crio运行时套接字` unix:///var/run/crio/crio.sock` kubeadm：用来初始化集群的指令。 kubelet：在集群中的每个节点上用来启动 Pod 和容器等。 kubectl：用来与集群通信的命令行工具。 ## 基础要求 ```sh ## centos系列 # 关闭防火墙和开机自起 systemctl disable --now firewalld # 关闭selinux setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # ubuntu系列 systemctl disable --now ufw # 关闭交换内存 swapoff -a && sed -i "$(grep swap -n /etc/fstab |awk -F: '{print $1}')c $(grep swap /etc/fstab | sed 's/^/#/')" /etc/fstab # 转发ipv4流量 cat < /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF setenforce 0 yum install -y kubeadm-1.24.0-0 kubelet-1.24.0-0 kubectl-1.24.0-0 systemctl enable kubelet && systemctl start kubelet ``` ```sh # ubunut系 apt-get update && apt-get install -y apt-transport-https curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - cat < /etc/apt/sources.list.d/kubernetes.list deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF apt-get update apt-get install -y kubeadm-1.24.0-0 kubelet-1.24.0-0 kubectl-1.24.0-0 systemctl enable --now kubelet ``` ## docker镜像加速 ```sh sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://8jl29epx.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker ``` ## 安装kubectl ```sh # 下载指定版本的kubectl程序 curl -LO https://dl.k8s.io/release/v1.24.0/bin/linux/amd64/kubectl curl -LO https://dl.k8s.io/release/v1.24.0/bin/linux/amd64/kubectl.sha256 # 校验256值 echo "$(cat kubectl.sha256) kubectl" | sha256sum --check # 安装kubectl到系统 sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl ``` 安装容器运行时 ```sh # centos系统安装 export OS=CentOS_7 export VERSION=1.24 curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo yum install cri-o containernetworking-plugins # ubuntu系统安装 export OS=xUbuntu_20.04 export VERSION=1.24 echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list mkdir -p /usr/share/keyrings curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg apt-get update apt-get install cri-o cri-o-runc systemctl enable --now crio ``` - 安装cni ```sh git clone https://github.com/containernetworking/plugins cd plugins git checkout v1.1.1 wget https://golang.google.cn/dl/go1.18.10.linux-amd64.tar.gz tar -C /usr/local -xzf go1.18.10.linux-amd64.tar.gz echo "export PATH=${PATH}:/usr/local/go/bin" >> /etc/profile source /etc/profile ./build_linux.sh sudo mkdir -p /opt/cni/bin sudo cp bin/* /opt/cni/bin/ ``` ### 网络配置文件 - 10-crio-bridge.conflist文件内容 ```yaml { "cniVersion": "1.0.0", "name": "crio", "plugins": [ { "type": "bridge", "bridge": "cni0", "isGateway": true, "ipMasq": true, "hairpinMode": true, "ipam": { "type": "host-local", "routes": [ { "dst": "0.0.0.0/0" }, { "dst": "::/0" } ], "ranges": [ [{ "subnet": "192.168.2.0/24" }], [{ "subnet": "1100:200::/24" }] ] } } ] } ``` > `sudo cp 10-crio-bridge.conflist /etc/cni/net.d` ## 安装阿里k8s组件 ```sh for i in `kubeadm config images list`; do imageName=`echo ${i} |awk -F '/' '{print $2}'` docker pull registry.aliyuncs.com/google_containers/$imageName docker tag registry.aliyuncs.com/google_containers/$imageName registry.k8s.io/$imageName docker rmi registry.aliyuncs.com/google_containers/$imageName done; ``` ## 导出配置文件 ```sh kubeadm config print init-defaults > kubeadm-config.yaml cat < /etc/kubernetes/kubelet-config.yaml apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration address: "192.168.225.138" port: 20250 serializeImagePulls: false evictionHard: memory.available: "200Mi" cgroupDriver: systemd EOF ``` ```sh # 下载kube镜像 kubeadm config images pull # 初始化集群 sudo kubeadm init \ --pod-network-cidr=10.244.0.0/16 \ # 指定cidr网络 --cri-socket=unix:///var/run/crio/crio.sock \ #指定运行时 --image-repository registry.aliyuncs.com/google_containers \ # 指定组建镜像仓库 --kubernetes-version=v1.24.0 \ # 指定k8s版本 --ignore-preflight-errors=all \ # 忽略所有警告 --apiserver-advertise-address=192.168.10.253 \ # 指定控制平面api server地址192.168.0.0/12 # 创建集群，指定containerd为运行时 sudo kubeadm init --pod-network-cidr=17.72.0.0/24 --cri-socket=unix:///var/run/containerd/containerd.sock # 使用docker引擎 --cri-socket=/var/run/dockershim.sock ```