205 lines
6.6 KiB
Markdown
205 lines
6.6 KiB
Markdown
crio运行时套接字` unix:///var/run/crio/crio.sock`
|
||
kubeadm:用来初始化集群的指令。
|
||
kubelet:在集群中的每个节点上用来启动 Pod 和容器等。
|
||
kubectl:用来与集群通信的命令行工具。
|
||
## 基础要求
|
||
```sh
|
||
|
||
## centos系列
|
||
# 关闭防火墙和开机自起
|
||
systemctl disable --now firewalld
|
||
# 关闭selinux
|
||
setenforce 0
|
||
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
|
||
|
||
# ubuntu系列
|
||
systemctl disable --now ufw
|
||
|
||
# 关闭交换内存
|
||
swapoff -a && sed -i "$(grep swap -n /etc/fstab |awk -F: '{print $1}')c $(grep swap /etc/fstab | sed 's/^/#/')" /etc/fstab
|
||
|
||
# 转发ipv4流量
|
||
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
|
||
overlay
|
||
br_netfilter
|
||
EOF
|
||
|
||
sudo modprobe overlay
|
||
sudo modprobe br_netfilter
|
||
|
||
# 设置所需的 sysctl 参数,参数在重新启动后保持不变
|
||
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
|
||
net.bridge.bridge-nf-call-iptables = 1
|
||
net.bridge.bridge-nf-call-ip6tables = 1
|
||
net.ipv4.ip_forward = 1
|
||
vm.swappiness = 0
|
||
EOF
|
||
|
||
# 应用 sysctl 参数而不重新启动
|
||
sudo sysctl --system
|
||
# 检查模块是否加载
|
||
lsmod | grep br_netfilter
|
||
lsmod | grep overlay
|
||
|
||
# 检查流量转发是否设为1
|
||
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
|
||
```
|
||
|
||
|
||
## 导入阿里云k8s仓库
|
||
```sh
|
||
# centos系
|
||
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
|
||
[kubernetes]
|
||
name=Kubernetes
|
||
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
|
||
enabled=1
|
||
gpgcheck=1
|
||
repo_gpgcheck=1
|
||
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
|
||
EOF
|
||
setenforce 0
|
||
yum install -y kubeadm-1.24.0-0 kubelet-1.24.0-0 kubectl-1.24.0-0
|
||
systemctl enable kubelet && systemctl start kubelet
|
||
```
|
||
```sh
|
||
# ubunut系
|
||
apt-get update && apt-get install -y apt-transport-https
|
||
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
|
||
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
|
||
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
|
||
EOF
|
||
apt-get update
|
||
apt-get install -y kubeadm-1.24.0-0 kubelet-1.24.0-0 kubectl-1.24.0-0
|
||
systemctl enable --now kubelet
|
||
```
|
||
## docker镜像加速
|
||
```sh
|
||
sudo mkdir -p /etc/docker
|
||
sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://8jl29epx.mirror.aliyuncs.com"] } EOF
|
||
sudo systemctl daemon-reload
|
||
sudo systemctl restart docker
|
||
```
|
||
## 安装kubectl
|
||
```sh
|
||
# 下载指定版本的kubectl程序
|
||
curl -LO https://dl.k8s.io/release/v1.24.0/bin/linux/amd64/kubectl
|
||
curl -LO https://dl.k8s.io/release/v1.24.0/bin/linux/amd64/kubectl.sha256
|
||
# 校验256值
|
||
echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
|
||
# 安装kubectl到系统
|
||
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
|
||
```
|
||
|
||
安装容器运行时
|
||
```sh
|
||
# centos系统安装
|
||
export OS=CentOS_7
|
||
export VERSION=1.24
|
||
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
|
||
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
|
||
yum install cri-o containernetworking-plugins
|
||
|
||
# ubuntu系统安装
|
||
export OS=xUbuntu_20.04
|
||
export VERSION=1.24
|
||
echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
|
||
echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
|
||
|
||
mkdir -p /usr/share/keyrings
|
||
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg
|
||
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg
|
||
|
||
apt-get update
|
||
apt-get install cri-o cri-o-runc
|
||
systemctl enable --now crio
|
||
```
|
||
|
||
- 安装cni
|
||
```sh
|
||
git clone https://github.com/containernetworking/plugins
|
||
cd plugins
|
||
git checkout v1.1.1
|
||
wget https://golang.google.cn/dl/go1.18.10.linux-amd64.tar.gz
|
||
tar -C /usr/local -xzf go1.18.10.linux-amd64.tar.gz
|
||
echo "export PATH=${PATH}:/usr/local/go/bin" >> /etc/profile
|
||
source /etc/profile
|
||
./build_linux.sh
|
||
sudo mkdir -p /opt/cni/bin
|
||
sudo cp bin/* /opt/cni/bin/
|
||
```
|
||
|
||
### 网络配置文件
|
||
- 10-crio-bridge.conflist文件内容
|
||
```yaml
|
||
{
|
||
"cniVersion": "1.0.0",
|
||
"name": "crio",
|
||
"plugins": [
|
||
{
|
||
"type": "bridge",
|
||
"bridge": "cni0",
|
||
"isGateway": true,
|
||
"ipMasq": true,
|
||
"hairpinMode": true,
|
||
"ipam": {
|
||
"type": "host-local",
|
||
"routes": [
|
||
{ "dst": "0.0.0.0/0" },
|
||
{ "dst": "::/0" }
|
||
],
|
||
"ranges": [
|
||
[{ "subnet": "192.168.2.0/24" }],
|
||
[{ "subnet": "1100:200::/24" }]
|
||
]
|
||
}
|
||
}
|
||
]
|
||
}
|
||
```
|
||
> `sudo cp 10-crio-bridge.conflist /etc/cni/net.d`
|
||
|
||
|
||
|
||
## 安装阿里k8s组件
|
||
```sh
|
||
for i in `kubeadm config images list`; do
|
||
imageName=`echo ${i} |awk -F '/' '{print $2}'`
|
||
docker pull registry.aliyuncs.com/google_containers/$imageName
|
||
docker tag registry.aliyuncs.com/google_containers/$imageName registry.k8s.io/$imageName
|
||
docker rmi registry.aliyuncs.com/google_containers/$imageName
|
||
done;
|
||
```
|
||
|
||
## 导出配置文件
|
||
```sh
|
||
kubeadm config print init-defaults > kubeadm-config.yaml
|
||
cat <<EOF > /etc/kubernetes/kubelet-config.yaml
|
||
apiVersion: kubelet.config.k8s.io/v1beta1
|
||
kind: KubeletConfiguration
|
||
address: "192.168.225.138"
|
||
port: 20250
|
||
serializeImagePulls: false
|
||
evictionHard:
|
||
memory.available: "200Mi"
|
||
cgroupDriver: systemd
|
||
EOF
|
||
```
|
||
```sh
|
||
# 下载kube镜像
|
||
kubeadm config images pull
|
||
|
||
# 初始化集群
|
||
sudo kubeadm init \
|
||
--pod-network-cidr=10.244.0.0/16 \ # 指定cidr网络
|
||
--cri-socket=unix:///var/run/crio/crio.sock \ #指定运行时
|
||
--image-repository registry.aliyuncs.com/google_containers \ # 指定组建镜像仓库
|
||
--kubernetes-version=v1.24.0 \ # 指定k8s版本
|
||
--ignore-preflight-errors=all \ # 忽略所有警告
|
||
--apiserver-advertise-address=192.168.10.253 \ # 指定控制平面api server地址192.168.0.0/12
|
||
# 创建集群,指定containerd为运行时
|
||
sudo kubeadm init --pod-network-cidr=17.72.0.0/24 --cri-socket=unix:///var/run/containerd/containerd.sock
|
||
|
||
# 使用docker引擎
|
||
--cri-socket=/var/run/dockershim.sock
|
||
``` |