离线环境搭建Kubernetes 1.27.2集群指南
系统环境准备
本文档介绍如何在CentOS 7.9系统上离线部署Kubernetes 1.27.2集群。首先,我们需要准备三台最小化安装的CentOS 7.9服务器,具体配置如下:
| 主机名 | IP地址 |
|---|---|
| k8s-master | 10.17.86.49 |
| k8s-node1 | 10.17.86.48 |
| k8s-node2 | 10.17.86.47 |
基础系统配置
在所有节点上执行以下基础配置:
- 配置网络环境
- 关闭防火墙:systemctl stop firewalld && systemctl disable firewalld
- 关闭SELinux:setenforce 0 && sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
- 安装必要软件:yum install vim gcc wget lrzsz bash-completion gperf -y
安装Containerd运行时
- 从GitHub下载containerd相关二进制文件:
- cri-containerd-cni-1.7.2-linux-amd64.tar
- containerd-1.7.2-linux-amd64.tar.gz
- 解压并安装:
tar Cxzvf /usr/local containerd-1.7.2-linux-amd64.tar.gz mkdir temp_dir;tar -xvf cri-containerd-cni-1.7.2-linux-amd64.tar.gz -C temp_dir/ mkdir -p /usr/local/lib/systemd/system/ cp temp_dir/etc/systemd/system/containerd.service /usr/local/lib/systemd/system/ systemctl daemon-reload systemctl start containerd mkdir -p /etc/containerd && containerd config default > /etc/containerd/config.toml - 编辑containerd配置文件 /etc/containerd/config.toml,修改以下内容:
[plugins] [plugins."io.containerd.grpc.v1.cri"] sandbox_image = "registry.k8s.io/pause:3.9" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] SystemdCgroup = true
系统内核参数配置
- 加载内核模块:
modprobe br_netfilter - 编辑 /etc/sysctl.conf 文件,添加以下参数:
net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 - 使配置生效:sysctl -p
- 创建 /etc/modules-load.d/k8s.conf 文件,添加以下内容:
overlay br_netfilter
安装Runc和CNI插件
- 编译安装libseccomp:
tar -xvf libseccomp-2.5.4.tar.gz cd libseccomp-2.5.4 ./configure && make -j8 && make install echo "/usr/local/lib" >> /etc/ld.so.conf ldconfig - 安装runc:
cp temp_dir/usr/local/sbin/runc /usr/local/sbin/ runc --version - 安装CNI插件:
mkdir -p /opt/cni/bin cp temp_dir/opt/cni/bin/* /opt/cni/bin
安装Kubernetes组件
- 配置阿里云Yum源:
cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF - 安装Kubernetes组件:
yum makecache yum install kubeadm-1.27.2-0.x86_64 kubectl-1.27.2-0.x86_64 kubelet-1.27.2-0.x86_64 -y systemctl start kubelet.service
准备Kubernetes镜像
- 获取所需镜像列表:
kubeadm config images list - 在有网络连接的机器上从阿里云镜像仓库下载并导出镜像:
docker pull registry.aliyuncs.com/google_containers/coredns:v1.10.1 docker pull registry.aliyuncs.com/google_containers/etcd:3.5.7-0 docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.27.2 docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.27.2 docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.27.2 docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.27.2 docker pull registry.aliyuncs.com/google_containers/pause:3.9 # 重新标记镜像 docker tag registry.aliyuncs.com/google_containers/coredns:v1.10.1 registry.k8s.io/coredns:v1.10.1 docker tag registry.aliyuncs.com/google_containers/etcd:3.5.7-0 registry.k8s.io/etcd:3.5.7-0 docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.27.2 registry.k8s.io/kube-apiserver:v1.27.2 docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.27.2 registry.k8s.io/kube-controller-manager:v1.27.2 docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.27.2 registry.k8s.io/kube-proxy:v1.27.2 docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.27.2 registry.k8s.io/kube-scheduler:v1.27.2 docker tag registry.aliyuncs.com/google_containers/pause:3.9 registry.k8s.io/pause:3.9 # 导出镜像 docker save -o coredns-v1.10.1.tar registry.k8s.io/coredns:v1.10.1 docker save -o etcd-3.5.7-0.tar registry.k8s.io/etcd:3.5.7-0 docker save -o kube-apiserver-v1.27.2.tar registry.k8s.io/kube-apiserver:v1.27.2 docker save -o kube-controller-manager-v1.27.2.tar registry.k8s.io/kube-controller-manager:v1.27.2 docker save -o kube-proxy-v1.27.2.tar registry.k8s.io/kube-proxy:v1.27.2 docker save -o kube-scheduler-v1.27.2.tar registry.k8s.io/kube-scheduler:v1.27.2 docker save -o pause-3.9.tar registry.k8s.io/pause:3.9 - 在所有Kubernetes节点上导入镜像:
ctr -n k8s.io image import coredns-v1.10.1.tar ctr -n k8s.io image import etcd-3.5.7-0.tar ctr -n k8s.io image import kube-apiserver-v1.27.2.tar ctr -n k8s.io image import kube-controller-manager-v1.27.2.tar ctr -n k8s.io image import kube-proxy-v1.27.2.tar ctr -n k8s.io image import kube-scheduler-v1.27.2.tar ctr -n k8s.io image import pause-3.9.tar
初始化Kubernetes集群
- 在主节点(k8s-master)上执行初始化命令:
kubeadm init --kubernetes-version=v1.27.2 --pod-network-cidr=10.224.0.0/16 --apiserver-advertise-address=10.17.86.49 - 配置kubectl:
mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config - 在从节点(k8s-node1和k8s-node2)上执行加入集群命令:
kubeadm join 10.17.86.49:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash> - 在主节点上检查节点状态:
kubectl get nodes
部署网络插件
- 下载Calico网络插件:
wget https://github.com/projectcalico/calico/releases/download/v3.26.0/release-v3.26.0.tgz - 在所有节点上导入Calico镜像:
tar -xvf release-v3.26.0.tgz cd release-v3.26.0/images ctr -n k8s.io image import calico-cni.tar ctr -n k8s.io image import calico-node.tar ctr -n k8s.io image import calico-kube-controllers.tar - 在主节点上应用Calico配置:
cd release-v3.26.0/manifests kubectl apply -f calico.yaml - 等待所有Pod状态变为Running:
kubectl get pods -n kube-system
至此,Kubernetes 1.27.2集群离线部署完成,所有节点状态应为Ready,系统Pod正常运行。
