k8s 课程规划
服务器基础配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| # 查看centos版本(虚拟机使用的是CentOS Linux release 8.5.2111)
cat /etc/redhat-release
# 根据规划设置主机名【master节点上操作】
hostnamectl set-hostname k8smaster
# 根据规划设置主机名【node1节点操作】
hostnamectl set-hostname k8snode1
# 根据规划设置主机名【node2节点操作】
hostnamectl set-hostname k8snode2
# 创建私钥
ssh-keygen -t rsa -C "${HOSTNAME}@k8s.com"
# 查看防火墙状态 (阿里云是默认关闭的)
firewall-cmd --state
# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
# 将 SELinux 设置为 permissive 模式(相当于将其禁用) ---(可选:安装k8s组件的时候也会执行这个命令 所以这里的执行可以不操作)
# 临时关闭
sudo setenforce 0
# 永久关闭
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# 关闭swap (阿里云是默认关闭的)
# 查看swap的大小
free -m
# 临时
swapoff -a
# 永久关闭
sed -ri 's/.*swap.*/#&/' /etc/fstab
|
安装containerd
安装containerd
安装和配置的先决条件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 设置必需的 sysctl 参数,这些参数在重新启动后仍然存在。
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
# 应用 sysctl 参数而无需重新启动
sudo sysctl --system
|
安装 containerd:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| # 设置存储库
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
sudo yum update -y && sudo yum install -y containerd.io
# 指定版本安装(安装这个 和各个节点版本一致)
yum install containerd.io-1.4.4 -y
sudo mkdir -p /etc/containerd
sudo containerd config default > /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl enable containerd
|
containerd 配置修改(可选,有自己的仓库是可以改这个)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| containerd使用systemd,使用 systemd cgroup 驱动程序
# vi /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
containerd使用修改镜像
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."*"]
endpoint = ["http://xxx.k8s.xxx.xxx.com:30500"]
# 美西需要加下边这个 北京不需要
# password = "passwd" 一定要修改为正确的密码,密码在服务器上查看
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."http://xxx.k8s.xxx.xxx.com:30500".auth]
username = "k8s"
password = "passwd"
# 修改完后
sudo systemctl restart containerd
|
安装crictl (如果没有的话可以按blog中的方法安装)
安装crictl blog
显示配置默认的endpoints
1
2
3
4
| # blog: https://blog.frognew.com/2021/04/relearning-container-02.html
crictl config runtime-endpoint unix:///run/containerd/containerd.sock
crictl config image-endpoint unix:///run/containerd/containerd.sock
|
安装kubelet kubeadm kubectl
安装 kubeadm、kubelet 和 kubectl
1、设置安装k8s组件仓库
a.国外安装
1
2
3
4
5
6
7
8
9
10
| cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
|
b.国内安装
阿里源 http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
清华源 https://mirrors.tuna.tsinghua.edu.cn/kubernetes/yum/repos/kubernetes-el7-\$basearch
1
2
3
4
5
6
7
8
9
10
| cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
|
国内的如果不设置阿里云源或者清华源 是下载不到数据的 报错
1
2
3
4
5
6
| [root@k8smaster ~]# sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
Kubernetes 0.0 B/s | 0 B 01:00
Errors during downloading metadata for repository 'kubernetes':
- Curl error (28): Timeout was reached for https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml [Connection timed out after 30000 milliseconds]
- Status code: 404 for https://mirrors.aliyun.com/centos//BaseOS//os/repodata/repomd.xml (IP: 125.39.76.205)
错误:为仓库 'kubernetes' 下载元数据失败 : Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
|
2、安装k8s组件
1
2
3
4
5
6
7
8
9
10
11
12
| # 将 SELinux 设置为 permissive 模式(相当于将其禁用)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
#切记:每次安装时指定版本时需看好依赖,防止因依赖安装上最新版本
#yum install kubelet-1.20.5 --disableexcludes=kubernetes -y
#yum install kubectl-1.20.5 --disableexcludes=kubernetes -y
#yum install kubeadm-1.20.5 --disableexcludes=kubernetes -y
sudo systemctl enable --now kubelet
|
注意:
通过运行命令 setenforce 0 和 sed … 将 SELinux 设置为 permissive 模式 可以有效地将其禁用。 这是允许容器访问主机文件系统所必需的,而这些操作时为了例如 Pod 网络工作正常。
3、允许 iptables 检查桥接流量
1
2
3
4
5
6
7
8
9
10
| cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
|
4、2.初始化集群
文档
https://kubernetes.io/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/
https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
安装tc(kubeadm init 时需要tc)
1
2
3
4
| yum install tc
# centos 8 命令为:
dnf install -y iproute-tc
|
命令
1
2
3
4
5
6
7
8
9
10
| 验证语法
dry-run模式验证语法
kubeadm init --config kubeadm-config.yaml --dry-run
预先拉取镜像
kubeadm config images pull --config kubeadm-config.yaml
初始化集群
kubeadm init --config ./kubeadm-init.yaml --upload-certs
|
如果初始化出现问题
kubeadm-init.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| apiServer:
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: apiserver.showbyte.cn:6443
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 国内指定阿里云
# imageRepository : k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.20.5
networking:
dnsDomain: cluster.vmvare.local
podSubnet: 192.168.0.0/16
serviceSubnet: 10.99.0.0/16
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
|
参考文档:
使用部署工具安装 Kubernetes
kubeadm安装K8S 1.23.1(containerd形式) 原创
kubeadm部署基于containerd的k8s-1.20.x集群