安装kubernetes 1.33版本

一、环境准备

1、内核升级

#升级内核：
yum -y install kernel-ml-5.10.3-1.el7.elrepo.x86_64.rpm  kernel-ml-devel-5.10.3-1.el7.elrepo.x86_64.rpm

# 查询可用内核版本
# awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg

# 调整默认内核启动
grub2-set-default "CentOS Linux (5.10.3-1.el7.elrepo.x86_64) 7 (Core)"

# 核查是否修改正确，并重启使其生效
grub2-editenv list
reboot

2、防火墙和SELIUNX关闭

systemctl  disable  --now firewalld
sed -i 's/enforcing/disabled/' /etc/selinux/config

3、配置主机名和关闭swaff分区

echo "192.168.1.100 master" >> /etc/hosts
echo "192.168.1.101 node" >> /etc/hosts

hostnamectl set-hostname master && bash 
hostnamectl set-hostname node  && bash 

# 关闭swap
swapoff -a  # 临时
sed -ri 's/.*swap.*/#&/' /etc/fstab    # 永久

3、配置免密传输

ssh-keygen  #一路回车，不输入密码
ssh-copy-id node
ssh-copy-id master

4、修改内核参数

modprobe br_netfilter
vim /etc/sysctl.d/k8s.conf 

# 输入如下内容：

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

# 刷新内核参数
sysctl -p /etc/sysctl.d/k8s.conf

5、配置yum源

# 配置docker源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo


## 配置k8s源
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.key

EOF

## 清理缓存
yum clear
## 生成缓存
yum makecache 

6、配置时间同步

yum install ntpdate -y

ntpdate cn.pool.ntp.org

## 配置定时任务
crontab -e
* *  * * * /usr/sbin/ntpdate   cn.pool.ntp.org

## 重启服务
systemctl restart crond

安装IPVS

yum -y install ipset ipvsadm

## 添加IPVS模块


# cat > /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF

## 检查加载情况：
lsmod | grep ip_vs

## 加载IPVS
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack

二、安装docker和 kubenters基础服务

1、安装docker

# 添加yum源 如果安装可以忽略
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
## 刷新yum源缓存
yum makecache 

## 安装docker-ce
yum -y install docker-ce

## 启动docker并设置开机启动
systemctl  enable  --now docker

2、配置加速器

## 在/etc/docker/daemon.json添加如下内容
cat  > /etc/docker/daemon.json  << EOF
{
 "registry-mirrors":["https://a88uijg4.mirror.aliyuncs.com","https://docker.lmirror.top","https://docker.m.daocloud.io", "https://hub.uuuadc.top","https://docker.anyhub.us.kg","https://dockerhub.jobcher.com","https://dockerhub.icu","https://docker.ckyl.me","https://docker.awsl9527.cn","https://docker.laoex.link"],
"insecure-registries":["192.168.40.62","harbor"]
} 

EOF
## 重新加载服务，并重启docker
systemctl  daemon-reload ; systemctl restart docker

3、安装cri-docker

##下载cri-dockerd的rpm包
https://github.com/mirantis/cri-dockerd/releases/download/v0.3.8/cri-dockerd-0.3.8-3.e17.x86_64.rpm

## 下载cri-dockerd的tar包
# 下载安装2 
$ wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.10/cri-dockerd-0.3.10.amd64.tgz

$ tar -xf cri-dockerd-0.3.1.amd64.tgz
$ cp cri-dockerd/cri-dockerd /usr/bin/
$ chmod +x /usr/bin/cri-dockerd


###安装cri-dockerd
yum -y install  cri-dockerd-0.3.8-3.el7.x86_64.rpm 

4、cri-docker配置文件

vim /usr/lib/systemd/system/cri-docker.service
## 修改第10行
10 ExecStart=/usr/bin/cri-dockerd  --pod-infra-container-image=registry.k8s.io/pause:3.9  --container-runtime-endpoint fd://

## 二进制安装需要手动添加配置文件
cat /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket

[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

StartLimitBurst=3
StartLimitInterval=60s

LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

TasksMax=infinity
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target
# 这里的参数 `--pod-infra-container-image`，这个值要根据实际情况调整，如果你的安装环境不能访问互联网，那你就需要配置为内部镜像仓库。

## 创建一个 socket 文件以便 kubelet 与 cri-dockerd 通信
 cat <<"EOF" > /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service

[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
EOF

## 启动服务，并设定为开机自启动
systemctl daemon-reload ; systemctl enable --now cri-docker

5、安装k8s必备的组件

## 如果配置请忽略
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.key
EOF

## master节点和node节点需要安装
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet

ps: 由于官网未开放同步方式, 可能会有索引gpg检查失败的情况, 这时请用 yum install -y --nogpgcheck kubelet kubeadm kubectl 安装

三、初始化集群

1、使用配置文件初始化

## 生成初始化文件：
kubeadm config print init-defaults > kubeadm.yaml

2、修改初始化文件

[root@mster ~]# cat kubeadm.yaml 


apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.1.100  ##修改成master节点
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/cri-dockerd.sock  ## 修改成cri-docker引擎
  imagePullPolicy: IfNotPresent
  imagePullSerial: true
  name: master  ## 修改为master节点标识
  taints: null
timeouts:
  controlPlaneComponentHealthCheck: 4m0s
  discovery: 5m0s
  etcdAPICall: 2m0s
  kubeletHealthCheck: 4m0s
  kubernetesAPICall: 1m0s
  tlsBootstrap: 5m0s
  upgradeManifests: 5m0s
---
apiServer: {}
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 87600h0m0s
certificateValidityPeriod: 8760h0m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
encryptionAlgorithm: RSA-2048
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers  ## 这个是换成阿里云的镜像地址
kind: ClusterConfiguration
kubernetesVersion: 1.33.0
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16  ## pod的IP段
  serviceSubnet: 10.96.0.0/12 ## service的IP段
proxy: {}
scheduler: {}
---  ## 添加下面几行 添加ipvs模式，
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---  ##初始化节点的时候需要指定cgroupDriver为
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd

3、初始化

## 查看需要哪些镜像
kubeadm config images list --kubernetes-version=1.33.0 --image-repository=registry.cn-hangzh
ou.aliyuncs.com/google_containers

## 根据配置文件初始化
kubeadm init --config=kubeadm.yaml --ignore-preflight-errors=SystemVerification

4、node节点加入集群

## 查看token
kubeadm token create --print-join-command

## 加入集群（比如）
kubeadm join 192.168.40.180:6443 --token vulvta.9ns7da3saibv4pg1     --discovery-token-ca-cert-hash sha256:72a0896e27521244850b8f1c3b600087292c2d10f2565adb56381f1f4ba7057a   --cri-socket=unix:///var/run/cri-dockerd.sock


## master节点查看
kubectl get node 

四、安装网络组件：caclio

## 下载地址
wget https://docs.projectcalico.org/manifests/calico.yaml

## 修改配置
下载完后还需要修改里面定义Pod网络（CALICO_IPV4POOL_CIDR），与前面kubeadm init的 --pod-network-cidr指定的一样。

## 测试
kubectl apply -f calico.yaml
kubectl get pods -n kube-system ## 所有pod是running状态
kubectl get node ## 所有node是Ready状态

五、测试集群

kubectl  run bs  --image=busybox:1.28.4 -- sleep 24h
kubectl get pod 
kubectl exec -it bs -- sh 
ping www.baidu.com 
nslookup  kubernetes.default.svc.cluster.local