【Kubernetes】CentOS 7 安装 Kubernetes 1.30.1

欢迎来到这份超详细的文档！这里将引导你在 CentOS 7 上轻松部署 Kubernetes 1.30.1，希望通过这份指南，让你的 Kubernetes 之旅充满乐趣与收获，快来一起探索吧！

• 操作系统：CentOS Linux 7 (Core)
• Containerd：1.6.33
• Kubernetes：1.30.1
• 下方仅一个主节点为例（其中主节点 hostname 为 node1，可根据实际情况修改）

1. 更换阿里云的 YUM 源

1.1. 无法使用 yum update

yum update

1.2. 备份原来的 yum 源，添加阿里云 yum 源

# 备份原来的源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
# 创建文件 vi /etc/yum.repos.d/CentOS-Base.repo，输入虚线以下内容
----------------------------------------------------------------------------
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#
 
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#released updates 
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

# 清理缓存
yum clean all
# 重新生成新缓存
yum makecache

2. 升级 Linux 内核

2.1. 查看当前内核版本并下载升级版本的内核文件

# 查看当前内核版本
uname -r
# 下载升级版本的内核文件
wget https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-lt-5.4.257-1.el7.elrepo.x86_64.rpm
wget https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-lt-devel-5.4.257-1.el7.elrepo.x86_64.rpm
wget https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-lt-doc-5.4.257-1.el7.elrepo.noarch.rpm
wget https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-lt-headers-5.4.257-1.el7.elrepo.x86_64.rpm
wget https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-lt-tools-5.4.257-1.el7.elrepo.x86_64.rpm
wget https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-lt-tools-libs-5.4.257-1.el7.elrepo.x86_64.rpm
wget https://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-lt-tools-libs-devel-5.4.257-1.el7.elrepo.x86_64.rpm

2.2. 卸载低版本内核的 kernel-tools 和 kernel-headers

yum remove -y kernel-tools* kernel-headers*

2.3. 安装下载的安装包

yum install -y kernel*.rpm

2.4. 设置默认启动内核为安装的最新版本

# 在 CentOS 系统中，/etc/default/grub 文件用于配置 GRUB 引导加载程序的参数和选项
cat /etc/default/grub
# 将默认内核设置为第一个 (0) 条目
sed -i 's/^GRUB_DEFAULT=saved$/GRUB_DEFAULT=0/' /etc/default/grub
# 验证设置成功
cat /etc/default/grub
# 生成新的 GRUB 配置文件
grub2-mkconfig -o /boot/grub2/grub.cfg

2.5. 重启，查看升级后的内核版本

# 重启
reboot
# 验证内核升级成功
uname -r

3. 安装 k8s 前的准备工作

3.1. 关闭防火墙

# 禁用防火墙
systemctl disable --now firewalld
systemctl stop firewalld
systemctl status firewalld

3.2. 关闭 SELinux

# 查看 SELinux 是否开启
getenforce
# 永久关闭 SELinux ，需重启
sed -i 's/enforcing/disabled/' /etc/selinux/config
# 验证修改完成
cat /etc/selinux/config
# 关闭当前会话的 SELinux ，重启后无效
setenforce 0
# 查看 SELinux 已关闭
getenforce

3.3. 关闭 swap 分区

# 查看 swap 分区是否存在
free -h
# 关闭当前会话的 swap，重启后无效
swapoff -a
# 永久关闭 swap ，需重启
sed -ri 's/.*swap.*/#&/' /etc/fstab
# 查看 swap 分区已关闭
free -h

3.4. 将桥接的 IPv4 流量传递到 iptables 的链

# vi /etc/sysctl.conf，添加以下内容
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.all.forwarding = 1
# 加载 br_netfilter 模块
modprobe br_netfilter
# 持久化修改
sysctl -p

4. 安装 conatinerd

4.1. 配置 docker 源

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

4.2. 安装 containerd

yum install -y yum-utils device-mapper-persistent-data lvm2
yum install -y containerd.io containerd

4.3. 配置 containerd 文件

# 查看 containerd 状态
systemctl status containerd
# 输出 containerd 配置文件
containerd config default > /etc/containerd/config.toml
# 替换为阿里云的镜像地址
sed -i "s#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
# 备份配置文件
cp /etc/containerd/config.toml   /etc/containerd/config.toml.bak
# 删除 /etc/containerd/config.toml 文件中 disabled_plugins 中的 cri
vi /etc/containerd/config.toml

# 开启 SystemdCgroup
sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml
# 设置 containerd 开机自启动
systemctl enable --now containerd
systemctl status containerd

4.4. 查看 containerd 版本

ctr version
containerd --version

4.5. 安装 crictl 命令

# 下载 crictl_v1.30.0 版本的包
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.30.0/crictl-v1.30.0-linux-amd64.tar.gz
# 解压到 /usr/local/bin 目录
tar zxvf crictl-v1.30.0-linux-amd64.tar.gz -C /usr/local/bin
# 生成配置文件
cat << EOF | sudo tee /etc/crictl.yaml
> runtime-endpoint: "unix:///run/containerd/containerd.sock"
> image-endpoint: "unix:///run/containerd/containerd.sock"
> debug: false
> pull-image-on-create: true
> disable-pull-on-run: false
> EOF
# 验证 crictl 命令安装成功
crictl ps

4.6. 配置 Containerd 运行时镜像加速器（可选）

# 修改 vi /etc/containerd/config.toml，追加以下内容
[plugins."io.containerd.grpc.v1.cri".registry]
   config_path = "/etc/containerd/certs.d"

# docker hub 镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://dockerpull.com"]
  capabilities = ["pull", "resolve"]
[host."https://register.liberx.info"]
  capabilities = ["pull", "resolve"]
[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]
[host."https://dockerproxy.cn"]
  capabilities = ["pull", "resolve"]
EOF

# registry.k8s.io 镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "https://registry.k8s.io"
[host."https://k8s.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# 拉取镜像方式
# ctr 命令
ctr i pull --hosts-dir=/etc/containerd/certs.d docker.io/nginx:latest
# crictl 命令
crictl pull docker.io/nginx:latest

5. 安装 Kubernetes

5.1. 添加阿里云的 Kubernetes 的 YUM 源

cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/repomd.xml.key
EOF

5.2. 安装 kubelet、kubeadm、kubectl

yum install -y kubelet-1.30.1 kubeadm-1.30.1 kubectl-1.30.1

5.3. 下载所需的镜像

kubeadm config images pull --kubernetes-version=v1.30.1 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers

5.4. 初始化 master 节点

kubeadm init --apiserver-advertise-address=172.16.14.132 --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --kubernetes-version=v1.30.1 --service-cidr=10.96.0.0/16 --pod-network-cidr=10.244.0.0/16

5.5. 根据日志信息提示操作，执行下方命令

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf

5.6. 部署 Calico 网络插件

kubectl apply -f https://projectcalico.docs.tigera.io/v3.25/manifests/calico.yaml

5.7. 查看节点状态变为 Ready

# 查看所有命名空间的 pod
kubectl get pod -A
# 查看所有节点
kubectl get node

5.8. 工作节点

• 工作节点部署和主节点类似，步骤 5.3 及以后无需执行，使用 "kubeadm join xxx" 命令加入主节点即可