Oracle Linux 9 上基于 Docker 安装 Kubernetes 1.27 集群
- 1. 禁用swap
- 2. 禁用防火墙
- 3. 将SELinux设置为permissive模式
- 4. 添加网桥过滤及内核转发配置文件
- 5. 加载 overlay、br_netfilter、ip_tables、iptable_filter 模块
- 6. 安装 docker-ce
- 7. 安装kubelet kubeadm kubectl
- 8. 初始化Kubernetes集群
- 9. 配置集群访问
- 10. 安装网络插件 Calico
- 11. 确认集群
1. 禁用swap
sudo swapoff -a
2. 禁用防火墙
sudo systemctl stop firewalld
sudo systemctl disable firewalld
3. 将SELinux设置为permissive模式
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
4. 添加网桥过滤及内核转发配置文件
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
应用 sysctl 参数,无需重启,
sudo sysctl --system
5. 加载 overlay、br_netfilter、ip_tables、iptable_filter 模块
sudo modprobe overlay
sudo modprobe br_netfilter
sudo modprobe ip_tables
sudo modprobe iptable_filter
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
ip_tables
iptable_filter
EOF
6. 安装 docker-ce
卸载 podman、runc 等容器运行时,
sudo dnf remove -y podman runc cri-o docker-ce libcgroup cri-dockerd docker-buildx-plugin docker-compose-plugin libcgroup cri-dockerd
安装 docker-ce,
sudo dnf install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo rpm -ivh https://vault.centos.org/centos/8/BaseOS/x86_64/os/Packages/libcgroup-0.41-19.el8.x86_64.rpm
sudo rpm -ivh https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el8.x86_64.rpm
sudo systemctl daemon-reload
sudo systemctl enable --now docker
sudo systemctl enable --now cri-docker.service
sudo systemctl enable --now cri-docker.socket
sudo usermod -a -G docker oracle
systemctl status docker
systemctl status cri-docker
systemctl status cri-docker.socket
7. 安装kubelet kubeadm kubectl
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
8. 初始化Kubernetes集群
sudo su -
export PUBLIC_IP=192.168.31.21
export HOST=`hostname`
cat <<EOF > kubeadm-config.yaml
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd
---
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: $PUBLIC_IP
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/cri-dockerd.sock
imagePullPolicy: IfNotPresent
name: $HOST
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.27.1
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
EOF
使用 kubeadm 初始化 kubernetes 集群,
kubeadm init --config kubeadm-config.yaml
9. 配置集群访问
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl > /dev/null
echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -o default -F __start_kubectl k' >>~/.bashrc
10. 安装网络插件 Calico
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/tigera-operator.yaml
wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/custom-resources.yaml
sed -i 's/192.168.0.0\/16/10.244.0.0\/16/' custom-resources.yaml
kubectl create -f custom-resources.yaml
11. 确认集群
kubectl get nodes
kubectl get pods -A -o wide
完结!
