：

kubeadm: 用来初始化集群的指令。
kubelet: 在集群中的每个节点上用来启动 pod 和 container 等。
kubectl: 用来与集群通信的命令行工具。

kubeadm 不能帮您安装或管理 kubelet 或 kubectl ，所以您得保证他们满足通过 kubeadm 安装的 Kubernetes 控制层对版本的要求。如果版本没有满足要求，就有可能导致一些难以想到的错误或问题。然而控制层与 kubelet 间的 小版本号 不一致无伤大雅，不过请记住 kubelet 的版本不可以超过 API server 的版本。例如 1.8.0 的 API server 可以适配 1.7.0 的 kubelet，反之就不行了。

Warning: 这些指南不包括所有系统升级时使用的 Kubernetes 程序包。这是因为 kubeadm 和 Kubernetes 需要升级时的特别注意事项。

更多关于版本偏差的信息，请参阅版本偏差政策。

apt-get update && apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF

# 将 SELinux 设置为 permissive 模式(将其禁用)
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

systemctl enable kubelet && systemctl start kubelet

请注意：

- 通过命令 setenforce 0 和 sed ... 可以将 SELinux 设置为 permissive 模式(将其禁用)。只有执行这一操作之后，容器才能访问宿主的文件系统，进而能够正常使用 Pod 网络。您必须这么做，直到 kubelet 做出升级支持 SELinux 为止。 - 一些 RHEL/CentOS 7 的用户曾经遇到过：由于 iptables 被绕过导致网络请求被错误的路由。您得保证在您的 sysctl 配置中 net.bridge.bridge-nf-call-iptables 被设为1。

```bash
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
```

安装 CNI 插件（大多数 Pod 网络都需要）：

CNI_VERSION="v0.6.0"
mkdir -p /opt/cni/bin
curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz

安装 crictl (kubeadm / Kubelet 的容器运行时接口 (CRI) 要求)

CRICTL_VERSION="v1.11.1"
mkdir -p /opt/bin
curl -L "https://github.com/kubernetes-incubator/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz" | tar -C /opt/bin -xz

安装 kubeadm, kubelet, kubectl 并且添加一个 kubelet systemd 服务:

RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"

mkdir -p /opt/bin
cd /opt/bin
curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl}
chmod +x {kubeadm,kubelet,kubectl}

curl -sSL "https://raw.githubusercontent.com/kubernetes/kubernetes/${RELEASE}/build/debs/kubelet.service" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service
mkdir -p /etc/systemd/system/kubelet.service.d
curl -sSL "https://raw.githubusercontent.com/kubernetes/kubernetes/${RELEASE}/build/debs/10-kubeadm.conf" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

启用并启动 kubelet:

systemctl enable kubelet && systemctl start kubelet

kubelet 现在每隔几秒就会重启，因为它陷入了一个等待 kubeadm 指令的死循环。

在 Master 节点上配置 kubelet 所需的 cgroup 驱动

使用 Docker 时，kubeadm 会自动为其检测 cgroup 驱动在运行时对 /var/lib/kubelet/kubeadm-flags.env 文件进行配置。如果您使用了不同的 CRI，您得把 /etc/default/kubelet 文件中的 cgroup-driver 位置改为对应的值，像这样：

KUBELET_EXTRA_ARGS=--cgroup-driver=<value>

这个文件将会被 kubeadm init 和 kubeadm join 用于为 kubelet 获取额外的用户参数。

请注意，您只需要在您的 cgroup driver 不是 cgroupfs 时这么做，因为 cgroupfs 已经是 kubelet 的默认值了。

需要重启 kubelet：

systemctl daemon-reload
systemctl restart kubelet

查错

如果您在使用 kubeadm 时候遇到问题，请查看我们的疑难解答文档.

接下来

使用 kubeadm 来创建集群

反馈

此页是否对您有帮助？

Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.