本文是k8s安装教程
Kubernetes 集群 1.29.2 安装指南
前言
Kubernetes(K8s)启动流程:
linux > docker > cri-docker > kubectl > AS/CM/SCH
- AS: apiserver
- CM: controller-manager
- SCH: scheduler
安装方式对比:
| 安装方式 | 运行方式 | 优点 | 缺点 |
|---|---|---|---|
| kubeadm | 容器化 | 简单、自愈 | 掩盖细节,不便于理解 |
| 二进制 | 系统进程 | 灵活配置 | 难理解 |
一、准备工作
- 下载 Rocky Linux 9 镜像:
- 官方地址:https://rockylinux.org/zh-CN/download
- 阿里云镜像站:https://mirrors.aliyun.com/rockylinux/9/isos/x86_64/
二、系统配置
- 架构:一主两从(1 master, 2 nodes)
- 配置:4C/4G/100G
- 网络:
- 掩码:255.255.255.0
- 网关:192.168.66.1
- IP:
- master: 192.168.66.11
- node1: 192.168.66.12
- node2: 192.168.66.13
三、环境初始化
1. 固定 IP 配置
cat /etc/NetworkManager/system-connections/enp6s18.nmconnection
[ipv4]
method=manual
address=192.168.66.11/24,192.168.66.1
dns=223.5.5.5;119.29.29.29
2. 配置镜像源
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
-i.bak \
/etc/yum.repos.d/Rocky-*.repo
dnf makecache
3. 关闭防火墙与 SELinux
systemctl stop firewalld
systemctl disable firewalld
yum -y install iptables-services
systemctl start iptables
iptables -F
systemctl enable iptables
service iptables save
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
4. 关闭 swap
swapoff -a
sed -i 's:/dev/mapper/rl-swap:#/dev/mapper/rl-swap:g' /etc/fstab
5. 修改主机名与本地解析
hostnamectl set-hostname k8s-master # master
hostnamectl set-hostname k8s-node01 # node01
hostnamectl set-hostname k8s-node02 # node02
vi /etc/hosts
192.168.66.11 k8s-master m1
192.168.66.12 k8s-node01 n1
192.168.66.13 k8s-node02 n2
6. 安装 ipvs 与开启路由转发
yum install -y ipvsadm
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
7. 安装 Docker
dnf config-manager --add-repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
sed -e 's|download.docker.com|mirrors.ustc.edu.cn/docker-ce|g' /etc/yum.repos.d/docker-ce.repo
yum -y install docker-ce
配置 Docker:
cat > /etc/docker/daemon.json <<EOF
{
"data-root": "/data/docker",
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "100"
},
"insecure-registries": ["harbor.xinxainghf.com"],
"registry-mirrors": [
"https://proxy.1panel.live",
"https://docker.1panel.top",
"https://docker.m.daocloud.io",
"https://docker.1ms.run",
"https://docker.ketches.cn"
]
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
systemctl daemon-reload && systemctl restart docker && systemctl enable docker
8. 安装 cri-docker
yum -y install wget
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.9/cri-dockerd-0.3.9.amd64.tgz
tar -xvf cri-dockerd-0.3.9.amd64.tgz
cp cri-dockerd/cri-dockerd /usr/bin/
scp cri-dockerd/cri-dockerd root@n1:/usr/bin/
scp cri-dockerd/cri-dockerd root@n2:/usr/bin/
配置 systemd 服务(仅 master):
cat > /usr/lib/systemd/system/cri-docker.service <<EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
cat > /usr/lib/systemd/system/cri-docker.socket <<EOF
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
scp /usr/lib/systemd/system/cri-docker.* root@n1:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/cri-docker.* root@n2:/usr/lib/systemd/system/
启动 cri-docker:
systemctl daemon-reload
systemctl enable cri-docker
systemctl start cri-docker
systemctl is-active cri-docker
9. 安装 kubeadm、kubectl、kubelet
添加阿里云源:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/repodata/repomd.xml.key
EOF
安装指定版本:
yum install -y kubelet-1.29.2 kubectl-1.29.2 kubeadm-1.29.2
systemctl enable kubelet.service
sed -i 's/\# exclude/exclude/' /etc/yum.repos.d/kubernetes.repo
四、集群初始化
Master 节点初始化:
kubeadm init \
--apiserver-advertise-address=192.168.66.11 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version 1.29.2 \
--service-cidr=10.10.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all \
--cri-socket unix:///var/run/cri-dockerd.sock
配置 kubectl:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Node 节点加入集群:
kubeadm join 192.168.66.11:6443 \
--token <token> \
--discovery-token-ca-cert-hash sha256:<hash> \
--cri-socket unix:///var/run/cri-dockerd.sock
若 token 过期,使用以下命令重新生成:
kubeadm token create --print-join-command
五、部署 Calico 网络插件
1. 下载release并上传到虚拟机
https://github.com/projectcalico/calico/releases/download/v3.30.3/release-v3.30.3.tgz
2.解压缩
tar -zcvf release-v3.30.3.tgz
scp -r release-v3.30.3 root@n1:/root
scp -r release-v3.30.3 root@n2:/root
在三台机器上
cd release-v3.30.3
docker load -i calico-images/calico-cni.tar
docker load -i calico-images/calico-node.tar
docker load -i calico-images/calico-typha.tar
docker load -i calico-images/calico-kube-controllers.tar
3. 修改 calico-typha.yaml
- name: CALICO_IPV4POOL_CIDR
value: "10.244.0.0/16"
- name: CALICO_IPV4POOL_IPIP
value: "Off"
4. 应用配置
kubectl apply -f calico-typha.yaml
六、验证集群状态
kubectl get pod -A
kubectl get node
所有组件状态为 Running,节点状态为 Ready,即集群搭建成功。