一、环境准备

1、内核升级

#升级内核：
yum -y install kernel-ml-5.10.3-1.el7.elrepo.x86_64.rpm  kernel-ml-devel-5.10.3-1.el7.elrepo.x86_64.rpm# 查询可用内核版本
# awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg# 调整默认内核启动
grub2-set-default "CentOS Linux (5.10.3-1.el7.elrepo.x86_64) 7 (Core)"# 核查是否修改正确，并重启使其生效
grub2-editenv list
reboot

2、防火墙和SELIUNX关闭

systemctl  disable  --now firewalld
sed -i 's/enforcing/disabled/' /etc/selinux/config

3、配置主机名和关闭swaff分区

echo "192.168.1.100 master" >> /etc/hosts
echo "192.168.1.101 node" >> /etc/hostshostnamectl set-hostname master && bash 
hostnamectl set-hostname node  && bash # 关闭swap
swapoff -a  # 临时
sed -ri 's/.*swap.*/#&/' /etc/fstab    # 永久

3、配置免密传输

ssh-keygen  #一路回车，不输入密码
ssh-copy-id node
ssh-copy-id master

4、修改内核参数

modprobe br_netfilter
vim /etc/sysctl.d/k8s.conf # 输入如下内容：net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1# 刷新内核参数
sysctl -p /etc/sysctl.d/k8s.conf

5、配置yum源

# 配置docker源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo## 配置k8s源
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.keyEOF## 清理缓存
yum clear
## 生成缓存
yum makecache 

6、配置时间同步

yum install ntpdate -yntpdate cn.pool.ntp.org## 配置定时任务
crontab -e
* *  * * * /usr/sbin/ntpdate   cn.pool.ntp.org## 重启服务
systemctl restart crond

安装IPVS

yum -y install ipset ipvsadm## 添加IPVS模块# cat > /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF## 检查加载情况：
lsmod | grep ip_vs## 加载IPVS
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack

二、安装docker和 kubenters基础服务

1、安装docker

# 添加yum源 如果安装可以忽略
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
## 刷新yum源缓存
yum makecache ## 安装docker-ce
yum -y install docker-ce## 启动docker并设置开机启动
systemctl  enable  --now docker

2、配置加速器

## 在/etc/docker/daemon.json添加如下内容
cat  > /etc/docker/daemon.json  << EOF
{"registry-mirrors":["https://a88uijg4.mirror.aliyuncs.com","https://docker.lmirror.top","https://docker.m.daocloud.io", "https://hub.uuuadc.top","https://docker.anyhub.us.kg","https://dockerhub.jobcher.com","https://dockerhub.icu","https://docker.ckyl.me","https://docker.awsl9527.cn","https://docker.laoex.link"],
"insecure-registries":["192.168.40.62","harbor"]
} EOF
## 重新加载服务，并重启docker
systemctl  daemon-reload ; systemctl restart docker

3、安装cri-docker

##下载cri-dockerd的rpm包
https://github.com/mirantis/cri-dockerd/releases/download/v0.3.8/cri-dockerd-0.3.8-3.e17.x86_64.rpm## 下载cri-dockerd的tar包
# 下载安装2 
$ wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.10/cri-dockerd-0.3.10.amd64.tgz$ tar -xf cri-dockerd-0.3.1.amd64.tgz
$ cp cri-dockerd/cri-dockerd /usr/bin/
$ chmod +x /usr/bin/cri-dockerd###安装cri-dockerd
yum -y install  cri-dockerd-0.3.8-3.el7.x86_64.rpm 

4、cri-docker配置文件

vim /usr/lib/systemd/system/cri-docker.service
## 修改第10行
10 ExecStart=/usr/bin/cri-dockerd  --pod-infra-container-image=registry.k8s.io/pause:3.9  --container-runtime-endpoint fd://## 二进制安装需要手动添加配置文件
cat /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=alwaysStartLimitBurst=3
StartLimitInterval=60sLimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinityTasksMax=infinity
Delegate=yes
KillMode=process[Install]
WantedBy=multi-user.target
# 这里的参数 `--pod-infra-container-image`，这个值要根据实际情况调整，如果你的安装环境不能访问互联网，那你就需要配置为内部镜像仓库。## 创建一个 socket 文件以便 kubelet 与 cri-dockerd 通信cat <<"EOF" > /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker[Install]
WantedBy=sockets.target
EOF## 启动服务，并设定为开机自启动
systemctl daemon-reload ; systemctl enable --now cri-docker

5、安装k8s必备的组件

## 如果配置请忽略
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.key
EOF## master节点和node节点需要安装
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubeletps: 由于官网未开放同步方式, 可能会有索引gpg检查失败的情况, 这时请用 yum install -y --nogpgcheck kubelet kubeadm kubectl 安装

三、初始化集群

1、使用配置文件初始化

## 生成初始化文件：
kubeadm config print init-defaults > kubeadm.yaml

2、修改初始化文件

[root@mster ~]# cat kubeadm.yaml apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authentication
kind: InitConfiguration
localAPIEndpoint:advertiseAddress: 192.168.1.100  ##修改成master节点bindPort: 6443
nodeRegistration:criSocket: unix:///var/run/cri-dockerd.sock  ## 修改成cri-docker引擎imagePullPolicy: IfNotPresentimagePullSerial: truename: master  ## 修改为master节点标识taints: null
timeouts:controlPlaneComponentHealthCheck: 4m0sdiscovery: 5m0setcdAPICall: 2m0skubeletHealthCheck: 4m0skubernetesAPICall: 1m0stlsBootstrap: 5m0supgradeManifests: 5m0s
---
apiServer: {}
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 87600h0m0s
certificateValidityPeriod: 8760h0m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
encryptionAlgorithm: RSA-2048
etcd:local:dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers  ## 这个是换成阿里云的镜像地址
kind: ClusterConfiguration
kubernetesVersion: 1.33.0
networking:dnsDomain: cluster.localpodSubnet: 10.244.0.0/16  ## pod的IP段serviceSubnet: 10.96.0.0/12 ## service的IP段
proxy: {}
scheduler: {}
---  ## 添加下面几行 添加ipvs模式，
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---  ##初始化节点的时候需要指定cgroupDriver为
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd

3、初始化

## 查看需要哪些镜像
kubeadm config images list --kubernetes-version=1.31.3 --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers## 根据配置文件初始化
kubeadm init --config=kubeadm.yaml --ignore-preflight-errors=SystemVerification

4、node节点加入集群

## 查看token
kubeadm token create --print-join-command## 加入集群（比如）
kubeadm join 192.168.40.180:6443 --token vulvta.9ns7da3saibv4pg1     --discovery-token-ca-cert-hash sha256:72a0896e27521244850b8f1c3b600087292c2d10f2565adb56381f1f4ba7057a   --cri-socket=unix:///var/run/cri-dockerd.sock## master节点查看
kubectl get node 

四、安装网络组件：caclio

## 下载地址
wget https://docs.projectcalico.org/manifests/calico.yaml## 修改配置
下载完后还需要修改里面定义Pod网络（CALICO_IPV4POOL_CIDR），与前面kubeadm init的 --pod-network-cidr指定的一样。## 测试
kubectl apply -f calico.yaml
kubectl get pods -n kube-system ## 所有pod是running状态
kubectl get node ## 所有node是Ready状态

五、测试集群

kubectl  run bs  --image=busybox:1.28.4 -- sleep 24h
kubectl get pod 
kubectl exec -it bs -- sh 
ping www.baidu.com 
nslookup  kubernetes.default.svc.cluster.local