1.25 较之前版本有什么区别
在1.25及之后的版本中,k8s将docker-shim进行了移除,代之的是cri-containerd与containerd进行直接交互,从某种意义上来说,和docker进行了解绑。
另外一方面,k8s在与docker进行解绑后,docker同时开始维护cri-dockerd项目,用于代替原有的docker-shim,下载地址:https://github.com/Mirantis/cri-dockerd/releases
其关系如图所示:
一、docker,cri-containerd,cri-o常用命令比较
| 命令 | docker | cri-containerd | cri-o |
|---|---|---|---|
| 查看运行的容器 | docker ps | ctr task ls/ctr container ls | crictl ps |
| 查看镜像 | docker images | ctr image ls | crictl images |
| 查看容器日志 | docker logs | 无 | crictl logs |
| 查看容器数据信息 | docker inspect | ctr container info | crictl inspect |
| 查看容器资源 | docker stats | 无 | crictl stats |
| 启动/关闭已有的容器 | docker start/stop | ctr task start/kill | crictl start/stop |
| 运行一个新的容器 | docker run | ctr run | 无(最小单元为pod) |
| 修改镜像标签 | docker tag | ctr image tag | 无 |
| 创建一个新的容器 | docker create | ctr container create | crictl create |
| 导入镜像 | docker load | ctr image import | 无 |
| 导出镜像 | docker save | ctr image export | 无 |
| 删除容器 | docker rm | ctr container rm | crictl rm |
| 删除镜像 | docker rmi | ctr image rm | crictl rmi |
| 拉取镜像 | docker pull | ctr image pull | ctictl pull |
| 推送镜像 | docker push | ctr image push | 无 |
| 在容器内部执行命令 | docker exec | 无 | crictl exec |
二、kubernetes master 安装
#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
vim /etc/selinux/config
SELINUX=disabled
#修改 sysctl 配置
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
sysctl --system
#关闭 swap 前面#需要把下面的注释掉,否则会启动不了kubelet,这个需要全程关闭掉
swapoff -a
vim /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0
#添加 iptable 内核模块,istio会用到iptables转发功能
lsmod |grep -E "ip_tables|iptable_filter"
modprobe ip_tables
modprobe iptable_filter
lsmod |grep -E "ip_tables|iptable_filter"
[root@k8s-node02 ~]# vim /etc/sysconfig/modules/iptables.modules
modprobe -- ip_tables
modprobe -- iptable_filter
[root@k8s-node02 ~]# chmod 755 /etc/sysconfig/modules/iptables.modules #设置权限
[root@k8s-node02 ~]# sh /etc/sysconfig/modules/iptables.modules #临时生效,重启后也会生效
#kubernetes yum源
vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
#安装cri-dockerd
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.2.6/cri-dockerd-0.2.6-3.el7.x86_64.rpm
rpm -ivh cri-dockerd-0.2.6-3.el7.x86_64.rpm
vim /usr/lib/systemd/system/cri-docker.service
#重载沙箱(pause)镜像
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 --container-runtime-endpoint fd://
#启动并设置开机重启cri-docker
systemctl start cri-docker
systemctl enable cri-docker
yum -y install epel-release
yum clean all
yum makecache
yum install -y kubelet-1.25.0 kubeadm-1.25.0 kubectl-1.25.0
//拉取k8s的docker镜像
kubeadm config images list
编辑镜像文件:
set ff=unix //设置为unix格式
./get_image_aliyun.sh 拉取镜像
#! /bin/bash
images=(
kube-apiserver:v1.25.0
kube-controller-manager:v1.25.0
kube-scheduler:v1.25.0
kube-proxy:v1.25.0
pause:3.8
etcd:3.5.4-0
coredns:1.9.3
)
for imageName in ${images[@]} ; do
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName} k8s.gcr.io/${imageName}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}
done
//初始化kubernetes
//pod-network 的IP千万不要和局域网的IP重合,否则会造成pod内网不通外网的情况,一定切记切记
//另外特别注意--pod-network-cidr的网段必须和kube-flannel的网段地址要保持一样,否则也会造成pod内部IP不通的情况,最好设成默认的10.244.0.0/16
kubeadm init --kubernetes-version=v1.25.0 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers --ignore-preflight-errors=all --cri-socket unix:///var/run/cri-dockerd.sock
单机版kubernetes为了运行Pod.需要删除主机上的Train.允许master执行Pod.
kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl taint nodes iz2vcf9v41doxowbcqr492z node-role.kubernetes.io/master=:NoSchedule
error: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
vim /etc/profile
export KUBECONFIG=/etc/kubernetes/admin.conf
立即生效
source /etc/profile
部署flannel网络,否则节点无法运行
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
kubectl get nodes
配置访问集群的,同时好需要执行如下命令:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#查询执行错误
journalctl -f -u kubelet
docker images|grep flannel
systemctl restart kubelet
#卸载服务
kubeadm reset
三、kubernetes node 安装
sudo hostnamectl set-hostname <host-name>
#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
vim /etc/selinux/config
SELINUX=disabled
#修改 sysctl 配置
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
sysctl --system
#关闭 swap
swapoff -a
vim /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0
#kubernetes yum源
vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
lsmod |grep -E "ip_tables|iptable_filter"
modprobe ip_tables
modprobe iptable_filter
lsmod |grep -E "ip_tables|iptable_filter"
[root@k8s-node02 ~]# vim /etc/sysconfig/modules/iptables.modules
modprobe -- ip_tables
modprobe -- iptable_filter
[root@k8s-node02 ~]# chmod 755 /etc/sysconfig/modules/iptables.modules #设置权限
[root@k8s-node02 ~]# sh /etc/sysconfig/modules/iptables.modules #临时生效,重启后也会生效
#安装cri-dockerd
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.2.6/cri-dockerd-0.2.6-3.el7.x86_64.rpm
rpm -ivh cri-dockerd-0.2.6-3.el7.x86_64.rpm
vim /usr/lib/systemd/system/cri-docker.service
#重载沙箱(pause)镜像
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 --container-runtime-endpoint fd://
#启动并设置开机重启cri-docker
systemctl start cri-docker
systemctl enable cri-docker
指定安装Kubernetes的版本(一定安装1.18.0版本的)
yum -y install epel-release
yum clean all
yum makecache
yum install -y kubelet-1.25.0 kubeadm-1.25.0 kubectl-1.25.0
//拉取k8s的docker镜像
kubeadm config images list
./get_image_docker.sh
--加入集群
创建token
kubeadm token create --print-join-command
kubeadm join 192.168.0.148:6443 --token byuls7.w9l9wclaoj033b5y \
--discovery-token-ca-cert-hash sha256:ce8fe73dd96184e51bec79727c91ca64de4682119db25c3df3c7cb91799fae2a --cri-socket unix:///var/run/cri-dockerd.sock
#从Master复制过来
scp [email protected]:/etc/kubernetes/admin.conf /etc/kubernetes/admin.conf
vim /etc/profile
export KUBECONFIG=/etc/kubernetes/admin.conf
source /etc/profile
部署flannel网络。
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
docker pull quay.io/coreos/flannel:v0.12.0-amd64
kubectl apply -f kube-flannel.yml
kubectl get nodes
node节点执行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#查询执行错误
journalctl -f -u kubelet
docker images|grep flannel
systemctl restart kubelet
#卸载服务
kubeadm reset