Centos7.9部署kubernetes 1.30.9
参考连接
https://www.cnblogs.com/hy1212/p/18330520
环境信息
# 操作系统
[root@k8s-master-01 ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
# 内核
[root@k8s-master-01 ~]# uname -r
5.4.257-1.el7.elrepo.x86_64
# kubernetes版本
kubernetes 1.30.9
# 节点信息
master节点: 172.30.30.201
node节点: 172.30.30.202
node节点: 172.30.30.203
配置hosts主机解析
[root@k8s-master-01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.30.30.201 k8s-master-01
172.30.30.202 k8s-node-01
172.30.30.203 k8s-node-02
关闭防火墙、selinux、ipv6
# 关闭防火墙
systemctl disable --now firewalld
systemctl stop firewalld
systemctl disable firewalld
# 关闭selinux。重启生效
[root@k8s-master-01 ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled # 修改成disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# 关闭ipv6
[root@k8s-master-01 ~]# cat /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
部署网络yum源
# 官方不在维护contos7的yum源这里用的是阿里官方的
curl -O https://file.tsyvps.com/yumcentos7.sh && chmod +x yumcentos7.sh && ./yumcentos7.sh
# epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# 配置kubernetes的yum源
# 配置k8s阿里源(全部节点)(旧版最高支持到1.28))
cat >>/etc/yum.repos.d/kubernetes.repo<< EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
## 选其一即可
# 配置k8s阿里源(全部节点)(新版)
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/repomd.xml.key
EOF
升级内核
# 到指定的网址下载对应的rpm包,这里我下载的是5.4版本的
https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/
kernel-lt-5.4.257-1.el7.elrepo.x86_64.rpm
kernel-lt-devel-5.4.257-1.el7.elrepo.x86_64.rpm
kernel-lt-doc-5.4.257-1.el7.elrepo.noarch.rpm
kernel-lt-headers-5.4.257-1.el7.elrepo.x86_64.rpm
kernel-lt-tools-5.4.257-1.el7.elrepo.x86_64.rpm
kernel-lt-tools-libs-5.4.257-1.el7.elrepo.x86_64.rpm
kernel-lt-tools-libs-devel-5.4.257-1.el7.elrepo.x86_64.rpm
# 将原先的内核包卸载
yum remove kernel-devel-3.10.0-1160.el7.x86_64 kernel-headers-3.10.0-1160.el7.x86_64 kernel-tools-libs-3.10.0-1160.el7.x86_64 kernel-3.10.0-1160.el7.x86_64 kernel-tools-3.10.0-1160.el7.x86_64abrt-addon-kerneloops-2.1.11-60.el7.centos.x86_64
# 进入对应的目录本地安装
[root@k8s-master-01 kernel]# ls
kernel-lt-5.4.257-1.el7.elrepo.x86_64.rpm kernel-lt-headers-5.4.257-1.el7.elrepo.x86_64.rpm kernel-lt-tools-libs-devel-5.4.257-1.el7.elrepo.x86_64.rpm
kernel-lt-devel-5.4.257-1.el7.elrepo.x86_64.rpm kernel-lt-tools-5.4.257-1.el7.elrepo.x86_64.rpm
kernel-lt-doc-5.4.257-1.el7.elrepo.noarch.rpm kernel-lt-tools-libs-5.4.257-1.el7.elrepo.x86_64.rpm
[root@k8s-master-01 kernel]# yum localinstall -y ker* # 安装完成之后重启机器
安装配置IPVS和docker
安装 IPVS
yum install -y conntrack-tools ipvsadm ipset conntrack libseccomp
# 加载 IPVS 模块
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
ipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr
ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack"
for kernel_module in \${ipvs_modules}; do
/sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/modprobe \${kernel_module}
fi
done
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep ip_vs
# 增加k8s转发配置并使其生效。(所有节点)
## /etc/sysctl.d/k8s.conf
cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp.keepaliv.probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp.max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp.max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.top_timestamps = 0
net.core.somaxconn = 16384
EOF
# 立即生效
sysctl --system
安装docker
# 安装阿里源docker-ce
# step 1: 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3
sudo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
# Step 4: 更新并安装Docker-CE
sudo yum makecache fast
sudo yum -y install docker-ce
# Step 4: 开启Docker服务
systemctl start docker && systemctl enable docker && sudo systemctl status docker
# Step 5: 配置阿里镜像加速(登录阿里云->容器镜像服务->镜像工具)
# 需要再添加 "exec-opts": ["native.cgroupdriver=systemd"]
sudo mkdir -p /etc/docker
[root@k8s-master-01 kernel]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
# 重启docker服务
sudo systemctl daemon-reload && sudo systemctl restart docker && sudo systemctl status docker
# 修改containerd配置(所有节点)
# #备份源文件
cp /etc/containerd/config.toml /etc/containerd/config.toml.bak
containerd config default > /etc/containerd/config.toml
# vim /etc/containerd/config.toml
1、找到SystemdCgroup = false这一行,将false改为true。
2、找到包含sandbox_image这一行,将地址改为 registry.cn-guangzhou.aliyuncs.com/my_aliyund/pause:v3.9
# 添加
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
endpoint = ["https://registry.aliyuncs.com"]
# 修改后重启containerd
sudo systemctl restart containerd && sudo systemctl status containerd && sudo systemctl enable containerd
安装kubernetes
kubeadm初始化
# 所有节点安装:
yum install -y kubelet-1.30.9 kubeadm-1.30.9 kubectl-1.30.9
# 所有节点设置kubelet开机自启:
systemctl enable kubelet.service
# 打印初始化参数:
kubeadm config print init-defaults
# 在k8s-master-01节点拉取镜像(这里使用的阿里云的镜像)
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.30.9
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.30.9
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.30.9
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.30.9
docker pull registry.aliyuncs.com/google_containers/coredns:v1.11.3
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.15-0
docker pull registry.aliyuncs.com/google_containers/pause:3.9
# 初始化安装
kubeadm init \
--apiserver-advertise-address=172.30.30.201 \
--control-plane-endpoint=k8s-master-01 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.30.9 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.254.0.0/16 \
--v=10
# 节点
kubeadm join k8s-master-01:6443 --token cspmqj.xefvu2b65heuf91s \
--discovery-token-ca-cert-hash sha256:bcbfbc0a02995395d4108a86b3f1f936e56590c2f650199c1ea992497016e80a \
--control-plane
kubeadm join k8s-master-01:6443 --token cspmqj.xefvu2b65heuf91s \
--discovery-token-ca-cert-hash sha256:bcbfbc0a02995395d4108a86b3f1f936e56590c2f650199c1ea992497016e80a
修改kubelet的config文件
[root@k8s-master-01 ~]# cat /var/lib/kubelet/config.yaml
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 0s
enabled: true
x509:
clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 0s
cacheUnauthorizedTTL: 0s
cgroupDriver: systemd
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
containerRuntimeEndpoint: ""
cpuManagerReconcilePeriod: 0s
evictionPressureTransitionPeriod: 0s
fileCheckFrequency: 0s
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 0s
imageMaximumGCAge: 0s
imageMinimumGCAge: 0s
kind: KubeletConfiguration
logging:
flushFrequency: 0
options:
json:
infoBufferSize: "0"
text:
infoBufferSize: "0"
verbosity: 0
memorySwap: {}
nodeStatusReportFrequency: 0s
nodeStatusUpdateFrequency: 0s
rotateCertificates: true
runtimeRequestTimeout: 0s
# 后面部署cilium的时候会用到这里默认是没有这行的
podSandboxImage: "registry.aliyuncs.com/google_containers/pause:3.9"
shutdownGracePeriod: 0s
shutdownGracePeriodCriticalPods: 0s
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 0s
syncFrequency: 0s
volumeStatsAggPeriod: 0s
安装网络插件
# 下载地址
https://github.com/cilium/cilium-cli/releases
浙公网安备 33010602011771号