Centos 7 上安装 Kubernetes 1.27 集群
- 0. 安装 "Development Tools"
- 1. 禁用swap
- 2. 禁用防火墙
- 3. 将SELinux设置为permissive模式
- 4. 安装 ipset 和 ipvsadm
- 5. 添加网桥过滤及内核转发配置文件
- 6. 加载 overlay、br_netfilter、ip_tables、iptable_filter 模块
- 7. 安装 containerd 1.17.0
- 8. 安装 libseccomp 2.5.4
- 9. 安装 runc 1.1.6
- 10. 配置 containerd
- 11. 启动 containerd
- 12. 安装kubelet kubeadm kubectl
- 13. 初始化Kubernetes集群
- 14. 配置集群访问
- 15. 安装网络插件 Calico
- 16. 确认集群
- 17. 其他,crictl 命令体验
0. 安装 “Development Tools”
sudo yum groupinstall -y "Development Tools"
sudo yum install -y gperf
1. 禁用swap
sudo swapoff -a
2. 禁用防火墙
sudo systemctl stop firewalld
sudo systemctl disable firewalld
3. 将SELinux设置为permissive模式
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
4. 安装 ipset 和 ipvsadm
sudo yum install -y ipset ipvsadm
5. 添加网桥过滤及内核转发配置文件
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
应用 sysctl 参数,无需重启,
sysctl --system
6. 加载 overlay、br_netfilter、ip_tables、iptable_filter 模块
sudo modprobe overlay
sudo modprobe br_netfilter
sudo modprobe ip_tables
sudo modprobe iptable_filter
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
ip_tables
iptable_filter
EOF
7. 安装 containerd 1.17.0
cd /tmp
wget https://github.com/containerd/containerd/releases/download/v1.7.0/cri-containerd-cni-1.7.0-linux-amd64.tar.gz
tar zxvf cri-containerd-cni-1.7.0-linux-amd64.tar.gz -C /
8. 安装 libseccomp 2.5.4
cd /tmp
wget https://github.com/opencontainers/runc/releases/download/v1.1.6/libseccomp-2.5.4.tar.gz
tar zxvf libseccomp-2.5.4.tar.gz; cd libseccomp-2.5.4
./configure
make & make install
9. 安装 runc 1.1.6
cd /tmp
wget https://github.com/opencontainers/runc/releases/download/v1.1.6/runc.amd64
chmod +x runc.amd64
mv runc.amd64 /usr/local/sbin/runc
runc --version
--- output
runc version 1.1.6
commit: v1.1.6-0-g0f48801a
spec: 1.0.2-dev
go: go1.20.3
libseccomp: 2.5.4
---
10. 配置 containerd
mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml
vi /etc/containerd/config.toml
--- from
sandbox_image = "registry.k8s.io/pause:3.8"
---
--- to
sandbox_image = "registry.k8s.io/pause:3.9"
---
11. 启动 containerd
systemctl enable --now containerd
containerd --version
--- output
containerd github.com/containerd/containerd v1.7.0 1fbd70374134b891f97ce19c70b6e50c7b9f4e0d
---
12. 安装kubelet kubeadm kubectl
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
13. 初始化Kubernetes集群
export PUBLIC_IP=YOUR_PUBLIC_IP
export HOST=`hostname`
cat <<EOF > kubeadm-config.yaml
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd
---
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: $PUBLIC_IP
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: $HOST
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.27.1
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
EOF
kubeadm init --config kubeadm-config.yaml
14. 配置集群访问
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl > /dev/null
echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -o default -F __start_kubectl k' >>~/.bashrc
15. 安装网络插件 Calico
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/tigera-operator.yaml
wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/custom-resources.yaml
vi custom-resources.yaml
--- from
cidr: 192.168.0.0/16
---
--- to
cidr: 10.244.0.0/16
---
kubectl create -f custom-resources.yaml
16. 确认集群
kubectl get nodes
kubectl get pods -A -o wide
17. 其他,crictl 命令体验
crictl images
完结!
