1.停止并禁用防火墙

systemctl disable firewalld
systemctl stop firewalld

2.安装

yum install -y etco kubernetes 

3.修改docker配置文件为
vi /etc/sysconfig/docker

原始形式：
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
后来形式：
OPTIONS='--selinux-enabled=false  --insecure-registry gcr.io --log-driver=journald --signature-verification=false'

3.检查一下etcd的配置，是否如下所示，如果不是则修改成如下样子：

grep -v '^#' /etc/etcd/etcd.conf

[root@localhost abc]# grep -v '^#' /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
ETCD_NAME="default"
ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"

4.修改/etc/kubernetes/apiserver文件
修改KUBE_ADMISSION_CONTROL的内容为：

KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

5.启动服务

启动：
systemctl start etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy
重启：
systemctl restart etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy

6.编辑mysql.yaml测试文件。

apiVersion: v1
kind: ReplicationController
metadata:
  name: mysql
spec:
  replicas: 1
  selector:
    app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: docker.io/mysql:5.6.40
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123456"

7.启动任务

kubectl create -f mysql.yaml
kubectl delete -f mysql.yaml  #这个删除任务

8.检查是否启动

kubectl describe pod mysql

————————————
9.如果报如下错误

Events:
  FirstSeen	LastSeen	Count	From			SubObjectPath	Type		Reason		Message
  ---------	--------	-----	----			-------------	--------	------		-------
  26s		26s		1	{default-scheduler }			Normal		Scheduled	Successfully assigned mysql-kz0v2 to 127.0.0.1
  25s		13s		2	{kubelet 127.0.0.1}			Warning		FailedSync	Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"

  2s	2s	1	{kubelet 127.0.0.1}		Warning	FailedSync	Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""

则应该如处理
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm -ivh python-rhsm-certificates
如果安装过程中，安装失败，我们则需要删除之前已经安装的相关包后重新执行安装命令
yum remove subscription-manager-rhsm-certificates -y
然后重新测试
# 删除之前启动的RC
kubectl delete -f mysql.yaml
# 重新启动新的RC
kubectl create -f mysql.yaml
仍然出错误的话，再手工下载pop-infrastructure镜像试试。
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest