1. 修改主机名[rootmaster ~]# hostnamectl set-hostname master [rootmaster ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 master 192.168.1.151 //添加这一行 [rootmaster ~]#2. 修改网络配置[rootmaster ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPEEthernet PROXY_METHODnone BROWSER_ONLYno BOOTPROTOstatic DEFROUTEyes IPV4_FAILURE_FATALno IPV6INITyes IPV6_AUTOCONFyes IPV6_DEFROUTEyes IPV6_FAILURE_FATALno IPV6_ADDR_GEN_MODEstable-privacy NAMEens33 UUIDbfd305d4-011b-4d3c-a577-e20397e7b206 DEVICEens33 ONBOOTyes IPADDR192.168.1.151 NETWORK255.255.255.0 GATEWAY192.168.1.2 DNS18.8.8.8 DNS2223.5.5.5重启网卡查看配置是否生效[rootmaster ~]# ip a 1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:6b:44:69 brd ff:ff:ff:ff:ff:ff inet 192.168.1.151/24 brd 192.168.1.255 scope global noprefixroute ens33 //可以看到IP地址已经生效 valid_lft forever preferred_lft forever inet6 fe80::27db:2915:b943:b627/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: docker0: NO-CARRIER,BROADCAST,MULTICAST,UP mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:c3:02:51:fa brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever [rootmaster ~]#3. 防火墙配置关闭防火墙并设置永久关闭[rootmaster ~]# systemctl stop firewalld systemctl disable firewalld4. selinux配置临时关闭selinux[rootmaster ~]# setenforce 0永久关闭selinux修改 /etc/selinux/config [rootmaster ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUXdisabled //修改为disabled # SELINUXTYPE can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPEtargeted5. swap配置关闭swap分区[rootmaster ~]# swapoff -a永久关闭swap分区修改/etc/fstab[rootmaster ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Mon Mar 23 22:58:27 2026 # # Accessible filesystems, by reference, are maintained under /dev/disk # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 UUIDfb846cb4-3232-4dbe-94f5-709ce402e89a /boot xfs defaults 0 0 /dev/mapper/centos-home /home xfs defaults 0 0 #/dev/mapper/centos-swap swap swap defaults 0 0 //注释掉这一行6. 重启主机[rootmaster ~]# reboot7. 桥接网络配置将桥接的IPv4流量传递到iptables的链创建/etc/sysctl.d/k8s.conf[rootmaster ~]# cat /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables 1 net.bridge.bridge-nf-call-iptables 1 net.ipv4.ip_forward 1 vm.swappiness 0 //创建该文件并填充以下内容加载内核参数立即生效sysctl --system[rootmaster ~]# sysctl --system * Applying /usr/lib/sysctl.d/00-system.conf ... net.bridge.bridge-nf-call-ip6tables 0 net.bridge.bridge-nf-call-iptables 0 net.bridge.bridge-nf-call-arptables 0 * Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ... kernel.yama.ptrace_scope 0 * Applying /usr/lib/sysctl.d/50-default.conf ... kernel.sysrq 16 kernel.core_uses_pid 1 kernel.kptr_restrict 1 net.ipv4.conf.default.rp_filter 1 net.ipv4.conf.all.rp_filter 1 net.ipv4.conf.default.accept_source_route 0 net.ipv4.conf.all.accept_source_route 0 net.ipv4.conf.default.promote_secondaries 1 net.ipv4.conf.all.promote_secondaries 1 fs.protected_hardlinks 1 fs.protected_symlinks 1 * Applying /etc/sysctl.d/99-sysctl.conf ... * Applying /etc/sysctl.d/k8s.conf ... net.bridge.bridge-nf-call-ip6tables 1 net.bridge.bridge-nf-call-iptables 1 net.ipv4.ip_forward 1 vm.swappiness 0 * Applying /etc/sysctl.conf ... [rootmaster ~]#8. 修改yum源[rootmaster ~]# mkdir /etc/yum.repos.d/bak mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/添加阿里云源wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo清空yum源旧缓存重新加载[rootmaster ~]# yum clean all yum repolist9. 安装一些必要的包[rootmaster ~]# yum install -y yum-utils device-mapper-persistent-data lvm210. 添加阿里云的docker镜像源yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo sed -i s/download.docker.com/mirrors.aliyun.com\/docker-ce/g /etc/yum.repos.d/docker-ce.repo11. 安装docker[rootmaster ~]# yum install docker-ce -y启动docker并设置开机自启[rootmaster ~]# systemctl start docker systemctl enable docker12. 安装cri-dockerd下载cri-docker的tar包[rootmaster ~]# wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.20/cri-dockerd-0.3.20.amd64.tgz解压缩这个包[rootmaster ~]# tar zxvf cri-dockerd-0.3.20.amd64.tgz把cri-dockerd安装成系统命令[rootmaster ~]# install -o root -g root -m 0755 cri-dockerd /usr/bin/cri-docker下载cri-docker.service和cri-docker.sockercurl -L https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service -o /etc/systemd/system/cri-docker.service curl -L https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket -o /etc/systemd/system/cri-docker.socket修改cri-docker.servicesed -i s,^ExecStart.*, --network-plugincni --pod-infra-container-imageregistry.aliyuncs.com/google_containers/pause:3.10.1, /etc/systemd/system/cri-docker.service启动cri-docker并设置开机自启动[rootmaster ~]# systemctl daemon-reload [rootmaster ~]# systemctl start cri-docker systemctl enable cri-docker13. 安装kubeadm、kubelet、kubectl设置yum源cat EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] nameKubernetes baseurlhttps://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled1 gpgcheck1 repo_gpgcheck1 gpgkeyhttps://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF重新加载yum源并安装相关服务yum clean all yum repolist yum install -y kubelet-1.28.2 kubeadm-1.28.2 kubectl-1.28.214. 启动kubelet并设置开机自启systemctl enable kubelet systemctl start kubelet15. 使用kubeadm初始化k8s[rootmaster ~]# sudo kubeadm init --pod-network-cidr10.244.0.0/16 --image-repositoryregistry.aliyuncs.com/google_containers --cri-socketunix:///var/run/cri-dockerd.sock --apiserver-advertise-address192.168.1.151初始化完成后执行以下命令mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config执行kubectl get nodes获取节点状态因未安装网络插件所以状态为NotReady[rootmaster ~]# kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME master NotReady control-plane 3h49m v1.28.2 192.168.1.151 none CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 docker://26.1.4 [rootmaster ~]#