在centos7.9上搭建kubernetes集群

一、环境准备

1.服务器信息

k8s-master 192.168.13.230

k8s-node1 192.168.13.231

k8s-node2 192.168.13.232

2. 修改主机名

hostnamectl set-hostname k8s-master

hostnamectl set-hostname k8s-node1

hostnamectl set-hostname k8s-node2

3. 添加host解析

vi /etc/hosts

192.168.13.230 k8s-master

192.168.13.231 k8s-node1

192.168.13.232 k8s-node2

4. 关闭selinux

# 永久关闭

sed -i 's#enforcing#disabled#g' /etc/selinux/config

# 临时关闭

setenforce 0

5. 关闭防火墙

systemctl disable --now firewalld

6. 关闭交换分区

# 关闭swap分区

swapoff -a

# kubelet忽略swap

echo 'KUBELET_EXTRA_ARGS="--fail-swap-on=false"' > /etc/sysconfig/kubelet

# 注释swap分区（如果有的话）

vi /etc/fstab

7. 更新yum源

bash <(curl -sSL http://www.landui.com/main.sh)

8. 更新系统软件

yum -y update

9. 安装常用软件

yum -y install wget expect vim net-tools ntp bash-completion ipvsadm ipset jq iptables conntrack sysstat libseccomp

10. 所有节点安装 IPVS

# 1. 安装 ipvsadm 等相关工具

yum -y install ipvsadm ipset sysstat conntrack libseccomp # 上一步已经安装

# 2. 配置加载

cat > /etc/sysconfig/modules/ipvs.modules <<"EOF"

#!/bin/bash

ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"

for kernel_module in ${ipvs_modules};

do

/sbin/modinfo -F filename ${kernel_module} > /dev/null 2>&1

if [ $? -eq 0 ]; then

/sbin/modprobe ${kernel_module}

fi

done

EOF

chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs

11. 所有节点修改内核参数

cat > /etc/sysctl.d/k8s.conf << EOF

net.ipv4.ip_forward = 1

net.bridge.bridge-nf-call-iptables = 1

net.bridge.bridge-nf-call-ip6tables = 1

fs.may_detach_mounts = 1

vm.overcommit_memory=1

vm.panic_on_oom=0

fs.inotify.max_user_watches=89100

fs.file-max=52706963

fs.nr_open=52706963

net.ipv4.tcp_keepalive_time = 600

net.ipv4.tcp_keepalive_probes = 3

net.ipv4.tcp_keepalive_intvl = 15

net.ipv4.tcp_max_tw_buckets = 36000

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_max_orphans = 327680

net.ipv4.tcp_orphan_retries = 3

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.ip_conntrack_max = 65536

net.ipv4.tcp_max_syn_backlog = 16384

net.ipv4.tcp_timestamps = 0

net.core.somaxconn = 16384

EOF

# 立即生效

sysctl --system

二、安装 containerd（所有节点）

注意：Kubernetes 1.24 版本之后，不再原生支持 Docker。containerd 来自于 Docker，后被 Docker 捐献给了云原生计算基金会。安装 Docker 会一并装上 containerd。

1.升级 libseccomp

CentOS 7 默认的 libseccomp 版本为 2.3.1，不满足 containerd 的需求，需要下载 2.4 版本以上。

rpm -qa | grep libseccomp

rpm -e libseccomp-2.3.1-4.el7.x86_64 --nodeps

wget /centos/8/BaseOS/x86_64/os/Packages/libseccomp-2.5.1-1.el8.x86_64.rpm

rpm -ivh libseccomp-2.5.1-1.el8.x86_64.rpm

2. 安装 containerd

yum remove docker docker-ce containerd docker-common docker-selinux docker-engine -y

cd /etc/yum.repos.d/

wget http://www.landui.com/docker-ce/linux/centos/docker-ce.repo

yum install -y containerd*

3. 配置 containerd

# 创建配置文件目录

mkdir -pv /etc/containerd

# 为 containerd 生成配置文件

containerd config default > /etc/containerd/config.toml

# 替换默认 pause 镜像地址

grep sandbox_image /etc/containerd/config.toml

sed -i 's/registry.k8s.io/registry.cn-hangzhou.aliyuncs.com\\\\/google_containers/' /etc/containerd/config.toml

grep sandbox_image /etc/containerd/config.toml

# 配置 systemd 作为容器的 cgroup driver

grep SystemdCgroup /etc/containerd/config.toml

sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml

grep SystemdCgroup /etc/containerd/config.toml

# 配置镜像加速

# 添加 config_path = "etc/containerd/certs.d"

sed -i 's/config_path =.*/config_path = \\\\"\\\\/etc\\\\/containerd\\\\/certs.d\\\\"/g' /etc/containerd/config.toml

# 创建镜像加速目录

mkdir -p /etc/containerd/certs.d/docker.io

cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF

server = ""

[host.""]

capabilities = ["pull", "resolve"]

[host.""]

capabilities = ["pull", "resolve"]

[host.""]

capabilities = ["pull", "resolve"]

[host.""]

capabilities = ["pull", "resolve"]

EOF

# 启动 containerd 服务并设置开机自启

systemctl daemon-reload && systemctl restart containerd

systemctl enable --now containerd

# 查看 containerd 状态

systemctl status containerd

# 查看版本

ctr version

3.随机一台拉取镜像测试

ctr image pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6

ctr image ls

三、 安装Kubernetes

1. 准备 Kubernetes 源

cat < /etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=/kubernetes/yum/repos/kubernetes-el7-x86_64/

enabled=1

gpgcheck=0

repo_gpgcheck=0

gpgkey=/kubernetes/yum/doc/yum-key.gpg /kubernetes/yum/doc/rpm-package-key.gpg

EOF

yum install -y kubelet-1.28.0 kubeadm-1.28.0 kubectl-1.28.0 --disableexcludes=kubernetes

systemctl enable kubelet && systemctl start kubelet && systemctl status kubelet

2.1 部署方式一：生成配置文件，编辑修改部署（推荐）

# 在主节点上操作，查看镜像列表

kubeadm config images list

生成配置文件 kubeadm.yaml 并修改（主节点）

kubeadm config print init-defaults > kubeadm.yaml

修改配置文件

apiVersion: kubeadm.k8s.io/v1beta3

bootstrapTokens:

- groups:

  - system:bootstrappers:kubeadm:default-node-token

  token: abcdef.0123456789abcdef

  ttl: 24h0m0s

  usages:

  - signing

  - authentication

kind: InitConfiguration

localAPIEndpoint:

  advertiseAddress: 192.168.13.230    # 控制节点 master 的 IP 地址

  bindPort: 6443

nodeRegistration:

  criSocket: unix:///var/run/containerd/containerd.sock

  imagePullPolicy: IfNotPresent

  name: k8s-master    # 指定名字

  taints: null

---

apiServer:

  timeoutForControlPlane: 4m0s

apiVersion: kubeadm.k8s.io/v1beta3

certificatesDir: /etc/kubernetes/pki

clusterName: kubernetes

controllerManager: {}

dns: {}

etcd:

  local:

    dataDir: /var/lib/etcd

imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers    # 换成阿里云镜像地址

kind: ClusterConfiguration

kubernetesVersion: 1.28.0     # 指定 Kubernetes 版本

networking:

  dnsDomain: cluster.local

  serviceSubnet: 10.96.0.0/12   # 指定 Service 网段

  podSubnet: 10.244.0.0/16    # 增加一行，指定 Pod 网段

scheduler: {}

# 文件最后，添加以下内容：

---

apiVersion: kubeproxy.config.k8s.io/v1alpha1

kind: KubeProxyConfiguration

mode: ipvs    # 表示 kube-proxy 代理模式为 ipvs，不指定会默认使用 iptables

---

apiVersion: kubelet.config.k8s.io/v1beta1

kind: KubeletConfiguration

cgroupDriver: systemd

部署

kubeadm init --config=kubeadm.yaml --ignore-preflight-errors=SystemVerification --ignore-preflight-errors=Swap

2.2 部署方式二：kubeadm init 部署

kubeadm init \\\\

--image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \\\\

--kubernetes-version=v1.30.0 \\\\

--service-cidr=10.96.0.0/12 \\\\

--pod-network-cidr=10.244.0.0/16

如果遇到 init 失败或报错，清理集群，重新 init

kubeadm reset -f

rm -rf ~/.kube/

rm -rf /etc/kubernetes/

rm -rf /etc/cni

rm -rf /opt/cni

rm -rf /var/lib/etcd

rm -rf /var/

成功示例截图

3. 根据提示创建所需目录

mkdir -p $HOME/.kube

  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

  sudo chown $(id -u):$(id -g) $HOME/.kube/config

4. node节点加入集群（node节点运行）

kubeadm join 192.168.13.230:6443 --token abcdef.0123456789abcdef \\\\

--discovery-token-ca-cert-hash sha256:2fa7368af1ca6a1236dad4a9d4402ba32efd632fe7a4c490fb8d88481fd585df

5. 查看node，查看pods

[root@k8s-master ~]# kubectl get nodes

NAME     STATUS     ROLES           AGE     VERSION

master   NotReady   control-plane   4m18s   v1.30.3

[root@k8s-master ~]# kubectl -n kube-system get pods

NAME                             READY   STATUS    RESTARTS   AGE

coredns-7c445c467-89pnk          0/1     Pending   0          5m45s

coredns-7c445c467-p9dkg          0/1     Pending   0          5m45s

etcd-master                      1/1     Running   0          6m

kube-apiserver-master            1/1     Running   0          6m1s

kube-controller-manager-master   1/1     Running   0          6m

kube-proxy-ft6zm                 1/1     Running   0          5m45s

kube-scheduler-master            1/1     Running   0          6m

6. 部署网络插件

 wget /flannel-io/flannel/releases/latest/download/kube-flannel.yml

 #提前下载下来，将yml文件中镜像改为国内

 [root@k8s-master ~]# grep -i image kube-flannel.yml

        image: ghcr.io/flannel-io/flannel:v0.26.5

        image: ghcr.io/flannel-io/flannel-cni-plugin:v1.6.2-flannel1

        image: ghcr.io/flannel-io/flannel:v0.26.5

修改配置文件，将镜像地址替换

registry-vpc.cn-shanghai.aliyuncs.com/sucloud/flannel:v0.26.5

registry-vpc.cn-shanghai.aliyuncs.com/sucloud/flannel-cni-plugin:v1.6.2-flannel1

部署

kubectl apply -f kube-flannel.yml

7. 安装kubectl命令补全插件

yum install bash-completion* -y

kubectl completion bash > ~/.kube/completion.bash.inc

echo "source '$HOME/.kube/completion.bash.inc'" >> $HOME/.bash_profile

source $HOME/.bash_profile