初始文档
This commit is contained in:
205
软件or平台使用/K8S笔记.md
Normal file
205
软件or平台使用/K8S笔记.md
Normal file
@@ -0,0 +1,205 @@
|
||||
crio运行时套接字` unix:///var/run/crio/crio.sock`
|
||||
kubeadm:用来初始化集群的指令。
|
||||
kubelet:在集群中的每个节点上用来启动 Pod 和容器等。
|
||||
kubectl:用来与集群通信的命令行工具。
|
||||
## 基础要求
|
||||
```sh
|
||||
|
||||
## centos系列
|
||||
# 关闭防火墙和开机自起
|
||||
systemctl disable --now firewalld
|
||||
# 关闭selinux
|
||||
setenforce 0
|
||||
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
|
||||
|
||||
# ubuntu系列
|
||||
systemctl disable --now ufw
|
||||
|
||||
# 关闭交换内存
|
||||
swapoff -a && sed -i "$(grep swap -n /etc/fstab |awk -F: '{print $1}')c $(grep swap /etc/fstab | sed 's/^/#/')" /etc/fstab
|
||||
|
||||
# 转发ipv4流量
|
||||
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
|
||||
overlay
|
||||
br_netfilter
|
||||
EOF
|
||||
|
||||
sudo modprobe overlay
|
||||
sudo modprobe br_netfilter
|
||||
|
||||
# 设置所需的 sysctl 参数,参数在重新启动后保持不变
|
||||
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
net.bridge.bridge-nf-call-ip6tables = 1
|
||||
net.ipv4.ip_forward = 1
|
||||
vm.swappiness = 0
|
||||
EOF
|
||||
|
||||
# 应用 sysctl 参数而不重新启动
|
||||
sudo sysctl --system
|
||||
# 检查模块是否加载
|
||||
lsmod | grep br_netfilter
|
||||
lsmod | grep overlay
|
||||
|
||||
# 检查流量转发是否设为1
|
||||
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
|
||||
```
|
||||
|
||||
|
||||
## 导入阿里云k8s仓库
|
||||
```sh
|
||||
# centos系
|
||||
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
|
||||
[kubernetes]
|
||||
name=Kubernetes
|
||||
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
|
||||
enabled=1
|
||||
gpgcheck=1
|
||||
repo_gpgcheck=1
|
||||
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
|
||||
EOF
|
||||
setenforce 0
|
||||
yum install -y kubeadm-1.24.0-0 kubelet-1.24.0-0 kubectl-1.24.0-0
|
||||
systemctl enable kubelet && systemctl start kubelet
|
||||
```
|
||||
```sh
|
||||
# ubunut系
|
||||
apt-get update && apt-get install -y apt-transport-https
|
||||
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
|
||||
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
|
||||
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
|
||||
EOF
|
||||
apt-get update
|
||||
apt-get install -y kubeadm-1.24.0-0 kubelet-1.24.0-0 kubectl-1.24.0-0
|
||||
systemctl enable --now kubelet
|
||||
```
|
||||
## docker镜像加速
|
||||
```sh
|
||||
sudo mkdir -p /etc/docker
|
||||
sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://8jl29epx.mirror.aliyuncs.com"] } EOF
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl restart docker
|
||||
```
|
||||
## 安装kubectl
|
||||
```sh
|
||||
# 下载指定版本的kubectl程序
|
||||
curl -LO https://dl.k8s.io/release/v1.24.0/bin/linux/amd64/kubectl
|
||||
curl -LO https://dl.k8s.io/release/v1.24.0/bin/linux/amd64/kubectl.sha256
|
||||
# 校验256值
|
||||
echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
|
||||
# 安装kubectl到系统
|
||||
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
|
||||
```
|
||||
|
||||
安装容器运行时
|
||||
```sh
|
||||
# centos系统安装
|
||||
export OS=CentOS_7
|
||||
export VERSION=1.24
|
||||
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
|
||||
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
|
||||
yum install cri-o containernetworking-plugins
|
||||
|
||||
# ubuntu系统安装
|
||||
export OS=xUbuntu_20.04
|
||||
export VERSION=1.24
|
||||
echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
|
||||
echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
|
||||
|
||||
mkdir -p /usr/share/keyrings
|
||||
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg
|
||||
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg
|
||||
|
||||
apt-get update
|
||||
apt-get install cri-o cri-o-runc
|
||||
systemctl enable --now crio
|
||||
```
|
||||
|
||||
- 安装cni
|
||||
```sh
|
||||
git clone https://github.com/containernetworking/plugins
|
||||
cd plugins
|
||||
git checkout v1.1.1
|
||||
wget https://golang.google.cn/dl/go1.18.10.linux-amd64.tar.gz
|
||||
tar -C /usr/local -xzf go1.18.10.linux-amd64.tar.gz
|
||||
echo "export PATH=${PATH}:/usr/local/go/bin" >> /etc/profile
|
||||
source /etc/profile
|
||||
./build_linux.sh
|
||||
sudo mkdir -p /opt/cni/bin
|
||||
sudo cp bin/* /opt/cni/bin/
|
||||
```
|
||||
|
||||
### 网络配置文件
|
||||
- 10-crio-bridge.conflist文件内容
|
||||
```yaml
|
||||
{
|
||||
"cniVersion": "1.0.0",
|
||||
"name": "crio",
|
||||
"plugins": [
|
||||
{
|
||||
"type": "bridge",
|
||||
"bridge": "cni0",
|
||||
"isGateway": true,
|
||||
"ipMasq": true,
|
||||
"hairpinMode": true,
|
||||
"ipam": {
|
||||
"type": "host-local",
|
||||
"routes": [
|
||||
{ "dst": "0.0.0.0/0" },
|
||||
{ "dst": "::/0" }
|
||||
],
|
||||
"ranges": [
|
||||
[{ "subnet": "192.168.2.0/24" }],
|
||||
[{ "subnet": "1100:200::/24" }]
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
> `sudo cp 10-crio-bridge.conflist /etc/cni/net.d`
|
||||
|
||||
|
||||
|
||||
## 安装阿里k8s组件
|
||||
```sh
|
||||
for i in `kubeadm config images list`; do
|
||||
imageName=`echo ${i} |awk -F '/' '{print $2}'`
|
||||
docker pull registry.aliyuncs.com/google_containers/$imageName
|
||||
docker tag registry.aliyuncs.com/google_containers/$imageName registry.k8s.io/$imageName
|
||||
docker rmi registry.aliyuncs.com/google_containers/$imageName
|
||||
done;
|
||||
```
|
||||
|
||||
## 导出配置文件
|
||||
```sh
|
||||
kubeadm config print init-defaults > kubeadm-config.yaml
|
||||
cat <<EOF > /etc/kubernetes/kubelet-config.yaml
|
||||
apiVersion: kubelet.config.k8s.io/v1beta1
|
||||
kind: KubeletConfiguration
|
||||
address: "192.168.225.138"
|
||||
port: 20250
|
||||
serializeImagePulls: false
|
||||
evictionHard:
|
||||
memory.available: "200Mi"
|
||||
cgroupDriver: systemd
|
||||
EOF
|
||||
```
|
||||
```sh
|
||||
# 下载kube镜像
|
||||
kubeadm config images pull
|
||||
|
||||
# 初始化集群
|
||||
sudo kubeadm init \
|
||||
--pod-network-cidr=10.244.0.0/16 \ # 指定cidr网络
|
||||
--cri-socket=unix:///var/run/crio/crio.sock \ #指定运行时
|
||||
--image-repository registry.aliyuncs.com/google_containers \ # 指定组建镜像仓库
|
||||
--kubernetes-version=v1.24.0 \ # 指定k8s版本
|
||||
--ignore-preflight-errors=all \ # 忽略所有警告
|
||||
--apiserver-advertise-address=192.168.10.253 \ # 指定控制平面api server地址192.168.0.0/12
|
||||
# 创建集群,指定containerd为运行时
|
||||
sudo kubeadm init --pod-network-cidr=17.72.0.0/24 --cri-socket=unix:///var/run/containerd/containerd.sock
|
||||
|
||||
# 使用docker引擎
|
||||
--cri-socket=/var/run/dockershim.sock
|
||||
```
|
||||
Reference in New Issue
Block a user