1.环境准备
主节点 IP:192.168.254.130
node1 IP:192.168.254.131
node2 IP:192.168.254.132
OS version: CentOS 7 mini
CPU Architecture: x86_64/amd64
K8s version: v1.23.17
Docker version: 20.10.23
2.安装前准备
# 安装依赖
yum install -y curl wget systemd bash-completion lrzsz
# 同步服务器时间
timedatectl set-timezone Asia/Shanghai && timedatectl set-local-rtc 0
systemctl restart rsyslog
systemctl restart crond
# 修改主机名
## 主节点
hostnamectl set-hostname k8s-master
## 从节点
hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2
## 修改hosts
cat >/etc/hosts <<EOF
192.168.254.130 k8s-master
192.168.254.131 k8s-node1
192.168.254.132 k8s-node2
EOF
# 开启必要的 端口
## 直接关闭防火墙
systemctl disable firewalld.service && systemctl stop firewalld.service
3.容器运行时
# 转发IPv4并让iptables看到桥接流量
cat >/etc/modules-load.d/k8s.conf <<EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
cat >/etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv4.ip_forward=1
EOF
sysctl --system
# 通过运行以下指令确认 br_netfilter 和 overlay 模块被加载
lsmod | egrep 'overlay|br_netfilter'
# 通过运行以下指令确认 net.bridge.bridge-nf-call-iptables配置中被设置为 1
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
3.1.安装容器运行时
# k8sv1.24及以后不在支持 Docker Engine,所以要手动安装
# 安装 Docker Engine
yum install -y yum-utils
## 设置yum阿里云镜像
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
mkdir -p /etc/docker
## 设置阿里云镜像/日志/cgroup驱动
cat >/etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"registry-mirrors":["https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn","https://registry.docker-cn.com"]
}
EOF
yum makecache fast
yum install -y docker-ce-20.10.23 docker-ce-cli-20.10.23 containerd.io
systemctl daemon-reload
systemctl enable docker && systemctl restart docker
# 安装containerd / docker (二选一)
## container-runtimes
yum install -y yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum install -y containerd.io
mkdir -p /etc/containerd
## 生成默认文件
containerd config default > /etc/containerd/config.toml
## 编辑配置文件 设置驱动方式为systemd 设置pause镜像 镜像仓库的加速器
sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml
sed -i "s#registry.k8s.io#registry.cn-hangzhou.aliyuncs.com/google_containers#g" /etc/containerd/config.toml
sed -i "/\[plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors\]/a\ [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"docker.io\"]" /etc/containerd/config.toml
sed -i "/\[plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"docker.io\"\]/a\ endpoint = [\"https://hub-mirror.c.163.com\",\"https://docker.mirrors.ustc.edu.cn\",\"https://registry.docker-cn.com\"]" /etc/containerd/config.toml
sed -i "/endpoint = \[\"https:\/\/hub-mirror.c.163.com\",\"https:\/\/docker.mirrors.ustc.edu.cn\",\"https:\/\/registry.docker-cn.com\"]/a\ [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"registry.k8s.io\"]" /etc/containerd/config.toml
sed -i "/\[plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"registry.k8s.io\"\]/a\ endpoint = [\"registry.cn-hangzhou.aliyuncs.com/google_containers\"]" /etc/containerd/config.toml
sed -i "/endpoint = \[\"registry.cn-hangzhou.aliyuncs.com\/google_containers\"]/a\ [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"k8s.gcr.io\"]" /etc/containerd/config.toml
sed -i "/\[plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"k8s.gcr.io\"\]/a\ endpoint = [\"registry.cn-hangzhou.aliyuncs.com/google_containers\"]" /etc/containerd/config.toml
systemctl daemon-reload
systemctl enable containerd && systemctl restart containerd
4.安装 k8s
# 安装 kubeadm kubelet
# 关闭swap分区或者禁用swap文件
swapoff -a && sed -ri 's/.*swap.*/#&/' /etc/fstab
# 关闭selinux
setenforce 0 && sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
## 使用阿里云k8s源
cat >/etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
## 安装工具kubelet、kubeadm、kubectl
yum install -y kubelet-1.23.17 kubeadm-1.23.17 kubectl-1.23.17 --disableexcludes=kubernetes
## 设置驱动方式为systemd
cat >/etc/sysconfig/kubelet <<EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF
## 设置容器运行时(仅容器运行时为containerd才需要进行以下设置,容器运行时为Docker则不需要,否则会报错)
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
crictl config image-endpoint unix:///var/run/containerd/containerd.sock
sed -i '/KUBELET_KUBEADM_ARGS/s/"$/ --container-runtime=remote --container-runtime-endpoint=unix:\/\/\/run\/containerd\/containerd.sock"/' /var/lib/kubelet/kubeadm-flags.env
## kubelet开机自启
systemctl enable --now kubelet
## 查看kubelet状态
systemctl status kubelet
## 如果报错,查询错误信息
journalctl -xe
5.运行k8s (从节点不需要运行)
mkdir -p /k8sdata/log/
kubeadm init \
--apiserver-advertise-address=192.168.254.130 \
--image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \
--kubernetes-version=v1.23.17 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 | tee /k8sdata/log/kubeadm-init.log
(带\会报错 unknown command " " for "kubeadm init" )
kubeadm init --apiserver-advertise-address=192.168.254.130 --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --kubernetes-version=v1.23.17 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 | tee /k8sdata/log/kubeadm-init.log
mkdir -p "$HOME"/.kube
cp -i /etc/kubernetes/admin.conf "$HOME"/.kube/config
chown "$(id -u)":"$(id -g)" "$HOME"/.kube/config
## 注意:
1. --apiserver-advertise-address=192.168.254.130 \ 服务器地址
2. 如果是搭建的服务器是主节点,则服务器至少2核2G,如果没有达到该配置但是仍想安装,则可以在kubeadm init 命令行中使用–ignore-preflight-errors=CpuNum即可忽略报错。
3. 如果初始化失败,通过kubeadm reset进行重设
6.安装网络系统(二选一)
flannel
mkdir -p /k8sdata/network/
wget --no-check-certificate -O /k8sdata/network/flannelkube-flannel.yml https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl create -f /k8sdata/network/flannelkube-flannel.yml
或者
kubectl create -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
calico
mkdir -p /k8sdata/network/
wget --no-check-certificate -O /k8sdata/network/calico.yml https://docs.projectcalico.org/manifests/calico.yaml
kubectl create -f /k8sdata/network/calico.yml
7.k8s命令补全
! grep -q kubectl "$HOME/.bashrc" && echo "source /usr/share/bash-completion/bash_completion" >>"$HOME/.bashrc"
! grep -q kubectl "$HOME/.bashrc" && echo "source <(kubectl completion bash)" >>"$HOME/.bashrc"
! grep -q kubeadm "$HOME/.bashrc" && echo "source <(kubeadm completion bash)" >>"$HOME/.bashrc"
! grep -q crictl "$HOME/.bashrc" && echo "source <(crictl completion bash)" >>"$HOME/.bashrc"
source "$HOME/.bashrc"
8.k8s常用命令
# 获取节点
kubectl get nodes -o wide
# 实时查询nodes状态
watch kubectl get nodes -o wide
# 获取pod
kubectl get pods --all-namespaces -o wide
# 查看镜像列表
kubeadm config images list
# 节点加入集群
kubeadm token create --print-join-command
kubeadm join 192.168.254.130:6443 --token sgdjaz.1rzpwz4wdcox0l03 --discovery-token-ca-cert-hash sha256:1745a7ad9531b935f54d7b6187c1635ac950b6fbd3b0dfeda415b20914aaefe7
# 描述node
kubectl describe node k8s-master
# 描述pod
kubectl describe pod --namespace=kube-flannel
该笔记参考出处 https://jonssonyan.com/2022/1/
标签:CentOS,17,23,--,containerd,etc,registry,io,k8s From: https://www.cnblogs.com/look06888/p/18136381