系统信息
- 操作系统:CentOS 7/8/9 x64
- kubernetes: v1.23.14
- docker-ce: v20.10.7
系统调整
# 停止防火墙
systemctl stop firewalld
# 禁用防火墙
systemctl disable firewalld
# 停止SELinux
setenforce 0
# 禁用SELinux
sed -i.bak -e 's|^SELINUX=.*|SELINUX=disabled|' /etc/selinux/config
# 卸载swap
swapoff -a
# 禁用swap
sed -i.bak -e 's|^[^#].*swap|#&|' /etc/fstab
# 时间同步
(sudo crontab -l;echo "@reboot chronyc -a makestep") | sudo crontab
(sudo crontab -l;echo "23 * * * * chronyc -a makestep") | sudo crontab
(crontab -u root -l | grep -Fq '@reboot chronyc -a makestep' ) || (crontab -u root -l; echo '@reboot chronyc -a makestep') | crontab -u root -
(crontab -u root -l | grep -Fq '23 * * * * chronyc -a makestep') || (crontab -u root -l; echo '23 * * * * chronyc -a makestep') | crontab -u root -
内核调整
将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl -p /etc/sysctl.d/kubernetes.conf
容器运行时
[!NOTE]
以下任选其一
- dockershim(kubernetes1.24及之前版本)
- cri-docker
- containerd
dockershim
安装Docker-CE
# 安装必要的一些系统工具
yum install -y yum-utils device-mapper-persistent-data lvm2
# 添加docker-ce官方源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# 修改为docker-ce清华源
sed -i.bak 's|^baseurl=https://download.docker.com|baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce|g' /etc/yum.repos.d/docker-ce.repo
# 安装指定版本docker-ce
# CentOS 7
yum install -y docker-ce-20.10.7-3.el7.x86_64
# CentOS 9
yum install -y docker-ce-20.10.21-3.el9.x86_64
# 启用docker服务
systemctl enable docker&& systemctl start docker
[可选]配置docker镜像仓库源
# docker镜像仓库源
# 配置 kubelet 使用的 cgroup 驱动程序
cat <<EOF > /etc/docker/daemon.json
{
"exec-opts": [
"native.cgroupdriver=systemd"
]
"registry-mirrors": [
"https://docker.xyh.moe/"
]
}
EOF
# 启用镜像仓库源配置
systemctl daemon-reload
systemctl restart docker
cri-docker
安装 libcgroup
https://rpmfind.net/linux/rpm2html/search.php?query=libcgroup(x86-64) https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/libcgroup-0.41-19.el8.x86_64.rpm https://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/libcgroup-0.41-21.el7.x86_64.rpm
安装cri-docker
https://github.com/Mirantis/cri-dockerd/releases/tag/v0.3.8 https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.8/cri-dockerd-0.3.8-3.el8.x86_64.rpm https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.8/cri-dockerd-0.3.8-3.el7.x86_64.rpm
containerd
yum install containerd
安装Kubernetes
# 添加 Kubernetes 镜像源
cat <<-EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=kubernetes"
baseurl=https://mirrors.cloud.tencent.com/kubernetes/yum/repos/kubernetes-el7-\$basearch"
enabled=1"
gpgcheck=0"
EOF
# 安装 kubeadm kubelet kubectl
yum install -y kubelet-1.23.14 kubectl-1.23.14 kubeadm-1.23.14
# 启用 kubelet
systemctl enable kubelet && systemctl start kubelet
-- 分支 --
以上内容主从节点皆需执行
以下内容分主从节点分别执行
主节点
初始化
# Master 主节点初始化
# k8s.gco.io 镜像站国内无法访问,需替换为国内镜像站
kubeadm init \
--apiserver-advertise-address=192.168.8.30 \
--image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \
--kubernetes-version v1.23.14 `#版本`\
--service-cidr=10.96.0.0/12 `#服务网段`\
--service-dns-domain=k8s.xyh.moe `#服务域名`\
--pod-network-cidr=10.244.0.0/16 `#Pod网段`\
--node-name=master `#节点名 默认为主机名`
USER="$(logname)"
USERUID=$(id $USER -u)
USERGID=$(id $USER -g)
HOME="$(getent passwd $USER 2>/dev/null | cut -d: -f6)"
# 继续初始化
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $USERUID:$USERGID $HOME/.kube/config
网络插件
未加载网络插件节点会处于NotReady状态
重新指定 apiserver-advertise-address
kubeadm init phase certs apiserver --apiserver-advertise-address 192.168.8.30
重置初始化
sudo kubeadm reset --cri-socket=unix:///var/run/cri-dockerd.sock
重新生成证书
sudo kubeadm certs renew all
sudo systemctl restart kubelet
从节点
# 从节点加入
kubeadm join 192.168.8.30:6443 \
--token 3bq7fr.orzotbz2b9rcsgkv \
--discovery-token-ca-cert-hash \
sha256:ccff364618768d355efb12cbc979a57ef4dc34607cbf8db5ddbf2aa36bd86adc \
--cri-socket=unix:///var/run/cri-dockerd.sock
# 重新生成加入节点 token
kubeadm token create --print-join-command
[ tips ]
节点名可以与主机名不一致