視頻地址：https://www.bilibili.com/video/BV1FV4y1m7Uf

1、節(jié)點規(guī)劃
uos1(master) ? ??? 192.168.122.10
uos2(worker1) ???? 192.168.122.11
uos3(worker2) ???? 192.168.122.12??? ?

2、基本配置
所有節(jié)點配置hosts
192.168.122.10 uos1
192.168.122.11 uos2
192.168.122.12 uos3

3、所有節(jié)點安裝工具：
yum install wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git -y

4、所有節(jié)點關閉防火墻、swap。服務器配置如下：
systemctl disable --now firewalld

5、所有節(jié)點配置limit：
ulimit -SHn 65535

cat << EOF >>/etc/security/limits.conf
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited
EOF

reboot

6、內(nèi)核配置
所有節(jié)點安裝ipvsadm：
yum install ipvsadm ipset sysstat conntrack libseccomp -y

所有節(jié)點配置ipvs模塊
cat << EOF >> /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF

加載內(nèi)核配置
vi /lib/systemd/system/systemd-modules-load.service

結尾加入

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemctl enable --now systemd-modules-load.service

開啟一些k8s集群中必須的內(nèi)核參數(shù)，所有節(jié)點配置k8s內(nèi)核
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720

net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
sysctl --system

7、安裝containerd
（1）所有節(jié)點配置containerd所需環(huán)境
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter

cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables? = 1
net.ipv4.ip_forward???????????????? = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sysctl --system

（2）所有節(jié)點安裝containerd
wget https://github.com/containerd/containerd/releases/download/v1.7.2/cri-containerd-cni-1.7.2-linux-amd64.tar.gz
tar -zxvf cri-containerd-cni-1.7.2-linux-amd64.tar.gz -C /
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml

vi /etc/containerd/config.toml
根據(jù)文檔Container runtimes 中的內(nèi)容，對于使用systemd作為init system的Linux的發(fā)行版，使用systemd作為容器的cgroup driver可以確保服務器節(jié)點在資源緊張的情況更加穩(wěn)定，因此這里配置各個節(jié)點上containerd的cgroup driver為systemd。

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
??? SystemdCgroup = false 改為 SystemdCgroup = true

? [plugins."io.containerd.grpc.v1.cri"]
??? sandbox_image = "k8s.gcr.io/pause:3.8" 改為 sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.8"

設置開機自啟動
systemctl enable --now containerd
查看版本
crictl version

8、所有節(jié)點安裝kubernetes
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum update

yum list kubeadm.x86_64 --showduplicates | sort -r

yum install kubeadm -y

cat >/etc/sysconfig/kubelet<<EOF
KUBELET_EXTRA_ARGS="--pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 --fail-swap-on=false"
EOF

systemctl daemon-reload
systemctl enable --now kubelet

cat << EOF >>/etc/profile
KUBE_PROXY_MODE=ipvs
EOF

source /etc/profile

9、安裝k8s
在masters節(jié)點上執(zhí)行下面的命令，然后進行修改:
kubeadm config print init-defaults > /root/kadm.yml
因為將docker換成了containerd所以配置文件需要修改成如下模樣：
vi /root/kadm.yml

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
? - system:bootstrappers:kubeadm:default-node-token
? token: abcdef.0123456789abcdef
? ttl: 24h0m0s
? usages:
? - signing
? - authentication
kind: InitConfiguration
localAPIEndpoint:
? advertiseAddress: 192.168.122.10
? bindPort: 6443
nodeRegistration:
? criSocket: unix:///var/run/containerd/containerd.sock
? imagePullPolicy: IfNotPresent
? name: uos1
? taints: null
---
apiServer:
? timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
? local:
??? dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.27.0
networking:
? dnsDomain: cluster.local
? podSubnet: 10.244.0.0/16
? serviceSubnet: 10.96.0.0/12
scheduler: {}
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
failSwapOn: false
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs

kubeadm config images list --config /root/kadm.yml
kubeadm config images pull --config /root/kadm.yml

kubeadm init --config /root/kadm.yml --ignore-preflight-errors=Swap --upload-certs

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

uos2,uos3加入集群：
kubeadm join 192.168.122.10:6443 --token abcdef.0123456789abcdef \
??????? --discovery-token-ca-cert-hash sha256:1111c01dff5e4f70c92df95abf05cfa9e849fccee3190f671a2b28117487ebe5

10、安裝flannel
kubectl apply -f flannel.yaml
reboot