1.主机名解析
10.129.148.4 hangkong-k8s-node01
10.129.148.5 hangkong-k8s-node02
10.129.148.6 hangkong-k8s-node03
10.129.148.4 hangkong-k8s.vip.com

2.主机名设置
echo 'hangkong-k8s-node01' > /etc/hostname
echo 'hangkong-k8s-node02' > /etc/hostname
echo 'hangkong-k8s-node03' > /etc/hostname

hostname hangkong-k8s-node01
hostname hangkong-k8s-node02
hostname hangkong-k8s-node03

3.禁用iptables和firewalld
systemctl stop firewalld
systemctl disable firewalld
systemctl stop iptables
systemctl disable iptables

4. 禁用selinux（linux下的一个安全服务，必须禁用）
   vim /etc/selinux/config
   SELINUX=disabled

5.禁用swap分区（主要是注释最后一行）
vim /etc/fstab
UUID=455cc753-7a60-4c17-a424-7741728c44a1 /boot xfs defaults 0 0
/dev/mapper/centos-home /home xfs defaults 0 0

/dev/mapper/centos-swap swap swap defaults 0 0 //注释这条

6.修改系统的内核参数
vim /etc/sysctl.d/kubernetes.conf

添加以下内容：
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

重新加载配置：
sysctl -p

加载网桥过滤模块：
modprobe br_netfilter

查看网桥过滤模块是否加载成功：
lsmod | grep br_netfilter

7.配置ipvs功能
yum localinstall ipvsadm-1.31-1.el8.x86_64.rpm

添加需要加载的模块写入脚本文件：

cat < /etc/sysconfig/modules/ipvs.modules

!/bin/bash

modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack

EOF

为脚本文件添加执行权限：
chmod +x /etc/sysconfig/modules/ipvs.modules

执行脚本文件：
/bin/bash /etc/sysconfig/modules/ipvs.modules

查看对应的模块是否加载成功：
lsmod | grep -e ip_vs -e nf_conntrack

8.安装docker

下载安装包

wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.19.tgz
安装

tar -xzf docker-20.10.19.tgz
移动解压后的全部内容到/usr/bin/下

mv docker/* /usr/bin/

编辑docker.service文件
vi /usr/lib/systemd/system/docker.service
[Unit]

Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

添加docker.service文件的权限

chmod +x /usr/lib/systemd/system/docker.service
systemctl daemon-reload

创建daemon.json文件
mkdir /etc/docker
vim daemon.json

{
"live-restore": true,
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"graph":"/data/docker/graph",
"registry-mirrors": ["https://v16stybc.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.8.73:18888","uat-harbor.bigfintax.com"],
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}

reload内容、启动docker、设置开机启动
systemctl daemon-reload
systemctl start docker
systemctl enable docker

验证docker安装是否成功
docker -v &&. docker info

9.安装kubernetes1.23.9
[root@hangkong-k8s-node02 kubernetes]# pwd
/root/package/kubernetes
[root@hangkong-k8s-node02 kubernetes]#
[root@hangkong-k8s-node02 kubernetes]# ls -l
total 68408
-rw-r--r-- 1 root root 9014454 May 10 13:54 3f5ba2b53701ac9102ea7c7ab2ca6616a8cd5966591a77577585fde1c434ef74-cri-tools-1.26.0-0.x86_64.rpm
-rw-r--r-- 1 root root 9921370 May 10 13:54 49658d033fddfa48e1345c21498197642b376412bfa4ba72ce36eb3f360f81d7-kubectl-1.23.9-0.x86_64.rpm
-rw-r--r-- 1 root root 9476670 May 10 13:54 4f2cd27ecd6913e34408df70f465a104feb1fbe1f73c8d828ce5bd0ab9c37c3c-kubeadm-1.23.9-0.x86_64.rpm
-rw-r--r-- 1 root root 208824 May 10 13:53 conntrack-tools-1.4.4-10.el8.x86_64.rpm
-rw-r--r-- 1 root root 21510866 May 10 13:56 d3abccc1e93912e877085abf9e1daa3e2b3b2bb360df93eb6411510e81c9399c-kubelet-1.23.9-0.x86_64.rpm
-rw-r--r-- 1 root root 19487362 May 10 13:57 db7cb5cb0b3f6875f54d10f02e625573988e3e91fd4fc5eef0b1876bb18604ad-kubernetes-cni-0.8.7-0.x86_64.rpm
-rw-r--r-- 1 root root 24660 May 10 13:53 libnetfilter_cthelper-1.0.0-15.el8.x86_64.rpm
-rw-r--r-- 1 root root 24700 May 10 13:53 libnetfilter_cttimeout-1.0.0-11.el8.x86_64.rpm
-rw-r--r-- 1 root root 31976 May 10 13:53 libnetfilter_queue-1.0.4-3.el8.x86_64.rpm
-rw-r--r-- 1 root root 330692 May 10 13:53 socat-1.7.4.1-1.el8.x86_64.rpm
[root@hangkong-k8s-node02 kubernetes]#
[root@hangkong-k8s-node02 kubernetes]# yum localinstall *^C
[root@hangkong-k8s-node02 kubernetes]#
[root@hangkong-k8s-node02 kubernetes]# rpm -qa|grep kube
kubectl-1.23.9-0.x86_64
kubelet-1.23.9-0.x86_64
kubernetes-cni-0.8.7-0.x86_64
kubeadm-1.23.9-0.x86_64

10. 集群初始化
    kubeadm init --control-plane-endpoint hangkong-k8s.vip.com:6443 --image-repository registry.aliyuncs.com/google_containers --service-cidr=172.130.0.0/16 --pod-network-cidr=172.31.0.0/16 --kubernetes-version=1.23.9 --upload-certs

master可以调度

taint node hangkong-k8s-node01 node-role.kubernetes.io/master-

11. 文件存储NAS
    创建目录：mkdir /data/nfs/cge/
    mkdir /data/nfs/cbest/
    mkdir /data/nfs/package/

vim /etc/exports
/data/nfs/cge/ *(insecure,rw,sync,no_root_squash,no_subtree_check)
/data/nfs/cbest/ *(insecure,rw,sync,no_root_squash,no_subtree_check)
/data/nfs/package *(insecure,rw,sync,no_root_squash,no_subtree_check)

如果/etc/exports文件被修改，我们需要运行下面的命令使之生效。exportfs -ra
启动rpcbind服务
sudo systemctl enable rpcbind
sudo systemctl restart rpcbind

启动nfs服务
sudo systemctl enable nfs-server
sudo systemctl start nfs-server

第二章：离线软件包下载

使用repotrack下载指定rpm包及其全量依赖包

repotrack -p /root/package/ipvsadm ipvsadm

repotrack -p /root/package/kubernetes kubernetes-cni-0.8.7

dnf -y install kubeadm-1.23.9-0 --downloadonly --destdir=/root/package/kubernetes/

dnf -y install kubelet-1.23.9-0 --downloadonly --destdir=/root/package/kubernetes/

dnf -y install kubectl-1.23.9-0 --downloadonly --destdir=/root/package/kubernetes/

dnf -y install kubernetes-cni-0.8.7-0 --downloadonly --destdir=/root/package/kubernetes/

kylin sp1验证

dnf -y install kubeadm-1.23.9-0 kubernetes-cni-0.8.7 kubelet-1.23.9-0 kubectl-1.23.9-0 kubernetes-cni-0.8.7-0 --downloadonly --destdir=/root/package/kubernetes/