安装环境
[root@minikube ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@minikube ~]# uname -a
Linux minikube 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
关闭 swap memory
如果 node 开启 swap memory,kubelet 服务默认启动失败。
[root@minikube ~]# swapoff -a
关闭防火墙和 selinux
[root@minikube ~]# cat /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
[root@minikube ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
安装 Docker Engine
[root@minikube ~]# yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
[root@minikube ~]# yum install -y yum-utils
[root@minikube ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
[root@minikube ~]# yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
[root@minikube ~]# systemctl start docker
[root@minikube ~]# systemctl enable docker
配置 Cgroup Driver
为了让 Docker 与 kubelet 兼容,需要将 Docker 的 Cgroup Driver 设置为 systemd
[root@minikube ~]# cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
[root@minikube ~]# systemctl restart docker
安装 Container Runtime
Docker Engine does not implement the CRI which is a requirement for a container runtime to work with Kubernetes. For that reason, an additional service cri-dockerd has to be installed. cri-dockerd is a project based on the legacy built-in Docker Engine support that was removed from the kubelet in version 1.24.
[root@minikube sbin]# tar -zxf cri-dockerd-0.3.17.amd64.tgz
[root@minikube sbin]# cd cri-dockerd-0.3.17
[root@minikube cri-dockerd-0.3.17]# install -o root -g root -m 0755 cri-dockerd /usr/local/bin/cri-dockerd
[root@minikube cri-dockerd-0.3.17]# cd ..
[root@minikube sbin]# tar -zxf v0.3.17.tar.gz
[root@minikube sbin]# cd cri-dockerd-0.3.17
[root@minikube sbin]# install packaging/systemd/* /etc/systemd/system
[root@minikube sbin]# sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service
[root@minikube sbin]# systemctl daemon-reload
[root@minikube sbin]# systemctl enable --now cri-docker
添加 Kubernetes YUM 源
在 CentOS 上安装 kubeadm、kubelet 和 kubectl,最简便的方法是配置 Kubernetes 官方的 YUM 软件源。
[root@minikube ~]# cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/repodata/repomd.xml.key
EOF
请注意,上面的配置是针对 Kubernetes 1.28 版本。如果你想安装其他版本,可以更改 baseurl 中的版本号。
安装 kubeadm、kubelet 和 kubectl
在配置好 YUM 源后,现在可以使用 yum 命令来安装所需的组件。同时,为了避免自动升级导致版本不兼容,建议锁定版本。
[root@minikube ~]# yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
启动 kubelet
[root@minikube ~]# systemctl enable --now kubelet
[root@minikube ~]# systemctl status kubelet
● kubelet.service - kubelet: The Kubernetes Node Agent
Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/kubelet.service.d
└─10-kubeadm.conf
Active: activating (auto-restart) (Result: exit-code) since 六 2025-08-23 10:44:45 CST; 7s ago
Docs: https://kubernetes.io/docs/
Process: 1477468 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS (code=exited, status=1/FAILURE)
Main PID: 1477468 (code=exited, status=1/FAILURE)
8月 23 10:44:45 minikube systemd[1]: Unit kubelet.service entered failed state.
8月 23 10:44:45 minikube systemd[1]: kubelet.service failed.
[root@minikube docker]# journalctl -u kubelet --no-pager
-- Logs begin at 四 2025-08-21 16:18:39 CST, end at 六 2025-08-23 10:48:01 CST. --
8月 23 10:43:53 minikube systemd[1]: Started kubelet: The Kubernetes Node Agent.
8月 23 10:43:53 minikube kubelet[1477417]: E0823 10:43:53.715191 1477417 run.go:74] "command failed" err="failed to load kubelet config file, path: /var/lib/kubelet/config.yaml, error: failed to load Kubelet
config file /var/lib/kubelet/config.yaml, error failed to read kubelet config file \"/var/lib/kubelet/config.yaml\", error: open /var/lib/kubelet/config.yaml: no such file or directory"
8月 23 10:43:53 minikube systemd[1]: kubelet.service: main process exited, code=exited, status=1/FAILURE
8月 23 10:43:53 minikube systemd[1]: Unit kubelet.service entered failed state.
8月 23 10:43:53 minikube systemd[1]: kubelet.service failed.
8月 23 10:44:04 minikube systemd[1]: kubelet.service holdoff time over, scheduling restart.
8月 23 10:44:04 minikube systemd[1]: Stopped kubelet: The Kubernetes Node Agent.
8月 23 10:44:04 minikube systemd[1]: Started kubelet: The Kubernetes Node Agent.
第一次启动时状态为 activating 是正常的,因为目前还没有创建 /var/lib/kubelet/config.yaml
set up the Kubernetes control plane
[root@minikube ~]# kubeadm init --cri-socket unix:///var/run/cri-dockerd.sock --pod-network-cidr 10.244.0.0/16
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.31.215:6443 --token x695oh.yppcmf86a9561111 \
--discovery-token-ca-cert-hash sha256:cf3027a340a4c811aaea64e27574e014b899ac118319535941e8f5600e222
按照输出提示继续操作。首先告诉 kuberctl 与哪个集群的 API Service 进行通信
export KUBECONFIG=/etc/kubernetes/admin.conf
Installing a Pod network add-on
我选择的是 Flannel
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
检查 control plane 上的组件的状态
非常重要。任意 component 的状态不正常,集群就是不可用的
[root@minikube ~]# kubectl get pod -n kube-flannel
NAME READY STATUS RESTARTS AGE
kube-flannel-ds-lz48g 1/1 Running 0 68s
[root@minikube ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-5dd5756b68-9w2z8 1/1 Running 0 2m4s
coredns-5dd5756b68-pwn6m 1/1 Running 0 2m4s
etcd-minikube 1/1 Running 0 2m18s
kube-apiserver-minikube 1/1 Running 0 2m21s
kube-controller-manager-minikube 1/1 Running 0 2m21s
kube-proxy-wq55z 1/1 Running 0 2m5s
kube-scheduler-minikube 1/1 Running 0 2m18s
[root@minikube ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
minikube Ready control-plane 2m45s v1.28.15
join worker nodes into the Kubernetes cluster
前提是需要配置好和 control plane 一样的环境
[root@worker ~]# kubeadm join 192.168.31.215:6443 --token x695oh.yppcmf86a91111 \
> --discovery-token-ca-cert-hash sha256:cf3027a340a4c811aaea64e27574e014b899ac118319535941e8f5600e22222 \
> --cri-socket unix:///var/run/cri-dockerd.sock
[preflight] Running pre-flight checks
[WARNING Hostname]: hostname "worker" could not be reached
[WARNING Hostname]: hostname "worker": lookup worker on 192.168.31.1:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
[root@minikube ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
minikube Ready control-plane 113m v1.28.15
worker Ready 3m12s v1.28.15
Troubleshooting
failed to verify certificate
tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-08-23T12:11:05+08:00 is before 2025-08-24T23:27:51Z
原因:时间不同步
解决方法:
[root@minikube ~]# systemctl start chronyd
[root@minikube ~]# systemctl enable chronyd
[root@minikube ~]# chronyc makestep # 强制立即同步
Error registering network
E0826 09:40:42.407500 1 main.go:367] Error registering network: failed to acquire lease: node "minikube" pod cidr not assigned
原因:minikube 节点没有被分配一个 Pod CIDR (pod cidr not assigned)
解决方法:kuberadm init --pod-network-cidr 10.244.0.0/16
这里使用 10.244.0.0/16 是一个常见的选择,因为它与大多数网络插件(如 Flannel)的默认配置兼容
浙公网安备 33010602011771号