一、环境

两个节点，静态主机名解析（操作系统：CentOS 7.9）

[root@master01 ~]# cat /etc/hosts  
172.16.80.140 master01
172.16.80.151 node01

[root@node01: ~]
172.16.80.140 master01
172.16.80.151 node01

二、系统配置

禁用防火墙

禁用防火墙和selinux

# systemctl stop firewalld     
# systemctl disable firewalld

# setenforce 0
# vim /etc/selinux/config
SELINUX=disabled

关闭swap

# swapoff -a  # 关闭系统swap

# vim /etc/sysctl.d/k8s.conf   # 添加如下内容
vm.swappiness=0

# sysctl -p /etc/sysctl.d/k8s.conf  # 使之生效

三、安装containerd

添加docker stable版本的repo，安装containerd包

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y containerd

创建containerd配置文件，并配置镜像加速

containerd config default > /etc/containerd/config.toml 

vim /etc/containerd/config.toml 
[plugins."io.containerd.grpc.v1.cri".registry]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
     endpoint = ["https://hub-mirror.c.163.com"]
     
systemctl enable containerd 
systemctl start containerd

四、安装kubeadm

kubeadm介绍

kubeadm是一种工具，旨在提供kubeadm初始化和kubeadm联接作为创建Kubernetes集群的最佳实践"快速路径". kubeadm执行必要的操作，以使最小可行的群集启动并运行。从设计上讲，它只关心引导程序，而不关心配置机器。同样，也不在安装各种功能强大的插件，例如Kubernetes仪表板，监视解决方案和特定于云的插件。

配置yum源

添加kubernetes repo源，这里使用阿里源

cat << EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

安装kubeadm工具

安装kubelet、kubeadm、kubectl、cri-tools包

yum install -y kubelet kubeadm kubectl cri-tools
systemctl enable kubelet && systemctl start kubelet

配置命令补全

crictl completion bash > /etc/bash_completion.d/crictl
kubeadm completion bash > /etc/bash_completion.d/kubeadm
kubectl completion bash >/etc/bash_completion.d/kubectl
source /etc/bash_completion.d/kubeadm
source /etc/bash_completion.d/kubectl
source /etc/bash_completion.d/crictl

配置crictl，连接containerd runtime

# vim /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: true

五、下载kubernetes集群镜像

默认kubeadm会从k8s.gcr.io下载相关镜像，这里替换为阿里云仓库可以加速k8s镜像下载

# 查看需要下载的最新k8s集群镜像
# kubeadm config images list --image-repository=registry.aliyuncs.com/google_containers 
W0509 21:09:17.213335   20379 images.go:80] could not find officially supported version of etcd for Kubernetes v1.27.1, falling back to the nearest etcd version (3.5.7-0)
registry.aliyuncs.com/google_containers/kube-apiserver:v1.27.1
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.27.1
registry.aliyuncs.com/google_containers/kube-scheduler:v1.27.1
registry.aliyuncs.com/google_containers/kube-proxy:v1.27.1
registry.aliyuncs.com/google_containers/pause:3.9
registry.aliyuncs.com/google_containers/etcd:3.5.7-0
registry.aliyuncs.com/google_containers/coredns:v1.10.1

可以看到最新的k8s镜像版本是v1.27.1，在每个节点上提前下载好镜像

# kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers \
--kubernetes-version=v1.27.1
W0509 21:11:46.234769   21159 images.go:80] could not find officially supported version of etcd for Kubernetes v1.27.1, falling back to the nearest etcd version (3.5.7-0)
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.27.1
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.27.1
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.27.1
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.27.1
[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.9
[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.5.7-0
[config/images] Pulled registry.aliyuncs.com/google_containers/coredns:v1.10.1

六、安装k8s master节点

初始化安装master节点，pod网段范围：10.244.0.0/16，后面flannel插件也要指定为这个网段

# kubeadm init --image-repository=registry.aliyuncs.com/google_containers \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16 \
--kubernetes-version=v1.27.1

......
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.16.80.140:6443 --token x7t1u6.9zxi5db04qagr2sh \
--discovery-token-ca-cert-hash sha256:1a0a11815b49c914517baa9e149ecdcc7e0f1e9cb6ab9b4af771e9a87c75dfa8

七、安装k8s node节点

kubeadm join 172.16.80.140:6443 --token x7t1u6.9zxi5db04qagr2sh \
--discovery-token-ca-cert-hash sha256:1a0a11815b49c914517baa9e149ecdcc7e0f1e9cb6ab9b4af771e9a87c75dfa8

八、安装网络插件

这里使用的是flannel网络插件，还需要改些bridge参数

# vim /etc/sysctl.d/k8s.conf  # 添加如下内容
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

# sysctl -p /etc/sysctl.d/k8s.conf  # 使之生效

安装pod网络插件

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

让master节点也参与调度

# kubectl taint nodes master01 node-role.kubernetes.io/master-
node "master01" untainted

九、查看集群

查看节点状态

# kubectl get nodes
NAME       STATUS   ROLES           AGE   VERSION
master01   Ready    control-plane   9h    v1.27.1
node01     Ready    <none>          9h    v1.27.1

查看集群状态

# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE                         ERROR
scheduler            Healthy   ok                              
controller-manager   Healthy   ok                              
etcd-0               Healthy   {"health":"true","reason":""}

查看节点容器

类似以前的docker ps

# crictl ps
CONTAINER           IMAGE               CREATED             STATE               NAME                      ATTEMPT             POD ID              POD
d06962733c630       a6c0cb5dbd211       9 hours ago         Running             kube-flannel              0                   65f44912b4417       kube-flannel-ds-mzndw
8d3fec0ee8d42       ead0a4a53df89       9 hours ago         Running             coredns                   0                   9d1e1ac978c71       coredns-7bdc4cb885-f4bqf
725aa5b3d358d       ead0a4a53df89       9 hours ago         Running             coredns                   0                   cf4bc4c6363f7       coredns-7bdc4cb885-2tc7z
fd08072710dd7       fbe39e5d66b6a       9 hours ago         Running             kube-proxy                0                   749d10b7aee72       kube-proxy-lmfn9
8a98f62c3452f       86b6af7dd652c       9 hours ago         Running             etcd                      0                   03eaf1b988095       etcd-master01
fabe0575b15de       6468fa8f98696       9 hours ago         Running             kube-scheduler            0                   aad60c0e42196       kube-scheduler-master01
e4bd233337e26       6f6e73fa8162b       9 hours ago         Running             kube-apiserver            0                   183da7231b1cc       kube-apiserver-master01
f2fddbe90e0da       c6b5118178229       9 hours ago         Running             kube-controller-manager   0                   5674f488188f7       kube-controller-manager-master01

十、集群重置

kubeadm reset
ifconfig cni0 down
ip link delete cni0
ifconfig flannel.1 down
ip link delete flannel.1
rm -rf /var/lib/cni/

参考链接

「真诚赞赏，手留余香」

kubeadm + containerd部署k8s v1.27.1