如果操作系统环境为CentOS、Red Hat、Rocky Linux、Alma Linux、Fedora等RHEL系列操作系统,使用以下步骤操作。

基础环境配置(所有节点)

---

修改主机名与hosts文件

--- 
1
2
3
4
5
6
7
[root@k8s-master ~]# hostnamectl set-hostname k8s-master

[root@k8s-master ~]# vim /etc/hosts
192.168.10.10   k8s-master
192.168.10.11   k8s-work1
192.168.10.12   k8s-work2
192.168.10.15   k8s-harbor

验证mac地址uuid

---

保证各节点mac和uuid唯一,避免克隆虚拟机后uuid一致导致加入集群异常。

1
2
[root@k8s-master ~]# cat /sys/class/net/ens160/address 
[root@k8s-master ~]# cat /sys/class/dmi/id/product_uuid

时间同步

---
  • master节点设置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@k8s-master ~]# dnf -y install chrony
[root@k8s-master ~]# vim /etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server ntp.aliyun.com iburst

# Allow NTP client access from local network.
#allow 192.168.10.0/24

[root@k8s-master ~]# systemctl start chronyd
[root@k8s-master ~]# systemctl enable chronyd
[root@k8s-master ~]# timedatectl set-timezone Asia/Shanghai
[root@k8s-master ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 202.118.1.81                  1   6   357   100   +124us[ +205us] +/- 7213us
^? 2a01:4f8:120:9224::2          0   6     0     -     +0ns[   +0ns] +/-    0ns
^+ 202.118.1.130                 1   6   316   184    -29us[  +33us] +/- 7479us
^- 119.28.206.193                2   6   316   192    +13ms[  +13ms] +/-   44ms
[root@k8s-master ~]#
  • node节点配置
1
2
3
4
5
6
7
8
9
10
[root@node1  ~]# yum -y install chrony  
[root@node1  ~]# vim /etc/chrony.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 192.168.10.100

[root@node1  ~]# systemctl start chronyd  
[root@node1  ~]# systemctl enable chronyd  
[root@node1  ~]# chronyc sources

设置防火墙规则

--- 
1
2
3
4
5
6
7
[root@master  ~]# systemctl stop firewalld  
[root@master  ~]# systemctl disable firewalld  
[root@master  ~]# yum -y install iptables-services  
[root@master  ~]# systemctl start iptables  
[root@master  ~]# systemctl enable iptables  
[root@master  ~]# iptables -F 
[root@master  ~]# service iptables save

关闭selinux

--- 
1
2
[root@master  ~]# setenforce 0  
[root@master  ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

关闭swap分区

--- 
1
2
[root@master  ~]# swapoff -a  
[root@master  ~]# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

其他配置(所有节点)

---

修改内核相关参数

---

vm.swappiness = 0 # 最大限度避免使用 swap

net.bridge.bridge-nf-call-ip6tables = 1 # 内核在桥接设备上让IPv6流量经过 Netfilter(iptables)过滤。

net.bridge.bridge-nf-call-iptables = 1 # 内核在桥接设备上让IPv4流量经过 Netfilter(iptables)过滤。

net.ipv4.ip_forward = 1 # 允许 IPv4 数据包从一个网络接口转发到另一个网络接口。

1
2
3
4
5
6
7
[root@master  ~]# cat > /etc/sysctl.d/kubernetes.conf << EOF
vm.swappiness = 0 
net.bridge.bridge-nf-call-ip6tables = 1  
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1 
EOF
[root@master  ~]# sysctl -p /etc/sysctl.d/kubernetes.conf 
- centos8会有如下报错

1
2
3
4
vm.swappiness = 0
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: 没有那个文件或目录
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: 没有那个文件或目录
net.ipv4.ip_forward = 1
  • 临时解决,重启失效
    modprobe br_netfilter
  • 开机加载上面这个模块
1
2
3
4
5
6
7
8
9
10
11
12
13
[root@master  ~]# cat > /etc/rc.sysinit << EOF
#!/bin/bash
for file in /etc/sysconfig/modules/*.modules ; do
[ -x $file ] && $file
done
EOF
[root@master  ~]# cat > /etc/sysconfig/modules/br_netfilter.modules << EOF
modprobe br_netfilter # 通过 br_netfilter,内核能够让网络包在经过桥接设备时被 iptables 规则处理
EOF
[root@master  ~]# chmod 755 /etc/sysconfig/modules/br_netfilter.modules 
[root@master  ~]# lsmod |grep br_netfilter
br_netfilter           24576  0
bridge                290816  1 br_netfilter

kube-proxy开启ipvs的前置条件

--- 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@k8s-master ~]# yum -y install ipset ipvsadm
[root@k8s-master ~]# cat > /etc/sysconfig/modules/ipvs.modules <<EOF 
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
[root@k8s-master ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash  
[root@k8s-master ~]# /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack 
ip_vs_sh               16384  0
ip_vs_wrr              16384  0
ip_vs_rr               16384  0
ip_vs                 172032  6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack          172032  1 ip_vs
nf_defrag_ipv6         20480  2 nf_conntrack,ip_vs
nf_defrag_ipv4         16384  1 nf_conntrack
libcrc32c              16384  4 nf_conntrack,nf_tables,xfs,ip_vs
# 添加开机自动加载模块
[root@k8s-master ~]# echo "/etc/sysconfig/modules/ipvs.modules" >> /etc/rc.local
[root@k8s-master ~]# chmod +x /etc/rc.local
# 启用网桥过滤器模块
[root@k8s-master ~]# echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
[root@k8s-master ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
  • linux kernel 4.19版本已经将nf_conntrack_ipv4 更新为 nf_conntrack

升级内核

---

可选,建议4.18及+以上即可

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
载入公钥
[root@master  ~]# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org 
升级安装ELRepo
[root@master  ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm 
如果是centos8使用如下命令
[root@master  ~]#yum install https://www.elrepo.org/elrepo-release-8.0-2.el8.elrepo.noarch.rpm 
载入elrepo-kernel元数据
[root@master  ~]# yum --disablerepo=\* --enablerepo=elrepo-kernel repolist 
安装最新版本的kernel
[root@master  ~]# yum --disablerepo=\* --enablerepo=elrepo-kernel install kernel-ml.x86_64 -y 
删除旧版本工具包
[root@master  ~]# yum remove kernel-tools-libs.x86_64 kernel-tools.x86_64 -y 
安装新版本工具包
[root@master  ~]# yum --disablerepo=\* --enablerepo=elrepo-kernel install kernel-ml-tools.x86_64 -y 
查看内核插入顺序
[root@server-1  ~]# awk -F \' '$1=="menuentry " {print i++ " : " $2}'  /etc/grub2.cfg 
设置默认启动
[root@server-1  ~]# grub2-set-default 0 // 0代表当前第一行,也就是5.3版本  
[root@server-1  ~]# grub2-editenv list  
重启验证

配置阿里云yum源

---

k8s版本1.28前,使用如下命令配置yum源。

1
2
3
4
5
6
7
8
9
[root@k8s-master ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

k8s版本1.28以后,例如安装1.30,则修改对应的版本号即可。

1
2
3
4
5
6
7
8
[root@k8s-master ~]# cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/repomd.xml.key
EOF

安装kubeadm、kubectl、kubelet

--- 
1
2
3
yum install -y kubelet kubeadm kubectl
systemctl enable kubelet
systemctl start kubelet

kubelet 运行在集群所有节点上,用于启动Pod和容器等对象的工具
kubeadm 用于初始化集群,启动集群的命令工具
kubectl 用于和集群通信的命令行,通过kubectl可以部署和管理应用,查看各种资源,创建、删除和更新各种组件

  • 默认安装最新版,也可以指定老版本安装
1
2
yum list kubeadm --showduplicates | sort -r
yum install -y kubelet-1.24.13 kubeadm-1.24.13 kubectl-1.24.13