框架禁用 Swap 分区执行以下命令立即关闭所有 swap 分区swapoff -a永久禁用 swap通过注释/etc/fstab中的配置sed -i.bak / swap /s/^/#/ /etc/fstab禁用防火墙停止并禁用防火墙服务systemctl stop firewalld systemctl disable firewalld systemctl mask firewalld配置 SELinux临时将 SELinux 设置为 permissive 模式setenforce 0永久修改 SELinux 配置sed -i s/^SELINUXenforcing/SELINUXpermissive/ /etc/selinux/config验证 SELinux 状态getenforce配置主机名解析将以下内容追加到/etc/hosts文件中cat /etc/hosts EOF 172.31.69.166 k8s-lb01 172.31.69.160 k8s-master01 172.31.69.161 k8s-master02 172.31.69.162 k8s-master03 172.31.69.163 k8s-worker01 172.31.69.164 k8s-worker02 172.31.69.165 k8s-worker03 EOF加载 Kubernetes 内核模块创建/etc/modules-load.d/k8s.conf文件并加载模块cat /etc/modules-load.d/k8s.conf EOF overlay br_netfilter EOF modprobe overlay modprobe br_netfilter配置内核网络参数创建/etc/sysctl.d/k8s.conf文件并应用配置cat /etc/sysctl.d/k8s.conf EOF net.bridge.bridge-nf-call-iptables 1 net.bridge.bridge-nf-call-ip6tables 1 net.ipv4.ip_forward 1 EOF sysctl --system安装 Containerd安装依赖dnf install -y yum-utils device-mapper-persistent-data lvm2配置 Docker CE 阿里源cat /etc/yum.repos.d/docker-ce.repo EOF [docker-ce-stable] nameDocker CE Stable - \$basearch baseurlhttps://mirrors.aliyun.com/docker-ce/linux/centos/9/\$basearch/stable enabled1 gpgcheck0 EOF安装 Containerddnf clean all dnf makecache dnf install -y containerd.io生成 Containerd 配置文件mkdir -p /etc/containerd containerd config default /etc/containerd/config.toml确认使用 systemd cgroupgrep -n SystemdCgroup /etc/containerd/config.toml修改为阿里源sed -i s#sandbox registry.k8s.io/pause:[^]*#sandbox registry.aliyuncs.com/google_containers/pause:3.10.2# /etc/containerd/config.toml启动 Containerdsystemctl enable --now containerd systemctl restart containerd systemctl status containerd --no-pager安装 Kubernetes 组件配置 Kubernetes 软件源cat /etc/yum.repos.d/kubernetes.repo EOF [kubernetes] nameKubernetes baseurlhttps://pkgs.k8s.io/core:/stable:/v1.36/rpm/ enabled1 gpgcheck1 gpgkeyhttps://pkgs.k8s.io/core:/stable:/v1.36/rpm/repodata/repomd.xml.key excludekubelet kubeadm kubectl cri-tools kubernetes-cni EOF或使用清华源cat /etc/yum.repos.d/kubernetes.repo EOF [kubernetes] nameKubernetes baseurlhttps://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.36/rpm/ enabled1 gpgcheck0 excludekubelet kubeadm kubectl cri-tools kubernetes-cni EOF安装组件dnf clean all dnf makecache dnf install -y kubelet kubeadm kubectl cri-tools --disableexcludeskubernetes启动 kubeletsystemctl enable --now kubelet配置crictlcat /etc/crictl.yaml EOF runtime-endpoint: unix:///run/containerd/containerd.sock image-endpoint: unix:///run/containerd/containerd.sock timeout: 120 debug: false EOF检查版本kubeadm version kubelet --version kubectl version --client crictl version部署 HAProxy在k8s-lb01节点安装 HAProxydnf install -y haproxy编辑配置文件cat /etc/haproxy/haproxy.cfg EOF global log /dev/log local0 log /dev/log local1 notice daemon maxconn 4096 defaults log global mode tcp option tcplog option dontlognull timeout connect 10s timeout client 1m timeout server 1m frontend k8s_apiserver bind *:6443 default_backend k8s_control_plane backend k8s_control_plane balance roundrobin option tcp-check server k8s-master01 172.31.69.160:6443 check server k8s-master02 172.31.69.161:6443 check server k8s-master03 172.31.69.162:6443 check EOF检查配置haproxy -c -f /etc/haproxy/haproxy.cfg启动 HAProxysystemctl enable --now haproxy systemctl status haproxy --no-pager检查端口ss -lntp | grep 6443初始化第一台 Master在k8s-master01节点执行以下命令预拉镜像kubeadm config images pull \ --image-repositoryregistry.aliyuncs.com/google_containers初始化集群kubeadm init \ --control-plane-endpoint 172.31.69.166:6443 \ --apiserver-advertise-address172.31.69.160 \ --pod-network-cidr10.244.0.0/16 \ --upload-certs \ --image-repositoryregistry.aliyuncs.com/google_containers配置kubectlmkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config查看节点状态kubectl get nodes -o wide kubectl get pods -A -o wide安装 Flannel 网络插件应用 Flannel 配置kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml查看 Flannel 状态kubectl -n kube-flannel get pods -o wide kubectl get nodes -o wide目标状态为k8s-master01显示Ready并且kube-flannelPod 运行正常。