cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
#repo_gpgcheck=1
gpgkey=https://mirrors. aliyun.com/kubernetes/yum/doc/yum-key.gpg
EOF

yum install -y kubelet-1.28.0 kubeadm-1.28.0 kubectl-1.28.0 --disableexcludes=kubernetes

systemctl enable --now containerd
systemctl enable --now kubelet

初始化master

生成token

kubeadm token generate

使用配置文件

kubeadm config print init-defaults --component-configs KubeletConfiguration,KubeProxyConfiguration > kubeadm.yaml

修改kubeadm.yaml

token: 上面生成的token
localAPIEndpoint:
  advertiseAddress: 192.168.0.15
nodeRegistration:
  name: k8s-master1
imageRepository: registry.aliyuncs.com/google_containers
kubernetesVersion: 1.28.0
ipvs:
  strictARP: true
mode: "ipvs"

然后安装

kubeadm init --config kubeadm.yaml --v 6

看到下面的内容表示安装成功了

.....
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.0.11:6443 --token vpbpo2.a73mc0asxjy7b5xe \
        --discovery-token-ca-cert-hash sha256:70ba6173c9e2ce7b285342afb456e566f03fd8eb99edc7609edd86ae1e82c335

记住上面的kubeadm join的命令，其它服务器可以通过这个命令加入到集群中

安装命令

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装网络插件calico

wget https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml

修改为kubeadm.yaml中的podSubnet:

- name: CALICO_IPV4POOL_CIDR
  value: "10.96.0.0/12"

在master主机上安装即可

kubectl apply -f calico.yaml

等待所有节点status变成Ready

watch kubectl get pods -n kube-system

NAME READY STATUS RESTARTS AGE
calico-kube-controllers-7ddc4f45bc-lcbx6 1/1 Running 0 65s
calico-node-pvpbx 1/1 Running 0 65s
coredns-66f779496c-8xplr 1/1 Running 0 2m9s
coredns-66f779496c-gnq7l 1/1 Running 0 2m9s
etcd-k8s-master 1/1 Running 0 2m15s
kube-apiserver-k8s-master 1/1 Running 0 2m15s
kube-controller-manager-k8s-master 1/1 Running 0 2m15s
kube-proxy-98kx5 1/1 Running 0 2m10s
kube-scheduler-k8s-master 1/1 Running 0 2m15s

初始化node

kubeadm join 192.168.0.11:6443 --token vpbpo2.a73mc0asxjy7b5xe --discovery-token-ca-cert-hash sha256:70ba6173c9e2ce7b285342afb456e566f03fd8eb99edc7609edd86ae1e82c335

微服务（二）| k8s安装最先出现在wqh博客。

版本需求

centos stream 9
k8s 1.28.0
istio 1.18.2
calico 3.26.1

安装条件

一台兼容的 Linux 主机。Kubernetes 项目为基于 Debian 和 Red Hat 的 Linux 发行版以及一些不提供包管理器的发行版提供通用的指令。
每台机器 2 GB 或更多的 RAM（如果少于这个数字将会影响你应用的运行内存）。
CPU 2 核心及以上。
集群中的所有机器的网络彼此均能相互连接（公网和内网都可以）。
节点之中不可以有重复的主机名、MAC 地址或 product_uuid。请参见这里了解更多详细信息。
开启机器上的某些端口。请参见这里了解更多详细信息。
禁用交换分区。为了保证 kubelet 正常工作，你必须禁用交换分区。
例如，sudo swapoff -a 将暂时禁用交换分区。要使此更改在重启后保持不变，请确保在如 /etc/fstab、systemd.swap 等配置文件中禁用交换分区，具体取决于你的系统如何配置。

yum -y update
yum install -y iproute-tc

安装Docker

yum install -y yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce containerd.io

这里我们只使用container，不需要启动docker

mkdir -p /etc/containerd
containerd config default | tee /etc/containerd/config.toml

修改SystemdCgroup

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  ...
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    SystemdCgroup = true

[plugins."io.containerd.grpc.v1.cri"]
  sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"

[plugins.”io.containerd.grpc.v1.cri”.registry]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
      endpoint = ["https://mirrors.ivolces.com"]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
      endpoint = ["https://registry.aliyuncs.com/google_containers"]

配置Host

其他服务器修改成对应的hostname

hostnamectl set-hostname k8s-master1

修改/etc/hosts

192.168.0.13 k8s-master1
192.168.0.14 k8s-node1
192.168.0.15 k8s-node2

修改网络

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter
modprobe ip_tables
modprobe iptable_filter
modprobe -- ip_vs
modprobe -- ip_vs_sh
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- nf_conntrack

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

sysctl -p /etc/sysctl.d/k8s.conf

以上操作所有服务器都要执行

微服务（一）| 环境配置最先出现在wqh博客。