首页 > 其他分享 >基于docker和cri-dockerd部署kubernetes

基于docker和cri-dockerd部署kubernetes

时间:2022-11-07 20:46:52浏览次数:44  
标签:cri kubernetes -- com master01 dockerd docker k8s root

基于docker和cri-dockerd部署kubernetes v1.25.3

1、环境准备

1-1、主机清单
主机名 IP地址 系统版本
k8s-master01 k8s-master01.666.com kubeapi.666.com kubeapi 10.0.0.101 Ubuntu2004
k8s-master02 k8s-master02.666.com 10.0.0.102 Ubuntu2004
k8s-master03 k8s-master03.666.com 10.0.0.103 Ubuntu2004
k8s-node01 k8s-node01.666.com 10.0.0.111 Ubuntu2004
k8s-node02 k8s-node02.666.com 10.0.0.112 Ubuntu2004
k8s-node03 k8s-node03.666.com 10.0.0.113 Ubuntu2004
1-2、软件清单
docker-ce    20.10.21
cri-dockerd  0.2.6
kubeadm      1.25.3
flannel      0.20.1
1-3、系统基础环境
1-3-1、关闭防火墙
#所有节点执行:
[root@k8s-master01 ~]# ufw disable
[root@k8s-master01 ~]# ufw status
1-3-2、时间同步
#所有节点执行:
[root@k8s-master01 ~]# apt install -y chrony
[root@k8s-master01 ~]# systemctl restart chrony
[root@k8s-master01 ~]# systemctl status chrony
[root@k8s-master01 ~]# chronyc sources
1-3-3、主机名互相解析
#所有节点执行:
[root@k8s-master01 ~]# vim /etc/hosts
10.0.0.101 k8s-master01 k8s-master01.666.com kubeapi.666.com kubeapi
10.0.0.102 k8s-master02 k8s-master02.666.com
10.0.0.103 k8s-master03 k8s-master03.666.com
10.0.0.111 k8s-node01 k8s-node01.666.com
10.0.0.112 k8s-node02 k8s-node02.666.com
10.0.0.113 k8s-node03 k8s-node03.666.com

[root@k8s-master01 ~]# cat /etc/hosts        
1-3-4、禁用swap
#所有节点执行:
[root@k8s-master01 ~]# sed -r -i '/\/swap/s@^@#@' /etc/fstab
[root@k8s-master01 ~]# swapoff -a
[root@k8s-master01 ~]# systemctl --type swap

#若不禁用Swap设备,需要在后续编辑kubelet的配置文件/etc/default/kubelet,设置其忽略Swap启用的状态错误,内容:KUBELET_EXTRA_ARGS="--fail-swap-on=false"

2、安装docker

#所有节点执行:

#安装必要的一些系统工具
[root@k8s-master01 ~]# apt update
[root@k8s-master01 ~]# apt -y install apt-transport-https ca-certificates curl software-properties-common

#安装GPG证书
[root@k8s-master01 ~]# curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add 
OK
#写入软件源信息
[root@k8s-master01 ~]# add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

#更新并安装Docker-CE
[root@k8s-master01 ~]# apt update
[root@k8s-master01 ~]# apt install -y docker-ce
#所有节点执行:
kubelet需要让docker容器引擎使用systemd作为CGroup的驱动,其默认值为cgroupfs,因而,我们还需要编辑docker的配置文件/etc/docker/daemon.json,添加如下内容,其中的registry-mirrors用于指明使用的镜像加速服务。

[root@k8s-master01 ~]# vim /etc/docker/daemon.json
{
    "registry-mirrors": [
        "https://docker.mirrors.ustc.edu.cn",
        "https://hub-mirror.c.163.com",
        "https://reg-mirror.qiniu.com",
        "https://registry.docker-cn.com"
],
    "exec-opts": ["native.cgroupdriver=systemd"],
    "log-driver": "json-file",
    "log-opts": {
    "max-size": "200m"
},
    "storage-driver": "overlay2"
}

[root@k8s-master01 ~]# systemctl daemon-reload
[root@k8s-master01 ~]# systemctl start docker
[root@k8s-master01 ~]# systemctl enable docker
[root@k8s-master01 ~]# docker version
Client: Docker Engine - Community
 Version:           20.10.21
#注:kubeadm部署Kubernetes集群的过程中,默认使用Google的Registry服务k8s.gcr.io上的镜像,由于2022年仓库已经改为registry.k8s.io,国内可以直接访问,所以现在不需要镜像加速或者绿色上网就可以拉镜像了,如果使用国内镜像请参考https://blog.51cto.com/dayu/5811307

3、安装cri-dockerd

#所有节点执行:
#下载地址:https://github.com/Mirantis/cri-dockerd
[root@k8s-master01 ~]# apt install ./cri-dockerd_0.2.6.3-0.ubuntu-focal_amd64.deb -y

#完成安装后,相应的服务cri-dockerd.service便会自动启动
[root@k8s-master01 ~]#systemctl status cri-docker.service

4、安装kubeadm、kubelet和kubectl

#所有节点执行:
#在各主机上生成kubelet和kubeadm等相关程序包的仓库,可参考阿里云官网
[root@k8s-master01 ~]# apt update
[root@k8s-master01 ~]# apt install -y apt-transport-https curl
[root@k8s-master01 ~]# curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
[root@k8s-master01 ~]#cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
 deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
 EOF


#更新仓库并安装
[root@k8s-master01 ~]# apt update 
[root@k8s-master01 ~]# apt install -y kubelet kubeadm kubectl

#注意:先不要启动,只是设置开机自启动
[root@k8s-master01 ~]# systemctl enable kubelet

#确定kubeadm等程序文件的版本
[root@k8s-master01 ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.3", GitCommit:"434bfd82814af038ad94d62ebe59b133fcb50506", GitTreeState:"clean", BuildDate:"2022-10-12T10:55:36Z", GoVersion:"go1.19.2", Compiler:"gc", Platform:"linux/amd64"}

5、整合kubelet和cri-dockerd

5-1、配置cri-dockerd
#所有节点执行:

[root@k8s-master01 ~]# vim /usr/lib/systemd/system/cri-docker.service

#ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://
ExecStart=/usr/bin/cri-dockerd --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d



#说明:
需要添加的各配置参数(各参数的值要与系统部署的CNI插件的实际路径相对应):
	--network-plugin:指定网络插件规范的类型,这里要使用CNI;
	--cni-bin-dir:指定CNI插件二进制程序文件的搜索目录;
	--cni-cache-dir:CNI插件使用的缓存目录;
	--cni-conf-dir:CNI插件加载配置文件的目录;
配置完成后,重载并重启cri-docker.service服务。

[root@k8s-master01 ~]# systemctl daemon-reload && systemctl restart cri-docker.service
[root@k8s-master01 ~]# systemctl status cri-docker

5-2、配置kubelet
#所有节点执行:

#配置kubelet,为其指定cri-dockerd在本地打开的Unix Sock文件的路径,该路径一般默认为“/run/cri-dockerd.sock“
[root@k8s-master01 ~]# mkdir /etc/sysconfig
[root@k8s-master01 ~]# vim /etc/sysconfig/kubelet
KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/run/cri-dockerd.sock"
[root@k8s-master01 ~]# cat /etc/sysconfig/kubelet
KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/run/cri-dockerd.sock"

#说明:该配置也可不进行,而是直接在后面的各kubeadm命令上使用“--cri-socket unix:///run/cri-dockerd.sock”选项

6、初始化第一个主节点

#第一个主节点执行:

#列出k8s所需要的镜像
[root@k8s-master01 ~]# kubeadm config images list
registry.k8s.io/kube-apiserver:v1.25.3
registry.k8s.io/kube-controller-manager:v1.25.3
registry.k8s.io/kube-scheduler:v1.25.3
registry.k8s.io/kube-proxy:v1.25.3
registry.k8s.io/pause:3.8
registry.k8s.io/etcd:3.5.4-0
registry.k8s.io/coredns/coredns:v1.9.3

#使用阿里云拉取所需镜像
[root@k8s-master01 ~]# kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers --cri-socket unix:///run/cri-dockerd.sock

[root@k8s-master01 ~]# docker images
REPOSITORY                                                        TAG       IMAGE ID       CREATED     
registry.aliyuncs.com/google_containers/kube-apiserver            v1.25.3   0346dbd74bcb   3 weeks ago 
registry.aliyuncs.com/google_containers/kube-scheduler            v1.25.3   6d23ec0e8b87   3 weeks ago 
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.25.3   603999231275   3 weeks ago 
registry.aliyuncs.com/google_containers/kube-proxy                v1.25.3   beaaf00edd38   3 weeks ago 
registry.aliyuncs.com/google_containers/pause                     3.8       4873874c08ef   4 months ago
registry.aliyuncs.com/google_containers/etcd                      3.5.4-0   a8a176a5d5d6   5 months ago
registry.aliyuncs.com/google_containers/coredns                   v1.9.3    5185b96f0bec   5 months ago

[root@k8s-master01 ~]# kubeadm init --control-plane-endpoint="kubeapi.666.com" --kubernetes-version=v1.25.3 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --token-ttl=0 --cri-socket unix:///run/cri-dockerd.sock --upload-certs --image-repository registry.aliyuncs.com/google_containers

#如提示以下信息,代表初始化完成,请记录信息,以便后续使用:
.....

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join kubeapi.666.com:6443 --token s800nl.dtylo6tpgghpre7p \
	--discovery-token-ca-cert-hash sha256:a13ee9d0212edbd255fe0c5929186725b217a650f0b04ba75c6a1d6e67576aea \
	--control-plane --certificate-key 185090182962d3e322ff37a902734bfdd769e8e6e82d796bc882d0b1967c9886

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join kubeapi.666.com:6443 --token s800nl.dtylo6tpgghpre7p \
	--discovery-token-ca-cert-hash sha256:a13ee9d0212edbd255fe0c5929186725b217a650f0b04ba75c6a1d6e67576aea 

[root@k8s-master01 ~]#  mkdir -p $HOME/.kube
[root@k8s-master01 ~]#  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master01 ~]#  sudo chown $(id -u):$(id -g) $HOME/.kube/config

#如果初始化报如下错误:
Error getting node" err="node \"k8s-master01\" not found

#1、在cri-docker.service文件指定下pause版本:
[root@k8s-master01 ~]# vim /usr/lib/systemd/system/cri-docker.service
ExecStart=/usr/bin/cri-dockerd --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d
#2、重启服务:
systemctl daemon-reload
systemctl restart cri-docker.service

#3、重置集群:
kubeadm reset --cri-socket unix:///run/cri-dockerd.sock && rm -rf /etc/kubernetes/ /var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni /etc/cni/net.d

7、部署网络插件

#所有节点执行:
#下载链接:
https://github.com/flannel-io/flannel/releases

[root@k8s-master01 ~]# cp flanneld-amd64 /opt/bin/flanneld
[root@k8s-master01 ~]# chmod +x /opt/bin/flanneld
[root@k8s-master01 ~]# ll /opt/bin/flanneld
-rwxr-xr-x 1 root root 39358256 11月  4 22:46 /opt/bin/flanneld*


#第一个主节点执行:
#部署kube-flannel
[root@k8s-master01 ~]# kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml 
namespace/kube-flannel created clusterrole.rbac.authorization.k8s.io/flannel created clusterrolebinding.rbac.authorization.k8s.io/flannel 
created serviceaccount/flannel created 
configmap/kube-flannel-cfg created 
daemonset.apps/kube-flannel-ds created

#确认Pod的状态为“Running”
[root@k8s-master01 ~]# kubectl get pods -n kube-flannel
NAME                    READY   STATUS    RESTARTS   AGE
kube-flannel-ds-9bkgl   1/1     Running   0          50s

#此时,k8s-master01已经就绪
[root@k8s-master01 ~]# kubectl get nodes
NAME           STATUS   ROLES           AGE   VERSION
k8s-master01   Ready    control-plane   20m   v1.25.3
[root@master1 ~]# kubectl get nodes	#查看节点信息
NAME      STATUS   ROLES           AGE   VERSION
master1   Ready    control-plane   11m   v1.25.3

8、添加其他节点到集群中

#k8s-master02和k8s-master03执行:
#k8s-master02和k8s-master03加入集群
[root@k8s-master02 ~]# kubeadm join kubeapi.666.com:6443 --token s800nl.dtylo6tpgghpre7p --discovery-token-ca-cert-hash sha256:a13ee9d0212edbd255fe0c5929186725b217a650f0b04ba75c6a1d6e67576aea --control-plane --certificate-key 185090182962d3e322ff37a902734bfdd769e8e6e82d796bc882d0b1967c9886 --cri-socket unix:///run/cri-dockerd.sock

#注意,命令需要加上--cri-socket unix:///run/cri-dockerd.sock
#k8s-node01、k8s-node02、k8s-node03执行
#node节点加入集群

[root@k8s-node01 ~]# kubeadm join kubeapi.666.com:6443 --token s800nl.dtylo6tpgghpre7p --discovery-token-ca-cert-hash sha256:a13ee9d0212edbd255fe0c5929186725b217a650f0b04ba75c6a1d6e67576aea --cri-socket unix:///run/cri-dockerd.sock

#注意,命令需要加上--cri-socket unix:///run/cri-dockerd.sock
#第一节点验证节点添加结果

[root@k8s-master01 ~]#kubectl get nodes
NAME           STATUS   ROLES           AGE     VERSION
k8s-master01   Ready    control-plane   25m     v1.25.3
k8s-master02   Ready    control-plane   10m     v1.25.3
k8s-master03   Ready    control-plane   8m41s   v1.25.3
k8s-node01     Ready    <none>          6m54s   v1.25.3
k8s-node02     Ready    <none>          6m31s   v1.25.3
k8s-node03     Ready    <none>          6m5s    v1.25.3

9、部署nginx测试

[root@k8s-master01 ~]#kubectl create deployment nginx --image nginx:alpine --replicas=3
deployment.apps/nginx created

[root@k8s-master01 ~]#kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-55f494c486-4js9n   1/1     Running   0          58s
nginx-55f494c486-fsgxq   1/1     Running   0          58s
nginx-55f494c486-z2gzv   1/1     Running   0          58s

[root@k8s-master01 ~]#kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE     IP           NODE         NOMINATED NODE   READINESS GATES
nginx-55f494c486-4js9n   1/1     Running   0          4m31s   10.244.3.2   k8s-node01   <none>           <none>
nginx-55f494c486-fsgxq   1/1     Running   0          4m31s   10.244.4.2   k8s-node02   <none>           <none>
nginx-55f494c486-z2gzv   1/1     Running   0          4m31s   10.244.5.2   k8s-node03   <none>           <none>

[root@k8s-master01 ~]#curl 10.244.4.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.com/">nginx.com</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>


#删除pod,自动拉起
[root@k8s-master01 ~]#kubectl delete pods nginx-55f494c486-fsgxq
pod "nginx-55f494c486-fsgxq" deleted

[root@k8s-master01 ~]#kubectl get pods -owide
NAME                     READY   STATUS    RESTARTS   AGE   IP           NODE         NOMINATED NODE   READINESS GATES
nginx-55f494c486-4js9n   1/1     Running   0          11m   10.244.3.2   k8s-node01   <none>           <none>
nginx-55f494c486-xqcph   1/1     Running   0          16s   10.244.4.3   k8s-node02   <none>           <none>
nginx-55f494c486-z2gzv   1/1     Running   0          11m   10.244.5.2   k8s-node03   <none>           <none>


[root@k8s-master01 ~]#kubectl create service nodeport nginx --tcp=80:80
service/nginx created

[root@k8s-master01 ~]#kubectl get svc 
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        89m
nginx        NodePort    10.103.151.47   <none>        80:31901/TCP   18s
[root@k8s-master01 ~]#curl 10.103.151.47
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.com/">nginx.com</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

#外部访问任意node几点ip加端口(注意,随机产生)都可以访问

标签:cri,kubernetes,--,com,master01,dockerd,docker,k8s,root
From: https://www.cnblogs.com/gy001/p/16867366.html

相关文章

  • 搭建一个小巧完备的K8S环境(chrono《kubernetes入门实战课》笔记整理)
     【概念说明】kubernetes,因为k和s之间,有8个字母,所以通常又称为K8S。用来对容器进行调度和管理的,即用来对容器进行编排的。如果只有简单的几个镜像,确实不需要k8s,但是如果......
  • Docker安装Redis
    1.Docker安装Redis方案一:使用docker拉取镜像1、查找DockerHub上的redis镜像dockersearchredis2、拉取官方的镜像,标签为3.2(先创建redis文件夹)dockerpullredis:3.2......
  • docker-compose部署elasticsearch集群
    一、准备基础镜像dockerpullelasticsearch:7.3.2二、dockerfile(Dockerfile-elasticsearch),为了保护原生的镜像FROMelasticsearch:7.3.2MAINTAINERlili......
  • Docker 安装 nginx 并启动容器
    docker拉取Nginx镜像dockerpullnginx:latest拉取完成查看:dockerimages准备工作先在主机创建工作文件夹,为了挂载配置和静态文件的访问使用#启动一个容器docker......
  • docker mysql slave 运行
    dockerrun\--name=mysql8.0\--hostname=988da3c35887\--env=MYSQL_ROOT_PASSWORD=123456\--env=PATH=/usr/local/sbin:/usr/loc......
  • Docker安装
    Ubuntu安装Docker1、sudoapt-getupdate2、sudoapt-getinstall\ca-certificates\curl\gnupg\lsb-release3、sudomkdir-p/etc/apt/......
  • 树莓派安装docker下载portainer下载失败问题(使用阿里云镜像加速)
    pi@raspberrypi:~$sudodockerpullportainer/portainerUsingdefaulttag:latestlatest:Pullingfromportainer/portainer772227786281:Downloading1.369kB/......
  • Docker容器实战十四:Docker Compose介绍
    在前面的介绍中我们都是以单个容器为例来进行演示。但在实际的生产环境中,一个应用往往会有多个组件,并分别运行在不同的容器。在这种多容器的场景下,使用Docker客户端进行管理......
  • Docker 安装 ping telnet vim curl ifconfig
    官方nginx镜像只有个nginx,调试时不方便因此在dokcernginx的容器中安装 pingtelnetvimcurlifconfig几个工具很有必要1、在一台可以访问外网的宿主机运行docker......
  • docker基本命令
    1.docker的启动,停止,开机启动,重启。1.1查看docker的状态 systemctlstatusdocker 1.2启动dockersystemctlstartdocker(centos7.x的命令)servicedockerstar......