基础环境部署

k8s 集群 ip 规划

master1: 172.16.40.110/24
node1: 172.16.40.120/24

设置主机名 master

hostnamectl set-hostname master

设置主机名 node

hostnamectl set-hostname node

配置 主机名 解析

echo "172.16.40.110 master" >> /etc/hosts
echo "172.16.40.120 node" >> /etc/hosts

关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

将 SELinux 设置为 permissive 模式

setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

修改内核参数

#加载内核
modprobe br_netfilter

#添加内核参数以支持部分功能
cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

sysctl --system

删除原有 repo 源

rm -rf /etc/yum.repos.d/*

配置阿里云 repo 源

curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

yum install yum-utils -y

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum clean all && yum makecache

时间同步

yum install chrony -y

sed -i '/^server/d' /etc/chrony.conf
sed -i '1s;^;allow 172.16.40.0/24\n;' /etc/chrony.conf
sed -i '1s;^;local stratum 10\n;' /etc/chrony.conf
sed -i '1s;^;server master1 iburst\n;' /etc/chrony.conf

systemctl enable chronyd
systemctl restart chronyd
systemctl status chronyd
chronyc sources

下载 Kubernetes

URL: https://kubernetes.io/releases/download/

获取镜像列表

curl -Ls "https://sbom.k8s.io/$(curl -Ls https://dl.k8s.io/release/stable.txt)/release" | grep "SPDXID: SPDXRef-Package-registry.k8s.io" |  grep -v sha256 | cut -d- -f3- | sed 's/-/\//' | sed 's/-v1/:v1/'

安装 kubectl

安装 containerd 容器运行时

yum install containerd -y
systemctl enable --now containerd.service

修改 containerd 配置

# cat/etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    SystemdCgroup = true

# /etc/containerd/config.toml
sed -i 's/^disabled_plugins/#disabled_plugins/g' /etc/containerd/config.toml
systemctl restart containerd.service

# /etc/containerd/config.toml
[plugins]
  [plugins.cri]
    sandbox_image = "registry.k8s.io/pause:3.9"
    [plugins.cri.registry.mirrors]
    [plugins.cri.registry.mirrors."registry.k8s.io"]
      endpoint = ["https://registry-k8s-io.mirrors.sjtug.sjtu.edu.cn"]

    [plugins.cri.containerd.runtimes.runc]
      [plugins.cri.containerd.runtimes.runc.options]
        SystemdCgroup = true

[plugins]
  [plugins."io.containerd.grpc.v1.cri"]
    sandbox_image = "registry.k8s.io/pause:3.9"

      [plugins."io.containerd.grpc.v1.cri".registry]
        config_path = "/etc/containerd/certs.d"
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
          [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
            endpoint = ["https://registry-k8s-io.mirrors.sjtug.sjtu.edu.cn"]

    [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
        SystemdCgroup = true



[root@master ~]# tree /etc/containerd/
/etc/containerd/
├── certs.d
│   └── registry.k8s.io
│       └── hosts.toml

[root@master ~]# cat /etc/containerd/certs.d/registry.k8s.io/hosts.toml
server = "https://registry.k8s.io"

[host."https://registry-k8s-io.mirrors.sjtug.sjtu.edu.cn"]
  capabilities = ["pull", "resolve"]
  skip_verify = true

End