CentOS Stream 9 搭建 Kubernetes v1.33.4 单节点环境
CentOS Stream 9 内核版本:Linux localhost.localdomain 5.14.0-604.el9.aarch64 #1 SMP PREEMPT_DYNAMIC Thu Aug 7 06:20:10 UTC 2025 aarch64 aarch64 aarch64 GNU/Linux
ISO文件名称:CentOS-Stream-9-20250812.1-aarch64-boot.iso
安装的版本:
bash
[root@localhost ~]# kubectl version
Client Version: v1.33.4
Kustomize Version: v5.6.0
Server Version: v1.33.4前期准备
使用root用户。
bash
# 永久关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# 永久关闭selinux
setenforce 0 && sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 关闭swap
swapoff -a && sed -ri 's/.*swap.*/#&/' /etc/fstab将桥接的 IPv4 流量传递到 iptables 的链
bash
modprobe overlay && modprobe br_netfilter
cat <<EOF | tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
cat <<EOF | tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
# 配置生效
sysctl --system安装containerd
bash
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
# 代理
export https_proxy=http://10.211.55.2:7890 http_proxy=http://10.211.55.2:7890 all_proxy=socks5://10.211.55.2:7890
dnf update && dnf install -y containerd && systemctl enable containerd
mkdir -p /etc/containerd
containerd config default | tee /etc/containerd/config.toml
# 修改containerd配置
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
systemctl restart containerd
# 配置containerd的网络代理(拉取镜像时用)
systemctl edit containerd
# 如下所示,在上下两行注释之间新增如下[Service]的4行内容
### Anything between here and the comment below will become the new contents of the file
[Service]
Environment="HTTP_PROXY=http://10.211.55.2:7890"
Environment="HTTPS_PROXY=http://10.211.55.2:7890"
Environment="NO_PROXY=127.0.0.1,localhost,10.96.0.0/12,10.244.0.0/16"
### Lines below this comment will be discarded
# 重启
systemctl daemon-reexec && systemctl restart containerd安装Kubernetes modules
添加 Kubernetes 的 yum 仓库
bash
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.key
EOFbash
dnf update && dnf install -y kubelet kubeadm kubectl && systemctl enable kubelet初始化
bash
# 移除代理
export https_proxy='' http_proxy='' all_proxy=''
kubeadm init --control-plane-endpoint=localhost.localdomain --pod-network-cidr=10.244.0.0/16 2>&1 | tee kubeadm-init.log成功后会有如下输出:
bash
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of control-plane nodes by copying certificate authorities
and service account keys on each node and then running the following as root:
kubeadm join localhost.localdomain:6443 --token ymtgc2.rf56jkznk0j2fzhh \
--discovery-token-ca-cert-hash sha256:cfd33097dee25d3d7e371e91a7e23172a0415110bc9df32cc12b6149f78348e6 \
--control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join localhost.localdomain:6443 --token ymtgc2.rf56jkznk0j2fzhh \
--discovery-token-ca-cert-hash sha256:cfd33097dee25d3d7e371e91a7e23172a0415110bc9df32cc12b6149f78348e6写入~/.bashrc:
bash
echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> ~/.bashrc && source ~/.bashrc允许master节点部署pod:
bash
kubectl taint nodes --all node-role.kubernetes.io/control-plane-安装flannel网络组件
bash
export https_proxy=http://10.211.55.2:7890 http_proxy=http://10.211.55.2:7890 all_proxy=socks5://10.211.55.2:7890 && curl -LJO https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml && export https_proxy='' http_proxy='' all_proxy='' && kubectl apply -f kube-flannel.yml检查节点状态
bash
kubectl get nodes
# 输出
NAME STATUS ROLES AGE VERSION
localhost.localdomain Ready control-plane 42s v1.33.4查看kube-system的pods状态
bash
kubectl get pods -n kube-system
# 输出
NAME READY STATUS RESTARTS AGE
coredns-674b8bbfcf-7fsps 1/1 Running 0 27s
coredns-674b8bbfcf-wh7kk 1/1 Running 0 27s
etcd-localhost.localdomain 1/1 Running 2 35s
kube-apiserver-localhost.localdomain 1/1 Running 1 35s
kube-controller-manager-localhost.localdomain 1/1 Running 0 35s
kube-proxy-6hqpg 1/1 Running 0 28s
kube-scheduler-localhost.localdomain 1/1 Running 1 35sClone 虚拟机
虚拟机克隆之后,IP会发生变化,所以需要reset后重新生成。
写成了脚本,一键运行即可,reset-kubeadm.sh:
bash
#!/bin/bash
set -e # 出错时立即退出
# ========= 重置集群 =========
echo "[INFO] 重置 kubeadm 集群 ..."
kubeadm reset -f
# ========= 删除旧日志 =========
rm -f kubeadm-init.log
# ========= 初始化控制平面 =========
echo "[INFO] 初始化 kubeadm 集群 ..."
kubeadm init \
--control-plane-endpoint=localhost.localdomain \
--pod-network-cidr=10.244.0.0/16 \
2>&1 | tee kubeadm-init.log
# ========= 允许master节点部署pod =========
echo "[INFO] 允许master节点部署pod ..."
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
# ========= 配置 kubectl =========
echo "[INFO] 配置 kubectl ..."
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# ========= 部署 Flannel 网络 =========
echo "[INFO] 部署 Flannel 网络 ..."
kubectl apply -f kube-flannel.yml
echo "[INFO] 完成!请等待 kube-system 下 Pod 启动,然后运行 'kubectl get nodes -o wide' 查看状态。"