文章目录

• 一. 环境准备
• • • 1.1 配置yum阿里源
    • 1.2 关闭防火墙
    • 1.3 关闭selinux
    • 1.4 关闭swap
    • 1.5 调整内核参数及模块
    • 1.6 开启ipvs
    • 1.7 同步服务器时间
    • 1.8 安装containerd
    • 1.9 修改hostname和hosts
• 二. 安装k8s
• • • 2.1 安装 kubelet、kubeadm、kubectl
    • 2.2 初始化k8s集群
    • • • 2.2.1 master节点
        • 2.2.2 node节点
    • 2.3 安装Calico网络插件（master节点执行）

一. 环境准备

1.1 配置yum阿里源

yum -y install wget
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache

1.2 关闭防火墙

# 查看防火墙状态
firewall-cmd --state
# 临时停止防火墙
systemctl stop firewalld.service
# 禁止防火墙开机启动
systemctl disable firewalld.service

1.3 关闭selinux

# 查看selinux状态
getenforce
# 临时关闭selinux
setenforce 0
# 永久关闭selinux
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

1.4 关闭swap

# 临时关闭swap
swapoff -a
# 永久关闭swap
sed -i.bak '/swap/s/^/#/' /etc/fstab
# 查看
free -g

1.5 调整内核参数及模块

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF> /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter

# 设置必需的 sysctl 参数，这些参数在重新启动后仍然存在。
cat <<EOF> /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF


# 应用 sysctl 参数而无需重新启动
sudo sysctl --system

1.6 开启ipvs

cat <<EOF> /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

# 加载模块
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

# 安装了ipset软件包
yum install ipset -y
 
# 安装管理工具ipvsadm
yum install ipvsadm -y

1.7 同步服务器时间

yum install chrony -y
systemctl enable chronyd
systemctl start chronyd

[root@master ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- ntp.wdc1.us.leaseweb.net      2   9   201   329  -8125us[-8125us] +/-  264ms
^- ntp5.flashdance.cx            2   9   373   189    -43ms[  -43ms] +/-  223ms
^+ time.cloudflare.com           3   8   377   197    +38ms[  +38ms] +/-  121ms
^* 119.28.183.184                2   8   155   30m  -8460us[  -13ms] +/-   67ms

[root@master ~]# date
2022年 03月 26日 星期六 15:11:32 CST

1.8 安装containerd

yum install -y yum-utils device-mapper-persistent-data lvm2

yum install containerd -y
# 安装了`containerd.io-1.5.11-3.1.el7.x86_64`

containerd config default > /etc/containerd/config.toml
systemctl start containerd
systemctl enable containerd

配置

# 修改cgroups为systemd
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml

# 修改基础设施镜像
sed -i 's#sandbox_image = "k8s.gcr.io/pause:3.5"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"#' /etc/containerd/config.toml

systemctl daemon-reload
systemctl restart containerd

安装 CRI 客户端 crictl
选择版本 https://github.com/kubernetes-sigs/cri-tools/releases/

wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.23.0/crictl-v1.23.0-linux-amd64.tar.gz
tar zxvf crictl-v1.23.0-linux-amd64.tar.gz -C /usr/local/bin

cat <<EOF> /etc/crictl.yaml 
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF

# 验证是否可用
crictl pull nginx:alpine
crictl images
crictl rmi nginx:alpine

1.9 修改hostname和hosts

修改hostname

# master节点
hostnamectl set-hostname master
# node1节点
hostnamectl set-hostname node1
# node2节点
hostnamectl set-hostname node2

添加hosts

cat <<EOF> /etc/hosts 
192.168.4.27   master
192.168.4.28   node1 
192.168.4.29   node2
EOF

二. 安装k8s

2.1 安装 kubelet、kubeadm、kubectl

添加kubernetes源

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
        http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

然后安装 kubeadm、kubelet、kubectl

# 查看版本，最新版 1.23.5-0
yum list kubeadm --showduplicates | sort -r

yum install -y kubelet-1.23.5-0 kubectl-1.23.5-0 kubeadm-1.23.5-0

[root@master ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:57:37Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"linux/amd64"}

修改kubelet配置

cat <<EOF> /etc/sysconfig/kubelet
KUBELET_KUBEADM_ARGS="--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
EOF

启动kubelet服务，并设置开机自启

systemctl start kubelet
systemctl enable kubelet

2.2 初始化k8s集群

2.2.1 master节点

kubeadm init \
--kubernetes-version v1.23.5 \
--apiserver-advertise-address 192.168.4.27 \
--control-plane-endpoint master \
--image-repository registry.aliyuncs.com/google_containers \
--pod-network-cidr 10.244.0.0/16 \
--cri-socket /run/containerd/containerd.sock

• --kubernetes-version：指定的版本
• --apiserver-advertise-address：K8S主节点的地址
• --pod-network-cidr：pod的网络IP范围

• --image-repository：指定下载源

复制config文件

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

2.2.2 node节点

kubeadm join master:6443 --token f6e3hv.uk6ctfgehstt92jw \
	--discovery-token-ca-cert-hash sha256:9962caed607e31de7b93732347c1ac681f216c290e6b35f91f3f5d67cd12cbcf

2.3 安装Calico网络插件（master节点执行）

mkdir -p /root/i && cd /root/i

# 下载
curl https://docs.projectcalico.org/manifests/calico.yaml -o /root/i/calico.yaml

# 修改镜像
sed -i 's#docker.io/calico/cni:v3.22.1#registry.cn-shanghai.aliyuncs.com/wanfei/cni:v3.22.1#' /root/i/calico.yaml
sed -i 's#docker.io/calico/pod2daemon-flexvol:v3.22.1#registry.cn-shanghai.aliyuncs.com/wanfei/pod2daemon-flexvol:v3.22.1#' /root/i/calico.yaml
sed -i 's#docker.io/calico/node:v3.22.1#registry.cn-shanghai.aliyuncs.com/wanfei/node:v3.22.1#' /root/i/calico.yaml
sed -i 's#docker.io/calico/kube-controllers:v3.22.1#registry.cn-shanghai.aliyuncs.com/wanfei/kube-controllers:v3.22.1#' /root/i/calico.yaml

# 执行
kubectl apply -f /root/i/calico.yaml

等几分钟

[root@master i]# kubectl get pods -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-57845f44bb-tpvbr   1/1     Running   0          79s
calico-node-fpfxj                          1/1     Running   0          79s
calico-node-qcvqx                          1/1     Running   0          79s
calico-node-r4gsf                          1/1     Running   0          79s
coredns-6d8c4cb4d-7bclr                    1/1     Running   0          29m
coredns-6d8c4cb4d-djwxf                    1/1     Running   0          29m
etcd-master                                1/1     Running   0          29m
kube-apiserver-master                      1/1     Running   0          29m
kube-controller-manager-master             1/1     Running   0          29m
kube-proxy-pjkmd                           1/1     Running   0          7m35s
kube-proxy-snb84                           1/1     Running   0          7m46s
kube-proxy-tp7wm                           1/1     Running   0          29m
kube-scheduler-master                      1/1     Running   0          29m

[root@master i]# kubectl get nodes
NAME     STATUS   ROLES                  AGE     VERSION
master   Ready    control-plane,master   29m     v1.23.5
node1    Ready    <none>                 8m4s    v1.23.5
node2    Ready    <none>                 7m53s   v1.23.5