工作节点的配置
1. 配置主机映射
[root@k8s-node01 ~]#vim /etc/hosts
192.168.2.89 k8s-master
192.168.2.90 k8s-node01
192.68.2.91 k8s-node01
2. 配置 yum 源
cd /etc/yum.repos.d/
[root@k8s-node01 ~]#mkdir bak
[root@k8s-node01 ~]#mv Rocky* bak
[root@k8s-node01 ~]#mv local.repo bak
[root@k8s-node01 ~]#vim docker-ce.repo
# docker软件源
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/dockerce/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/dockerce/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker
CE Stable - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/dockerce/linux/centos/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/dockerce/linux/centos/gpg
[docker-ce-stable-source]
name=Docker
CE Stable - Sources
baseurl=https://mirrors.aliyun.com/dockerce/linux/centos/$releasever/source/stable
enabled=0gpgcheck=1
gpgkey=https://mirrors.aliyun.com/dockerce/linux/centos/gpg
[docker-ce-test]
name=Docker
CE Test - $basearch
baseurl=https://mirrors.aliyun.com/dockerce/linux/centos/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/dockerce/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker
CE Test - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/dockerce/linux/centos/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/dockerce/linux/centos/gpg
[docker-ce-test-source]
name=Docker
CE Test - Sources
baseurl=https://mirrors.aliyun.com/dockerce/linux/centos/$releasever/source/test
enabled=0gpgcheck=1
gpgkey=https://mirrors.aliyun.com/dockerce/linux/centos/gpg
[docker-ce-nightly]
name=Docker
CE Nightly - $basearch
baseurl=https://mirrors.aliyun.com/dockerce/linux/centos/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/dockerce/linux/centos/gpg
[docker-ce-nightly-debuginfo]
name=Docker
CE Nightly - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/dockerce/linux/centos/$releasever/debug-
$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/dockerce/linux/centos/gpg
[docker-ce-nightly-source]
name=Docker
CE Nightly - Sources
baseurl=https://mirrors.aliyun.com/dockerce/linux/centos/$releasever/source/nightlyenabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/dockerce/linux/centos/gpg
vim RockyBaseOS.repo
# 阿⾥云软件源
[baseos]
name=Rocky Linux $releasever - BaseOS
#mirrorlist=https://mirrors.rockylinux.org/mirrorl
ist?arch=$basearch&repo=BaseOS-$releasever
baseurl=https://mirrors.aliyun.com/rockylinux/$rel
easever/BaseOS/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEYrockyofficial
[root@k8s-node01 ~]# vim RockyAppStream.repo
# 阿⾥云软件源
[appstream]
name=Rocky Linux $releasever - AppStream
#mirrorlist=https://mirrors.rockylinux.org/mirrorl
ist?arch=$basearch&repo=AppStream-$releasever
baseurl=https://mirrors.aliyun.com/rockylinux/$rel
easever/AppStream/$basearch/os/
gpgcheck=1enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEYrockyofficial
[root@k8s-node01 ~]#vim kubernetes.repo
# K8S软件源
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/
repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/d
oc/yum-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/rpmpackage-key.gpg
ls
aliyunbak docker-ce.repo Rocky-AppStream.repo
bak kubernetes.repo Rocky-BaseOS.repo
[root@k8s-node01 ~]#yum clean all # 清除yum缓存
[root@k8s-node01 ~]#yum makecache # 建⽴yum元数据缓存
3. 安装必备⼯具
[root@k8s-node01 yum.repos.d]# cd
[root@k8s-node01 ~]#yum install wget jq psmisc
[root@k8s-node01 ~]#vim net-tools telnet yum-utils device-mapperpersistent-data lvm2 git -y
4. 关闭安全及 swap 分区
[root@k8s-node01 ~]#sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
[root@k8s-node01 ~]#sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
[root@k8s-node01 ~]#swapoff -a && sysctl -w vm.swappiness=0
[root@k8s-node01 ~]#vm.swappiness = 0
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
5. 同步时间
[root@k8s-node01 ~]#yum -y intsall wntp
[root@k8s-node01 ~]#ntpdate time2.aliyun.com
19 Dec 21:02:09 ntpdate[33790]: adjust time server
203.107.6.88 offset -0.001396 sec
[root@k8s-node01 ~]#crontab -e
*/5 * * * * /usr/sbin/ntpdate time2.aliyun.com
6. 配置 limit
[root@k8s-node01 ~]#ulimit -SHn 65535 # 单个进程可以打开的⽂件数量将被限制为 65535
[root@k8s-node01 ~]#vim /etc/security/limits.conf
# 末尾添加如下内容
* soft nofile 65536
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited
7. master主机上做免密登录
[root@k8s-master ~]#kubectl get node # 可看到master、node01的信息
[root@k8s-node01 ~]#yum install docker-ce dockerce-cli containerd.io -y # 安装Docker和containerd
8. 配置 Containerd 所需模块
[root@k8s-node01 ~]#vim /etc/modules-load.d/containerd.conf
overlay
br_netfilter
[root@k8s-node01 ~]#modprobe -- overlay
[root@k8s-node01 ~]#modprobe -- br_netfilter
9. 配置 Containerd 所需内核
[root@k8s-node01 ~]#vim /etc/sysctl.d/99-kubernetes-cri.conf
> net.bridge.bridge-nf-call-iptables = 1
> net.ipv4.ip_forward
> net.bridge.bridge-nf-call-ip6tables = 1
10. 修改containerd 配置⽂件
[root@k8s-node01~]#scp root@192.168.89:/etc/containerd/config.toml /etccontainerd/config..toml
[root@k8s-node01 ~]#systemctl enable ---now containerd
11. 配置 crictl 客户端连接的运行位置
[root@k8s-node01~]#cat > /etc/crictl.yaml <<EOF
> runtime-endpoint: unix:///run/containerd/containerd.sock
> image-endpoint: unix:///run/containerd/containerd.sock
> timeout: 10
> debug: false
> EOF
12. 安装 Kubernetes 组件(安装 Kubeadm、Kubelet 和 Kubectl)
[root@k8s-node01 ~]# yum list kubeadm.x86_64 --showduplicates | sort -r
# 查询最新的Kubernetes版本号
[root@k8s-node01 ~]# yum install kubeadm-1.28*
kubelet-1.28* kubectl-1.28* -y
# 安装1.28最新版本kubeadm、kubelet和kubectl
[root@k8s-node01~]# systemctl daemon-reload
[root@k8s-node01 ~]# systemctl enable --now kubelet # 允许开机⾃启kubelet
[root@k8s-node01 ~]#kubeadm join 192.168.15.11:6443 --token
7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash
sha256:73dc6f8d973fc70818e309386c1bfc5d330c19d52b4
94c6f88f634a6b1250a2f \
--control-plane --certificate-key
80fcc505867ccbc6550c18ed11f40e64ecf486d626403823f548dda65c19953d
systemctl stop kubelet.service
rm -rf /etc/kubernetes/pki/ca.crt
rm -rf /etc/kubernetes/kublet.confqw
echo 1 > /proc/sys/net/bridge