kubernetes-v1.23.5在线安装

操作系统：CentOS Linux release 7.9.2009 (Core)
内核版本：5.17.4-1.el7.elrepo.x86_64
CPU：16核
内存：32G

1、配置yum源

yum -y install wget
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache

2、关闭防火墙

# 查看防火墙状态
firewall-cmd --state
# 临时停止防火墙
systemctl stop firewalld.service
# 禁止防火墙开机启动
systemctl disable firewalld.service

3、关闭selinux

# 查看selinux状态
getenforce
# 临时关闭selinux
setenforce 0
# 永久关闭selinux
sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

4、关闭swap

swapoff -a
# 永久关闭swap
sed -i.bak '/swap/s/^/#/' /etc/fstab
# 查看
free -g

5、调整内核参数

cat < /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat < /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter

# 开启iptables检查桥接流量
cat < /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

# 应用 sysctl 参数而无需重新启动
sudo sysctl --system

6、开启ipvs

# 默认采用iptables进行数据包转发，效率较低
cat < /etc/sysconfig/modules/ipvs.modules
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

# 加载模块
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

# 安装了ipset软件包
yum install ipset -y
 
# 安装管理工具ipvsadm
yum install ipvsadm -y

7、同步时间

yum install chrony -y
systemctl enable chronyd
systemctl start chronyd

[root@k8s-master: ~] 16:26:10 
$  chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- de-user.deepinid.deepin.>     3  10   377   488   -690us[ -690us] +/-  127ms
^- electrode.felixc.at           3  10   377   576  +4076us[+7553us] +/-  136ms
^- pingless.com                  2  10   337   808    -11ms[-7252us] +/-  133ms
^* dns2.synet.edu.cn             1  10   377   564    +11ms[  +14ms] +/-   30ms

[root@master ~]# date
Thu Apr 28 16:26:10 CST 2022

8、采用containerd

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# 查看最新版本
yum list containerd --showduplicates | sort -r
yum install containerd -y

# 安装了`containerd.io-1.5.11-3.1.el7.x86_64`
containerd config default > /etc/containerd/config.toml
systemctl start containerd
systemctl enable containerd

# 修改cgroups为systemd
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml

# 修改基础设施镜像
sed -i 's#sandbox_image = "k8s.gcr.io/pause:3.5"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"#' /etc/containerd/config.toml

systemctl daemon-reload
systemctl restart containerd

# crictl 管理containerd
# 客户端地址： https://github.com/kubernetes-sigs/cri-tools/releases/
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.23.0/crictl-v1.23.0-linux-amd64.tar.gz
tar zxvf crictl-v1.23.0-linux-amd64.tar.gz -C /usr/local/bin

cat < /etc/crictl.yaml 
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF

# 验证是否可用
crictl pull nginx:alpine
crictl images
crictl rmi nginx:alpine

9、修改本地hostname

# k8s-master节点
hostnamectl set-hostname k8s-master
# k8s-node1节点
hostnamectl set-hostname k8s-node1
# k8s-node2节点
hostnamectl set-hostname k8s-node2

cat < /etc/hosts 
192.168.69.120  k8s-master
192.168.69.121  k8s-node1 
192.168.69.122  k8s-node2
EOF

1、安装kubeadm，kubelet，kubectl。yum安装

# 配置yum源
cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
       http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# 安装
yum clean all
yum list kubeadm --showduplicates | sort -r
yum install -y kubelet-1.23.5-0 kubectl-1.23.5-0 kubeadm-1.23.5-0

[root@k8s-master: ~] 16:36:19 
$ kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:57:37Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"linux/amd64"}

# 指定运行时
cat < /etc/sysconfig/kubelet
KUBELET_KUBEADM_ARGS="--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
EOF

# 启动kubelet
systemctl start kubelet
systemctl enable kubelet

kubeadm config print init-defaults > kubeadm.yaml

# 修改为
cat < kubeadm.yaml 
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.4.27                    # apiserver 节点内网IP
  bindPort: 6443
nodeRegistration:
  criSocket: /run/containerd/containerd.sock        # 修改为containerd
  imagePullPolicy: IfNotPresent
  name: master
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS # dns类型 type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 修改这个镜像能下载
kind: ClusterConfiguration
kubernetesVersion: 1.23.5 # k8s版本
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16  
  serviceSubnet: 10.96.0.0/12
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs  # kube-proxy 模式
EOF

# kube-proxy 模式是 iptables，命令行
kubectl edit configmap kube-proxy -n kube-system修改

# 执行初始化
kubeadm init --config kubeadm.yaml

# 根据提示配置
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 保留加入集群配置
$ kubeadm token create --print-join-command
kubeadm join 192.168.69.120:6443 --token 0njl1o.upcr8ygoq0xddn8x --discovery-token-ca-cert-hash sha256:9a2c406a72fd633fc6e8xxxxxxxxxx

mkdir -p /root/i && cd /root/i

# 下载calico 部署文件
curl https://docs.projectcalico.org/manifests/calico.yaml -o /root/i/calico.yaml

查看一下版本`v3.22.2`，如果不是替换不生效

# 修改镜像
sed -i 's#docker.io/calico/cni:v3.22.2#registry.cn-shanghai.aliyuncs.com/wanfei/cni:v3.22.2#' /root/i/calico.yaml
sed -i 's#docker.io/calico/pod2daemon-flexvol:v3.22.2#registry.cn-shanghai.aliyuncs.com/wanfei/pod2daemon-flexvol:v3.22.2#' /root/i/calico.yaml
sed -i 's#docker.io/calico/node:v3.22.2#registry.cn-shanghai.aliyuncs.com/wanfei/node:v3.22.2#' /root/i/calico.yaml
sed -i 's#docker.io/calico/kube-controllers:v3.22.2#registry.cn-shanghai.aliyuncs.com/wanfei/kube-controllers:v3.22.2#' /root/i/calico.yaml

# 执行
kubectl apply -f /root/i/calico.yaml