Rocky10 使用kubeadm 安装k8s 单节点

一、基础环境配置

1. 服务器信息

2. 初始化设置

hostnamectl set-hostname k8s-master
timedatectl set-timezone Asia/Shanghai
echo "server ntp.aliyun.com iburst" >> /etc/chrony.conf  && systemctl restart chronyd
swapoff -a
systemctl disable firewalld --now
setenforce 0
grubby --update-kernel ALL --args selinux=0
sed -i 's/SELINUX=enforcing/SELINUX=disable/g' /etc/selinux/config
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF
sysctl --system
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter

二、安装容器运行时

1. 安装containerd

wget https://github.com/containerd/containerd/releases/download/v2.2.0/containerd-2.2.0-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-1.7.15-linux-amd64.tar.gz
mkdir -p  /usr/local/lib/systemd/system/
cat > /usr/local/lib/systemd/system/containerd.service << EOF
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target dbus.service[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerdType=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now containerd
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml <<EOF
server = "https://docker.io" 
[host."https://docker-pull.ygxz.in"]capabilities = ["pull", "resolve"]
EOF

2. 安装runc

wget https://github.com/opencontainers/runc/releases/download/v1.4.0-rc.3/runc.amd64
install -m 755 runc.amd64 /usr/local/sbin/runc

3. 安装CNI插件

wget https://github.com/containernetworking/plugins/releases/download/v1.8.0/cni-plugins-linux-amd64-v1.8.0.tgz
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.8.0.tgz
mkdir  /etc/containerd/
containerd config default > /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
sed -i 's#registry.k8s.io/pause:3.10.1#registry.aliyuncs.com/google_containers/pause:3.10.1#g'    /etc/containerd/config.toml
sed -i 's@/etc/containerd/certs.d:/etc/docker/certs.d@/etc/containerd/certs.d@g' /etc/containerd/config.toml
systemctl enable containerd --now

三、按k8s

1. 配置dnf源

cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.34/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.34/rpm/repodata/repomd.xml.key
EOF
dnf -y install kubeadm kubectl kubelet --disableexcludes=kubernetes
systemctl enable kubelet --now

2. 初始化配置文件修改

kubeadm config print init-defaults > init-defaults.yaml

init-defaults.yaml：

apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authentication
kind: InitConfiguration
localAPIEndpoint:advertiseAddress: 192.168.25.249 		# master节点通信地址bindPort: 6443
nodeRegistration:criSocket: unix:///var/run/containerd/containerd.sock		imagePullPolicy: IfNotPresentimagePullSerial: truename: k8s-master			# 节点名称taints: null
timeouts:controlPlaneComponentHealthCheck: 4m0sdiscovery: 5m0setcdAPICall: 2m0skubeletHealthCheck: 4m0skubernetesAPICall: 1m0stlsBootstrap: 5m0supgradeManifests: 5m0s
---
apiServer: {}
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 876000h0m0s		# 证书到期时间
certificateValidityPeriod: 876000h0m0s			# 证书到期时间
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
encryptionAlgorithm: RSA-2048
etcd:local:dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers			# 镜像下载地址
kind: ClusterConfiguration
kubernetesVersion: 1.34.0
networking:dnsDomain: cluster.localserviceSubnet: 10.96.0.0/12podSubnet: 10.244.0.0/16		# pod 地址
proxy: {}
scheduler: {}

kubeadm config images pull --config=init-defaults.yaml
kubeadm	init --config=init-defaults.yaml
echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' > /etc/profile
source /etc/profile
kubectl taint node k8s-master node-role.kubernetes.io/control-plane:NoSchedule-

3. 网络插件安装

https://raw.githubusercontent.com/projectcalico/calico/v3.30.3/manifests/calico.yaml 资源文件下载

for i in `cat calico.yaml |grep image:|awk '{print $2}'`;do crictl  pull  $i ;done
kubectl apply -f  calico.yaml

4. metrics-server安装

https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml资源文件下载

components.yaml：

containers:- args:- --kubelet-insecure-tls		# 不验证证书- --cert-dir=/tmp- --secure-port=10250- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname- --kubelet-use-node-status-port- --metric-resolution=15simage: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server:v0.8.0  # 使用阿里云镜像

crictl  pull   registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server:v0.8.0 
kubectl apply -f components.yaml