1、安装环境初始化

• 1.1、centos8-minimal安装更新并安装vim命令

cd /etc/yum.repos.d/
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
yum makecache
yum update -y
yum -y install vim

更新完成后，检查centos版本

[root@localhost yum.repos.d]# cat /etc/redhat-release
CentOS Linux release 8.5.2111
[root@localhost yum.repos.d]# rpm -q kernel
kernel-4.18.0-348.7.1.el8_5.x86_64

• 1.2、关闭SELINUX

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

• 1.3、关闭swap

swapoff -a
sed -i 's/^[^#].*swap/#&/' /etc/fstab
systemctl daemon-reload

• 1.4、关闭ipv6

echo net.ipv6.conf.all.disable_ipv6=1 >> /etc/sysctl.conf
echo NETWORKING_IPV6=no >> /etc/sysconfig/network
sed -i 's/IPV6INIT=yes/IPV6INIT=no/g' /etc/sysconfig/network-scripts/ifcfg-enp0s3
sysctl -p

ip a可查看ipv6是否关闭

• 1.5、关闭防火墙

systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld

• 1.6、配置将桥接流量传递到iptables并执行生效

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

sudo sysctl --system

2、安装containerd及相关工具

• 2.1、安装containerd

在https://github.com/containerd/containerd/releases查看最新版本的containerd，目前最新版本为containerd 1.6.8，下载地址为https://github.com/containerd/containerd/releases/download/v1.6.8/containerd-1.6.8-linux-amd64.tar.gz

解压安装如下

tar Cxzvf /usr/local containerd-1.6.8-linux-amd64.tar.gz
mkdir -p /usr/local/lib/systemd/system/
mv containerd.service /usr/local/lib/systemd/system/
systemctl daemon-reload
systemctl enable --now containerd

在https://github.com/opencontainers/runc/releases中下载runc.amd64，同时执行以下安装命令

install -m 755 runc.amd64 /usr/local/sbin/runc

• 2.2、安装cni插件及nerdctl工具

在https://github.com/containernetworking/plugins/releases下载cni插件并安装

mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz

在https://github.com/containerd/nerdctl/releases下载nerdctl工具并解压安装

tar Cxzvvf /usr/local/bin nerdctl-0.23.0-linux-amd64.tar.gz

以上安装containerd总共4个文件，如下

cni-plugins-linux-amd64-v1.1.1.tgz
containerd-1.6.8-linux-amd64.tar.gz
nerdctl-0.23.0-linux-amd64.tar.gz
runc.amd64

安装完成后，即可使用nerdctl images查看镜像，与docker images类似，需要注意的是containerd有命名空间的区分

查看命名空间
nerdctl ns ls
查看指定命名空间的镜像
nerdctl -n k8s.io images

• 2.3、修改contaierd的默认配置，先将默认配置导出再进行修改

创建containerd默认配置目录，并将现有的默认配置导出

sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml

然后修改config.toml，将里面的配置项SystemdCgroup = false改为SystemdCgroup = true，同时修改默认的sandbox镜像（因无法从k8s.gcr.io下载镜像），修改内容如下

sandbox_image = "k8s.gcr.io/pause:3.6"
=>
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"

修改完成后重新加载并重启

systemctl daemon-reload
systemctl enable containerd --now
systemctl restart containerd

至此，containerd安装完成。

3、安装kubernetes

在http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/Packages/下载kubernetes安装文件，当然也可以去官网下载，下载的安装文件如下

14083ac8b11792469524dae98ebb6905b3921923937d6d733b8abb58113082b7-kubernetes-cni-1.1.1-0.x86_64.rpm
40c1f30871f010cdc338ee1dfe78f25cb389e17cce6067fb2b9c3e0c55895c6e-kubeadm-1.25.4-0.x86_64.rpm
7ed577f67bc98553ff7816f592d66b00a3a572559a665834ea97de8dd6e99c0a-kubectl-1.25.4-0.x86_64.rpm
a34253f2adef09943b26afd6cff6eb22983aa334d54d875f74e5a7a6bab1c7f1-kubelet-1.25.4-0.x86_64.rpm
e382ead81273ab8ebcddf14cc15bf977e44e1fd541a2cfda6ebe5741c255e59f-cri-tools-1.25.0-0.x86_64.rpm
iproute-tc-5.12.0-4.el8.x86_64.rpm

下载完成后，执行本地安装yum localinstall -y *.rpm，安装成功后查看版本

[root@localhost ~]# kubectl version  --output=yaml
clientVersion:
  buildDate: "2022-11-09T13:36:36Z"
  compiler: gc
  gitCommit: 872a965c6c6526caa949f0c6ac028ef7aff3fb78
  gitTreeState: clean
  gitVersion: v1.25.4
  goVersion: go1.19.3
  major: "1"
  minor: "25"
  platform: linux/amd64
kustomizeVersion: v4.5.7

此时已完成基本的安装，master和worker均需完成以上步骤，本人是使用VirtualBox虚拟出master及worker两台机器，因此在此复制一台worker机器，修改hostname并配置/etc/hosts

4、master上安装集群

• 4.1、准备好基础镜像

将hostname改为kubernetes-master并配置host，hostnamectl set-hostname kubernetes-master

master机器上准备好以下镜像

registry.aliyuncs.com/google_containers/coredns                    v1.9.3 
registry.aliyuncs.com/google_containers/etcd                       3.5.5-0
registry.aliyuncs.com/google_containers/kube-apiserver             v1.25.0
registry.aliyuncs.com/google_containers/kube-controller-manager    v1.25.0
registry.aliyuncs.com/google_containers/kube-proxy                 v1.25.0
registry.aliyuncs.com/google_containers/kube-scheduler             v1.25.0
registry.aliyuncs.com/google_containers/pause                      3.6    
registry.aliyuncs.com/google_containers/pause                      3.8    

可以预先准备好镜像将其导入节约下载时间

nerdctl load -i coredns--v1.9.3.tar.gz
nerdctl load -i etcd--3.5.5-0.tar.gz
nerdctl load -i kube-apiserver--v1.25.0.tar.gz
nerdctl load -i kube-controller-manager--v1.25.0.tar.gz
nerdctl load -i kube-proxy--v1.25.0.tar.gz
nerdctl load -i kube-scheduler--v1.25.0.tar.gz
nerdctl load -i pause--3.8.tar.gz
nerdctl load -i pause--3.6.tar.gz

• 4.2、修改kubeadm默认配置文件

导出kubeadm默认配置并修改

kubeadm config print init-defaults --component-configs KubeletConfiguration >   kubeadm.yaml

kubeadm.yaml修改内容如下，没有重复项，均只有一项需要修改

advertiseAddress: 1.2.3.4
=>
advertiseAddress: 192.168.30.88

criSocket: unix:///var/run/containerd/containerd.sock
=>
criSocket: /run/containerd/containerd.sock

name: Node
=>
name: kubernetes-master

imageRepository: registry.k8s.io
=>
imageRepository: registry.aliyuncs.com/google_containers

• 4.3、初始化集群

修改完成后，开始初始化集群kubeadm init --config kubeadm.yaml，事先准备好镜像后，大概10几秒钟即可完成初始化，看到以下结果

[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.30.88:6443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:ccc7f320b1b64af6a2b51ecf422dc575f0be771aecfb2de8d72c5089c6feb13a 
[root@kubernetes-master ~]# 

按照提示执行以下命令即可

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

此时获取节点信息如下，kubectl describe node kubernetes-master可以看到是cni plugin not initialized，即插件没有安装

[root@kubernetes-master ~]# kubectl get node
NAME                STATUS     ROLES           AGE    VERSION
kubernetes-master   NotReady   control-plane   100s   v1.25.4

• 4.4、部署安装calico

在https://docs.projectcalico.org/manifests/calico.yaml 下载好部署文件，或者直接安装kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml，但是在安装之前同样先将准备好的镜像导入节省时间

nerdctl load -i cni--v3.24.5.tar.gz
nerdctl load -i kube-controllers--v3.24.5.tar.gz
nerdctl load -i node--v3.24.5.tar.gz

镜像如下

calico/cni               v3.24.5
calico/kube-controllers  v3.24.5
calico/node              v3.24.5

安装完成后即可看到以下结果

[root@kubernetes-master calico]# kubectl get node
NAME                STATUS   ROLES           AGE   VERSION
kubernetes-master   Ready    control-plane   21m   v1.25.4
[root@kubernetes-master calico]# kubectl get po -A
NAMESPACE     NAME                                        READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-798cc86c47-2xq82    1/1     Running   0          8m56s
kube-system   calico-node-ztzqr                           1/1     Running   0          8m56s
kube-system   coredns-c676cc86f-frpkj                     1/1     Running   0          20m
kube-system   coredns-c676cc86f-jxqbc                     1/1     Running   0          20m
kube-system   etcd-kubernetes-master                      1/1     Running   0          20m
kube-system   kube-apiserver-kubernetes-master            1/1     Running   0          20m
kube-system   kube-controller-manager-kubernetes-master   1/1     Running   0          20m
kube-system   kube-proxy-qrlwt                            1/1     Running   0          20m
kube-system   kube-scheduler-kubernetes-master            1/1     Running   0          20m

5、worker上加入集群

将hostname改为kubernetes-worker并配置host，使用执行加入集群语句

kubeadm join 192.168.30.88:6443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:ccc7f320b1b64af6a2b51ecf422dc575f0be771aecfb2de8d72c5089c6feb13a 

加入后获得结果，在等待calico-node及kube-proxy部署成功后即可。

回到master节点上，查看集群状态

kubernetes-1.25.4

其中需要特别注意的是containerd镜像的命名空间