{"id":10762,"date":"2024-04-29T21:26:12","date_gmt":"2024-04-29T13:26:12","guid":{"rendered":"https:\/\/egonlin.com\/?p=10762"},"modified":"2024-08-06T17:25:49","modified_gmt":"2024-08-06T09:25:49","slug":"kubeadm%e9%83%a8%e7%bd%b2k8s","status":"publish","type":"post","link":"https:\/\/egonlin.com\/?p=10762","title":{"rendered":"kubeadm\u90e8\u7f72k8s1.30"},"content":{"rendered":"<p>\u65e7\u7248\u535a\u5ba2\uff1ahttps:\/\/egonlin.com\/?p=6618<\/p>\n<h1>\u4e00\u3001k8s\u5305yum\u6e90\u4ecb\u7ecd<\/h1>\n<div  class='collapse-block shadow-sm collapse-block-transparent collapsed hide-border-left'><div class='collapse-block-title'><span class='collapse-block-title-inner'>yum\u6e90\u4ecb\u7ecd<\/span><i class='collapse-icon fa fa-angle-down'><\/i><\/div><div class='collapse-block-body' style='display:none;'><\/p>\n<p><span class=\"md-plain\">\u963f\u91cc\u4e91\u5173\u4e8ek8s\u7684\u955c\u50cf\u4ecb\u7ecd\u6587\u6863\u5730\u5740\uff1a<\/span><span class=\"md-link md-pair-s\" spellcheck=\"false\"><a href=\"https:\/\/developer.aliyun.com\/mirror\/kubernetes\/\">https:\/\/developer.aliyun.com\/mirror\/kubernetes\/<\/a><\/span><\/p>\n<p class=\"md-end-block md-heading\"><span class=\"md-plain\">\u7b80\u4ecb<\/span><\/p>\n<pre class=\"md-end-block md-p\"><span class=\"md-plain\">Kubernetes\u662f\u4e00\u4e2a\u5f00\u6e90\u7cfb\u7edf\uff0c\u7528\u4e8e\u5bb9\u5668\u5316\u5e94\u7528\u7684\u81ea\u52a8\u90e8\u7f72\u3001\u6269\u7f29\u548c\u7ba1\u7406\u3002\r\n\u5b83\u5c06\u6784\u6210\u5e94\u7528\u7684\u5bb9\u5668\u6309\u903b\u8f91\u5355\u4f4d\u8fdb\u884c\u5206\u7ec4\u4ee5\u4fbf\u4e8e\u7ba1\u7406\u548c\u53d1\u73b0\u3002<\/span>\r\n\r\n<span class=\"md-plain\">\u7531\u4e8e Kubernetes \u5b98\u65b9\u53d8\u66f4\u4e86\u4ed3\u5e93\u7684\u5b58\u50a8\u8def\u5f84\u4ee5\u53ca\u4f7f\u7528\u65b9\u5f0f\uff0c\r\n\u5982\u679c\u9700\u8981\u4f7f\u7528 1.28 \u53ca\u4ee5\u4e0a\u7248\u672c\uff0c\u8bf7\u4f7f\u7528 \u65b0\u7248\u914d\u7f6e\u65b9\u6cd5 \u8fdb\u884c\u914d\u7f6e\u3002<\/span>\r\n\r\n<span class=\"md-plain\">\u4e0b\u8f7d\u5730\u5740\uff1a<\/span><span class=\"md-link md-pair-s\" spellcheck=\"false\"><a href=\"https:\/\/mirrors.aliyun.com\/kubernetes\/\">https:\/\/mirrors.aliyun.com\/kubernetes\/<\/a><\/span>\r\n\r\n<span class=\"md-plain\">\u65b0\u7248\u4e0b\u8f7d\u5730\u5740\uff1a<\/span><span class=\"md-link md-pair-s\" spellcheck=\"false\"><a href=\"https:\/\/mirrors.aliyun.com\/kubernetes-new\/\">https:\/\/mirrors.aliyun.com\/kubernetes-new\/<\/a><\/span><\/pre>\n<p class=\"md-end-block md-heading\"><span class=\"md-plain\">\u914d\u7f6e\u65b9\u6cd5-<\/span><span class=\"md-plain md-expand\">\u65b0\u7248\u914d\u7f6e\u65b9\u6cd5<\/span><\/p>\n<pre class=\"md-end-block md-p\"><span class=\"md-plain\">\u65b0\u7248 kubernetes \u6e90\u4f7f\u7528\u65b9\u6cd5\u548c\u4e4b\u524d\u6709\u4e00\u5b9a\u533a\u522b\uff0c\u8bf7\u6c42\u6309\u7167\u5982\u4e0b\u914d\u7f6e\u65b9\u6cd5\u914d\u7f6e\u4f7f\u7528\u3002<\/span>\r\n\r\n<span class=\"md-plain\">\u5176\u4e2d\u65b0\u7248 kubernetes \u6e90\u6309\u7167\u5b89\u88c5\u7248\u672c\u533a\u5206\u4e0d\u540c\u4ed3\u5e93\uff0c\u8be5\u6587\u6863\u793a\u4f8b\u4e3a\u914d\u7f6e 1.28 \u7248\u672c\uff0c\r\n\u5982\u9700\u5176\u4ed6\u7248\u672c\u8bf7\u5728\u5bf9\u5e94\u4f4d\u7f6e\u5b57\u7b26\u4e32\u66ff\u6362\u5373\u53ef\u3002<\/span>\r\n\r\n<span class=\"md-plain\">\uff08\u6bd4\u5982\u9700\u8981\u5b89\u88c5 1.29 \u7248\u672c\uff0c\u5219\u9700\u8981\u5c06\u5982\u4e0b\u914d\u7f6e\u4e2d\u7684 v1.28 \u66ff\u6362\u6210 v1.29\uff09<\/span>\r\n\r\n<span class=\"md-plain\">\uff08\u76ee\u524d\u8be5\u6e90\u652f\u6301 v1.24 - v1.29 \u7248\u672c\uff0c\u540e\u7eed\u7248\u672c\u4f1a\u6301\u7eed\u66f4\u65b0\uff09<\/span><\/pre>\n<p class=\"md-end-block md-heading\"><span class=\"md-plain\">Debian \/ Ubuntu<\/span><\/p>\n<pre class=\"md-fences md-end-block ty-contain-cm modeLoaded\" lang=\"\" spellcheck=\"false\"><span role=\"presentation\">apt-get update &amp;&amp; apt-get install -y apt-transport-https<\/span>\r\n<span role=\"presentation\">curl -fsSL https:\/\/mirrors.aliyun.com\/kubernetes-new\/core\/stable\/v1.28\/deb\/Release.key |<\/span>\r\n<span role=\"presentation\"> \u00a0  gpg --dearmor -o \/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg<\/span>\r\n<span role=\"presentation\">echo \"deb [signed-by=\/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg] https:\/\/mirrors.aliyun.com\/kubernetes-new\/core\/stable\/v1.28\/deb\/ \/\" |<\/span>\r\n<span role=\"presentation\"> \u00a0  tee \/etc\/apt\/sources.list.d\/kubernetes.list<\/span>\r\n<span role=\"presentation\">apt-get update<\/span>\r\n<span role=\"presentation\">apt-get install -y kubelet kubeadm kubectl<\/span><\/pre>\n<p class=\"md-end-block md-heading\"><span class=\"md-plain\">CentOS \/ RHEL \/ Fedora<\/span><\/p>\n<pre class=\"md-fences md-end-block ty-contain-cm modeLoaded\" lang=\"\" spellcheck=\"false\"><span role=\"presentation\">cat &lt;&lt;EOF | tee \/etc\/yum.repos.d\/kubernetes.repo<\/span>\r\n<span role=\"presentation\">[kubernetes]<\/span>\r\n<span role=\"presentation\">name=Kubernetes<\/span>\r\n<span role=\"presentation\">baseurl=https:\/\/mirrors.aliyun.com\/kubernetes-new\/core\/stable\/v1.28\/rpm\/<\/span>\r\n<span role=\"presentation\">enabled=1<\/span>\r\n<span role=\"presentation\">gpgcheck=1<\/span>\r\n<span role=\"presentation\">gpgkey=https:\/\/mirrors.aliyun.com\/kubernetes-new\/core\/stable\/v1.28\/rpm\/repodata\/repomd.xml.key<\/span>\r\n<span role=\"presentation\">EOF<\/span>\r\n<span role=\"presentation\">setenforce 0<\/span>\r\n<span role=\"presentation\">yum install -y kubelet kubeadm kubectl<\/span>\r\n<span role=\"presentation\">systemctl enable kubelet &amp;&amp; systemctl start kubelet<\/span><\/pre>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">ps: \u7531\u4e8e\u5b98\u7f51\u672a\u5f00\u653e\u540c\u6b65\u65b9\u5f0f, \u53ef\u80fd\u4f1a\u6709\u7d22\u5f15gpg\u68c0\u67e5\u5931\u8d25\u7684\u60c5\u51b5, \u8fd9\u65f6\u8bf7\u7528 <\/span><span class=\"md-pair-s\" spellcheck=\"false\"><code>yum install -y --nogpgcheck kubelet kubeadm kubectl<\/code><\/span><span class=\"md-plain\"> \u5b89\u88c5<\/span><\/p>\n<p class=\"md-end-block md-heading\"><span class=\"md-plain\">\u914d\u7f6e\u65b9\u6cd5-\u65e7\u7248\u914d\u7f6e\u65b9\u6cd5<\/span><\/p>\n<pre class=\"md-end-block md-p\"><span class=\"md-plain\">\u76ee\u524d\u7531\u4e8ekubernetes\u5b98\u65b9\u53d8\u66f4\u4e86\u4ed3\u5e93\u7684\u5b58\u50a8\u8def\u5f84\u4ee5\u53ca\u4f7f\u7528\u65b9\u5f0f\uff0c\u65e7\u7248 kubernetes \u6e90\u53ea\u66f4\u65b0\u5230 1.28 \u90e8\u5206\u7248\u672c\uff0c\r\n\u540e\u7eed\u66f4\u65b0\u7248\u672c\u8bf7\u4f7f\u7528 \u65b0\u6e90\u914d\u7f6e\u65b9\u6cd5 \u8fdb\u884c\u914d\u7f6e\u3002<\/span><\/pre>\n<p class=\"md-end-block md-heading\"><span class=\"md-plain\">Debian \/ Ubuntu<\/span><\/p>\n<pre class=\"md-fences md-end-block ty-contain-cm modeLoaded\" lang=\"\" spellcheck=\"false\"><span role=\"presentation\">apt-get update &amp;&amp; apt-get install -y apt-transport-https<\/span>\r\n<span role=\"presentation\">curl https:\/\/mirrors.aliyun.com\/kubernetes\/apt\/doc\/apt-key.gpg | apt-key add - <\/span>\r\n<span role=\"presentation\">cat &lt;&lt;EOF &gt;\/etc\/apt\/sources.list.d\/kubernetes.list<\/span>\r\n<span role=\"presentation\">deb https:\/\/mirrors.aliyun.com\/kubernetes\/apt\/ kubernetes-xenial main<\/span>\r\n<span role=\"presentation\">EOF<\/span>\r\n<span role=\"presentation\">apt-get update<\/span>\r\n<span role=\"presentation\">apt-get install -y kubelet kubeadm kubectl<\/span><\/pre>\n<p class=\"md-end-block md-heading\"><span class=\"md-plain\">CentOS \/ RHEL \/ Fedora<\/span><\/p>\n<pre class=\"md-fences md-end-block ty-contain-cm modeLoaded\" lang=\"\" spellcheck=\"false\"><span role=\"presentation\">cat &lt;&lt;EOF &gt; \/etc\/yum.repos.d\/kubernetes.repo<\/span>\r\n<span role=\"presentation\">[kubernetes]<\/span>\r\n<span role=\"presentation\">name=Kubernetes<\/span>\r\n<span role=\"presentation\">baseurl=https:\/\/mirrors.aliyun.com\/kubernetes\/yum\/repos\/kubernetes-el7-x86_64\/<\/span>\r\n<span role=\"presentation\">enabled=1<\/span>\r\n<span role=\"presentation\">gpgcheck=1<\/span>\r\n<span role=\"presentation\">repo_gpgcheck=1<\/span>\r\n<span role=\"presentation\">gpgkey=https:\/\/mirrors.aliyun.com\/kubernetes\/yum\/doc\/yum-key.gpg https:\/\/mirrors.aliyun.com\/kubernetes\/yum\/doc\/rpm-package-key.gpg<\/span>\r\n<span role=\"presentation\">EOF<\/span>\r\n<span role=\"presentation\">setenforce 0<\/span>\r\n<span role=\"presentation\">yum install -y kubelet kubeadm kubectl<\/span>\r\n<span role=\"presentation\">systemctl enable kubelet &amp;&amp; systemctl start kubelet<\/span><\/pre>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">ps: \u7531\u4e8e\u5b98\u7f51\u672a\u5f00\u653e\u540c\u6b65\u65b9\u5f0f, \u53ef\u80fd\u4f1a\u6709\u7d22\u5f15gpg\u68c0\u67e5\u5931\u8d25\u7684\u60c5\u51b5, \u8fd9\u65f6\u8bf7\u7528 <\/span><span class=\"md-pair-s\" spellcheck=\"false\"><code>yum install -y --nogpgcheck kubelet kubeadm kubectl<\/code><\/span><span class=\"md-plain\"> \u5b89\u88c5<\/span><\/p>\n<p class=\"md-end-block md-heading\"><span class=\"md-plain\">\u76f8\u5173\u94fe\u63a5<\/span><\/p>\n<pre class=\"md-end-block md-p\"><span class=\"md-plain\">\u5b98\u65b9\u4e3b\u9875\uff1a<\/span><span class=\"md-link md-pair-s\" spellcheck=\"false\"><a href=\"https:\/\/kubernetes.io\/\">https:\/\/kubernetes.io\/<\/a><\/span><\/pre>\n<p><\/div><\/div>\n<h1>\u4e8c\u3001\u51c6\u5907\u5de5\u4f5c<\/h1>\n<h2>0\u3001\u51c6\u59073\u53f0\u673a\u5668<\/h2>\n<p>\u6bcf\u53f0\u673a\u5668\u5185\u5b58&gt;=2G<\/p>\n<h2 id=\"header-id-10\">1\u3001\u4fee\u6539\u4e3b\u673a\u540d\u53ca\u89e3\u6790(\u4e09\u53f0\u8282\u70b9)<\/h2>\n<pre class=\"code\"># 1\u3001\u4fee\u6539\u4e3b\u673a\u540d\r\n<span class=\"hljs-attribute\">hostnamectl<\/span> set-hostname k<span class=\"hljs-number\">8<\/span>s-master-<span class=\"hljs-number\">01\r\n<\/span><span class=\"hljs-attribute\">hostnamectl<\/span> set-hostname k<span class=\"hljs-number\">8<\/span>s-node-<span class=\"hljs-number\">01\r\n<\/span><span class=\"hljs-attribute\">hostnamectl<\/span> set-hostname k<span class=\"hljs-number\">8<\/span>s-node-<span class=\"hljs-number\">02\r\n<\/span>\r\n# 2\u3001\u4e09\u53f0\u673a\u5668\u6dfb\u52a0host\u89e3\u6790\r\ncat &gt;&gt; \/etc\/hosts &lt;&lt; \"EOF\"\r\n<span class=\"hljs-attribute\">192<\/span>.<span class=\"hljs-number\">168<\/span>.71.12 k<span class=\"hljs-number\">8<\/span>s-master-<span class=\"hljs-number\">01<\/span> m<span class=\"hljs-number\">1\r\n<\/span><span class=\"hljs-attribute\">192<\/span>.<span class=\"hljs-number\">168<\/span>.71.13 k<span class=\"hljs-number\">8<\/span>s-node-<span class=\"hljs-number\">01<\/span> n<span class=\"hljs-number\">1\r\n<\/span><span class=\"hljs-attribute\">192<\/span>.<span class=\"hljs-number\">168<\/span>.71.14 k<span class=\"hljs-number\">8<\/span>s-node-<span class=\"hljs-number\">02<\/span> n<span class=\"hljs-number\">2\r\n<\/span>EOF<\/pre>\n<h2>2\u3001\u5173\u95ed\u4e00\u4e9b\u670d\u52a1(\u4e09\u53f0\u8282\u70b9)<\/h2>\n<pre class=\"code\"># 1\u3001\u5173\u95edselinux\r\nsed -i 's#enforcing#disabled#g' \/etc\/selinux\/config\r\nsetenforce 0\r\n\r\n# 2\u3001\u7981\u7528\u9632\u706b\u5899\uff0c\u7f51\u7edc\u7ba1\u7406\uff0c\u90ae\u7bb1\r\nsystemctl disable --now firewalld NetworkManager postfix\r\n\r\n# 3\u3001\u5173\u95edswap\u5206\u533a\r\nswapoff -a \r\n\u200b\r\n# \u6ce8\u91caswap\u5206\u533a\r\ncp \/etc\/fstab \/etc\/fstab_bak\r\nsed -i '\/swap\/d' \/etc\/fstab<\/pre>\n<h2>3\u3001sshd\u670d\u52a1\u4f18\u5316<\/h2>\n<pre class=\"code\"># 1\u3001\u52a0\u901f\u8bbf\u95ee\r\nsed -ri <span class=\"hljs-string\">'s@^#UseDNS yes@UseDNS no@g'<\/span> \/etc\/ssh\/sshd_config \r\nsed -ri <span class=\"hljs-string\">'s#^GSSAPIAuthentication yes#GSSAPIAuthentication no#g'<\/span> \/etc\/ssh\/sshd_config \r\ngrep ^UseDNS \/etc\/ssh\/sshd_config \r\ngrep ^GSSAPIAuthentication \/etc\/ssh\/sshd_config\r\nsystemctl restart sshd\r\n\r\n# 2\u3001\u5bc6\u94a5\u767b\u5f55\uff08\u4e3b\u673a\u70b9\u505a\uff09:\u4e3a\u4e86\u8ba9\u540e\u7eed\u4e00\u4e9b\u8fdc\u7a0b\u62f7\u8d1d\u64cd\u4f5c\u66f4\u65b9\u4fbf\r\nssh-keygen\r\nssh-copy-id -i root@k8s-master-01\r\nssh-copy-id -i root@k8s-node-01\r\nssh-copy-id -i root@k8s-node-02<\/pre>\n<h2>4\u3001\u589e\u5927\u6587\u4ef6\u6253\u5f00\u6570\u91cf\uff08\u9000\u51fa\u5f53\u524d\u4f1a\u8bdd\u7acb\u5373\u751f\u6548\uff09<\/h2>\n<pre class=\"code\">cat &gt; \/etc\/security\/limits.d\/k8s.conf &lt;&lt;'EOF' \r\n* soft nofile 65535 \r\n* hard nofile 131070 \r\nEOF \r\n\r\nulimit -Sn \r\nulimit -Hn<\/pre>\n<h2>5\u3001\u6240\u6709\u8282\u70b9\u914d\u7f6e\u6a21\u5757\u81ea\u52a8\u52a0\u8f7d\uff0c\u6b64\u6b65\u9aa4\u4e0d\u505a\u7684\u8bdd(kubeadm init\u65f6\u4f1a\u76f4\u63a5\u5931\u8d25!)<\/h2>\n<pre class=\"code\">modprobe br_netfilter\r\nmodprobe ip_conntrack\r\ncat &gt;&gt;\/etc\/rc.sysinit&lt;&lt;EOF\r\n#!\/bin\/bash\r\nfor file in \/etc\/sysconfig\/modules\/*.modules ; do\r\n[ -x $file ] &amp;&amp; $file\r\ndone\r\nEOF\r\necho \"modprobe br_netfilter\" &gt;\/etc\/sysconfig\/modules\/br_netfilter.modules\r\necho \"modprobe ip_conntrack\" &gt;\/etc\/sysconfig\/modules\/ip_conntrack.modules\r\nchmod 755 \/etc\/sysconfig\/modules\/br_netfilter.modules\r\nchmod 755 \/etc\/sysconfig\/modules\/ip_conntrack.modules\r\nlsmod | grep br_netfilter<\/pre>\n<h2>6\u3001\u540c\u6b65\u96c6\u7fa4\u65f6\u95f4<\/h2>\n<pre class=\"code\"># =====================\u300bchrony\u670d\u52a1\u7aef\uff1a\u670d\u52a1\u7aef\u6211\u4eec\u53ef\u4ee5\u81ea\u5df1\u642d\u5efa\uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u7528\u516c\u7f51\u4e0a\u7684\u65f6\u95f4\u670d\u52a1\u5668\uff0c\u6240\u4ee5\u662f\u5426\u90e8\u7f72\u670d\u52a1\u7aef\u770b\u4f60\u81ea\u5df1\r\n# 1\u3001\u5b89\u88c5\r\nyum -y install chrony\r\n\u200b\r\n# 2\u3001\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\r\nmv \/etc\/chrony.conf \/etc\/chrony.conf.bak\r\n\u200b\r\ncat &gt; \/etc\/chrony.conf &lt;&lt; EOF\r\nserver ntp1.aliyun.com iburst minpoll 4 maxpoll 10\r\nserver ntp2.aliyun.com iburst minpoll 4 maxpoll 10\r\nserver ntp3.aliyun.com iburst minpoll 4 maxpoll 10\r\nserver ntp4.aliyun.com iburst minpoll 4 maxpoll 10\r\nserver ntp5.aliyun.com iburst minpoll 4 maxpoll 10\r\nserver ntp6.aliyun.com iburst minpoll 4 maxpoll 10\r\nserver ntp7.aliyun.com iburst minpoll 4 maxpoll 10\r\ndriftfile \/var\/lib\/chrony\/drift\r\nmakestep 10 3\r\nrtcsync\r\nallow 0.0.0.0\/0\r\nlocal stratum 10\r\nkeyfile \/etc\/chrony.keys\r\nlogdir \/var\/log\/chrony\r\nstratumweight 0.05\r\nnoclientlog\r\nlogchange 0.5\r\n\r\nEOF\r\n\u200b\r\n# 4\u3001\u542f\u52a8chronyd\u670d\u52a1\r\nsystemctl restart chronyd.service # \u6700\u597d\u91cd\u542f\uff0c\u8fd9\u6837\u65e0\u8bba\u539f\u6765\u662f\u5426\u542f\u52a8\u90fd\u53ef\u4ee5\u91cd\u65b0\u52a0\u8f7d\u914d\u7f6e\r\nsystemctl enable chronyd.service\r\nsystemctl status chronyd.service\r\n\r\n# =====================\u300bchrony\u5ba2\u6237\u7aef\uff1a\u5728\u9700\u8981\u4e0e\u5916\u90e8\u540c\u6b65\u65f6\u95f4\u7684\u673a\u5668\u4e0a\u5b89\u88c5\uff0c\u542f\u52a8\u540e\u4f1a\u81ea\u52a8\u4e0e\u4f60\u6307\u5b9a\u7684\u670d\u52a1\u7aef\u540c\u6b65\u65f6\u95f4\r\n# \u4e0b\u8ff0\u6b65\u9aa4\u4e00\u6b21\u6027\u7c98\u8d34\u5230\u6bcf\u4e2a\u5ba2\u6237\u7aef\u6267\u884c\u5373\u53ef\r\n# 1\u3001\u5b89\u88c5chrony\r\nyum -y install chrony\r\n# 2\u3001\u9700\u6539\u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6\r\nmv \/etc\/chrony.conf \/etc\/chrony.conf.bak\r\ncat &gt; \/etc\/chrony.conf &lt;&lt; EOF\r\nserver \u670d\u52a1\u7aef\u7684ip\u5730\u5740\u6216\u53ef\u89e3\u6790\u7684\u4e3b\u673a\u540d iburst\r\ndriftfile \/var\/lib\/chrony\/drift\r\nmakestep 10 3\r\nrtcsync\r\nlocal stratum 10\r\nkeyfile \/etc\/chrony.key\r\nlogdir \/var\/log\/chrony\r\nstratumweight 0.05\r\nnoclientlog\r\nlogchange 0.5\r\n\r\nEOF\r\n# 3\u3001\u542f\u52a8chronyd\r\nsystemctl restart chronyd.service\r\nsystemctl enable chronyd.service\r\nsystemctl status chronyd.service\r\n\r\n# 4\u3001\u9a8c\u8bc1\r\nchronyc sources -v<\/pre>\n<h2>7\u3001\u66f4\u65b0\u57fa\u7840yum\u6e90\uff08\u4e09\u53f0\u673a\u5668\uff09<\/h2>\n<pre class=\"code\"># 1\u3001\u6e05\u7406\r\nrm -rf \/etc\/yum.repos.d\/*\r\nyum remove epel-release -y\r\nrm -rf \/var\/cache\/yum\/x86_64\/6\/epel\/\r\n\r\n# 2\u3001\u5b89\u88c5\u963f\u91cc\u7684base\u4e0eepel\u6e90\r\ncurl -s -o \/etc\/yum.repos.d\/CentOS-Base.repo https:\/\/mirrors.aliyun.com\/repo\/Centos-7.repo \r\ncurl -s -o \/etc\/yum.repos.d\/epel.repo http:\/\/mirrors.aliyun.com\/repo\/epel-7.repo\r\nyum clean all yum makecache\r\n\r\n# \u6216\u8005\u7528\u534e\u4e3a\u7684\u4e5f\u884c\r\n# curl -o \/etc\/yum.repos.d\/CentOS-Base.repo https:\/\/repo.huaweicloud.com\/repository\/conf\/CentOS-7-reg.repo \r\n# yum install -y https:\/\/repo.huaweicloud.com\/epel\/epel-release-latest-7.noarch.rpm<\/pre>\n<h2 class=\"hljs-codeblock hljs-hide-linenumber hljs-break-line\">8\u3001\u66f4\u65b0\u7cfb\u7edf\u8f6f\u4ef6(\u6392\u9664\u5185\u6838)<\/h2>\n<pre class=\"code\"> <span class=\"hljs-string\">yum<\/span> <span class=\"hljs-string\">update<\/span> <span class=\"hljs-string\">-y<\/span> <span class=\"hljs-string\">--exclud=kernel*<\/span><\/pre>\n<h2 id=\"header-id-22\">9\u3001\u5b89\u88c5\u57fa\u7840\u5e38\u7528\u8f6f\u4ef6<\/h2>\n<pre class=\"code\">yum -y install expect wget jq psmisc vim net-tools telnet yum-utils device-mapper-persistent-data lvm2 git ntpdate chrony bind-utils rsync unzip git<\/pre>\n<h2>10\u3001\u66f4\u65b0\u5185\u6838\uff08docker \u5bf9\u7cfb\u7edf\u5185\u6838\u8981\u6c42\u6bd4\u8f83\u9ad8\uff0c\u6700\u597d\u4f7f\u75284.4+\uff09<strong>\u4e3b\u8282\u70b9\u64cd\u4f5c<\/strong><\/h2>\n<pre class=\"code\">wget https:\/\/elrepo.org\/linux\/kernel\/el7\/x86_64\/RPMS\/kernel-lt-5.4.274-1.el7.elrepo.x86_64.rpm\r\nwget https:\/\/elrepo.org\/linux\/kernel\/el7\/x86_64\/RPMS\/kernel-lt-devel-5.4.274-1.el7.elrepo.x86_64.rpm\r\n\r\nfor i in n1 n2 m1 ; do scp kernel-lt-* $i:\/opt; done\r\n\r\n\r\n\u8865\u5145\uff1a\u5982\u679c\u4e0b\u8f7d\u7684\u6162\u5c31\u4ece\u7f51\u76d8\u91cc\u62ff\u5427\r\n\u94fe\u63a5\uff1ahttps:\/\/pan.baidu.com\/s\/1gVyeBQsJPZjc336E8zGjyQ \r\n\u63d0\u53d6\u7801\uff1aEgon<\/pre>\n<p>\u4e09\u4e2a\u8282\u70b9\u64cd\u4f5c<\/p>\n<pre class=\"code\"> #\u5b89\u88c5\r\nyum localinstall -y \/opt\/kernel-lt*\r\n\r\n#\u8c03\u5230\u9ed8\u8ba4\u542f\u52a8\r\ngrub2-set-default 0 &amp;&amp; grub2-mkconfig -o \/etc\/grub2.cfg \r\n\r\n#\u67e5\u770b\u5f53\u524d\u9ed8\u8ba4\u542f\u52a8\u7684\u5185\u6838\r\ngrubby --default-kernel\r\n\r\n#\u91cd\u542f\u7cfb\u7edf\r\nreboot<\/pre>\n<h2>11\u3001\u4e09\u4e2a\u8282\u70b9\u5b89\u88c5IPVS<\/h2>\n<pre class=\"code\"># 1\u3001\u5b89\u88c5ipvsadm\u7b49\u76f8\u5173\u5de5\u5177\r\nyum -y install ipvsadm ipset sysstat conntrack libseccomp \r\n\r\n# 2\u3001\u914d\u7f6e\u52a0\u8f7d\r\ncat &gt; \/etc\/sysconfig\/modules\/ipvs.modules &lt;&lt;\"EOF\" \r\n#!\/bin\/bash \r\nipvs_modules=\"ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack\" \r\n\r\nfor kernel_module in ${ipvs_modules}; \r\ndo \r\n\t\/sbin\/modinfo -F filename ${kernel_module} &gt; \/dev\/null 2&gt;&amp;1 \r\n\tif [ $? -eq 0 ]; then \r\n\t\t\/sbin\/modprobe ${kernel_module} \r\n\tfi \r\ndone \r\nEOF\r\n\r\nchmod 755 \/etc\/sysconfig\/modules\/ipvs.modules &amp;&amp; bash \/etc\/sysconfig\/modules\/ipvs.modules &amp;&amp; lsmod | grep ip_vs\r\n<\/pre>\n<h2>12\u3001\u4e09\u53f0\u673a\u5668\u4fee\u6539\u5185\u6838\u53c2\u6570<\/h2>\n<pre class=\"code\">cat &gt; \/etc\/sysctl.d\/k8s.conf &lt;&lt; EOF\r\nnet.ipv4.ip_forward = 1\r\nnet.bridge.bridge-nf-call-iptables = 1\r\nnet.bridge.bridge-nf-call-ip6tables = 1\r\nfs.may_detach_mounts = 1\r\nvm.overcommit_memory=1\r\nvm.panic_on_oom=0\r\nfs.inotify.max_user_watches=89100\r\nfs.file-max=52706963\r\nfs.nr_open=52706963\r\nnet.ipv4.tcp_keepalive_time = 600\r\nnet.ipv4.tcp.keepaliv.probes = 3\r\nnet.ipv4.tcp_keepalive_intvl = 15\r\nnet.ipv4.tcp.max_tw_buckets = 36000\r\nnet.ipv4.tcp_tw_reuse = 1\r\nnet.ipv4.tcp.max_orphans = 327680\r\nnet.ipv4.tcp_orphan_retries = 3\r\nnet.ipv4.tcp_syncookies = 1\r\nnet.ipv4.tcp_max_syn_backlog = 16384\r\nnet.ipv4.ip_conntrack_max = 65536\r\nnet.ipv4.tcp_max_syn_backlog = 16384\r\nnet.ipv4.top_timestamps = 0\r\nnet.core.somaxconn = 16384\r\nEOF\r\n\r\n# \u7acb\u5373\u751f\u6548\r\nsysctl --system<\/pre>\n<h1 id=\"header-id-26\">\u4e09\u3001\u5b89\u88c5containerd(\u4e09\u53f0\u8282\u70b9\u90fd\u8981\u505a)<\/h1>\n<p><strong>\u81eaKubernetes1.24\u4ee5\u540e\uff0cK8S\u5c31\u4e0d\u518d\u539f\u751f\u652f\u6301docker\u4e86<\/strong><\/p>\n<p>\u6211\u4eec\u90fd\u77e5\u9053containerd\u6765\u81ea\u4e8edocker\uff0c\u540e\u88abdocker\u6350\u732e\u7ed9\u4e86\u4e91\u539f\u751f\u8ba1\u7b97\u57fa\u91d1\u4f1a\uff08\u6211\u4eec\u5b89\u88c5docker\u5f53\u7136\u4f1a\u4e00\u5e76\u5b89\u88c5\u4e0acontainerd\uff09<\/p>\n<div  class='collapse-block shadow-sm collapse-block-transparent collapsed hide-border-left'><div class='collapse-block-title'><span class='collapse-block-title-inner'>\u5b89\u88c5\u65b9\u6cd5<\/span><i class='collapse-icon fa fa-angle-down'><\/i><\/div><div class='collapse-block-body' style='display:none;'>\n<p class=\"md-end-block md-p md-focus\"><span class=\"md-plain\">1\u3001centos7\u9ed8\u8ba4\u7684libseccomp\u7684\u7248\u672c\u4e3a2.3.1\uff0c\u4e0d\u6ee1\u8db3containerd\u7684\u9700\u6c42\uff0c\u9700\u8981\u4e0b\u8f7d2.4\u4ee5\u4e0a\u7684\u7248\u672c\u5373\u53ef\uff0c\u6211\u8fd9\u91cc\u90e8\u7f722.5.1\u7248\u672c\u3002<\/span><\/p>\n<pre class=\"md-fences md-end-block ty-contain-cm modeLoaded\" lang=\"shell\" spellcheck=\"false\"><span role=\"presentation\"><span class=\"cm-comment\">#  1\u3001\u5982\u679c\u4f60\u4e0d\u5347\u7ea7libseccomp\u7684\u8bdd\uff0c\u542f\u52a8\u5bb9\u5668\u4f1a\u62a5\u9519<\/span><\/span>\r\n<span role=\"presentation\">**Failed to create pod sandbox: rpc error: code <span class=\"cm-operator\">=<\/span> Unknown desc <span class=\"cm-operator\">=<\/span> failed to create containerd task: failed to create shim task: OCI runtime create failed: unable to retrieve OCI runtime error (open \/run\/containerd\/io.containerd.runtime.v2.task\/k8s.io\/ed17cbdc31099314dc8fd609d52b0dfbd6fdf772b78aa26fbc9149ab089c6807\/log.json: no such file or directory): runc did not terminate successfully: <span class=\"cm-keyword\">exit<\/span> status <span class=\"cm-number\">127<\/span>: unknown**<\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># 2\u3001\u5347\u7ea7<\/span><\/span>\r\n<span role=\"presentation\">rpm <span class=\"cm-attribute\">-e<\/span> libseccomp-2.3.1-4.el7.x86_64 <span class=\"cm-attribute\">--nodeps<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># wget http:\/\/rpmfind.net\/linux\/centos\/8-stream\/BaseOS\/x86_64\/os\/Packages\/libseccomp-2.5.1-1.el8.x86_64.rpm<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-builtin\">wget<\/span> https:\/\/mirrors.aliyun.com\/centos\/8\/BaseOS\/x86_64\/os\/Packages\/libseccomp-2.5.1-1.el8.x86_64.rpm<\/span>\r\n<span role=\"presentation\">rpm <span class=\"cm-attribute\">-ivh<\/span> libseccomp-2.5.1-1.el8.x86_64.rpm \u00a0<span class=\"cm-comment\"># \u5b98\u7f51\u5df2\u7ecfgg\u4e86\uff0c\u4e0d\u66f4\u65b0\u4e86\uff0c\u8bf7\u7528\u963f\u91cc\u4e91<\/span><\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\">rpm <span class=\"cm-attribute\">-qa<\/span> | <span class=\"cm-builtin\">grep<\/span> libseccomp<\/span><\/pre>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">\u5b89\u88c5\u65b9\u5f0f\u4e00\uff1a\uff08 \u57fa\u4e8e\u963f\u91cc\u4e91\u7684\u6e90\uff09\u63a8\u8350\u7528\u8fd9\u79cd\u65b9\u5f0f\uff0c\u5b89\u88c5\u7684\u662f<\/span><\/p>\n<pre class=\"md-fences md-end-block ty-contain-cm modeLoaded\" lang=\"\" spellcheck=\"false\"><span role=\"presentation\"># 1\u3001\u5378\u8f7d\u4e4b\u524d\u7684<\/span>\r\n<span role=\"presentation\">yum remove docker docker-ce containerd docker-common docker-selinux docker-engine -y <\/span>\r\n \r\n<span role=\"presentation\"># 2\u3001\u51c6\u5907repo<\/span>\r\n<span role=\"presentation\">cd \/etc\/yum.repos.d\/<\/span>\r\n<span role=\"presentation\">wget http:\/\/mirrors.aliyun.com\/docker-ce\/linux\/centos\/docker-ce.repo<\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"># 3\u3001\u5b89\u88c5<\/span>\r\n<span role=\"presentation\">yum install containerd* -y<\/span>\r\n<span role=\"presentation\">\u200b<\/span><\/pre>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">\u4e86\u89e3&#8212;&gt;\u5b89\u88c5\u65b9\u5f0f\u4e8c\uff1a\u6216\u8005\u53bb\u5b98\u7f51\u627e\u6700\u65b0\u7684\u5305\uff08\u65b0\u72481.7.18\u5305\u5185\u7f3a\u5c11runc\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u9700\u8981\u5355\u72ec\u5b89\uff0c\u65e7\u72481.6.4\u662f\u5305\u542brunc\u7684\uff0c\u4e0d\u9700\u8981\u989d\u5916\u5b89\u88c5\uff09<\/span><\/p>\n<pre class=\"md-fences md-end-block ty-contain-cm modeLoaded\" lang=\"shell\" spellcheck=\"false\"><span role=\"presentation\"><span class=\"cm-comment\"># 1\u3001\u4e0b\u8f7dcontainerd\uff1ahttps:\/\/github.com\/containerd\/containerd\/releases\/<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-builtin\">wget<\/span> https:\/\/github.com\/containerd\/containerd\/releases\/download\/v1.7.18\/containerd-1.7.18-linux-amd64.tar.gz<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># \u56fd\u5185\u4e0b\u8f7d\u5730\u5740\uff1ahttps:\/\/gitee.com\/egonlin\/containerd-1.7.18<\/span><\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># \u6ce8\u610f\u65b0\u72481.7.18\u5305\u5185\u7f3a\u5c11runc\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u9700\u8981\u5355\u72ec\u5b89\u88c5<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># \u800cwget https:\/\/github.com\/containerd\/containerd\/releases\/download\/v1.6.4\/cri-containerd-cni-1.6.4-linux-amd64.tar.gz\u8be5\u7248\u672c\u4e2d\u5305\u542b\u4e86 containerd\u4ee5\u53cacri runc\u7b49\u76f8\u5173\u5de5\u5177\u5305<\/span><\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># 2\u3001\u89e3\u538b\u5373\u53ef<\/span><\/span>\r\n<span role=\"presentation\">tar zxvf containerd-1.7.18-linux-amd64.tar.gz <span class=\"cm-attribute\">-C<\/span> \/usr \u00a0<span class=\"cm-comment\"># \u547d\u4ee4\u90fd\u4f1a\u89e3\u538b\u5230\/usr\/bin\u4e0b\uff0c\u53ef\u4ee5\u76f4\u63a5\u7528\u90fd\u4e0d\u7528\u5904\u7406PATH\u53d8\u91cf<\/span><\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># 3\u3001\u9700\u8981\u81ea\u5df1\u6dfb\u52a0\u7cfb\u7edf\u670d\u52a1<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-builtin\">cat<\/span> &gt; \/usr\/lib\/systemd\/system\/containerd.service &lt;&lt; <span class=\"cm-string\">\"EOF\"<\/span><\/span>\r\n<span role=\"presentation\">[Unit]<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">Description<\/span><span class=\"cm-operator\">=<\/span>containerd container runtime<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">Documentation<\/span><span class=\"cm-operator\">=<\/span>https:\/\/containerd.io<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">After<\/span><span class=\"cm-operator\">=<\/span>network.target local-fs.target<\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\">[Service]<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">ExecStartPre<\/span><span class=\"cm-operator\">=<\/span><span class=\"cm-attribute\">-<\/span>\/sbin\/modprobe overlay<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">ExecStart<\/span><span class=\"cm-operator\">=<\/span>\/usr\/bin\/containerd<\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">Type<\/span><span class=\"cm-operator\">=<\/span>notify<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">Delegate<\/span><span class=\"cm-operator\">=<\/span><span class=\"cm-builtin\">yes<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">KillMode<\/span><span class=\"cm-operator\">=<\/span>process<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">Restart<\/span><span class=\"cm-operator\">=<\/span>always<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">RestartSec<\/span><span class=\"cm-operator\">=<\/span><span class=\"cm-number\">5<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># Having non-zero Limit*s causes performance problems due to accounting overhead<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># in the kernel. We recommend using cgroups to do container-local accounting.<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">LimitNPROC<\/span><span class=\"cm-operator\">=<\/span>infinity<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">LimitCORE<\/span><span class=\"cm-operator\">=<\/span>infinity<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">LimitNOFILE<\/span><span class=\"cm-operator\">=<\/span>infinity<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># Comment TasksMax if your systemd version does not supports it.<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># Only systemd 226 and above support this version.<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">TasksMax<\/span><span class=\"cm-operator\">=<\/span>infinity<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">OOMScoreAdjust<\/span><span class=\"cm-operator\">=<\/span><span class=\"cm-attribute\">-999<\/span><\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\">[Install]<\/span>\r\n<span role=\"presentation\"><span class=\"cm-def\">WantedBy<\/span><span class=\"cm-operator\">=<\/span>multi-user.target<\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\">EOF<\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># 3\u3001<\/span><\/span>\r\n<span role=\"presentation\">systemctl daemon-reload<\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># 4\u3001\u6ce8\u610f1.7.18\u5305\u5185\u7f3a\u5c11runc\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u9700\u8981\u5355\u72ec\u5b89\u88c5\uff0c\u8be6\u89c1\u9644\u5f55<\/span><\/span><\/pre>\n<p class=\"md-end-block md-p\"><span class=\"md-plain\">\u914d\u7f6e<\/span><\/p>\n<pre class=\"md-fences md-end-block ty-contain-cm modeLoaded\" lang=\"shell\" spellcheck=\"false\"><span role=\"presentation\"><span class=\"cm-comment\"># 1\u3001\u914d\u7f6e<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-builtin\">mkdir<\/span> <span class=\"cm-attribute\">-pv<\/span> \/etc\/containerd <\/span>\r\n<span role=\"presentation\">containerd config default &gt; \/etc\/containerd\/config.toml \u00a0<span class=\"cm-comment\"># \u4e3acontainerd\u751f\u6210\u914d\u7f6e\u6587\u4ef6<\/span><\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># 2\u3001\u66ff\u6362\u9ed8\u8ba4pause\u955c\u50cf\u5730\u5740: \u8fd9\u4e00\u6b65\u975e\u5e38\u975e\u5e38\u975e\u5e38\u975e\u5e38\u91cd\u8981<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\">#  \u8fd9\u4e00\u6b65\u975e\u5e38\u975e\u5e38\u975e\u5e38\u975e\u5e38\u91cd\u8981\uff0c\u56fd\u5185\u7684\u955c\u50cf\u5730\u5740\u53ef\u80fd\u5bfc\u81f4\u4e0b\u8f7d\u5931\u8d25\uff0c\u6700\u7ea2kubeadm\u5b89\u88c5\u5931\u8d25\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\">#  \u8fd9\u4e00\u6b65\u975e\u5e38\u975e\u5e38\u975e\u5e38\u975e\u5e38\u91cd\u8981\uff0c\u56fd\u5185\u7684\u955c\u50cf\u5730\u5740\u53ef\u80fd\u5bfc\u81f4\u4e0b\u8f7d\u5931\u8d25\uff0c\u6700\u7ea2kubeadm\u5b89\u88c5\u5931\u8d25\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\">#  \u8fd9\u4e00\u6b65\u975e\u5e38\u975e\u5e38\u975e\u5e38\u975e\u5e38\u91cd\u8981\uff0c\u56fd\u5185\u7684\u955c\u50cf\u5730\u5740\u53ef\u80fd\u5bfc\u81f4\u4e0b\u8f7d\u5931\u8d25\uff0c\u6700\u7ea2kubeadm\u5b89\u88c5\u5931\u8d25\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01\uff01<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-builtin\">grep<\/span> sandbox_image \/etc\/containerd\/config.toml<\/span>\r\n<span role=\"presentation\"><span class=\"cm-builtin\">sed<\/span> <span class=\"cm-attribute\">-i<\/span> <span class=\"cm-string\">'s\/registry.k8s.io\/registry.cn-hangzhou.aliyuncs.com\\\/google_containers\/'<\/span> \/etc\/containerd\/config.toml <\/span>\r\n<span role=\"presentation\"><span class=\"cm-builtin\">grep<\/span> sandbox_image \/etc\/containerd\/config.toml<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># \u8bf7\u52a1\u5fc5\u786e\u8ba4\u65b0\u5730\u5740\u662f\u53ef\u7528\u7684\uff1asandbox_image = \"registry.cn-hangzhou.aliyuncs.com\/google_containers\/pause:3.6\"<\/span><\/span>\r\n \r\n<span role=\"presentation\"><span class=\"cm-comment\"># 3\u3001\u914d\u7f6esystemd\u4f5c\u4e3a\u5bb9\u5668\u7684cgroup driver<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-builtin\">grep<\/span> SystemdCgroup \/etc\/containerd\/config.toml<\/span>\r\n<span role=\"presentation\"><span class=\"cm-builtin\">sed<\/span> <span class=\"cm-attribute\">-i<\/span> <span class=\"cm-string\">'s\/SystemdCgroup \\= false\/SystemdCgroup \\= true\/'<\/span> \/etc\/containerd\/config.toml<\/span>\r\n<span role=\"presentation\"><span class=\"cm-builtin\">grep<\/span> SystemdCgroup \/etc\/containerd\/config.toml<\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># 4\u3001\u914d\u7f6e\u52a0\u901f\u5668\uff08\u5fc5\u987b\u914d\u7f6e\uff0c\u5426\u5219\u540e\u7eed\u5b89\u88c5cni\u7f51\u7edc\u63d2\u4ef6\u65f6\u65e0\u6cd5\u4ecedocker.io\u91cc\u4e0b\u8f7d\u955c\u50cf\uff09<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\">#\u53c2\u8003\uff1ahttps:\/\/github.com\/containerd\/containerd\/blob\/main\/docs\/cri\/config.md#registry-configuration<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\">#\u6dfb\u52a0 config_path = \"\/etc\/containerd\/certs.d\"<\/span><\/span>\r\n<span role=\"presentation\"><span class=\"cm-builtin\">sed<\/span> <span class=\"cm-attribute\">-i<\/span> <span class=\"cm-string\">'s\/config_path\\ =.*\/config_path = \\\"\\\/etc\\\/containerd\\\/certs.d\\\"\/g'<\/span> \/etc\/containerd\/config.toml<\/span>\r\n<span role=\"presentation\">\u200b<\/span><\/pre>\n<pre>mkdir -p \/etc\/containerd\/certs.d\/docker.io\r\ncat &gt; \/etc\/containerd\/certs.d\/docker.io\/hosts.toml &lt;&lt; EOF\r\nserver = \"https:\/\/docker.io\"\r\n[host.\"https:\/\/dockerproxy.com\"]\r\ncapabilities = [\"pull\", \"resolve\"]\r\n\r\n[host.\"https:\/\/docker.m.daocloud.io\"]\r\ncapabilities = [\"pull\", \"resolve\"]\r\n\r\n[host.\"https:\/\/reg-mirror.qiniu.com\"]\r\ncapabilities = [\"pull\", \"resolve\"]\r\n\r\n[host.\"https:\/\/registry.docker-cn.com\"]\r\ncapabilities = [\"pull\", \"resolve\"]\r\n\r\n[host.\"http:\/\/hub-mirror.c.163.com\"]\r\ncapabilities = [\"pull\", \"resolve\"]\r\n\r\nEOF<\/pre>\n<pre class=\"md-fences md-end-block ty-contain-cm modeLoaded\" lang=\"shell\" spellcheck=\"false\"><span role=\"presentation\"> \u00a0<\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># 5\u3001\u914d\u7f6econtainerd\u5f00\u673a\u81ea\u542f\u52a8<\/span><\/span>\r\n<span role=\"presentation\">\u200b<\/span>\r\n<span role=\"presentation\"><span class=\"cm-comment\"># 5.1 \u542f\u52a8containerd\u670d\u52a1\u5e76\u914d\u7f6e\u5f00\u673a\u81ea\u542f\u52a8<\/span><\/span>\r\n<span role=\"presentation\">systemctl daemon-reload &amp;&amp; systemctl <span class=\"cm-builtin\">restart<\/span> containerd<\/span>\r\n<span role=\"presentation\">systemctl enable <span class=\"cm-attribute\">--now<\/span> containerd<\/span>\r\n \r\n<span role=\"presentation\"><span class=\"cm-comment\"># 5.2 \u67e5\u770bcontainerd\u72b6\u6001<\/span><\/span>\r\n<span role=\"presentation\">systemctl status containerd<\/span>\r\n \r\n<span role=\"presentation\"><span class=\"cm-comment\"># 5.3 \u67e5\u770bcontainerd\u7684\u7248\u672c<\/span><\/span>\r\n<span role=\"presentation\">ctr version<\/span>\r\n\r\n<\/div><\/div><\/pre>\n<pre class=\"code\">-------------------------\u914d\u7f6edocker\uff08\u4e0b\u8ff0\u5185\u5bb9\u4e0d\u7528\u64cd\u4f5c\uff0c\u56e0\u4e3ak8s1.30\u76f4\u63a5\u5bf9\u63a5containerd\uff09\r\n# 1\u3001\u914d\u7f6edocker\r\n# \u4fee\u6539\u914d\u7f6e\uff1a\u9a71\u52a8\u4e0ekubelet\u4fdd\u6301\u4e00\u81f4\uff0c\u5426\u5219\u4f1a\u540e\u671f\u65e0\u6cd5\u542f\u52a8kubelet\r\ncat &gt; \/etc\/docker\/daemon.json &lt;&lt; \"EOF\"\r\n{\r\n\"exec-opts\": [\"native.cgroupdriver=systemd\"],\r\n\"registry-mirrors\":[\"https:\/\/reg-mirror.qiniu.com\/\"]\r\n}\r\nEOF\r\n\r\n# 2\u3001\u91cd\u542fdocker\r\nsystemctl restart docker.service\r\nsystemctl enable docker.service\r\n\r\n# 3\u3001\u67e5\u770b\u9a8c\u8bc1\r\n[root@k8s-master-01 ~]# docker info |grep -i cgroup\r\nCgroup Driver: systemd\r\nCgroup Version: 1<\/pre>\n<h1>\u56db\u3001\u5b89\u88c5k8s<\/h1>\n<p>\u5b98\u7f51\uff1ahttps:\/\/kubernetes.io\/zh-cn\/docs\/reference\/setup-tools\/kubeadm\/kubeadm-init\/<\/p>\n<h2>1\u3001\u4e09\u53f0\u673a\u5668\u51c6\u5907k8s\u6e90<\/h2>\n<pre lang=\"\" spellcheck=\"false\"><span role=\"presentation\">cat &gt; \/etc\/yum.repos.d\/kubernetes.repo &lt;&lt; \"EOF\" \r\n[kubernetes] \r\nname=Kubernetes \r\nbaseurl=https:\/\/mirrors.aliyun.com\/kubernetes-new\/core\/stable\/v1.30\/rpm\/ \r\nenabled=1 \r\ngpgcheck=1 \r\ngpgkey=https:\/\/mirrors.aliyun.com\/kubernetes-new\/core\/stable\/v1.30\/rpm\/repodata\/repomd.xml.key \r\nEOF\r\n<\/span>\r\n# \u53c2\u8003\uff1ahttps:\/\/developer.aliyun.com\/mirror\/kubernetes\/\r\n<span role=\"presentation\">setenforce 0\r\n<\/span><span role=\"presentation\">yum install -y kubelet-1.30* kubeadm-1.30* kubectl-1.30*\r\n<\/span><span role=\"presentation\">systemctl enable kubelet &amp;&amp; systemctl start kubelet &amp;&amp; systemctl status kubelet<\/span><\/pre>\n<h2>2\u3001\u4e3b\u8282\u70b9\u64cd\u4f5c\uff08node\u8282\u70b9\u4e0d\u6267\u884c\uff09<\/h2>\n<pre id=\"header-id-37\">\u521d\u59cb\u5316master\u8282\u70b9(\u4ec5\u5728master\u8282\u70b9\u4e0a\u6267\u884c)\uff1a \r\n# \u53ef\u4ee5kubeadm config images list\u67e5\u770b\r\n[root@k8s-master-01 ~]# kubeadm config images list\r\nregistry.k8s.io\/kube-apiserver:v1.30.0\r\nregistry.k8s.io\/kube-controller-manager:v1.30.0\r\nregistry.k8s.io\/kube-scheduler:v1.30.0\r\nregistry.k8s.io\/kube-proxy:v1.30.0\r\nregistry.k8s.io\/coredns\/coredns:v1.11.1\r\nregistry.k8s.io\/pause:3.9\r\nregistry.k8s.io\/etcd:3.5.12-0\r\n<\/pre>\n<p>&nbsp;<\/p>\n<p>\u90e8\u7f72\u65b9\u6cd5\u4e00\uff1a\u5148\u751f\u6210\u914d\u7f6e\u6587\u4ef6\uff0c\u7f16\u8f91\u4fee\u6539\u540e\uff0c\u518d\u90e8\u7f72\uff08\u63a8\u8350\uff0c\u56e0\u4e3a\u9ad8\u7ea7\u914d\u7f6e\u53ea\u80fd\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u6307\u5b9a\uff0c\u65b9\u6848\u4e8c\u76f4\u63a5\u7528kubeadm init\u5219\u65e0\u6cd5\u6307\u5b9a\uff0c\u4f8b\u5982\u914d\u7f6e\u4f7f\u7528ipvs\u6a21\u5f0f\uff09<\/p>\n<div  class='collapse-block shadow-sm collapse-block-transparent collapsed hide-border-left'><div class='collapse-block-title'><span class='collapse-block-title-inner'>kubeadm.yaml\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b+\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u90e8\u7f72<\/span><i class='collapse-icon fa fa-angle-down'><\/i><\/div><div class='collapse-block-body' style='display:none;'><\/p>\n<p>kubeadm config print init-defaults &gt; kubeadm.yaml # \u5148\u751f\u6210\u914d\u7f6e\u6587\u4ef6\uff0c\u5185\u5bb9\u53ca\u4fee\u6539\u5982\u4e0b<\/p>\n<pre>apiVersion: kubeadm.k8s.io\/v1beta3\r\nbootstrapTokens:\r\n- groups:\r\n  - system:bootstrappers:kubeadm:default-node-token\r\n  token: abcdef.0123456789abcdef\r\n  ttl: 24h0m0s\r\n  usages:\r\n  - signing\r\n  - authentication\r\nkind: InitConfiguration\r\nlocalAPIEndpoint:\r\n  advertiseAddress: 192.168.71.12 #\u63a7\u5236\u8282\u70b9\u7684ip\r\n  bindPort: 6443\r\nnodeRegistration:\r\n  criSocket: unix:\/\/\/var\/run\/containerd\/containerd.sock #\u6307\u5b9acontainerd\u5bb9\u5668\u8fd0\u884c\u65f6\r\n  imagePullPolicy: IfNotPresent\r\n  name: k8s-master-01\r\n  taints: null\r\n---\r\napiServer:\r\n  timeoutForControlPlane: 4m0s\r\napiVersion: kubeadm.k8s.io\/v1beta3\r\ncertificatesDir: \/etc\/kubernetes\/pki\r\nclusterName: kubernetes\r\ncontrollerManager: {}\r\ndns: {}\r\netcd:\r\n  local:\r\n    dataDir: \/var\/lib\/etcd\r\nimageRepository: registry.cn-hangzhou.aliyuncs.com\/google_containers # \u6362\u6210\u963f\u91cc\u4e91\u955c\u50cf\u4ed3\u5e93\u5730\u5740\r\nkind: ClusterConfiguration\r\nkubernetesVersion: 1.30.0  # \u6307\u5b9ak8s\u7248\u672c\r\nnetworking:\r\n  dnsDomain: cluster.local\r\n  serviceSubnet: 10.96.0.0\/12 # \u6307\u5b9aService\u7f51\u6bb5\r\n  podSubnet: 10.244.0.0\/16 # \u589e\u52a0\u4e00\u884c\uff0c\u6307\u5b9apod\u7f51\u6bb5\r\nscheduler: {}\r\n\r\n#\u5728\u6587\u4ef6\u6700\u540e\uff0c\u63d2\u5165\u4ee5\u4e0b\u5185\u5bb9\uff0c\uff08\u590d\u5236\u65f6\uff0c\u8981\u5e26\u7740---\uff09\uff1a\r\n---\r\napiVersion: kubeproxy.config.k8s.io\/v1alpha1\r\nkind: KubeProxyConfiguration\r\nmode: ipvs # \u8868\u793akube-proxy\u4ee3\u7406\u6a21\u5f0f\u662fipvs\uff0c\u5982\u679c\u4e0d\u6307\u5b9aipvs\uff0c\u4f1a\u9ed8\u8ba4\u4f7f\u7528iptables\uff0c\u4f46\u662fiptables\u6548\u7387\u4f4e\uff0c\u6240\u4ee5\u6211\u4eec\u751f\u4ea7\u73af\u5883\u5efa\u8bae\u5f00\u542fipvs\uff0c\u963f\u91cc\u4e91\u548c\u534e\u4e3a\u4e91\u6258\u7ba1\u7684K8s\uff0c\u4e5f\u63d0\u4f9bipvs\u6a21\u5f0f\r\n---\r\napiVersion: kubelet.config.k8s.io\/v1beta1\r\nkind: KubeletConfiguration\r\ncgroupDriver: systemd\r\n\r\n<\/pre>\n<p>\u90e8\u7f72<\/p>\n<pre>[root@k8s-master-01 ~]# kubeadm init --config=kubeadm.yaml --ignore-preflight-errors=SystemVerification --ignore-preflight-errors=Swap\r\n<\/pre>\n<p><\/div><\/div>\n<p>\u90e8\u7f72\u65b9\u6848\u4e8c\uff1a\u76f4\u63a5\u547d\u4ee4\u884c\u6572\u547d\u4ee4\uff08\u547d\u4ee4\u884c\u4e0d\u80fd\u6307\u5b9a\u7528\u4ec0\u4e48\u6a21\u5f0f\uff0c\u53ea\u80fd\u7528\u9ed8\u8ba4\u4e3aiptables\u6a21\u5f0f\uff09<\/p>\n<div  class='collapse-block shadow-sm collapse-block-transparent collapsed hide-border-left'><div class='collapse-block-title'><span class='collapse-block-title-inner'>\u547d\u4ee4\u884c\u91cc\u76f4\u63a5kubeadm init\u90e8\u7f72<\/span><i class='collapse-icon fa fa-angle-down'><\/i><\/div><div class='collapse-block-body' style='display:none;'><\/p>\n<pre id=\"header-id-37\"># \u521d\u59cb\u5316\r\nkubeadm init \\\r\n--image-repository=registry.cn-hangzhou.aliyuncs.com\/google_containers \\\r\n--kubernetes-version=v1.30.0 \\\r\n--service-cidr=10.96.0.0\/12 \\\r\n--pod-network-cidr=10.244.0.0\/16\r\n\r\n# \u4e5f\u53ef\u4ee5\u4f7f\u7528\r\n--image-repository=registry.cn-hangzhou.aliyuncs.com\/k8sos # \u8001\u7248\u672c\u7684\u53ef\u4ee5\u7528\uff0c \u65b0\u7248\u672c\u4e0d\u884c\r\n# \u53ef\u9009\u9879\uff1a--apiserver-advertise-address=192.168.71.12 # \u5982\u679c\u662f\u9ad8\u53ef\u7528\u90e8\u7f72\uff0c\u90a3\u8be5\u5730\u5740\u6307\u5411vip\u5730\u5740\u5373\u53ef<\/pre>\n<p><\/div><\/div>\n<p>\u7ed3\u679c<\/p>\n<pre class=\"code\">\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\u3002\r\n<span style=\"background-color: #ff0000;\">Your Kubernetes control-plane has initialized successfully!<\/span>\r\n\r\nTo start using your cluster, you need to run the following as a regular user:\r\n\r\n<span style=\"background-color: #ff0000;\">  mkdir -p $HOME\/.kube\r\n  sudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\r\n  sudo chown $(id -u):$(id -g) $HOME\/.kube\/config<\/span>\r\n\r\nAlternatively, if you are the root user, you can run:\r\n\r\n  <span style=\"background-color: #ff0000;\">export KUBECONFIG=\/etc\/kubernetes\/admin.conf<\/span>\r\n\r\nYou should now deploy a pod network to the cluster.\r\nRun \"kubectl apply -f [podnetwork].yaml\" with one of the options listed at:\r\n  https:\/\/kubernetes.io\/docs\/concepts\/cluster-administration\/addons\/\r\n\r\nThen you can join any number of worker nodes by running the following on each as root:\r\n\r\n<span style=\"background-color: #ff0000;\">kubeadm join 192.168.71.12:6443 --token 9hovhy.vxm1l7zs16zr53ve \\\r\n\t--discovery-token-ca-cert-hash sha256:3b210d53b7f26a43ccf251cfb9f809f280048ab70bf5c1458c69586ed0eb9905<\/span>\r\n<\/pre>\n<p>&nbsp;<\/p>\n<p>\u67e5\u770bnode\uff1a\u00a0<span style=\"text-decoration: underline;\">\u6700\u5f00\u59cb\u65f6NotReady\u72b6\u6001\u6b63\u5e38\uff0c\u56e0\u4e3a\u7f51\u7edc\u7ec4\u4ef6\u6ca1\u6709\u90e8\u7f72ok<\/span><\/p>\n<pre class=\"code\">[root@k8s-master-01 ~]# kubectl get nodes\r\nNAME STATUS ROLES AGE VERSION\r\nk8s-master-01 <span style=\"background-color: #ff0000;\">NotReady<\/span> control-plane 4m26s v1.30.0\r\n\r\n[root@k8s-master-01 ~]# kubectl -n kube-system get pods\r\nNAME READY STATUS RESTARTS AGE\r\ncoredns-7c445c467-mfls7 0\/1 <span style=\"background-color: #ff0000;\">Pending<\/span> 0 6m30s\r\ncoredns-7c445c467-zvkkw 0\/1 <span style=\"background-color: #ff0000;\">Pending<\/span> 0 6m30s\r\netcd-k8s-master-01 1\/1 Running 0 6m44s\r\nkube-apiserver-k8s-master-01 1\/1 Running 0 6m44s\r\nkube-controller-manager-k8s-master-01 1\/1 Running 0 6m44s\r\nkube-proxy-jhxrd 1\/1 Running 0 109s\r\nkube-proxy-nh7tj 1\/1 Running 0 33s\r\nkube-proxy-q92mx 1\/1 Running 0 6m30s\r\nkube-scheduler-k8s-master-01 1\/1 Running 0 6m44s\r\n\r\n<\/pre>\n<h2>3\u3001\u52a0\u5165node\u8282\u70b9<\/h2>\n<p>\u53bb\u53e6\u5916\u4e24\u4e2anode\u8282\u70b9\u4e0a\u6267\u884c<\/p>\n<pre class=\"code\"> kubeadm join 192.168.71.12:6443 --token 9hovhy.vxm1l7zs16zr53ve \\\r\n--discovery-token-ca-cert-hash sha256:3b210d53b7f26a43ccf251cfb9f809f280048ab70bf5c1458c69586ed0eb9905<\/pre>\n<h2>4\u3001\u90e8\u7f72\u7f51\u7edc\u63d2\u4ef6<\/h2>\n<p>\u4e0b\u8f7d\u7f51\u7edc\u63d2\u4ef6<\/p>\n<pre class=\"code\"> wget\u00a0<a href=\"https:\/\/github.com\/flannel-io\/flannel\/releases\/latest\/download\/kube-flannel.yml\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/flannel-io\/flannel\/releases\/latest\/download\/kube-flannel.yml<\/a>\r\n\r\n[root@master01 flannel]# vim kube-flannel.yml \r\n\r\napiVersion: v1\r\ndata:\r\n  ...\r\n  net-conf.json: |\r\n    {\r\n      \"Network\": \"10.244.0.0\/16\", # \u4e0e--pod-network-cidr\u4fdd\u6301\u4e00\u81f4\r\n      \"Backend\": {\r\n        \"Type\": \"vxlan\"\r\n      }\r\n    }<\/pre>\n<div  class='collapse-block shadow-sm collapse-block-transparent collapsed hide-border-left'><div class='collapse-block-title'><span class='collapse-block-title-inner'>kube-flannel.yml<\/span><i class='collapse-icon fa fa-angle-down'><\/i><\/div><div class='collapse-block-body' style='display:none;'><\/p>\n<pre class=\"code\">[root@k8s-master-01 ~]# cat kube-flannel.yml \r\napiVersion: v1\r\nkind: Namespace\r\nmetadata:\r\n  labels:\r\n    k8s-app: flannel\r\n    pod-security.kubernetes.io\/enforce: privileged\r\n  name: kube-flannel\r\n---\r\napiVersion: v1\r\nkind: ServiceAccount\r\nmetadata:\r\n  labels:\r\n    k8s-app: flannel\r\n  name: flannel\r\n  namespace: kube-flannel\r\n---\r\napiVersion: rbac.authorization.k8s.io\/v1\r\nkind: ClusterRole\r\nmetadata:\r\n  labels:\r\n    k8s-app: flannel\r\n  name: flannel\r\nrules:\r\n- apiGroups:\r\n  - \"\"\r\n  resources:\r\n  - pods\r\n  verbs:\r\n  - get\r\n- apiGroups:\r\n  - \"\"\r\n  resources:\r\n  - nodes\r\n  verbs:\r\n  - get\r\n  - list\r\n  - watch\r\n- apiGroups:\r\n  - \"\"\r\n  resources:\r\n  - nodes\/status\r\n  verbs:\r\n  - patch\r\n- apiGroups:\r\n  - networking.k8s.io\r\n  resources:\r\n  - clustercidrs\r\n  verbs:\r\n  - list\r\n  - watch\r\n---\r\napiVersion: rbac.authorization.k8s.io\/v1\r\nkind: ClusterRoleBinding\r\nmetadata:\r\n  labels:\r\n    k8s-app: flannel\r\n  name: flannel\r\nroleRef:\r\n  apiGroup: rbac.authorization.k8s.io\r\n  kind: ClusterRole\r\n  name: flannel\r\nsubjects:\r\n- kind: ServiceAccount\r\n  name: flannel\r\n  namespace: kube-flannel\r\n---\r\napiVersion: v1\r\ndata:\r\n  cni-conf.json: |\r\n    {\r\n      \"name\": \"cbr0\",\r\n      \"cniVersion\": \"0.3.1\",\r\n      \"plugins\": [\r\n        {\r\n          \"type\": \"flannel\",\r\n          \"delegate\": {\r\n            \"hairpinMode\": true,\r\n            \"isDefaultGateway\": true\r\n          }\r\n        },\r\n        {\r\n          \"type\": \"portmap\",\r\n          \"capabilities\": {\r\n            \"portMappings\": true\r\n          }\r\n        }\r\n      ]\r\n    }\r\n  net-conf.json: |\r\n    {\r\n      \"Network\": \"10.244.0.0\/16\",\r\n      \"Backend\": {\r\n        \"Type\": \"vxlan\"\r\n      }\r\n    }\r\nkind: ConfigMap\r\nmetadata:\r\n  labels:\r\n    app: flannel\r\n    k8s-app: flannel\r\n    tier: node\r\n  name: kube-flannel-cfg\r\n  namespace: kube-flannel\r\n---\r\napiVersion: apps\/v1\r\nkind: DaemonSet\r\nmetadata:\r\n  labels:\r\n    app: flannel\r\n    k8s-app: flannel\r\n    tier: node\r\n  name: kube-flannel-ds\r\n  namespace: kube-flannel\r\nspec:\r\n  selector:\r\n    matchLabels:\r\n      app: flannel\r\n      k8s-app: flannel\r\n  template:\r\n    metadata:\r\n      labels:\r\n        app: flannel\r\n        k8s-app: flannel\r\n        tier: node\r\n    spec:\r\n      affinity:\r\n        nodeAffinity:\r\n          requiredDuringSchedulingIgnoredDuringExecution:\r\n            nodeSelectorTerms:\r\n            - matchExpressions:\r\n              - key: kubernetes.io\/os\r\n                operator: In\r\n                values:\r\n                - linux\r\n      containers:\r\n      - args:\r\n        - --ip-masq\r\n        - --kube-subnet-mgr\r\n        command:\r\n        - \/opt\/bin\/flanneld\r\n        env:\r\n        - name: POD_NAME\r\n          valueFrom:\r\n            fieldRef:\r\n              fieldPath: metadata.name\r\n        - name: POD_NAMESPACE\r\n          valueFrom:\r\n            fieldRef:\r\n              fieldPath: metadata.namespace\r\n        - name: EVENT_QUEUE_DEPTH\r\n          value: \"5000\"\r\n        image: docker.io\/flannel\/flannel:v0.25.1\r\n        name: kube-flannel\r\n        resources:\r\n          requests:\r\n            cpu: 100m\r\n            memory: 50Mi\r\n        securityContext:\r\n          capabilities:\r\n            add:\r\n            - NET_ADMIN\r\n            - NET_RAW\r\n          privileged: false\r\n        volumeMounts:\r\n        - mountPath: \/run\/flannel\r\n          name: run\r\n        - mountPath: \/etc\/kube-flannel\/\r\n          name: flannel-cfg\r\n        - mountPath: \/run\/xtables.lock\r\n          name: xtables-lock\r\n      hostNetwork: true\r\n      initContainers:\r\n      - args:\r\n        - -f\r\n        - \/flannel\r\n        - \/opt\/cni\/bin\/flannel\r\n        command:\r\n        - cp\r\n        image: docker.io\/flannel\/flannel-cni-plugin:v1.4.0-flannel1\r\n        name: install-cni-plugin\r\n        volumeMounts:\r\n        - mountPath: \/opt\/cni\/bin\r\n          name: cni-plugin\r\n      - args:\r\n        - -f\r\n        - \/etc\/kube-flannel\/cni-conf.json\r\n        - \/etc\/cni\/net.d\/10-flannel.conflist\r\n        command:\r\n        - cp\r\n        image: docker.io\/flannel\/flannel:v0.25.1\r\n        name: install-cni\r\n        volumeMounts:\r\n        - mountPath: \/etc\/cni\/net.d\r\n          name: cni\r\n        - mountPath: \/etc\/kube-flannel\/\r\n          name: flannel-cfg\r\n      priorityClassName: system-node-critical\r\n      serviceAccountName: flannel\r\n      tolerations:\r\n      - effect: NoSchedule\r\n        operator: Exists\r\n      volumes:\r\n      - hostPath:\r\n          path: \/run\/flannel\r\n        name: run\r\n      - hostPath:\r\n          path: \/opt\/cni\/bin\r\n        name: cni-plugin\r\n      - hostPath:\r\n          path: \/etc\/cni\/net.d\r\n        name: cni\r\n      - configMap:\r\n          name: kube-flannel-cfg\r\n        name: flannel-cfg\r\n      - hostPath:\r\n          path: \/run\/xtables.lock\r\n          type: FileOrCreate\r\n        name: xtables-lock\r\n\r\n<\/pre>\n<p><\/div><\/div>\n<p>\u90e8\u7f72\uff08\u5728master01\u4e0a\u5373\u53ef\uff09<\/p>\n<pre class=\"code\">kubectl -n kube-flannel get pods\r\nkubectl -n kube-flannel get pods -w\r\n[root@k8s-master-01 ~]# kubectl get nodes # \u5168\u90e8ready\r\n[root@k8s-master-01 ~]# kubectl -n kube-system get pods # \u4e24\u4e2acoredns\u7684pod\u4e5f\u90fdready<\/pre>\n<h2>5\u3001\u90e8\u7f72kubectl\u547d\u4ee4\u63d0\u793a\uff08\u5728\u6240\u6709\u8282\u70b9\u6267\u884c\uff09<\/h2>\n<pre class=\"code\">yum install bash-completion* -y\r\n\r\nkubectl completion bash &gt; ~\/.kube\/completion.bash.inc\r\necho \"source '$HOME\/.kube\/completion.bash.inc'\" &gt;&gt; $HOME\/.bash_profile\r\nsource $HOME\/.bash_profile\r\n<\/pre>\n<h2>6\u3001\u5176\u4ed6<\/h2>\n<div  class='collapse-block shadow-sm collapse-block-transparent collapsed hide-border-left'><div class='collapse-block-title'><span class='collapse-block-title-inner'>kubeadm init\u8fc7\u7a0b\u4e2d\u5e38\u89c1\u95ee\u9898\u5904\u7406<\/span><i class='collapse-icon fa fa-angle-down'><\/i><\/div><div class='collapse-block-body' style='display:none;'><\/p>\n<p>\uff081\uff09\u7f3a\u5c11\u9ed8\u8ba4\u8def\u7531<br \/>\nroute add default gw xxx.xxx.xxx.xxx dev \u7f51\u5361\u540d<br \/>\n\uff082\uff09\u63d0\u793awarning\u4fe1\u606f\u8bf4proxy\u4ee3\u7406\u95ee\u9898\uff0c\u4f1a\u5f71\u54cd\u5b89\u88c5\uff0c\u5728scheduler\u7b49\u7ec4\u4ef6\u91cc\u4f1a\u62a5Forbidden\u9519\u8bef\uff0c\u53bb\u6389\u8be5warnning\u4fe1\u606f\u5982\u4e0b<\/p>\n<pre><code class=\"language-yaml\"># \u6b65\u9aa41\r\nvim \/etc\/profile\r\nexport no_proxy=127.0.0.1,\u672c\u673aip\u5730\u5740\r\n\r\n# \u6b65\u9aa42\r\nsource \/etc\/profile<\/code><\/pre>\n<p>\uff083\uff09kubeadm\u9ed8\u8ba4\u955c\u50cf\u62c9\u53d6\u5730\u5740\u4e3ak8s.gcr.io\uff0c\u8bf7\u4f7f\u7528\u6307\u5b9a\u4ed3\u5e93<\/p>\n<p>\uff084\uff09\u9a71\u52a8\u4e0d\u5339\u914d\u95ee\u9898\uff0csystemd<br \/>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/egonlin.com\/wp-content\/uploads\/2022\/04\/kubeadm\u5b89\u88c5k8s7.png'><img class=\"lazyload lazyload-style-2\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  data-original=\"https:\/\/egonlin.com\/wp-content\/uploads\/2022\/04\/kubeadm\u5b89\u88c5k8s7.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div><\/p>\n<p>\u6b65\u9aa41\u3001\u4fee\u6539docker\u914d\u7f6e\uff0c\u5e76\u91cd\u590d\u670d\u52a1<\/p>\n<pre><code class=\"language-yaml\">\u7f16\u8f91\/etc\/docker\/daemon.json\u65b0\u589e\u914d\u7f6e\uff0c\u91cd\u542fdocker\r\n{\r\n......\r\n\"exec-opts\": [\"native.cgroupdriver=systemd\"],\r\n......\r\n}\r\n\u6ce8\u610f\uff01\uff01\uff01\uff1adaemon.json\u4e2dlive-restore: true\u7684\u60c5\u51b5\u4e0b\u624d\u53ef\u4ee5\u91cd\u542fdocker\uff0c\u5426\u5219\u4f1a\u5bfc\u81f4\u5bb9\u5668\u6302\u6389<\/code><\/pre>\n<p>\u6b65\u9aa42\u3001\u4fee\u6539kubelet\u914d\u7f6e<\/p>\n<pre><code class=\"language-yaml\">[root@jsswx191 ~]# vi \/var\/lib\/kubelet\/config.yaml\r\n......\r\ncgroupDriver: systemd\r\n\r\n[root@jsswx191 ~]# vi \/var\/lib\/kubelet\/kubeadm-flags.env\r\nKUBELET_KUBEADM_ARGS=\"--cgroup-driver=systemd --network-plugin=cni --pod-infra-container-image=k8s.gcr.io\/pause:3.1\"<\/code><\/pre>\n<p>\u6b65\u9aa43\u3001\u91cd\u590ddocker\u4e0ekubelet<\/p>\n<pre><code class=\"language-yaml\">systemctl daemon-reload\r\nsystemctl restart docker\r\nsystemctl restart kubelet<\/code><\/pre>\n<p>\u6b65\u9aa44\u3001\u68c0\u67e5swap\u662f\u5426\u5173\u95ed<\/p>\n<pre><code class=\"language-yaml\">swapoff -a<\/code><\/pre>\n<p>\u6b65\u9aa45\u3001\u6700\u540e\u3001\u68c0\u67e5<\/p>\n<pre><code class=\"language-yaml\">[root@jsswx191 ~]# docker info|grep \"Cgroup Driver\" \u662f\u5426\u8f93\u51fa Cgroup Driver: systemd\r\n\r\n[root@xxx ~]# ps aux |grep  \/usr\/bin\/kubelet |grep -v grep \r\n\r\nroot 581806 17.6 0.0 5633952 131056 ? Ssl 14:27 9:05 \/usr\/bin\/kubelet --bootstrap-kubeconfig=\/etc\/kubernetes\/bootstrap-kubelet.conf --kubeconfig=\/etc\/kubernetes\/kubelet.conf --config=\/var\/lib\/kubelet\/config.yaml --cgroup-driver=systemd --network-plugin=cni --pod-infra-container-image=k8s.gcr.io\/pause:3.1 --fail-swap-on=false<\/code><\/pre>\n<p>\uff085\uff09kubeadm init\u62c9\u8d77\u96c6\u7fa4\u8d85\u65f6\uff0cpause\u5bb9\u5668\u4e0d\u505c\u5730created\uff0c\u6709\u53ef\u80fddocker\u7684host\u7f51\u7edc\u7f3a\u5931\u95ee\u9898\uff0c\u6392\u9519\u65b9\u6cd5<\/p>\n<pre><code class=\"language-yaml\">docker container ls -a |grep pause\r\ndocker inspect \u5bb9\u5668ID\r\n\u5982\u679c\u53d1\u73b0docker\u7684host\u7f51\u7edc\u7f3a\u5931\u95ee\u9898\uff0c\u5bfc\u81f4pause\u5bb9\u5668\u521b\u5efa\u5931\u8d25\uff0c\u540e\u7eed\u7684\u7ec4\u4ef6\u5bb9\u5668\u90fd\u62c9\u4e0d\u8d77\u6765\uff0c\u9700\u8981\u624b\u52a8\u91cd\u5efadocker\u7f51\u7edc<\/code><\/pre>\n<p>\uff086\uff09kubectl\u547d\u4ee4\u4e0d\u53ef\u7528<\/p>\n<pre><code class=\"language-yaml\">cat \/etc\/profile\r\nls \/etc\/profile.d\/ \u4e0b\u6709\u4e00\u7cfb\u5217\u811a\u672c\u6587\u4ef6\uff0c\u53ef\u80fd\u5bf9kubectl\u505a\u4e86\u522b\u540d\uff0c\u89e3\u51b3\u65b9\u5f0f\u89c1\u56fe\r\n<\/code><\/pre>\n<p>\uff087\uff09kubeadm init\u521b\u5efa\u5b8c\u96c6\u7fa4\u540e\uff0c\u6709pod\u4e00\u76f4\u662fpending\u72b6\u6001<\/p>\n<pre><code class=\"language-yaml\">kubectl describe pod\u5982\u679c\u53d1\u73b0\u95ee\u9898\r\n3 node(s) had taints that the pod didn't tolerate.\r\n\r\nkubernetes\u51fa\u4e8e\u5b89\u5168\u8003\u8651\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u65e0\u6cd5\u5728master\u8282\u70b9\u4e0a\u90e8\u7f72pod\uff0c\u4e8e\u662f\u7528\u4e0b\u9762\u65b9\u6cd5\u53bb\u6389master\u8282\u70b9\u7684\u6c61\u70b9\uff1a\r\nkubectl taint nodes --all node-role.kubernetes.io\/master-<\/code><\/pre>\n<p>\uff088\uff09etcd\u5bb9\u5668\u6302\u6389\uff0c\u8fdb\u800c\u5bfc\u81f4apiserver\u6302\u6389\uff1a\u5efa\u8bae\u5148docker inspect \u5bb9\u5668ID\u67e5\u770b\uff0c\u4e00\u4e2a\u53ef\u80fd\u7684\u539f\u56e0\u662f<\/p>\n<pre><code>apiserver\u76d1\u542c\u5730\u5740\u4e0d\u5bf9\uff0c\u8bf7\u68c0\u67e5\/etc\/hosts\u6587\u4ef6\u4e2d\u914d\u7f6e\u7684\u5730\u5740\u662f\u5426\u53ef\u4ee5ping\u901a\uff0c\u7136\u540ekubeadm reset -f\uff0c\u91cd\u65b0kubeadm init ...<\/code><\/pre>\n<p>\uff089\uff09\u786c\u76d8\u8d44\u6e90\u4e0d\u591f\u7528<\/p>\n<pre><code class=\"language-yaml\">systemctl status kubelet # \u62a5\u9519\uff1amust evict pod(s) to reclaim ephemeral-storage\r\ndf -Th\u67e5\u770b\u4e00\u4e0b\u5269\u4f59\u78c1\u76d8\u5bb9\u91cf\r\n\u5982\u679c\/etc\/docker\/daemon.json\u5185\u914d\u7f6e\u4e86live-restore: true\uff0c\u5219\u53ef\u4ee5\u653e\u5fc3\u8fdb\u884c\u4e0b\u8ff0\u6b65\u9aa4\uff0c\u89e3\u51b3\u5b8c\u6bd5\u540e\u91cd\u65b0kubeadm init...\uff0c\u5426\u5219\u91cd\u542fdocker\u4f1a\u6302\u6389\u5bb9\u5668\uff0c\u6b64\u65f6\u5219\u9700\u8981\u4e0e\u56e2\u961f\u540c\u4e8b\u6c9f\u901a\u662f\u5426\u53ef\u4ee5\u540e\u624d\u53ef\u8fdb\u884c\u64cd\u4f5c\r\n1\u3001\u5236\u4f5c\u65b0\u76d8\u6302\u8f7d\u5230\/data\u76ee\u5f55\uff0c\u6ce8\u610f\u6587\u4ef6\u7cfb\u7edf\u683c\u5f0f\u4e0edocker\u539f\u955c\u50cf\u76ee\u5f55\/var\/lib\/docker\u4fdd\u6301\u4e00\u81f4\r\n2\u3001systemctl stop docker\r\n3\u3001mv \/var\/lib\/docker \/data\/\r\n4\u3001ln -s \/data\/docker \/var\/lib\/docker\r\n5\u3001systemctl start docker<\/code><\/pre>\n<p>\uff0810\uff09\u62a5\u9519\uff0c\u63d0\u793a\u7aef\u53e3\u8303\u56f4\u95ee\u9898<\/p>\n<pre><code class=\"language-yaml\"># kubeadm \u66f4\u6539NodePort\u7aef\u53e3\u8303\u56f4\r\nkubernetes\u9ed8\u8ba4\u7aef\u53e3\u53f7\u8303\u56f4\u662f 30000-32767 \uff0c\u5982\u679c\u671f\u671b\u503c\u4e0d\u662f\u8fd9\u4e2a\u533a\u95f4\u5219\u9700\u8981\u66f4\u6539\u3002\r\n1\u3001\u627e\u5230\u914d\u7f6e\u6587\u4ef6\u91cc\uff0c\u4e00\u822c\u7684\u5728\u8fd9\u4e2a\u6587\u4ef6\u5939\u4e0b\uff1a \/etc\/kubernetes\/manifests\/\r\n2\u3001\u627e\u5230\u6587\u4ef6\u540d\u4e3akube-apiserver.yaml \u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u80fd\u662fjson\u683c\u5f0f\r\n3\u3001\u7f16\u8f91\u6dfb\u52a0\u914d\u7f6e service-node-port-range=1024-65535\uff0c\u5982\u4e0b\u56fe\u6240\u793a\r\n<\/code><\/pre>\n<p>\uff0811\uff09kubectl get pods\u65f6\u62a5\u9519\uff0c\u6307\u5411\u4e00\u4e2a\u672a\u77e5\u7684ip\u5730\u5740<\/p>\n<pre><code class=\"language-yaml\"># \u62a5\u9519\u4fe1\u606f\u5982\u4e0b\r\n[xxx@xxx ~]$ kubectl get pods\r\nThe connection to the server 172.111.66.53:6443 was refused - did you specify the right host or port?\r\n\r\n# \u53ef\u80fd\u662f\u7cfb\u7edf\u73af\u5883\u88ab\u8bbe\u7f6e\u8fc7\u73af\u5883\u53d8\u91cf\uff0c\u53ef\u4ee5\u67e5\u770b\u4e00\u4e0b\r\nenv |grep -i proxy\r\n\r\n# \u7136\u540e\r\nunset http_proxy\r\nunset https_proxy\r\n\r\n# \u6700\u540e\u627e\u5230\u73af\u5883\u53d8\u91cf\u914d\u7f6e\u7684\u5730\u65b9\u4fee\u6539\r\nvi \/etc\/profile\r\n...\r\n\r\nsource \/etc\/profile<\/code><\/pre>\n<p>\uff0812\uff09\u6392\u9519\u547d\u4ee4\u6c47\u603b\uff1a<\/p>\n<pre><code class=\"language-yaml\">systemctl status kubelet\r\nsystemctl status docker\r\ndocker container ls \uff5c grep k8s\u5404\u4e2a\u7ec4\u4ef6\u7684\u5bb9\u5668 # \u6bcf\u4e2a\u5bb9\u5668\u90fd\u642d\u914d\u4e00\u4e2apause\u5bb9\u5668\r\ntail -f \/var\/log\/messages\r\n\r\n\u67e5\u770bdocker\\kubelet\u670d\u52a1\u65e5\u5fd7\r\n\u67e5\u770b\u6240\u6709\u65e5\u5fd7\uff1ajournalctl -u docker --no-pager\r\n\u67e5\u770b\u6700\u8fd1200\u6761\u65e5\u5fd7\u3010\u5206\u9875\u3011\uff1ajournalctl -u docker -n 200\r\n\u67e5\u770b\u6700\u8fd1200\u6761\u65e5\u5fd7\u3010\u4e0d\u5206\u9875\u3011\uff1ajournalctl -u docker -n 200 --no-pager\r\n\r\ndocker container ls -a | grep pause\r\ndocker inspect \u5bb9\u5668id\r\ndocker logs \u5bb9\u5668id<\/code><\/pre>\n<p>\uff0813\uff09\u6e05\u7406\u96c6\u7fa4\uff0c\u7136\u540e\u91cd\u65b0kubeadm init &#8230;<\/p>\n<pre><code class=\"language-yaml\">kubeadm reset -f\r\nrm -rf ~\/.kube\/\r\nrm -rf \/etc\/kubernetes\/\r\nrm -rf \/etc\/cni\r\nrm -rf \/opt\/cni\r\nrm -rf \/var\/lib\/etcd\r\nrm -rf \/var\/etcd\r\n\r\n\u9009\u505a\u9879\r\nyum clean all\r\nyum remove kube*\r\nrm -rf \/etc\/systemd\/system\/kubelet.service.d\r\nrm -rf \/etc\/systemd\/system\/kubelet.service\r\nrm -rf \/usr\/bin\/kube*<\/code><\/pre>\n<p><\/div><\/div>\n<h1>\u4e94\u3001\u94f2\u6389k8s\u73af\u5883\u91cd\u65b0\u90e8\u7f72<\/h1>\n<p>\u9047\u5230\u90e8\u7f72\u9519\u8bef\uff0c\u53ef\u4ee5\u94f2\u6389\u6574\u4e2ak8s\u73af\u5883\u7136\u540e\u91cd\u65b0\u90e8\u7f72\uff08\u672c\u6587\u7b2c\u4e09\u7ae0\u8282\u524d\u7684\u64cd\u4f5c\u4e0d\u6e05\u7406\uff0c\u4e0b\u8ff0\u6307\u4ee4\u6e05\u7406\u7684\u77e5\u8bc6\u7b2c\u56db\u7ae0\u8282\u7684\u5185\u5bb9\uff09<\/p>\n<pre class=\"code\"># ==============================\u300b\u94f2\u6389\r\n# \u5728master\u8282\u70b9\u4e0a\r\nkubeadm reset -f\r\n\r\n\r\n# \u5728\u6240\u6709\u8282\u70b9\u5305\u62ecmaster\u8282\u70b9\u5728\u5185\u4e0a\u6267\u884c\u5982\u4e0b\u547d\u4ee4\r\ncd \/tmp # \u6709\u65f6\u5019\u5728\u5f53\u524d\u76ee\u5f55\u4e0b\u53ef\u80fd\u4e0e\u8981\u5378\u8f7d\u7684\u5305\u91cd\u540d\u7684\u800c\u5bfc\u81f4\u5378\u8f7d\u62a5\u9519\uff0c\u53ef\u4ee5\u5207\u4e2a\u76ee\u5f55\r\nrm -rf ~\/.kube\/\r\nrm -rf \/etc\/kubernetes\/\r\nrm -rf \/etc\/cni\r\nrm -rf \/opt\/cni\r\nrm -rf \/var\/lib\/etcd\r\nrm -rf \/var\/etcd\r\n\r\n\r\nrm -rf \/run\/flannel\r\nrm -rf \/opt\/cni\r\nrm -rf \/etc\/cni\/net.d\r\nrm -rf \/run\/xtables.lock\r\n\r\n\r\nsystemctl stop kubelet\r\nyum remove kube* -y\r\n\r\nfor i in `df |grep kubelet |awk '{print $NF}'`;do umount -l $i ;done # \u5148\u5378\u8f7d\u6240\u6709kubelet\u6302\u8f7d\u5426\u5219\u4e0b\u6761\u547d\u4ee4\u65e0\u6cd5\u5220\u9664\r\nrm -rf \/var\/lib\/kubelet\r\nrm -rf \/etc\/systemd\/system\/kubelet.service.d\r\nrm -rf \/etc\/systemd\/system\/kubelet.service\r\nrm -rf \/usr\/bin\/kube*\r\n\r\niptables -F\r\n\r\nreboot # \u91cd\u65b0\u542f\u52a8\uff0c\u4ece\u5934\u518d\u6765\r\n\r\n\r\n\r\n\r\n# ==============================\u300b\u7136\u540e\u91cd\u65b0\u90e8\u7f72\r\n# \u7b2c\u4e00\u6b65\uff1a\u5728\u6240\u6709\u8282\u70b9\u6267\u884c\r\nyum install -y kubelet-1.30* kubeadm-1.30* kubectl-1.30*\r\nsystemctl enable kubelet &amp;&amp; systemctl start kubelet &amp;&amp; systemctl status kubelet\r\n\r\n\r\n\r\n# \u7b2c\u4e8c\u6b65\uff1a\u53ea\u5728master\u8282\u70b9\u4e0a\u6267\u884c\r\n\r\n[root@k8s-master-01 ~]# kubeadm init --config=kubeadm.yaml --ignore-preflight-errors=SystemVerification --ignore-preflight-errors=Swap\r\n\r\n\r\n# \u7b2c\u4e09\u6b65\uff1a\u90e8\u7f72\u7f51\u7edc\u63d2\u4ef6\r\nkubectl  apply -f kube-flannel.yml \r\n\r\n<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u65e7\u7248\u535a\u5ba2\uff1ahttps:\/\/egonlin.com\/?p=6618 \u4e00\u3001k8s\u5305yum\u6e90\u4ecb\u7ecd \u4e8c\u3001\u51c6\u5907\u5de5\u4f5c 0\u3001 [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/posts\/10762"}],"collection":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10762"}],"version-history":[{"count":35,"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/posts\/10762\/revisions"}],"predecessor-version":[{"id":11308,"href":"https:\/\/egonlin.com\/index.php?rest_route=\/wp\/v2\/posts\/10762\/revisions\/11308"}],"wp:attachment":[{"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10762"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10762"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/egonlin.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10762"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}