1. 禁用swap

sudo swapoff -a

2. 禁用防火墙

sudo systemctl stop firewalld
sudo systemctl disable firewalld

3. 将SELinux设置为permissive模式

sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

4. 添加网桥过滤及内核转发配置文件

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

应用 sysctl 参数，无需重启，

sudo sysctl --system

5. 加载 overlay、br_netfilter、ip_tables、iptable_filter 模块

sudo modprobe overlay
sudo modprobe br_netfilter
sudo modprobe ip_tables
sudo modprobe iptable_filter

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
ip_tables
iptable_filter
EOF

6. 安装 docker-ce

卸载 podman、runc 等容器运行时，

sudo dnf remove -y podman runc cri-o docker-ce libcgroup cri-dockerd docker-buildx-plugin docker-compose-plugin libcgroup cri-dockerd

安装 docker-ce，

sudo dnf install -y yum-utils
sudo yum-config-manager \--add-repo \https://download.docker.com/linux/centos/docker-ce.reposudo dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

sudo rpm -ivh https://vault.centos.org/centos/8/BaseOS/x86_64/os/Packages/libcgroup-0.41-19.el8.x86_64.rpm
sudo rpm -ivh https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el8.x86_64.rpmsudo systemctl daemon-reload
sudo systemctl enable --now docker
sudo systemctl enable --now cri-docker.service
sudo systemctl enable --now cri-docker.socketsudo usermod -a -G docker oraclesystemctl status docker
systemctl status cri-docker
systemctl status cri-docker.socket

7. 安装kubelet kubeadm kubectl

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOFsudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet

8. 初始化Kubernetes集群

sudo su -
export PUBLIC_IP=192.168.31.21

export HOST=`hostname`cat <<EOF > kubeadm-config.yaml
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd
---
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authentication
kind: InitConfiguration
localAPIEndpoint:advertiseAddress: $PUBLIC_IPbindPort: 6443
nodeRegistration:criSocket: unix:///var/run/cri-dockerd.sockimagePullPolicy: IfNotPresentname: $HOSTtaints: null
---
apiServer:timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:local:dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.27.1
networking:dnsDomain: cluster.localpodSubnet: 10.244.0.0/16serviceSubnet: 10.96.0.0/12
scheduler: {}
EOF

使用 kubeadm 初始化 kubernetes 集群，

kubeadm init --config kubeadm-config.yaml

9. 配置集群访问

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/configkubectl taint nodes --all node-role.kubernetes.io/control-plane-kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl > /dev/null
echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -o default -F __start_kubectl k' >>~/.bashrc

10. 安装网络插件 Calico

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/tigera-operator.yaml
wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/custom-resources.yaml
sed -i 's/192.168.0.0\/16/10.244.0.0\/16/' custom-resources.yaml
kubectl create -f custom-resources.yaml

11. 确认集群

kubectl get nodes
kubectl get pods -A -o wide

完结！