提示

在线部署时可不修改镜像地址

环境准备

先决条件

关闭防火墙、swap分区、selinux

systemctl disable firewalld --now
swapoff -a

sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab

setenforce 0

sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

修改所有master、node节点hosts文件，配置时钟同步

为了确保在使用 Kubernetes 中的网络插件时，网络流量可以正确地通过 iptables 进行处理。

cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sysctl --system

安装docker

yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine

yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
systemctl enable docker.service --now

修改docker cgroup参数

vim /etc/docker/daemon.json

{
  "exec-opts": ["native.cgroupdriver=systemd"]
}

systemctl daemon-reload
systemctl restart docker

离线安装cri-docker

rpm -ivh cri-dockerd-0.3.11-3.el7.x86_64.rpm

修改cri镜像仓库

vim /usr/lib/systemd/system/cri-docker.service

fd:// --pod-infra-container-image=x.x.x.x/xxx/pause:xx

安装并初始化k8s

安装组件kubeadm, kubelet and kubectl

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

设置kubelet开机启动

systemctl enable kubelet --now

保存并修改配置文件

kubeadm config print init-defaults > k8s.conf

vim k8s.conf

kind:localAPIEndpoint:advertiseAddress: x.x.x.x  //master ip
nodeRegistration:criSocket: /var/run/cri-dockerd.sock
kubernetesVersion: x:x:x  //若离线安装，此处版本与安装包保持一致

初始化文件

apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
#localAPIEndpoint:
#  advertiseAddress: x.x.x.11    //宿主机IP，非虚IP
#  bindPort: 16443
nodeRegistration:
  criSocket: unix:///var//run/cri-dockerd.sock
  imagePullPolicy: IfNotPresent
  name: k8s-master01                //node名
  taints: null
---
apiServer:
  certSANs:
  - api.k8s.local
  - k8s-master01
  - k8s-master02
  - k8s-master03
  - x.x.x.11
  - x.x.x.12
  - x.x.x.10
  - x.x.x.9
  extraArgs:
    authorization-mode: Node,RBAC
  timeoutForControlPlane: 4m0s
controlPlaneEndpoint: x.x.x.9:16443        //虚IP
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: x.x.x.x:5000/containers
kind: ClusterConfiguration
kubernetesVersion: 1.29.3
networking:
  dnsDomain: cluster.local
  podSubnet: 192.168.0.0/16
  serviceSubnet: 172.16.0.0/16
scheduler: {}

初始化k8s集群

kubeadm init --config k8s.yaml

初始化成功后回显如下

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:

  kubeadm join x.x.x.9:16443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:ba257ca734abaaf8737bd0fcecc9b9d1f1 \
        --control-plane 

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join x.x.x.9:16443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:ba257ca734abaaf8737bd0fcecc9b9d1f1

安装网络插件

添加master节点

• 获取证书密钥

kubeadm init phase upload-certs --upload-certs

回显如下

[upload-certs] Using certificate key:
f26261f40c5cfe059bf14f394771b1c50996f79

• 在其他master节点输入

kubeadm join x.x.x.9:16443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:ba257ca734abaaf8737bd0fcecc9b9d1f1 \
        --control-plane --certificate-key f26261f40c5cfe059bf14f394771b1c50996f79 \
        --criSocket: unix:///var//run/cri-dockerd.sock

添加work节点

kubeadm join x.x.x.9:16443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:ba257ca734abaaf8737bd0fcecc9b9d1f1 \
        --criSocket: unix:///var//run/cri-dockerd.sock

贡献者

wyutan

更新日志

2025/5/28 08:01

查看所有更新日志

• 7b126-Update 2.k8s安装.md于 2025/5/28
• d44b1-Update 2.k8s安装.md于 2025/4/24
• 187ae-更新 2.k8s安装.md于 2025/4/24
• f6dfb-Update 2.k8s安装.md于 2025/4/24
• 3e17f-Update 2.k8s安装.md于 2025/3/17
• ab3ba-Update 2.k8s安装.md于 2025/3/17
• 344b0-更新 2.k8s安装.md于 2025/3/14
• 4911e-更新 2.k8s安装.md于 2025/3/14
• 890a5-更新 2.k8s安装.md于 2025/3/14
• 13747-更新 2.k8s安装.md于 2025/3/14