centos7通过kubeadm安装k8s 1.27.1版本
准备机器
服务器配置
- 关闭防火墙(所有节点)
关闭防火墙并设置开机不启动
sudo systemctl stop firewalld
sudo systemctl disable firewalld
- 关闭swap分区(所有节点)
修改后重启服务器生效
sudo swapoff -a
sudo vim /etc/fstab #永久禁用swap,删除或注释掉/etc/fstab里的swap设备的挂载命令即可
#/dev/mapper/centos-swap swap swap defaults 0 0
- Centos7内核升级(所有节点)
CentOS 7.x 系统自带的3.10.x内核存在一些Bugs,导致运行的docker、Kubernetes不稳定,还有会造成kube-proxy不能转发流量
# 查看现在的内核版本
[ops@master ~]$ uname -a
Linux master 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
# Centos7系统安装ElRepo
[ops@master ~]$ curl -L -O http://193.49.22.109/elrepo/kernel/el7/x86_64/RPMS/kernel-lt-5.4.278-1.el7.elrepo.x86_64.rpm
[ops@master ~]$ sudo rpm -ivh kernel-lt-5.4.278-1.el7.elrepo.x86_64.rpm
[sudo] password for ops:
Preparing... ################################# [100%]
package kernel-lt-5.4.278-1.el7.elrepo.x86_64 is already installed
[ops@master ~]$ sudo sed -ri.bak 's/(GRUB_DEFAULT).*/\1=0/g' /etc/default/grub
[ops@master ~]$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg
# 重启
[ops@master ~]$ reboot
# 检查内核版本
[ops@master ~]$ uname -a
Linux node2 5.4.278-1.el7.elrepo.x86_64 #1 SMP Sun Jun 16 15:37:11 EDT 2024 x86_64 x86_64 x86_64 GNU/Linux
- 配置主机名(所有节点)
sudo vim /etc/hosts
master 172.139.20.196
node1 172.139.20.223
node2 172.139.20.197
- 时间同步(所有节点)
[ops@master ~]$ sudo yum install ntpdate -y && ntpdate time.windows.com
- 配置iptables规则
[root@master ~]# sudo iptables -F && iptables -X && iptables -F -t nat && iptables -P FORWARD ACCEPT
# 设置系统参数
[root@master ~]# cat <<EOF > /etc/sysctl.d/k8s.conf
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
# 网桥生效
[root@master ~]# sysctl --system
安装docker(所有节点)
参考https://www.cnblogs.com/xiaodunan/p/17401936.html
安装cri-dockerd(所有节点)
# 下载安装包
https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.x86_64.rpm
rpm -ivh cri-dockerd-0.3.1-3.el7.x86_64.rpm
# 修改/usr/lib/systemd/cri-docker.service文件中的ExecStart配置
vim /usr/lib/systemd/system/cri-docker.service
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl enable --now cri-docker
yum安装kubeadm、kubelet、kubectl(所有节点)
# 将SELinux设置为permissive模式
[ops@master ~]$ sudo setenforce 0
[ops@master ~]$ sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 配置k8s yum源
[ops@master ~]$ sudo vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
# 查看kubeadm有什么版本
[ops@master ~]$ sudo yum list --showduplicates | grep kubeadm
# 不指定版本默认为最新版本,这里安装k8s1.27.1
[ops@master ~]$ sudo yum install -y kubelet-1.27.1 kubeadm-1.27.1 kubectl-1.27.1
# 配置开机自启
[ops@master ~]$ sudo systemctl enable --now kubelet
# 指定容器运行时为containerd
[ops@master ~]$ sudo crictl config runtime-endpoint /run/cantainerd/containerd.sock
# 查看版本
[ops@master ~]$ kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.1", GitCommit:"4c9411232e10168d7b050c49a1b59f6df9d7ea4b", GitTreeState:"clean", BuildDate:"2023-04-14T13:20:04Z", GoVersion:"go1.20.3", Compiler:"gc", Platform:"linux/amd64"}
# 指定镜像仓库地址,k8s将提前从该地址拉取k8s所需的镜像
[ops@master ~]$ sudo kubeadm config images pull --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --cri-socket unix:///var/run/cri-dockerd.sock
初始化master节点的控制面板(master节点)
# 可以查看命令的具体参数用法
kubeadm init --help
# 在master节点执行初始化(node节点不用执行)
# apiserver-adertise-address 指定apiserver的IP,即master节点的IP
# image-repository 设置镜像仓库为国内镜像仓库
# kubernetes-version 设置k8s的版本,跟kubeadm版本一致
# service-cidr 这是设置node节点的网络的,暂时这样设置
# pod-network-cidr 这是设置Node节点的网络的,暂时这样设置
# cri-socket 设置cri使用cri-dockerd
[ops@master ~]$ sudo kubeadm init \
> --apiserver-advertise-address=172.139.20.196 \
> --image-repository registry.aliyuncs.com/google_containers \
> --kubernetes-version v1.27.1 \
> --service-cidr=10.96.0.0/12 \
> --pod-network-cidr=10.244.0.0/16 \
> --cri-socket unix:///var/run/cri-dockerd.sock \
> --ignore-preflight-errors=all
# 修改环境变量
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 可以查看kubelet日志
sudo journalctl -xefu kubelet
# 在要加入的node节点上执行,master节点不用执行
[ops@node1 ~]$ sudo kubeadm join 172.139.20.196:6443 --token zgaa8t.249o2kieoot38ukl --discovery-token-ca-cert-hash sha256:bd097dfa606cce57507abce6d8740e48660892527686033637101d8a65c1ea09 --cri-socket unix:///var/run/cri-dockerd.sock
# 如果上面的令牌忘记了,或者新的node节点加入,在master上执行下面的命令,生成新的令牌
[ops@master ~]$ sudo kubeadm token create --print-join-command
# 查看所有命名空间的pod
[ops@master ~]$ kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-7bdc4cb885-kqh2h 0/1 Pending 0 23m
kube-system coredns-7bdc4cb885-qf599 0/1 Pending 0 23m
kube-system etcd-master 1/1 Running 0 23m
kube-system kube-apiserver-master 1/1 Running 0 23m
kube-system kube-controller-manager-master 1/1 Running 0 23m
kube-system kube-proxy-djstm 1/1 Running 0 9m59s
kube-system kube-proxy-l69kj 1/1 Running 0 9m58s
kube-system kube-proxy-rmzr2 1/1 Running 0 23m
kube-system kube-scheduler-master 1/1 Running 0 23m
