K8S 1.25版本搭建实战
0.内核更新#reboot#挂载bpf###1.yum更新###2.关闭selinux 、 firewalld 以及 Swap分区。
#0.内核更新
yum -y install wget
wget https://mirrors.nju.edu.cn/elrepo/kernel/el7/x86_64/RPMS/kernel-lt-5.4.228-1.el7.elrepo.x86_64.rpm
rpm -ivh kernel-lt-5.4.228-1.el7.elrepo.x86_64.rpm
cat /boot/grub2/grub.cfg | grep menuentry
grub2-set-default ‘CentOS Linux (5.4.228-1.el7.elrepo.x86_64) 7 (Core)’
grub2-editenv list
grub2-mkconfig -o /boot/grub2/grub.cfg
#reboot
#挂载bpf
mount bpffs -t bpf /sys/fs/bpf
###1.yum更新
yum install update -y
yum install lrzsz -y
yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp
###2.关闭selinux 、 firewalld 以及 Swap分区
查看 selinux 状态
sestatus
临时关闭 selinux
setenforce 0
永久关闭 selinux
sed -i s#SELINUX=enforcing#SELINUX=disabled# /etc/selinux/config
永久关闭 firewalld
systemctl disable firewalld.service
关闭swap
swapoff -a # 临时
sed -ri ‘s/.swap./#&/’ /etc/fstab # 永久
###3.设置主机名以及添加hosts
根据规划设置主机名
#hostnamectl set-hostname
在master添加hosts
cat >> /etc/hosts << EOF
192.168.1.15 n15 y15 master
192.168.1.20 n20 y20
192.168.1.50 n50 y50
192.168.1.51 n51 y51
EOF
时间同步
#date -s “2023-01-04 12:00:00”
yum install ntpdate -y
ntpdate time.windows.com
###4.进行安装
安装依赖包
yum install -y yum-utils
添加Docker软件包源
yum-config-manager
–add-repo
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装Docker CE
yum install -y docker-ce
systemctl start docker
systemctl enable docker
###5.安装docker
cat > /etc/docker/daemon.json <<EOF
{
“registry-mirrors”: [“https://glk5eos6.mirror.aliyuncs.com”],
“exec-opts”: [“native.cgroupdriver=systemd”],
“log-driver”: “json-file”,
“log-opts”: {“max-size”:“500m”, “max-file”:“3”}
}
EOF
###6.配置iptables的ACCEPT规则
iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
###7.调整内核参数
将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system # 生效
#cri-docker安装
yum -y install wget
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.2.6/cri-dockerd-0.2.6.amd64.tgz
tar -xf cri-dockerd-0.2.6.amd64.tgz
cp cri-dockerd/cri-dockerd /usr/bin/
chmod +x /usr/bin/cri-dockerd
cat <<“EOF” > /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
cat <<“EOF” > /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
systemctl daemon-reload
systemctl enable cri-docker --now
systemctl is-active cri-docker
#sed -i ‘s/disabled_plugins/#disabled_plugins/g’ /etc/containerd/config.toml
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum install -y kubelet-1.25.3 kubeadm-1.25.3 kubectl-1.25.3
设置开机启动
systemctl enable kubelet
cat << EOF > /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS=“–cgroup-driver=systemd”
EOF
wget http://customproject.oss-cn-shanghai.aliyuncs.com/back_up/crictl-v1.25.0-linux-amd64.tar.gz
tar zxvf crictl-v1.25.0-linux-amd64.tar.gz -C /usr/bin/
crictl config runtime-endpoint unix:///var/run/cri-dockerd.sock
#########################################################################
查看要拉取那些镜像
kubeadm config images list
拉取镜像
kubeadm config images pull
###############################################################################
###编辑install.sh(可能可以跳过)
vi install.sh
k8slen=$(echo “registry.k8s.io/” | wc -L)
for file in $(kubeadm config images list)
do
# file 示例 registry.k8s.io/kube-apiserver:v1.25.4
# ${file: KaTeX parse error: Expected 'EOF', got '}' at position 9: {k8slen}}̲ 示例:kube-apiser…{file: KaTeX parse error: Expected 'EOF', got '}' at position 9: {k8slen}}̲ #打上标签 docker…{file: ${k8slen}} KaTeX parse error: Expected 'EOF', got '#' at position 9: {file} #̲删除之前镜像 docker …{file: ${k8slen}}
done
###############################################################################
kubeadm init
–apiserver-bind-port=6445
–control-plane-endpoint=master
–apiserver-advertise-address=192.168.1.15
–apiserver-cert-extra-sans=填写访问集群的IP
–apiserver-cert-extra-sans=填写访问集群的IP
–image-repository=registry.aliyuncs.com/google_containers
–kubernetes-version=v1.25.3
–pod-network-cidr=10.244.0.0/16
–cri-socket /var/run/cri-dockerd.sock
–token-ttl=0
###############################################################################
kubeadm join master:6445 --token 7dy8dd.m7532sd3dsnnt2ve
–discovery-token-ca-cert-hash sha256:479eac8f4cf9131be4d7b648ef56afb817d3e73776933d9f363de81469474d61
–control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join master:6445 --token 7dy8dd.m7532sd3dsnnt2ve
–discovery-token-ca-cert-hash sha256:479eac8f4cf9131be4d7b648ef56afb817d3e73776933d9f363de81469474d61
###!注意加上这个 --cri-socket unix:///var/run/cri-dockerd.sock
kubeadm join master:6445 --token 7dy8dd.m7532sd3dsnnt2ve
–discovery-token-ca-cert-hash sha256:479eac8f4cf9131be4d7b648ef56afb817d3e73776933d9f363de81469474d61 --cri-socket unix:///var/run/cri-dockerd.sock
###############################################################################
kubeadm join master:6445 --token 873z6g.ydehuj3sovao07vu
–discovery-token-ca-cert-hash sha256:650384264168000a4cb266191caa495286937b70005970ab1ae128d98e2fdcb5
–control-plane
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join master:6445 --token 873z6g.ydehuj3sovao07vu
–discovery-token-ca-cert-hash sha256:650384264168000a4cb266191caa495286937b70005970ab1ae128d98e2fdcb5 --cri-socket unix:///var/run/cri-dockerd.sock
###############################################################################
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown
(
i
d
−
u
)
:
(id -u):
(id−u):(id -g) $HOME/.kube/config
###flannel
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
###calico
wget https://docs.projectcalico.org/manifests/calico.yaml --no-check-certificate
kubectl apply -f calico.yaml
###############################################################################
###切换 Containerd
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
###vi /etc/containerd/config.toml
sed -i ‘s/SystemdCgroup = false/SystemdCgroup = true/g’ /etc/containerdconfig.toml
sed -i ‘s/sandbox_image = “registry.k8s.io/pause:3.6”/sandbox_image = “registry.aliyuncs.com/google_containers/pause:3.2”/g’ /etc/containerd/config.toml
sed -i “/[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors/a\ [plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“docker.io”]” /etc/containerd/config.toml
sed -i “/[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“docker.io”]/a\ endpoiznt = [“https://b9pmyelo.mirror.aliyuncs.com”]” /etc/containerd/config.toml
[plugins.“io.containerd.grpc.v1.cri”]
sandbox_image = “registry.aliyuncs.com/google_containers/pause:3.2”
…
[plugins.“io.containerd.grpc.v1.cri”.containerd.runtimes.runc.options]
SystemdCgroup = true
…
[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“docker.io”]
endpoint = [“https://b9pmyelo.mirror.aliyuncs.com”]
systemctl restart containerd
###vi /etc/sysconfig/kubelet
cat > /etc/sysconfig/kubelet <<EOF
KUBELET_EXTRA_ARGS=–container-runtime=remote --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock --cgroup-driver=systemd
EOF
systemctl restart kubelet
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
###回主节点观察效果
kubectl get nodes -o wide
###禁止removeselflink(nacos用)(1.25版本后不支持)
#sed -i ‘/- --allow-privileged=true/a\ - --feature-gates=RemoveSelfLink=false’ /etc/kubernetes/manifests/kube-apiserver.yaml
###添加端口1-65536
sed -i ‘/- --allow-privileged=true/a\ - --service-node-port-range=1-65535’ /etc/kubernetes/manifests/kube-apiserver.yaml
###################################################################################################
#切回docker
cat << EOF > /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS=“–cgroup-driver=systemd”
EOF
crictl config runtime-endpoint unix:///var/run/cri-dockerd.sock
systemctl restart kubelet
更多推荐
所有评论(0)