开始搭建自己的HomeLab，因工作中K8s使用比较多，因此搭建3节点集群用于实验。

初始化服务器设置

修改主机名称

为方便管理，将服务器的实例名称改成: n1/n2/n3，在3台服务器上分别执行如下命令

sudo hostnamectl set-hostname {n1-3}

设置/etc/hosts文件

关闭防火墙

sudo systemctl stop firewalld &&  systemctl  disable firewalld

关闭swap分区

不关闭的话, pod容器可能运行在swap(虚拟内存)中, 影响效率，kubelet默认需要关闭swap分区

sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

临时关闭swap分区，当前会话生效，重启失效
sudo swapoff  -a

永久关闭swap分区
sudo sed -ri 's/.*swap.*/#&/' /etc/fstab 

安装 containerd

sudo yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine
                  
sudo yum install -y yum-utils

sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo
    
sudo yum install containerd.io

编辑 containerd 配置文件，启动 cri

# disabled_plugins = ["cri"]

#root = "/var/lib/containerd"
#state = "/run/containerd"
#subreaper = true
#oom_score = 0

#[grpc]
#  address = "/run/containerd/containerd.sock"
#  uid = 0
#  gid = 0

#[debug]
#  address = "/run/containerd/debug.sock"
#  uid = 0
#  gid = 0
#  level = "info"

启动 containerd

systemctl enable containerd --now

安装 cni

mkdir -p /opt/cni/bin
CNI_VERSION="v0.8.2"
ARCH="amd64"

curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz" | sudo tar -C /opt/cni/bin -xz
echo "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz"

tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz

安装 crictl

https://github.com/kubernetes-sigs/cri-tools/blob/master/docs/crictl.md

创建配置文件

vi /etc/crictl.yaml

runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false

安装 nerdctl

下载 FULL 版本
https://github.com/containerd/nerdctl/releases

解压

tar Cxzvvf /usr/local nerdctl-full-1.2.0-linux-amd64.tar.gz

创建 nerdctl 配置文件 /etc/nerdctl/nerdctl.toml

# This is an example of /etc/nerdctl/nerdctl.toml .
# Unrelated to the daemon's /etc/containerd/config.toml .

debug          = false
debug_full     = false
address        = "unix:///run/containerd/containerd.sock"
namespace      = "k8s.io"
snapshotter    = "stargz"
cgroup_manager = "cgroupfs"
# hosts_dir      = ["/etc/containerd/certs.d", "/etc/docker/certs.d"]
experimental   = true

安装Kubeadm(主从配置)

cat > /etc/yum.repos.d/kubernetes.repo <<EOF 
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum install -y kubelet-1.24.10 kubeadm-1.24.10 kubectl-1.24.10 --disableexcludes=kubernetes

systemctl enable kubelet.service --now

初始化节点

初始化主节点

kubeadm config print init-defaults > init-default.yaml

# 修改(以及新增)kubeadm-config.yaml以下内容
localAPIEndpoint:
  advertiseAddress: 192.168.1.200
kubernetesVersion: v1.18.4
networking:
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12

# 打开kubeadm-config.yaml并在最后新增以下内容
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
featureGates:
  SupportIPVSProxyMode: true
mode: ipvs

下载初始化必备镜像

kubeadm config images list --config kubeadm-config.yaml

kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.24.10

crictl pull registry.aliyuncs.com/google_containers/pause:3.6

nerdctl tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.24.10 registry.k8s.io/kube-apiserver:v1.24.10
nerdctl tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.24.10 registry.k8s.io/kube-controller-manager:v1.24.10
nerdctl tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.24.10 registry.k8s.io/kube-scheduler:v1.24.10
nerdctl tag registry.aliyuncs.com/google_containers/kube-proxy:v1.24.10 registry.k8s.io/kube-proxy:v1.24.10
nerdctl tag registry.aliyuncs.com/google_containers/pause:3.7 registry.k8s.io/pause:3.7
nerdctl tag registry.aliyuncs.com/google_containers/etcd:3.5.6-0 registry.k8s.io/etcd:3.5.6-0
nerdctl tag registry.aliyuncs.com/google_containers/coredns:v1.8.6 registry.k8s.io/coredns/coredns:v1.8.6
nerdctl tag registry.aliyuncs.com/google_containers/pause:3.6 registry.k8s.io/pause:3.6

如果报如下错误：

error execution phase preflight: [preflight] Some fatal errors occurred:
	[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist

执行下面命令：

modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/ipv4/ip_forward

参考：
https://zhuanlan.zhihu.com/p/563177876