使用 kubeadm 部署 Kubernetes 1.27

当前 Kubernetes 已经发布到了 1.27.2 版本，使用 kubeadmin 来快速部署一个三节点集群。

软件版本选择

本次安装基于以下软件版本：

• CentOS Stream 8
• Kubernets 1.27.3
• cri-o
• runc

节点的规划：

VM Role	IP	Hostname	Resource
Master01	172.25.1.10	master01.example.com	2C 4G
Worker01	172.25.1.11	worker01.example.com	2C 4G
Worker02	172.25.1.12	worker02.example.com	2C 4G

系统准备工作

建议通过网络安装可以确保系统软件为最新，其他方式部署可以手动更新

dnf update -y

为了方便连接和使用，可以做好根解析记录：

[vagrant@master01 ~]$ cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

127.0.0.1 centos9s.localdomain

127.0.1.1 master01.example.com master01
192.168.100.10 master01 master01.example.com
192.168.100.11 worker01 worker01.example.com
192.168.100.12 worker02 worker02.example.com

为了能够使 kubelet 能正常启动，需要关闭 swap：

swapoff -a
vi /etc/fstab # remove swap item

配置 sysctl 和启用内核模块：

modprobe overlay
modprobe br_netfilter

tee /etc/sysctl.d/k8s.conf<<EOF
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF

sysctl --system

创建 /etc/modules-load.d/container.conf ，让系统启动时自动加载内核模块：

cat << EOF > /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

安装 kubelet kubeadm 和 kubectl：

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum install -y kubelet kubeadm kubectl
systemctl enable kubelet && systemctl start kubelet

安装容器运行时：

export OS=CentOS_8_Stream # or OS=CentOS_8
export VERSION=1.27 # it's must matching your kubernetes version
# Add repo
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo

curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo

# Install CRI-O
dnf install cri-o

# Start and enable Service
systemctl daemon-reload
systemctl enable --now crio
systemctl status crio

防火墙规则：
Master 节点：

firewall-cmd --add-port={6443,2379-2380,10250,10251,10252,5473,179,5473}/tcp --permanent
firewall-cmd --add-port={4789,8285,8472}/udp --permanent
firewall-cmd --reload

Worker 节点：

firewall-cmd --add-port={10250,30000-32767,5473,179,5473}/tcp --permanent
firewall-cmd --add-port={4789,8285,8472}/udp --permanent
firewall-cmd --reload

使用 kubeadm init 初始化集群

使用 kubeadm config print init-defaults --component-configs KubeletConfiguration 可打印默认初始化集群的配置，可以根据需要做一些更改。

[root@master01 ~]# kubeadm config print init-defaults --component-configs KubeletConfiguration
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 1.2.3.4
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: node
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.27.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: {}
---
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 0s
    enabled: true
  x509:
    clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 0s
    cacheUnauthorizedTTL: 0s
cgroupDriver: systemd
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
containerRuntimeEndpoint: ""
cpuManagerReconcilePeriod: 0s
evictionPressureTransitionPeriod: 0s
fileCheckFrequency: 0s
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 0s
imageMinimumGCAge: 0s
kind: KubeletConfiguration
logging:
  flushFrequency: 0
  options:
    json:
      infoBufferSize: "0"
  verbosity: 0
memorySwap: {}
nodeStatusReportFrequency: 0s
nodeStatusUpdateFrequency: 0s
rotateCertificates: true
runtimeRequestTimeout: 0s
shutdownGracePeriod: 0s
shutdownGracePeriodCriticalPods: 0s
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 0s
syncFrequency: 0s
volumeStatsAggPeriod: 0s

通过上述的默认配置以及实际的规划作出修改，保存为 kubeadm.yml：

apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 172.25.1.10
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/crio/crio.sock
  imagePullPolicy: IfNotPresent
  name: node
  taints: 
    - effect: PreferNoSchedule
    - key: node-role.kubernetes.io/master

---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.27.3
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: {}