ubuntu 20.04.3 LTS 安装 k8s 1.24.3
ubuntu 20.04.3 LTS 安装 k8s 1.24.3
要求
vmware虚拟机,已关闭防火墙
虚拟机可以连外网
参考官方安装说明:https://kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#verify-mac-address
设置主机名
# 设置主机名
hostnamectl set-hostname <hostname>
# 查看主机名
hostname
禁用swap交换分区
# 临时关闭
swapoff -a
# 永久关闭
用vi修改/etc/fstab文件,在swap分区这行前加 # 禁用掉,保存退出
# 重新启动电脑,使用free -m查看分区状态
允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
安装docker容器
请遵照 docker网站 步骤安装
Set up the repository
-
Update the
apt
package index and install packages to allowapt
to use a repository over HTTPS:$ sudo apt-get update $ sudo apt-get install \ ca-certificates \ curl \ gnupg \ lsb-release
-
Add Docker’s official GPG key:
$ sudo mkdir -p /etc/apt/keyrings $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-
Use the following command to set up the repository:
$ echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Install Docker Engine
-
Update the
apt
package index, and install the latest version of Docker Engine, containerd, and Docker Compose, or go to the next step to install a specific version:$ sudo apt-get update $ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin
Receiving a GPG error when running
apt-get update
?Your default umask may not be set correctly, causing the public key file for the repo to not be detected. Run the following command and then try to update your repo again:
sudo chmod a+r /etc/apt/keyrings/docker.gpg
. -
To install a specific version of Docker Engine, list the available versions in the repo, then select and install:
a. List the versions available in your repo:
$ apt-cache madison docker-ce docker-ce | 5:20.10.16~3-0~ubuntu-jammy | https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages docker-ce | 5:20.10.15~3-0~ubuntu-jammy | https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages docker-ce | 5:20.10.14~3-0~ubuntu-jammy | https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages docker-ce | 5:20.10.13~3-0~ubuntu-jammy | https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages
b. Install a specific version using the version string from the second column, for example,
5:20.10.16~3-0~ubuntu-jammy
.$ sudo apt-get install docker-ce=<VERSION_STRING> docker-ce-cli=<VERSION_STRING> containerd.io docker-compose-plugin
-
Verify that Docker Engine is installed correctly by running the
hello-world
image.$ sudo docker run hello-world
docker配置
kubernetes默认设置cgroup驱动(cgroupdriver)为"systemd",而docker服务的cgroup驱动默认为"cgroupfs",要将其修改为"systemd",与kubernetes保持一致,可以通过修改docker的/etc/docker/daemon.js文件进行设置
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://1e60esib.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
}
}
EOF
systemctl daemon-reload
systemctl restart docker
# 查看docker配置信息,有一行显示 Cgroup Driver: systemd
docker info
安装容器进行时
这一步安装 cri-dockerd 是根据官网的说明安装的,可能不是必须,网上其他的博客都没有这一步。我是先在master里安装了,node里不安装的话在最后join时失败,只能也安装上。我不确定如果master和node都不安装是否可以正常 init 和 join
为了在 Pod 中运行容器,Kubernetes 使用 容器运行时(Container Runtime)。
默认情况下,Kubernetes 使用 容器运行时接口(Container Runtime Interface,CRI) 来与你所选择的容器运行时交互。
如果你不指定运行时,kubeadm 会自动尝试通过扫描已知的端点列表来检测已安装的容器运行时。
如果检测到有多个或者没有容器运行时,kubeadm 将抛出一个错误并要求你指定一个想要使用的运行时。
Docker Engine 没有实现 CRI,而这是容器运行时在 Kubernetes 中工作所需要的。 为此,必须安装一个额外的服务 cri-dockerd。 cri-dockerd 是一个基于传统的内置Docker引擎支持的项目,它在 1.24 版本从 kubelet 中移除。
按照 cri-dockerd 的说明安装
1. git clone https://github.com/Mirantis/cri-dockerd.git
2. 安装go
wget https://storage.googleapis.com/golang/getgo/installer_linux
chmod +x ./installer_linux
./installer_linux
source ~/.bash_profile
3. 安装
cd cri-dockerd
mkdir bin
# go get && go build -o bin/cri-dockerd 这个命令会卡很久 耐心等待
go get && go build -o bin/cri-dockerd
mkdir -p /usr/local/bin
install -o root -g root -m 0755 bin/cri-dockerd /usr/local/bin/cri-dockerd
cp -a packaging/systemd/* /etc/systemd/system
sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service
systemctl daemon-reload
systemctl enable cri-docker.service
systemctl enable --now cri-docker.socket
安装 kubeadm、kubelet 和 kubectl
-
更新
apt
包索引并安装使用 Kubernetesapt
仓库所需要的包:sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates curl
-
下载 Google Cloud 公开签名秘钥:
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
-
添加 Kubernetes
apt
仓库:echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
-
更新
apt
包索引,安装 kubelet、kubeadm 和 kubectl,并锁定其版本:sudo apt-get update sudo apt-get install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl
master节点和node节点通用操作结束
初始化 master(控制平面节点)
只在master节点执行初始化
kubeadm init \
--apiserver-advertise-address= <你的ip地址> \
--image-repository registry.aliyuncs.com/google_containers \
--pod-network-cidr=10.244.0.0/16 \
--cri-socket /run/cri-dockerd.sock
–cri-socket 这个参数是因为上面安装了 cri-dockerd 后必须指定的,后面的 join 命令也带有这个参数。详细请查看官网-安装容器运行时
执行成功后会看到
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a Pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
/docs/concepts/cluster-administration/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>
记录 kubeadm init
输出的 kubeadm join
命令
如果执行要再次运行 kubeadm init
,你必须首先重置 kubeadm
安装的状态
kubeadm reset
要使非 root 用户可以运行 kubectl,请运行以下命令, 它们也是 kubeadm init
输出的一部分:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
加入节点
在node节点执行
kubeadm join 192.168.186.132:6443 --token 9s2tmv.hw9mm0ghoa8q3xng \
--discovery-token-ca-cert-hash sha256:8c6cf8636a486c26d24efe340cb50cf91b78871e1d8f43e28890101a35bb93ab \
--cri-socket unix:///var/run/cri-dockerd.sock
在master节点查看管理的节点
kubectl get node
更多推荐
所有评论(0)