CentOS 7 部署 K8s 集群

2023-09-04

K8s

1. 环境准备

# 0. 配置网络 / 配置 YUM 源 / 关闭防火墙

# 1. 安装依赖
$ yum install -y net-tools vim bash-completion

# 2. 时间同步
$ timedatectl set-timezone Asia/Shanghai && timedatectl set-local-rtc 0
$ systemctl restart rsyslog
$ systemctl restart crond

$ yum install ntpdate -y
$ ntpdate cn.pool.ntp.org

# 3. 配置主机名
71$ hostnamectl set-hostname k8s-master
72$ hostnamectl set-hostname k8s-node1
73$ hostnamectl set-hostname k8s-node2

$ cat > /etc/hosts <<EOF
127.0.0.1 localhost
10.4.7.71 k8s-master
10.4.7.72 k8s-node1
10.4.7.73 k8s-node2
EOF

# 4. 转发 IPv4 并让 iptables 看到桥接流量
$ cat > /etc/modules-load.d/k8s.conf <<EOF
overlay
br_netfilter
EOF
$ modprobe overlay
$ modprobe br_netfilter
$ lsmod | egrep 'overlay|br_netfilter'  # 确认模块被加载

$ cat >/etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
EOF
$ sysctl --system
$ sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward

2. 容器运行时

Docker（K8s 1.24 及以后不再支持）

$ yum install -y yum-utils
$ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
$ mkdir -p /etc/docker
$ cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
  "max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
  "overlay2.override_kernel_check=true"
],
"registry-mirrors":["https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn","https://registry.docker-cn.com"]
}
EOF
$ yum makecache fast
$ yum install -y docker-ce-20.10.23 docker-ce-cli-20.10.23 containerd.io
$ systemctl daemon-reload
$ systemctl enable docker --now

Containerd

$ yum install -y yum-utils
$ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
$ yum makecache fast
$ yum install -y containerd.io
$ mkdir -p /etc/containerd
# 生成默认配置
$ containerd config default > /etc/containerd/config.toml
# 编辑配置文件
$ sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml
$ sed -i "s#registry.k8s.io#registry.cn-hangzhou.aliyuncs.com/google_containers#g" /etc/containerd/config.toml
$ sed -i "/\[plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors\]/a\        [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"docker.io\"]" /etc/containerd/config.toml
$ sed -i "/\[plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"docker.io\"\]/a\          endpoint = [\"https://hub-mirror.c.163.com\",\"https://docker.mirrors.ustc.edu.cn\",\"https://registry.docker-cn.com\"]" /etc/containerd/config.toml
$ sed -i "/endpoint = \[\"https:\/\/hub-mirror.c.163.com\",\"https:\/\/docker.mirrors.ustc.edu.cn\",\"https:\/\/registry.docker-cn.com\"]/a\        [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"registry.k8s.io\"]" /etc/containerd/config.toml
$ sed -i "/\[plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"registry.k8s.io\"\]/a\          endpoint = [\"registry.cn-hangzhou.aliyuncs.com/google_containers\"]" /etc/containerd/config.toml
$ sed -i "/endpoint = \[\"registry.cn-hangzhou.aliyuncs.com\/google_containers\"]/a\        [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"k8s.gcr.io\"]" /etc/containerd/config.toml
$ sed -i "/\[plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"k8s.gcr.io\"\]/a\          endpoint = [\"registry.cn-hangzhou.aliyuncs.com/google_containers\"]" /etc/containerd/config.toml
$ systemctl daemon-reload
$ systemctl enable containerd --now

3. 安装 k8s

# 关闭 swap 分区，禁用 swap 文件
$ swapoff -a && sed -ri 's/.*swap.*/#&/' /etc/fstab

# 关闭 selinux
$ setenforce 0 && sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

# 安装 k8s
$ cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

$ yum install -y kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17 --disableexcludes=kubernetes
# 设置驱动方式为 systemd
$ cat > /etc/sysconfig/kubelet <<EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF

# 设置容器运行时（容器运行时为 containerd 才需要设置）
$ crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
$ crictl config image-endpoint unix:///var/run/containerd/containerd.sock

$ systemctl enable kubelet --now  # 启动失败正常（init 后正常）

4. 初始化 K8s

$ kubeadm init \
  --apiserver-advertise-address=10.4.7.71 \
  --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \
  --kubernetes-version=v1.23.17 \
  --service-cidr=10.96.0.0/12 \
  --pod-network-cidr=10.244.0.0/16

$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

如果初始化失败，通过 kubeadm reset 进行重设

5. 节点加入集群

1 2	$ kubeadm join 10.4.7.71:6443 --token bjn4uq.pggjjmeb1wdm7go6 \ --discovery-token-ca-cert-hash sha256:2fd0c74af908097160544f400c7258fd89b17f6aaed1b18407a0ac1a0446c075

6. 安装 CNI 插件

flannel

1 2	$ wget --no-check-certificate -O flannel.yml https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml $ kubectl create -f flannel.yml

calico

1 2	$ wget --no-check-certificate -O calico.yml https://docs.projectcalico.org/manifests/calico.yaml $ kubectl create -f calico.yml

7. 命令补全

! grep -q kubectl "$HOME/.bashrc" && echo "source /usr/share/bash-completion/bash_completion" >>"$HOME/.bashrc"
! grep -q kubectl "$HOME/.bashrc" && echo "source <(kubectl completion bash)" >>"$HOME/.bashrc"
! grep -q kubeadm "$HOME/.bashrc" && echo "source <(kubeadm completion bash)" >>"$HOME/.bashrc"
! grep -q crictl "$HOME/.bashrc" && echo "source <(crictl completion bash)" >>"$HOME/.bashrc"
source "$HOME/.bashrc"