init

安装 kubeadm, kubelet 和 kubectl

操作节点： 所有的master和slave节点(k8s-master,k8s-slave) 需要执行

$ yum install -y kubelet-1.24.4 kubeadm-1.24.4 kubectl-1.24.4 --disableexcludes=kubernetes
## 查看kubeadm 版本
$ kubeadm version
## 设置kubelet开机启动
$ systemctl enable kubelet 

配置containerd

操作节点：所有的master和slave节点(k8s-master,k8s-slave) 需要执行

• 将 sandbox_image 镜像源设置为阿里云google_containers镜像源：

  # 导出默认配置，config.toml这个文件默认是不存在的
  containerd config default \> /etc/containerd/config.toml
  grep sandbox_image  /etc/containerd/config.toml
  sed -i "s#k8s.gcr.io/pause#registry.aliyuncs.com/google_containers/pause#g"       /etc/containerd/config.toml
  sed -i "s#registry.k8s.io/pause#registry.aliyuncs.com/google_containers/pause#g"       /etc/containerd/config.toml

• 配置containerd cgroup 驱动程序systemd：

  sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml

• 配置docker hub镜像加速：

  # 修改配置文件/etc/containerd/config.toml, 145行添加config_path
  ...
      144     [plugins."io.containerd.grpc.v1.cri".registry]
      145       config_path = "/etc/containerd/certs.d"
      146
      147       [plugins."io.containerd.grpc.v1.cri".registry.auths]
      148
      149       [plugins."io.containerd.grpc.v1.cri".registry.configs]
      150
      151       [plugins."io.containerd.grpc.v1.cri".registry.headers]
      152
      153       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
  ...
  
  # 创建对应的目录
  mkdir -p /etc/containerd/certs.d/docker.io
  
  # 配置加速
  cat \>/etc/containerd/certs.d/docker.io/hosts.toml \<<EOF
  server = "https://docker.io"
  [host."https://_8xpk5wnt.mirror.aliyuncs.com"]
    capabilities = ["pull","resolve"]
  [host."https://docker.mirrors.ustc.edu.cn"]
    capabilities = ["pull","resolve"]
  [host."https://registry-1.docker.io"]
    capabilities = ["pull","resolve","push"]
  EOF

• 配置非安全的私有镜像仓库：

  # 此处目录必须和个人环境中实际的仓库地址保持一致
  mkdir -p /etc/containerd/certs.d/172.21.65.226:5000
  cat \>/etc/containerd/certs.d/172.21.65.226:5000/hosts.toml \<<EOF
  server = "http://_172.21.65.226:5000"
  [host."http://172.21.65.226:5000"]
    capabilities = ["pull", "resolve", "push"]
    skip_verify = true
  EOF

• 应用所有更改后,重新启动containerd：

  systemctl restart containerd

初始化配置文件

操作节点： 只在master节点（k8s-master）执行

$ kubeadm config print init-defaults \> kubeadm.yaml
$ cat kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 172.21.65.226   # 此处替换为k8s-master的ip地址
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: k8s-master					# 此处替换为k8s-master的hostname
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers   # 替换为国内镜像源
kind: ClusterConfiguration
kubernetesVersion: 1.24.4			  # 替换为1.24.4
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16			  # 添加此行，用来分配k8s节点的pod ip
  serviceSubnet: 10.96.0.0/12
scheduler: {}

> 对于上面的资源清单的文档比较杂，要想完整了解上面的资源对象对应的属性，可以查看对应的 godoc 文档，地址: https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3。

提前下载镜像

操作节点：只在master节点（k8s-master）执行

  # 查看需要使用的镜像列表,若无问题，将得到如下列表
$ kubeadm config images list --config kubeadm.yaml
registry.aliyuncs.com/google_containers/kube-apiserver:v1.24.4
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.24.4
registry.aliyuncs.com/google_containers/kube-scheduler:v1.24.4
registry.aliyuncs.com/google_containers/kube-proxy:v1.24.4
registry.aliyuncs.com/google_containers/pause:3.7
registry.aliyuncs.com/google_containers/etcd:3.5.3-0
registry.aliyuncs.com/google_containers/coredns:v1.8.6
  # 提前下载镜像到本地
$ kubeadm config images pull --config kubeadm.yaml
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.24.4
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.24.4
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.24.4
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.24.4
[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.7
[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.5.3-0
[config/images] Pulled registry.aliyuncs.com/google_containers/coredns:v1.8.6

初始化master节点

操作节点：只在master节点（k8s-master）执行，注意只在master节点执行！

$ kubeadm init --config kubeadm.yaml

若初始化成功后，最后会提示如下信息：

...
Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.21.65.226:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:1c4305f032f4bf534f628c32f5039084f4b103c922ff71b12a5f0f98d1ca9a4f

接下来按照上述提示信息操作，配置kubectl客户端的认证

  mkdir -p $HOME/.kube
  cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  chown $(id -u):$(id -g) $HOME/.kube/config

> **⚠️注意：**此时使用 kubectl get nodes查看节点应该处于notReady状态，因为还未配置网络插件 > > 若执行初始化过程中出错，根据错误信息调整后，执行kubeadm reset后再次执行init操作即可

添加slave节点到集群中

操作节点：所有的slave节点（k8s-slave）需要执行 在每台slave节点，执行如下命令，该命令是在kubeadm init成功后提示信息中打印出来的，需要替换成实际init后打印出的命令。

kubeadm join 172.21.65.226:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:1c4305f032f4bf534f628c32f5039084f4b103c922ff71b12a5f0f98d1ca9a4f

如果忘记添加命令，可以通过如下命令生成：

$ kubeadm token create --print-join-command