k8s1.26安装(kubeadm containerd)
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 永久关闭。再修改/etc/containerd/config.toml中的。配置containerd开机启动,并启动containerd。swapoff -a # 临时关闭;关闭swap主要是为了性能考虑。k8s-1、k8s-2、k8s3三台主机。setenf
·
环境背景:
k8s-1、k8s-2、k8s3三台主机,1台master节点 ,2台node节点
准备环境
修改主机名(3台分别修改主机名)
hostnamectl set-hostname k8s-1 hostnamectl set-hostname k8s-2 hostnamectl set-hostname k8s-3
防火墙关闭
systemctl stop firewalld systemctl disable firewalld
关闭selinux
setenforce 0 # 临时关闭 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config # 永久关闭
关闭swap
swapoff -a # 临时关闭;关闭swap主要是为了性能考虑 sed -ri 's/.*swap.*/#&/' /etc/fstab
free # 可以通过这个命令查看swap是否关闭了
添加主机名与IP对应的关系
vim /etc/hosts
192.168.2.250 k8s-1 192.168.2.251 k8s-2 192.168.2.251 k8s-3
时间同步
timedatectl set-timezone Asia/Shanghai yum install ntpdate -y ntpdate time.windows.com
将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
安装Contained
1、Contained、runc下载
wget https://github.com/containerd/containerd/releases/download/v1.7.0/cri-containerd-cni-1.7.0-linux-amd64.tar.gz
tar xvf cri-containerd-cni-1.7.0-linux-amd64.tar.gz -C /
wget https://github.com/opencontainers/runc/releases/download/v1.1.5/runc.amd64
scp runc.amd64 192.168.2.251:/usr/local/sbin/runc
scp runc.amd64 192.168.2.252:/usr/local/sbin/runc
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
修改前面生成的配置文件/etc/containerd/config.toml:
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
再修改/etc/containerd/config.toml中的
[plugins."io.containerd.grpc.v1.cri"]
...
# sandbox_image = "k8s.gcr.io/pause:3.6"
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"
配置containerd开机启动,并启动containerd
systemctl enable containerd --now
使用crictl测试一下,确保可以打印出版本信息并且没有错误信息输出:
crictl version
Version: 0.1.0
RuntimeName: containerd
RuntimeVersion: v1.7.0
RuntimeApiVersion: v1
安装kubeadm、kubelet、kubectl
配置kubernetes的yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
[root@k8s-1 ~]# yum install -y kubeadm kubelet kubectl
[root@k8s-1 ~]# kubeadm config print init-defaults --component-configs KubeletConfiguration > init.yaml
[root@k8s-1 ~]# cat init.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.2.250 #master节点IP地址
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock #containerd sock文件位置
imagePullPolicy: IfNotPresent
name: k8s-1 #master节点主机名
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.26.3
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12 #配置service地址网段
podSubnet: 10.244.0.0/16 #配置pod地址网段
scheduler: {}
---
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 0s
enabled: true
x509:
clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 0s
cacheUnauthorizedTTL: 0s
cgroupDriver: systemd
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local #配置域名
cpuManagerReconcilePeriod: 0s
evictionPressureTransitionPeriod: 0s
fileCheckFrequency: 0s
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 0s
imageMinimumGCAge: 0s
kind: KubeletConfiguration
logging:
flushFrequency: 0
options:
json:
infoBufferSize: "0"
verbosity: 0
memorySwap: {}
nodeStatusReportFrequency: 0s
nodeStatusUpdateFrequency: 0s
rotateCertificates: true
runtimeRequestTimeout: 0s
shutdownGracePeriod: 0s
shutdownGracePeriodCriticalPods: 0s
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 0s
syncFrequency: 0s
volumeStatsAggPeriod: 0s
正安装kubernetes
kubeadm init --config init.yaml
修改ipvs
yum -y install ipvsadm ipset
cat > /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules
source /etc/sysconfig/modules/ipvs.modules
kubectl edit -n kube-system cm kube-proxy
将mode: " "修改为mode: “ipvs”,:wq保存退出
重启kube-proxy pod 后生效
kubectl get pod -n kube-system |grep kube-proxy |awk '{system("kubectl delete pod "$1" -n kube-system")}'
calico网络插件安装
wget https://docs.projectcalico.org/v3.25/manifests/calico.yaml --no-check-certificate
kubectl apply -f calico.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/cloud/deploy.yaml
metrics-server安装
wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
- --kubelet-insecure-tls
image: registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server:v0.6.2
更多推荐
已为社区贡献2条内容
所有评论(0)