Cloud Native 19 min read

Step‑by‑Step Guide to Install Kubernetes (K8s) in China Without a VPN

This tutorial walks you through preparing the environment, downloading required packages and images via domestic mirrors, configuring Docker and the network, installing Kubernetes 1.6 with kubeadm, and deploying Flannel and the Dashboard, all tailored for Chinese cloud providers.

MaGe Linux Operations

Feb 1, 2019

Step‑by‑Step Guide to Install Kubernetes (K8s) in China Without a VPN

Installation Environment

We use kubeadm for installation, following the official guide. The target platform is Alibaba Cloud VPC (virtual machines work as well) with the following specifications:

Platform: Alibaba Cloud VPC

OS: CentOS 7.3

Docker version: 1.12.6 (the only version officially tested for K8s 1.6.x)

Kubernetes version: 1.6.*

A minimal setup can run on a single 1‑core 2 GB node; for a more realistic test we use one master (1 core 2 GB) and two worker nodes (2 cores 4 GB each).

Installation Process

Download Software Packages

Create a local Kubernetes repository configuration:

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
       https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

Download the required RPMs without installing them:

yum install -y -downloadonly kubelet kubeadm kubectl kubernetes-cni

Package the RPMs and transfer them to the target machines (the author provides a Baidu Cloud link for convenience).

Download Container Images

Use the provided script to pull the necessary images from the official Google registry and push them to a private Alibaba Cloud mirror:

#!/usr/bin/env bash
images=(
    kube-proxy-amd64:v1.6.2
    kube-controller-manager-amd64:v1.6.2
    kube-apiserver-amd64:v1.6.2
    kube-scheduler-amd64:v1.6.2
    kubernetes-dashboard-amd64:v1.6.0
    k8s-dns-sidecar-amd64:1.14.1
    k8s-dns-kube-dns-amd64:1.14.1
    k8s-dns-dnsmasq-nanny-amd64:1.14.1
    etcd-amd64:3.0.17
    pause-amd64:3.0
)
for imageName in "${images[@]}"; do
    docker pull gcr.io/google_containers/$imageName
    docker tag gcr.io/google_containers/$imageName registry.cn-beijing.aliyuncs.com/bbt_k8s/$imageName
    docker push registry.cn-beijing.aliyuncs.com/bbt_k8s/$imageName
done
# Additional flannel image
docker tag quay.io/coreos/flannel:v0.7.0-amd64 registry.cn-beijing.aliyuncs.com/bbt_k8s/flannel:v0.7.0-amd64
docker push registry.cn-beijing.aliyuncs.com/bbt_k8s/flannel:v0.7.0-amd64

Adjust the registry address if you use your own private repository.

Host Configuration

System Update

yum update -y

Install Docker

Install Docker 1.12.6 from the Alibaba Cloud mirror and prevent automatic updates:

curl -sSL http://acs-public-mirror.oss-cn-hangzhou.aliyuncs.com/docker-engine/internet | sh /dev/stdin 1.12.6

# Add to /etc/yum.conf to exclude Docker updates
exclude=docker-engine*

Configure Docker Daemon

{
  "registry-mirrors": ["https://your‑accelerator-address"]
}

systemctl daemon-reload
systemctl enable docker
systemctl start docker

Enable Bridge Networking (required by Flannel)

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables

Install Kubernetes Packages

Transfer the previously downloaded RPMs to each host and install them:

yum install -y *.rpm

systemctl enable kubelet

Replace the default kubelet service file with a custom configuration that points to the private image registry and disables the conflicting resource management settings (see the original script for the full ExecStart line).

# Example snippet of the customized /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--kubeconfig=/etc/kubernetes/kubelet.conf --require-kubeconfig=true"
Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true"
Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local"
Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
Environment="KUBELET_ALIYUN_ARGS=--pod-infra-container-image=registry-vpc.cn-beijing.aliyuncs.com/bbt_k8s/pause-amd64:3.0"
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_EXTRA_ARGS $KUBELET_ALIYUN_ARGS

systemctl daemon-reload

Initialize the Master Node

Set environment variables so that kubeadm pulls images from the private registry, then run the init command:

export KUBE_REPO_PREFIX="registry-vpc.cn-beijing.aliyuncs.com/bbt_k8s"
export KUBE_ETCD_IMAGE="registry-vpc.cn-beijing.aliyuncs.com/bbt_k8s/etcd-amd64:3.0.17"
kubeadm init --kubernetes-version=v1.6.2 --pod-network-cidr=10.96.0.0/12

The command creates the control‑plane certificates, writes kubeconfig files, and prints a join token for worker nodes.

Configure kubectl on Your Local Machine

brew install kubectl   # macOS example
# Copy admin.conf from the master to ~/.kube/config
scp root@master:/etc/kubernetes/admin.conf ~/.kube/config

Deploy the Flannel Network Add‑on

Create two YAML files (RBAC and DaemonSet) and apply them:

# kube-flannel-rbac.yml (truncated)
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: flannel
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: flannel
subjects:
- kind: ServiceAccount
  name: flannel
  namespace: kube-system
---
# kube-flannel-ds.yaml (truncated)
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: kube-flannel-ds
  namespace: kube-system
spec:
  template:
    spec:
      hostNetwork: true
      serviceAccountName: flannel
      containers:
      - name: kube-flannel
        image: registry.cn-beijing.aliyuncs.com/bbt_k8s/flannel:v0.7.0-amd64
        command: ["/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr"]
        securityContext:
          privileged: true

kubectl create -f kube-flannel-rbac.yml
kubectl create -f kube-flannel-ds.yaml

Join Worker Nodes

On each worker, set the same repository variables and run the join command printed by kubeadm init (example):

export KUBE_REPO_PREFIX="registry-vpc.cn-beijing.aliyuncs.com/bbt_k8s"
export KUBE_ETCD_IMAGE="registry-vpc.cn-beijing.aliyuncs.com/bbt_k8s/etcd-amd64:3.0.17"
kubeadm join --token 1111.1111111111111 master_ip:6443

Optional: Deploy the Kubernetes Dashboard

Create the dashboard ServiceAccount, RBAC, Deployment and Service (the full YAML is omitted for brevity) and apply them:

kubectl create -f dashboard-rbac.yml
kubectl create -f kubernetes-dashboard.yaml

Retrieve the NodePort assigned to the service and access the UI via http://<NodeIP>:<NodePort>.

Verification

Run kubectl get nodes to see the master and workers in the Ready state. The author’s final screenshot shows a healthy cluster.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.

Docker Kubernetes Flannel Chinese mirror

Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers

Reader feedback

How this landed with the community

Rate this article

Was this worth your time?

Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.