K8S环境搭建(单master)
1. 修改主机名
[root@master ~]# hostnamectl set-hostname master [root@master ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 master 192.168.1.151 //添加这一行 [root@master ~]#2. 修改网络配置
[root@master ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=bfd305d4-011b-4d3c-a577-e20397e7b206 DEVICE=ens33 ONBOOT=yes IPADDR=192.168.1.151 NETWORK=255.255.255.0 GATEWAY=192.168.1.2 DNS1=8.8.8.8 DNS2=223.5.5.5重启网卡,查看配置是否生效
[root@master ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:6b:44:69 brd ff:ff:ff:ff:ff:ff inet 192.168.1.151/24 brd 192.168.1.255 scope global noprefixroute ens33 //可以看到IP地址已经生效 valid_lft forever preferred_lft forever inet6 fe80::27db:2915:b943:b627/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:c3:02:51:fa brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever [root@master ~]#3. 防火墙配置
关闭防火墙,并设置永久关闭
[root@master ~]# systemctl stop firewalld && systemctl disable firewalld4. selinux配置
临时关闭selinux
[root@master ~]# setenforce 0永久关闭selinux,修改( /etc/selinux/config )
[root@master ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled //修改为disabled # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted5. swap配置
关闭swap分区
[root@master ~]# swapoff -a永久关闭swap分区,修改(/etc/fstab)
[root@master ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Mon Mar 23 22:58:27 2026 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 UUID=fb846cb4-3232-4dbe-94f5-709ce402e89a /boot xfs defaults 0 0 /dev/mapper/centos-home /home xfs defaults 0 0 #/dev/mapper/centos-swap swap swap defaults 0 0 //注释掉这一行6. 重启主机
[root@master ~]# reboot7. 桥接网络配置
将桥接的IPv4流量传递到iptables的链,创建/etc/sysctl.d/k8s.conf
[root@master ~]# cat /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 vm.swappiness = 0 //创建该文件,并填充以下内容加载内核参数,立即生效,sysctl --system
[root@master ~]# sysctl --system * Applying /usr/lib/sysctl.d/00-system.conf ... net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 * Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ... kernel.yama.ptrace_scope = 0 * Applying /usr/lib/sysctl.d/50-default.conf ... kernel.sysrq = 16 kernel.core_uses_pid = 1 kernel.kptr_restrict = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.all.promote_secondaries = 1 fs.protected_hardlinks = 1 fs.protected_symlinks = 1 * Applying /etc/sysctl.d/99-sysctl.conf ... * Applying /etc/sysctl.d/k8s.conf ... net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 vm.swappiness = 0 * Applying /etc/sysctl.conf ... [root@master ~]#8. 修改yum源
[root@master ~]# mkdir /etc/yum.repos.d/bak && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/添加阿里云源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo清空yum源旧缓存,重新加载
[root@master ~]# yum clean all && yum repolist9. 安装一些必要的包
[root@master ~]# yum install -y yum-utils device-mapper-persistent-data lvm210. 添加阿里云的docker镜像源
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo sed -i 's/download.docker.com/mirrors.aliyun.com\/docker-ce/g' /etc/yum.repos.d/docker-ce.repo11. 安装docker
[root@master ~]# yum install docker-ce -y启动docker并设置开机自启
[root@master ~]# systemctl start docker && systemctl enable docker12. 安装cri-dockerd
下载cri-docker的tar包
[root@master ~]# wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.20/cri-dockerd-0.3.20.amd64.tgz解压缩这个包
[root@master ~]# tar zxvf cri-dockerd-0.3.20.amd64.tgz把cri-dockerd安装成系统命令
[root@master ~]# install -o root -g root -m 0755 cri-dockerd /usr/bin/cri-docker下载cri-docker.service和cri-docker.socker
curl -L https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service -o /etc/systemd/system/cri-docker.service curl -L https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket -o /etc/systemd/system/cri-docker.socket修改cri-docker.service
sed -i 's,^ExecStart.*,& --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.10.1,' /etc/systemd/system/cri-docker.service启动cri-docker并设置开机自启动
[root@master ~]# systemctl daemon-reload [root@master ~]# systemctl start cri-docker && systemctl enable cri-docker13. 安装kubeadm、kubelet、kubectl
设置yum源
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF重新加载yum源并安装相关服务
yum clean all yum repolist yum install -y kubelet-1.28.2 kubeadm-1.28.2 kubectl-1.28.214. 启动kubelet并设置开机自启
systemctl enable kubelet && systemctl start kubelet15. 使用kubeadm初始化k8s
[root@master ~]# sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers --cri-socket=unix:///var/run/cri-dockerd.sock --apiserver-advertise-address=192.168.1.151初始化完成后执行以下命令
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config执行kubectl get nodes获取节点状态,因未安装网络插件所以,状态为NotReady
[root@master ~]# kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME master NotReady control-plane 3h49m v1.28.2 192.168.1.151 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 docker://26.1.4 [root@master ~]#