centos7.9单机版安装K8s

1.安装docker

[root@localhost ~]# hostnamectl set-hostname master
[root@localhost ~]# bash
[root@master ~]# mv /etc/yum.repos.d/* /home  
[root@master ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@master ~]# curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
[root@master ~]# systemctl enable docker --now
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@master ~]# cat /etc/docker/daemon.json 
{
"exec-opts":["native.cgroupdriver=systemd"]
}
[root@master ~]# systemctl daemon-reload &&systemctl restart docker

2.系统调优

#关闭防火墙、设置selinux
[root@master ~]# systemctl stop firewalld&&systemctl disable firewalld&&setenforce 0
[root@master ~]# vim /etc/selinux/config
SELINUX=disabled
#关闭交换分区
[root@master ~]# swapoff -a
[root@master ~]# vim /etc/fstab
#/dev/mapper/centos-swap swap                    swap    defaults        0 0
#配置主机名解析
[root@master ~]# vim /etc/hosts
192.168.1.99 master#转发IPv4并让iptables看到桥接流量
cat >/etc/modules-load.d/k8s.conf <<EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfiltercat >/etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
EOF
sysctl --system

3.安装cri-docker

下载cri-docker,安装容器进行时
[root@master ~]# yum install -y wget
这里国内下载失败，建议挂梯子下载到本地进行上传
[root@master ~]# wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.15/cri-dockerd-0.3.15.amd64.tgz
[root@master ~]# tar zxvf cri-dockerd-0.3.15.amd64.tgz 
ockerd
[root@master ~]# mv cri-dockerd/cri-dockerd /usr/bin/
配置服务文件
[root@master ~]# cat /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.10
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=alwaysStartLimitBurst=3StartLimitInterval=60sLimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinityTasksMax=infinity
Delegate=yes
KillMode=process[Install]
WantedBy=multi-user.target
[root@master ~]# cat /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker[Install]
WantedBy=sockets.target
[root@master ~]# systemctl daemon-reload 
[root@master ~]# systemctl enable  cri-docker --now &&systemctl status cri-docker

4.配置containerd

[root@master ~]# containerd config default > /etc/containerd/config.toml
[root@master ~]# vim /etc/containerd/config.toml 
SystemdCgroup = true
[root@master ~]# systemctl restart containerd&&systemctl enable containerd
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.

5.配置k8s yum仓库

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet

6.初始化K8s集群

[root@master ~]# kubeadm config print init-defaults  > kubeadm-config.yaml
[root@master ~]# vim kubeadm-config.yaml apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authentication
kind: InitConfiguration
localAPIEndpoint:advertiseAddress: 192.168.1.99bindPort: 6443
nodeRegistration:criSocket: unix:///var/run/cri-dockerd.sockimagePullPolicy: IfNotPresentimagePullSerial: truename: mastertaints: null
timeouts:controlPlaneComponentHealthCheck: 4m0sdiscovery: 5m0setcdAPICall: 2m0skubeletHealthCheck: 4m0skubernetesAPICall: 1m0stlsBootstrap: 5m0supgradeManifests: 5m0s
---
apiServer: {}
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 87600h0m0s
certificateValidityPeriod: 8760h0m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
encryptionAlgorithm: RSA-2048
etcd:local:dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.31.0
networking:dnsDomain: cluster.localserviceSubnet: 10.96.0.0/12
proxy: {}
scheduler: {}
[root@master ~]# vim kubeadm-config.yaml 
新增
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: "systemd"
[root@master ~]# systemctl restart kubelet
编辑 /etc/default/grub 文件，添加 systemd.unified_cgroup_hierarchy=0 到 GRUB_CMDLINE_LINUX 行
[root@master ~]# bash
[root@master ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-1160.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-1160.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-fb69d0cc8cb44f40959b8de6635f63a0
Found initrd image: /boot/initramfs-0-rescue-fb69d0cc8cb44f40959b8de6635f63a0.img
done
[root@master ~]# reboot
[root@master ~]# systemctl restart containerd
[root@master ~]# systemctl restart kubelet
[root@master ~]# kubeadm init --config  kubeadm-config.yaml Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.1.99:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:a6ecf61ca34fe2994e17708179990c210ecb954c0a96b4386bd85934f123d43d 
[root@master ~]#   mkdir -p $HOME/.kube
[root@master ~]#   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]#   sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@master ~]# kubectl get nodes
NAME     STATUS     ROLES           AGE   VERSION
master   NotReady   control-plane   36s   v1.31.2

7.安装网络插件

[root@master ~]# cat /etc/docker/daemon.json 
{
"exec-opts":["native.cgroupdriver=systemd"],
"registry-mirrors": ["https://docker.unsee.tech","https://dockerpull.org","https://docker.1panel.live","https://dockerhub.icu"]
}
[root@master ~]# systemctl daemon-reload &&systemctl restart docker
[root@master ~]# docker pull docker.io/calico/cni:master
[root@master ~]# docker pull docker.io/calico/node:master
[root@master ~]# docker pull docker.io/calico/kube-controllers:master
[root@master ~]# curl -o calico.yaml  https://github.com/projectcalico/calico/blob/master/manifests/calico.yaml
[root@master ~]# kubectl apply -f calico.yaml 
[root@master ~]# kubectl get  pods -n kube-system
NAME                                       READY   STATUS    RESTARTS       AGE
calico-kube-controllers-7bcf789c97-vszz9   1/1     Running   0              24s
calico-node-cvspq                          1/1     Running   0              24s
coredns-855c4dd65d-c6mrt                   1/1     Running   0              24m
coredns-855c4dd65d-jdxjb                   1/1     Running   0              24m
etcd-master                                1/1     Running   1 (14m ago)    24m
kube-apiserver-master                      1/1     Running   1 (14m ago)    24m
kube-controller-manager-master             1/1     Running   2 (2m2s ago)   24m
kube-proxy-ll54k                           1/1     Running   1 (14m ago)    24m
kube-scheduler-master                      1/1     Running   1 (14m ago)    24m
[root@master ~]# kubectl get nodes
NAME     STATUS   ROLES           AGE   VERSION
master   Ready    control-plane   25m   v1.31.2

8.k8s命令补全

[root@master ~]# yum -y install bash-completion
[root@master ~]# source /usr/share/bash-completion/bash_completion
[root@master ~]# source <(kubectl completion bash)
[root@master ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc
[root@master ~]# kubectl 
annotate       (更新一个资源的注解)                                                                                   explain        (Get documentation for a resource)
api-resources  (Print the supported API resources on the server)                                                      expose         (Take a replication controller, service, deployment or pod and expose it as a new Kubernetes service)
api-versions   (Print the supported API versions on the server, in the form of "group/version")                       get            (显示一个或多个资源)
apply          (Apply a configuration to a resource by file name or stdin)                                            help           (Help about any command)
attach         (挂接到一个运行中的容器)                                                                               kustomize      (Build a kustomization target from a directory or URL)
auth           (Inspect authorization)                                                                                label          (更新某资源上的标签)
autoscale      (Auto-scale a deployment, replica set, stateful set, or replication controller)                        logs           (打印 Pod 中容器的日志)
certificate    (Modify certificate resources)                                                                         options        (输出所有命令的层级关系)
cluster-info   (Display cluster information)                                                                          patch          (Update fields of a resource)
completion     (Output shell completion code for the specified shell (bash, zsh, fish, or powershell))                plugin         (Provides utilities for interacting with plugins)
config         (修改 kubeconfig 文件)                                                                                 port-forward   (将一个或多个本地端口转发到某个 Pod)
cordon         (标记节点为不可调度)                                                                                   proxy          (运行一个指向 Kubernetes API 服务器的代理)
cp             (Copy files and directories to and from containers)                                                    replace        (Replace a resource by file name or stdin)
create         (Create a resource from a file or from stdin)                                                          rollout        (Manage the rollout of a resource)
debug          (Create debugging sessions for troubleshooting workloads and nodes)                                    run            (在集群上运行特定镜像)
delete         (Delete resources by file names, stdin, resources and names, or by resources and label selector)       scale          (Set a new size for a deployment, replica set, or replication controller)
describe       (显示特定资源或资源组的详细信息)                                                                       set            (为对象设置指定特性)
diff           (Diff the live version against a would-be applied version)                                             taint          (更新一个或者多个节点上的污点)
drain          (清空节点以准备维护)                                                                                   top            (Display resource (CPU/memory) usage)
edit           (编辑服务器上的资源)                                                                                   uncordon       (标记节点为可调度)
events         (List events)                                                                                          version        (输出客户端和服务端的版本信息)
exec           (在某个容器中执行一个命令)                                                                             wait           (Experimental: Wait for a specific condition on one or many resources)