kubernetes部署是一个繁琐的过程,当然也可以使用第三方安装工具一键安装,但这不利于部署过程学习和自定义性,并且第三方工具或多或少都会有入侵性
容器运行时选择
选择一:Containerd k8s1.24后默认支持的容器运行时
选择二:dockerd 通用容器引擎
选择部署dockerd
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
dnf install docker-ce docker-ce-cli containerd.io -y
配置docker与加速器
cat >/etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["http://docker.m.daocloud.io","https://docker.1ms.run"],
"exec-opts":["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF启动docker
systemctl enable --now docker && systemctl status docker
cri-docker的安装部署
从1.24版本开始后弃用了docker-shim所以默认不再支持docker引擎,需要cri-dockerd适配器将Docker Engine与Kubernetes集成
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.17/cri-dockerd-0.3.17.amd64.tgz
tar zxvf cri-dockerd-0.3.17.amd64.tgz
mv cri-dockerd/cri-dockerd /usr/local/bin/
写入启动cri-docker配置文件
cat > /usr/lib/systemd/system/cri-docker.service <<EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=docker.service
[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF写入cri-docker的socket配置文件
cat > /usr/lib/systemd/system/cri-docker.socket <<EOF
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF启动cri-docker
systemctl daemon-reload
systemctl enable --now cri-docker.service
systemctl status cri-docker.service
检查:
ps -ef | grep cri-docker
ls -al /var/run/cri-dockerd.sock
unix:///var/run/cri-dockerd.sock 默认CRI 套接字路径
kubectl、kubeadm、kubelet部署
查询可安装版本
yum list kubeadm --showduplicates --disableexcludes=kubernetes | sort -r
安装kubectl、kubeadm、kubelet
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
或指定版本安装:yum install kubeadm-1.32.5-0 kubelet-1.32.5-0 kubectl-1.32.5-0 -y
kubelet启动并设置开机自启
systemctl enable --now kubelet && systemctl status kubelet
强配置kubelet使用的cgroup与docker一致(可选)
vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
k8s集群初始化配置(主master节点m181执行)
生成配置kubeadm-init文件(主要做参考)
kubeadm config print init-defaults > kubeadm-init.yaml
或者:
kubeadm config print init-defaults --component-configs KubeletConfiguration > kubeadm-init.yaml 带kubelet配置(可选)
配置kubeadm-init文件
cat > kubeadm-init.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.2.16.181
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/cri-dockerd.sock
imagePullPolicy: IfNotPresent
imagePullSerial: true
name: m181
taints: null
timeouts:
controlPlaneComponentHealthCheck: 4m0s
discovery: 5m0s
etcdAPICall: 2m0s
kubeletHealthCheck: 4m0s
kubernetesAPICall: 1m0s
tlsBootstrap: 5m0s
upgradeManifests: 5m0s
---
apiServer:
certSANs:
certSANs:
- "127.0.0.1"
- "10.2.16.181"
- "10.2.16.182"
- "10.2.16.183"
- "10.2.16.180"
- "mvip"
- "m180"
- "m181"
- "m182"
- "m183"
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 87600h0m0s
certificateValidityPeriod: 8760h0m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
encryptionAlgorithm: RSA-2048
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.32.5
networking:
dnsDomain: cluster.local
serviceSubnet: 10.2.26.0/24
podSubnet: 10.244.0.0/16
proxy: {}
scheduler: {}
controlPlaneEndpoint: "10.2.16.180:16443"
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
EOF预初始化init
预初始化有利于检查配置文件是否有错误及拉取代码是否正常
kubeadm init --config kubeadm-init.yaml --dry-run
参考链接: https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/
初始化k8s集群环境
kubeadm init --config kubeadm-init.yaml
或者 kubeadm init --upload-certs --config kubeadm-init.yaml --v=5 完整命令带详情
配置kubectl的kubeconfig
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
或者,如果您是root用户,您可以运行:
export KUBECONFIG=/etc/kubernetes/admin.conf
查询相关信息 (可选)
kubectl get nodes -o wide
另外两个master加入集群
从m181复制密钥及相关文件到m182、m183
ssh root@m182 mkdir -p /etc/kubernetes/pki/etcd
scp /etc/kubernetes/admin.conf root@m182:/etc/kubernetes
scp /etc/kubernetes/pki/{ca.*,sa.*,front-proxy-ca.*} root@m182:/etc/kubernetes/pki
scp /etc/kubernetes/pki/etcd/ca.* root@m182:/etc/kubernetes/pki/etcd
ssh root@m183 mkdir -p /etc/kubernetes/pki/etcd
scp /etc/kubernetes/admin.conf root@m183:/etc/kubernetes
scp /etc/kubernetes/pki/{ca.*,sa.*,front-proxy-ca.*} root@m183:/etc/kubernetes/pki
scp /etc/kubernetes/pki/etcd/ca.* root@m183:/etc/kubernetes/pki/etcdm182加入集群(m182上操作)
kubeadm join 10.2.16.180:16443 --cri-socket=unix:///var/run/cri-dockerd.sock --token 5yyioh.42cwfm41m9yprvd7 \
--discovery-token-ca-cert-hash sha256:a94235398b85de52f7ca50860429593da18dbed763a956c56b3ca0de18bc36ad --control-plane
使用dockerd容器运行时,注意必须加上:--cri-socket参数来指定容器运行时,否则报错,master节点与work节点都要加
因为不填写默认是containerd.sock,这里指定用cri-dockerd.sock
配置m182节点kubectl的kubeconfig
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
m183加入集群(m183上操作)
kubeadm join 10.2.16.180:16443 --cri-socket=unix:///var/run/cri-dockerd.sock --token 5yyioh.42cwfm41m9yprvd7 \
--discovery-token-ca-cert-hash sha256:a94235398b85de52f7ca50860429593da18dbed763a956c56b3ca0de18bc36ad --control-plane
配置m183节点kubectl的kubeconfig
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
查看集群中的master节点
work各节点加入集群(所有工作节点操作)
kubeadm join 10.2.16.180:16443 --cri-socket=unix:///var/run/cri-dockerd.sock --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:a94235398b85de52f7ca50860429593da18dbed763a956c56b3ca0de18bc36ad
查看集群状态
NotReady是因为没有配置网络插件,影响的还有DNS Pod等
评论 (0)