安装kubernetes v1.35

安装kubernetes
master
# 临时关闭当前已启用的swap
sudo swapoff -a
# 永久禁用，注释掉fstab中swap相关的行
sudo sed -i '/swap/s/^/#/' /etc/fstab
# 加载br_netfilter模块
sudo modprobe br_netfilter
# 设置内核参数
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用配置
sudo sysctl --system
# 关闭防火墙
sudo systemctl stop firewalld //有没有安装的省略
sudo systemctl disable firewalld
# 将SELinux设置为permissive模式（宽松模式，仅生成警告而不拦截）
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
上一步配置了外网原需要配置代理 #export
sudo yum install -y docker-ce docker-ce-cli containerd.io
# 生成默认配置文件
sudo containerd config default | sudo tee /etc/containerd/config.toml
# 将配置文件中的SystemdCgroup设置为true
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
# 重启并设置开机自启
sudo systemctl restart containerd
sudo systemctl enable containerd
添加安装原
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.35/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.35/rpm/repodata/repomd.xml.key
EOF
查看kubernets的安装包
yum list available kubelet kubeadm kubectl --showduplicates
安装软件
sudo yum install -y kubelet-1.35.0-150500.1.1 kubeadm-1.35.0-150500.1.1 kubectl-1.35.0-150500.1.1
# 启动kubelet服务
sudo systemctl enable --now kubelet
配置安装kubernetes的yaml文件
[root@master createk8s]# cat test.yaml
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.3.252
bindPort: 6443
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: v1.35.0
networking:
podSubnet: 10.244.0.0/16
timeoutForControlPlane: "10m0s"
apiServer:
extraArgs:
runtime-config: "rbac.authorization.k8s.io/v1=true"
controllerManager:
extraArgs:
kube-api-qps: "100"
scheduler:
extraArgs:
kube-api-qps: "100"
etcd:
local:
extraArgs:
heartbeat-interval: "500"
election-timeout: "5000"
curl 直接读取终端的 http_proxy 变量，但 kubeadm 是通过 CRI 接口 调用 containerd 拉镜像（而非 ctr 命令），需要给 containerd 的 CRI 组件单独配置代理（之前的配置可能只针对 ctr 命令，没覆盖 CRI 接口）。
所以需要拉取国外镜像需要配置contianerd
# 1. 创建 systemd 配置目录
sudo mkdir -p /etc/systemd/system/containerd.service.d

# 2. 创建代理配置文件 (请确保代理地址 192.168.3.77:20171 是正确的)
sudo tee /etc/systemd/system/containerd.service.d/http-proxy.conf <<EOF
[Service]
Environment="HTTP_PROXY=http://192.168.3.77:20171/"
Environment="HTTPS_PROXY=http://192.168.3.77:20171/"
# 非常重要：将集群内网地址和域名加入 NO_PROXY，避免代理干扰内部通信
Environment="NO_PROXY=localhost,127.0.0.1,192.168.3.252,192.168.0.0/16,10.0.0.0/8,.cluster.local,.svc,.default"
EOF

# 3. 重新加载 systemd 配置并重启 containerd
sudo systemctl daemon-reload
sudo systemctl restart containerd

# 4. 验证代理环境变量是否已加载到服务中
sudo systemctl show containerd --property Environment
初始化
kubeadm init --config=test.yaml --ignore-preflight-errors=SystemVerification #省略不重要的报错
授权用户
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
安装网络插件
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

安装kuberentes
node
安装kubernetes
master
# 临时关闭当前已启用的swap
sudo swapoff -a
# 永久禁用，注释掉fstab中swap相关的行
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# 加载br_netfilter模块
sudo modprobe br_netfilter
# 设置内核参数
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用配置
sudo sysctl --system
# 关闭防火墙
sudo systemctl stop firewalld //有没有安装的省略
sudo systemctl disable firewalld
# 将SELinux设置为permissive模式（宽松模式，仅生成警告而不拦截）
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
上一步配置了外网原需要配置代理 #export
sudo yum install -y docker-ce docker-ce-cli containerd.io
# 生成默认配置文件
sudo containerd config default | sudo tee /etc/containerd/config.toml
# 将配置文件中的SystemdCgroup设置为true
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
# 重启并设置开机自启
sudo systemctl restart containerd
sudo systemctl enable containerd
添加安装原
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.35/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.35/rpm/repodata/repomd.xml.key
EOF
查看kubernets的安装包
yum list available kubelet kubeadm kubectl --showduplicates
安装软件
sudo yum install -y kubelet-1.35.0-150500.1.1 kubeadm-1.35.0-150500.1.1 kubectl-1.35.0-150500.1.1
# 启动kubelet服务
sudo systemctl enable --now kubelet
# 1. 创建 systemd 配置目录
sudo mkdir -p /etc/systemd/system/containerd.service.d

# 2. 创建代理配置文件 (请确保代理地址 192.168.3.77:20171 是正确的)
sudo tee /etc/systemd/system/containerd.service.d/http-proxy.conf <<EOF
[Service]
Environment="HTTP_PROXY=http://192.168.3.77:20171/"
Environment="HTTPS_PROXY=http://192.168.3.77:20171/"
Environment="NO_PROXY=localhost,127.0.0.1,192.168.3.252,192.168.0.0/16,10.0.0.0/8,.cluster.local,.svc,.default"
EOF

# 3. 重新加载 systemd 配置并重启 containerd
sudo systemctl daemon-reload
sudo systemctl restart containerd

# 4. 验证代理环境变量是否已加载到服务中
sudo systemctl show containerd --property Environment
加入集群
sudo kubeadm join 192.168.3.252:6443 --token ypgrum.3oqps1o303pptyiq --discovery-token-ca-cert-hash sha256:2c25daa7d476390b374236c759cc4142724c8855bbcefd76e9919e21c957d352 --ignore-preflight-errors=SystemVerification

##配置了shell代理要先取消再加入集群有时候contained的配置文件会被重新占用(作者也只装过几次)重新执行# 生成默认配置文件
sudo containerd config default | sudo tee /etc/containerd/config.toml
# 将配置文件中的SystemdCgroup设置为true
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml