1 安装环境

OS: Rocky Linux 8.9
kubernetes: 1.28.2
Container Runtime:Docker CE 24.0.7
CRI: cri-docker v0.3.8

安装docker

参考之前部署文章:使用 KubeKey 从0搭建 k8s+ kubeovn 三节点标准集群 - Lixx Blog - 李晓旭的博客

[root@k8s-master-01 ~]# cat /etc/docker/daemon.json 
{
        "exec-opts": ["native.cgroupdriver=systemd"],
        "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]
}

systemctl daemon-relad
systemctl restart docker

安装cri-docker

官网:Mirantis/cri-dockerd: dockerd as a compliant Container Runtime Interface for Kubernetes (github.com)
参考:kubeadm 安装k8s1.28.x 底层走docker 容器_flyfish的技术博客_51CTO博客
yum install -y libcgroup
下载rmp包:https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.8/cri-dockerd-0.3.8-3.el7.x86_64.rpm
rpm -ivh cri-dockerd-0.3.8-3.el7.x86_64.rpm

vim /usr/lib/systemd/system/cri-docker.service

----
修改第10行内容
ExecStart=/usr/bin/cri-dockerd --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9 --container-runtime-endpoint fd://
----

systemctl start cri-docker
systemctl enable cri-docker

2 事前准备工作

参考:kubeadm 部署k8s v1.28.3集群 - 小吉猫 - 博客园 (cnblogs.com)

网络规划

pod网络:10.200.0.0/16
service网络: 10.100.0.0/16
节点网络:192.168.174.0/24

时间同步

yum -y install chrony 
systemctl enable chrony && systemctl start chrony
chronyc sources -v

免密登录

# yum -y install sshpass
# ssh-keygen

# sshpass ssh-copy-id 192.168.174.100 -o StrictHostKeyChecking=no
# sshpass ssh-copy-id 192.168.174.106 -o StrictHostKeyChecking=no
# sshpass ssh-copy-id 192.168.174.107 -o StrictHostKeyChecking=no
# sshpass ssh-copy-id 192.168.174.108 -o StrictHostKeyChecking=no

设置主机名

hostnamectl set-hostname k8s-master-01

设置 hosts

cat >> /etc/hosts << EOF
192.168.174.100 k8s-master-01
192.168.174.106 k8s-node-01
192.168.174.107 k8s-node-02
192.168.174.108 k8s-node-03
EOF

禁用 swap

sudo swapoff -a && sed -i '/swap/s/^/#/' /etc/fstab

or

systemctl disable --now swap.img.swap
systemctl mask swap.target

禁用防火墙

systemctl stop firewalld.service 
systemctl disabled firewalld.service 
systemctl status firewalld.service

内核参数调整

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

设置所需的 sysctl 参数,参数在重新启动后保持不变

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

应用 sysctl 参数而不重新启动

sudo sysctl --system

通过运行以下指令确认 br_netfilter 和 overlay 模块被加载

lsmod | grep br_netfilter
lsmod | grep overlay

通过运行以下指令确认 net.bridge.bridge-nf-call-iptables、net.bridge.bridge-nf-call-ip6tables 和 net.ipv4.ip_forward 系统变量在你的 sysctl 配置中被设置为 1

sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1

开启 ipvs

安装 ipvs

yum install -y ipset ipvsadm

内核加载 ipvs

cat <<EOF | sudo tee /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
EOF

sudo modprobe ip_vs
sudo modprobe ip_vs_rr
sudo modprobe ip_vs_wrr
sudo modprobe ip_vs_sh
sudo modprobe nf_conntrack

确认ipvs模块加载

lsmod |grep -e ip_vs -e nf_conntrack

nf_conntrack_netlink    57344  0
nfnetlink              20480  4 nft_compat,nf_conntrack_netlink,nf_tables
ip_vs_sh               12288  0
ip_vs_wrr              12288  0
ip_vs_rr               12288  0
ip_vs                 221184  6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack          200704  5 xt_conntrack,nf_nat,nf_conntrack_netlink,xt_MASQUERADE,ip_vs
nf_defrag_ipv6         24576  2 nf_conntrack,ip_vs
nf_defrag_ipv4         12288  1 nf_conntrack
libcrc32c              12288  6 nf_conntrack,nf_nat,btrfs,nf_tables,raid456,ip_vs

3 安装 k8s1.28.x

配置阿里云镜像源

kubernetes镜像_kubernetes下载地址_kubernetes安装教程-阿里巴巴开源镜像站 (aliyun.com)

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum makecache
yum install -y --nogpgcheck kubelet kubeadm kubectl
yum list kubelet --showduplicates | sort -r |grep 1.28

安装 kubeadm,kubelet和kubectl

kubectl 命令补全

yum install bash-completion -y
kubectl completion bash > /etc/profile.d/kubectl_completion.sh
. /etc/profile.d/kubectl_completion.sh

安装最新版

yum install -y kubectl kubelet kubeadm

准备镜像

kubeadm config images list --kubernetes-version=v1.28.2

kubeadm config images list --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.28.2

kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.28.2 --cri-socket=unix:///var/run/cri-dockerd.sock

kubeadm init --kubernetes-version=v1.28.2  --image-repository registry.aliyuncs.com/google_containers --cri-socket=unix:///var/run/cri-dockerd.sock

4 kubeovn 安装

一键安装 - Kube-OVN 文档 (kubeovn.github.io)