保姆级教程：在CentOS 7.9上用kubeadm 1.19.0一次成功初始化K8s集群（避坑`advertiseAddress`配置）

CentOS 7.9环境下一键部署Kubernetes 1.19集群全指南最近在帮朋友部署一套Kubernetes测试环境时发现网上很多教程都存在版本兼容性问题。特别是当使用CentOS 7.9搭配Kubernetes 1.19.0时稍有不慎就会掉进各种坑里。经过多次实践我总结出一套稳定可靠的部署方案特别适合需要快速搭建测试环境的开发者。1. 环境准备与系统配置在开始安装前我们需要确保基础环境符合Kubernetes 1.19.0的要求。CentOS 7.9作为长期支持版本提供了稳定的运行基础但仍需进行必要的系统调优。首先检查系统版本并更新所有包cat /etc/redhat-release sudo yum update -y关闭SELinux和防火墙生产环境请谨慎sudo setenforce 0 sudo sed -i s/^SELINUXenforcing$/SELINUXpermissive/ /etc/selinux/config sudo systemctl stop firewalld sudo systemctl disable firewalld配置系统内核参数并加载必要模块cat EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables 1 net.bridge.bridge-nf-call-iptables 1 net.ipv4.ip_forward 1 EOF sudo sysctl --system sudo modprobe br_netfilter配置正确的时区和时间同步sudo timedatectl set-timezone Asia/Shanghai sudo yum install -y ntpdate sudo ntpdate ntp.aliyun.com2. 容器运行时与Kubernetes组件安装Kubernetes 1.19.0官方推荐使用Docker 19.03.5作为容器运行时。这个版本组合经过充分测试稳定性有保障。安装Docker CE 19.03.5sudo yum install -y yum-utils device-mapper-persistent-data lvm2 sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo sudo yum install -y docker-ce-19.03.5 docker-ce-cli-19.03.5 containerd.io sudo systemctl enable docker sudo systemctl start docker配置Docker镜像加速和cgroup驱动sudo mkdir -p /etc/docker cat EOF | sudo tee /etc/docker/daemon.json { exec-opts: [native.cgroupdriversystemd], log-driver: json-file, log-opts: { max-size: 100m }, registry-mirrors: [https://registry.docker-cn.com] } EOF sudo systemctl daemon-reload sudo systemctl restart docker安装kubeadm、kubelet和kubectl 1.19.0cat EOF | sudo tee /etc/yum.repos.d/kubernetes.repo [kubernetes] nameKubernetes baseurlhttps://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled1 gpgcheck1 repo_gpgcheck1 gpgkeyhttps://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF sudo yum install -y kubelet-1.19.0 kubeadm-1.19.0 kubectl-1.19.0 --disableexcludeskubernetes sudo systemctl enable kubelet3. 集群初始化配置详解正确的初始化配置是成功部署的关键。很多初学者在这里容易犯错特别是advertiseAddress的设置。首先获取主节点的真实IP地址MASTER_IP$(ip addr show eth0 | grep inet\b | awk {print $2} | cut -d/ -f1) echo $MASTER_IP创建初始化配置文件init-config.yamlapiVersion: kubeadm.k8s.io/v1beta2 kind: InitConfiguration localAPIEndpoint: advertiseAddress: ${MASTER_IP} # 必须使用主节点实际IP bindPort: 6443 nodeRegistration: criSocket: /var/run/dockershim.sock name: k8s-master taints: - effect: NoSchedule key: node-role.kubernetes.io/master --- apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: v1.19.0 imageRepository: registry.aliyuncs.com/google_containers networking: podSubnet: 192.168.0.0/16 serviceSubnet: 10.96.0.0/16 dnsDomain: cluster.local controllerManager: {} scheduler: {} etcd: local: dataDir: /var/lib/etcd重要提示advertiseAddress必须设置为Master节点的实际IP地址使用域名或错误IP会导致kubelet启动超时。预拉取所需镜像sudo kubeadm config images pull --configinit-config.yaml4. 集群初始化与问题排查执行初始化命令并监控日志sudo kubeadm init --configinit-config.yaml --upload-certs | tee kubeadm-init.log如果遇到kubelet启动超时问题可以按以下步骤排查检查kubelet状态systemctl status kubelet -l journalctl -xeu kubelet验证容器运行时docker ps -a | grep kube检查证书配置openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout | grep -A 1 Alternative Names常见错误解决方案证书SAN不匹配确保init-config.yaml中的advertiseAddress与Master节点IP一致cgroup驱动不一致确认Docker和kubelet都使用systemd作为cgroup驱动镜像拉取失败手动拉取镜像或更换国内镜像源初始化成功后配置kubectlmkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config5. 网络插件安装与节点加入安装Calico网络插件与配置的podSubnet匹配kubectl apply -f https://docs.projectcalico.org/v3.14/manifests/calico.yaml验证核心组件状态kubectl get pods -n kube-system kubectl get nodes获取worker节点加入命令kubeadm token create --print-join-commandworker节点上执行类似如下命令加入集群kubeadm join 10.0.128.0:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:6bdcf88c58234831bf230cb3836e892d6ae5c007be6093dcc7c699058220d9d86. 集群验证与常用操作验证集群健康状况kubectl get cs kubectl cluster-info部署测试应用kubectl create deployment nginx --imagenginx kubectl expose deployment nginx --port80 --typeNodePort kubectl get svc nginx常用诊断命令# 查看事件 kubectl get events --sort-by.metadata.creationTimestamp # 检查组件日志 kubectl logs -n kube-system kube-apiserver-k8s-master # 资源使用情况 kubectl top nodes kubectl top pods -A重置集群如需重新安装kubeadm reset -f rm -rf /etc/cni/net.d rm -rf $HOME/.kube/config iptables -F iptables -t nat -F iptables -t mangle -F iptables -X