yum换源

sed -e 's|^mirrorlist=|#mirrorlist=|g' \

-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir\|baseurl=https://mirrors.aliyun.com/rockylinux\|g' \

-i.bak /etc/yum.repos.d/[Rr]ocky*.repo

建立缓存

dnf makecache

关闭防火墙

systemctl stop firewalld

systemctl disable firewalld

安装iptables

yum -y install iptables-services

各节点启动

systemctl start iptables

清空规则

iptables -F

开机启动

systemctl enable iptables

禁用 Selinux

setenforce 0

sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

grubby --update-kernel ALL --args selinux=0

查看是否禁用，

grubby --info DEFAULT

回滚内核层禁用操作

grubby --update-kernel ALL --remove-args selinux

设置时区

timedatectl set-timezone Asia/Shanghai

关闭 swap 分区

swapoff -a

sed -i 's:/dev/mapper/rl-swap:#/dev/mapper/rl-swap:g' /etc/fstab

重启，克隆出其他两个节点

修改节点主机名

hostnamectl set-hostname k8s-master

hostnamectl set-hostname k8s-node1

hostnamectl set-hostname k8s-node2

修改各节点hosts

vi /etc/hosts

192.168.139.128 k8s-master m

192.168.139.129 k8s-node1 n1

192.168.139.130 k8s-node2 n2

安装 ipvs

yum install -y ipvsadm

加载 bridge

yum install -y epel-release

yum install -y bridge-utils

modprobe br_netfilter

echo 'br_netfilter' >> /etc/modules-load.d/bridge.conf

echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf

echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf

echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf

sysctl -p

添加 docker-ce yum 源

yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo

安装docker（27.3.1）

yum -y install docker-ce

配置 daemon.

cat > /etc/docker/daemon.json <<EOF

{"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"log-driver":"json-file","log-opts":{"max-size": "100m","max-file": "100"},"insecure-registries": ["harbor.xinxainghf.com"],"registry-mirrors": ["https://docker.m.daocloud.io","https://docker.hpcloud.cloud","https://docker.unsee.tech","https://docker.1panel.live","http://mirrors.ustc.edu.cn","https://docker.chenby.cn","http://mirror.azure.cn","https://dockerpull.org","https://dockerhub.icu","https://hub.rat.dev"]}

EOF

mkdir -p /etc/systemd/system/docker.service.d

重启docker服务

systemctl daemon-reload && systemctl restart docker && systemctl enable docker

安装 cri-docker

wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.9/cri-dockerd-0.3.9.amd64.tgz

tar -xf cri-dockerd-0.3.9.amd64.tgz

cp cri-dockerd/cri-dockerd /usr/bin/

chmod +x /usr/bin/cri-dockerd

配置 cri-docker 服务

cat <<"EOF" > /usr/lib/systemd/system/cri-docker.service

[Unit]

Description=CRI Interface for Docker Application Container Engine

Documentation=https://docs.mirantis.com

After=network-online.target firewalld.service docker.service

Wants=network-online.target

Requires=cri-docker.socket

[Service]

Type=notify

ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8

ExecReload=/bin/kill -s HUP $MAINPID

TimeoutSec=0

RestartSec=2

Restart=always

StartLimitBurst=3

StartLimitInterval=60s

LimitNOFILE=infinity

LimitNPROC=infinity

LimitCORE=infinity

TasksMax=infinity

Delegate=yes

KillMode=process

[Install]

WantedBy=multi-user.target

EOF

添加 cri-docker 套接字

cat <<"EOF" > /usr/lib/systemd/system/cri-docker.socket

[Unit]

Description=CRI Docker Socket for the API

PartOf=cri-docker.service

[Socket]

ListenStream=%t/cri-dockerd.sock

SocketMode=0660

SocketUser=root

SocketGroup=docker

[Install]

WantedBy=sockets.target

EOF

启动 cri-docker 对应服务

systemctl daemon-reload

systemctl enable cri-docker

systemctl start cri-docker

systemctl is-active cri-docker

添加 kubeadm yum 源

cat << EOF > /etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/

enabled=1

gpgcheck=1

repo_gpgcheck=1

gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

安装kubernetes 1.28.2

yum install -y kubelet-1.28.2 kubectl-1.28.2 kubeadm-1.28.2

systemctl enable kubelet.service

初始化主节点，修改address

kubeadm init --apiserver-advertise-address=192.168.139.128 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version 1.28.2 --service-cidr=10.10.0.0/12 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all --cri-socket unix:///var/run/cri-dockerd.sock

拉镜像报错：

failed to pull image registry.aliyuncs.com/google_containers/kube-apisevice failed" err="rpc error: code = Unknown desc = Error response from daemon: Get \"https://registrng" image="registry.aliyuncs.com/google_containers/kube-apiserver:v1.28.2"

time="2024-11-26T15:12:34+08:00" level=fatal msg="pulling image: rpc error: code = Unknown desc = Eryuncs.com on 192.168.139.2:53: server misbehaving"

解决：

vi /etc/resolv.conf

nameserver 114.114.114.114

nameserver 8.8.8.8

再次初始化

主节点

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$ (id -g) $HOME/.kube/config

从节点加入集群

kubeadm join 192.168.139.128:6443 --token uq3zjc.h2lgsej97ldhu0qp \

--discovery-token-ca-cert-hash sha256:4fff39cab6e362644fc05493d25c62897c4fec6550d5eb8fa81212c82517be92 --cri-socket unix:///var/run/cri-dockerd.sock

报错：

error execution phase preflight: couldn't validate the identity of the API Server: Get "https://192.168.139.128:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s": dial tcp 192.168.139.128:6443: connect: no route to host

三台机都执行：

iptables -F

主节点：

kubectl get node #状态为NotReady

部署网络插件

下载地址：curl https://raw.githubusercontent.com/projectcalico/calico/v3.26.3/manifests/calico-typha.yaml -o calico.yaml

kubectl apply -f calico.yaml

上传包含镜像的包进行解压（无法下载时用）

yum -y install unzip

unzip calico.zip

cd calico

tar -xf calico-images.tar.gz

docker load -i calico-images/calico-cni-v3.26.3.tar

docker load -i calico-images/calico-kube-controllers-v3.26.3.tar

docker load -i calico-images/calico-node-v3.26.3.tar

docker load -i calico-images/calico-typha-v3.26.3.tar

主节点执行

kubectl apply -f calico-typha.yaml

kubectl get pod -n kube-system #所有状态running

Rocky Linux9.5部署k8s1.28.2+docker