k8s 1.26.3 安装--使用containerd
三台机器。
机器准备(或虚拟机)
三台机器
一、环境准备
1、三台机器分别设置主机名
hostnamectl set-hostname master
hostnamectl set-hostname node2
hostnamectl set-hostname node2
2、配置本地dns(修改为自己ip,三台机器都需要配置)
vim /etc/hosts
192.168.22.101 master
192.168.22.102 node2
192.168.22.102 node2
3、时间同步(三台)
yum install -y ntpdate
ntpdate ntp1.aliyun.com
4、关闭防火墙(三台)
systemctl stop firewalld
systemctl disable firewalld
5、关闭selinux(三台)
#重启后生效
sed -i 's/enforcing/disabled/' /etc/selinux/config
6、禁用swap(三台)
#只是临时禁用
swapoff -a
#永久禁用(命令方式)
sed -ri 's/.*swap.*/#&/' /etc/fstab
或直接修改/etc/fstab,将swap行注释 # 永久禁用
二、安装容器运行时
k8s使用containerd
1、需要containerd
2、需要runc环境
3、需要cni网络接口
注:containerd默认不会自带runc(真正创建容器的程序),所以需要安装runc程序,以及cni网络插件(容器之间网络通信所需)。
1)containerd安装
1、下载压缩包
进入gihub下载containerd压缩包
文档说明地址:https://github.com/containerd/containerd/blob/main/docs/getting-started.md
下载地址:https://github.com/containerd/containerd/releases , 选择自己的版本,本次选择1.6.20
2、解压到安装目录
tar Cxzvf /usr/local containerd-1.6.20-linux-amd64.tar.gz
3、下载服务文件containerd.service
下载地址:https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
然后复制到/usr/local/lib/systemd/system/containerd.service,
#或者直接复制以下内容到/usr/local/lib/systemd/system/containerd.service
#containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
#uncomment to enable the experimental sbservice (sandboxed) version of containerd/cri integration
#Environment="ENABLE_CRI_SANDBOXES=sandboxed"
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
4、修改containder配置文件
#生成Containerd配置文件
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
#3处配置修改:
1、修改沙箱镜像pause为国内镜像
sed -i "s#registry.k8s.io/pause#registry.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml
#2设置驱动为system
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
#3设置拉去镜像地址为aliyun镜像地址
sed -i '/\[plugins\."io\.containerd\.grpc\.v1\.cri"\.registry\.mirrors\]/a\ [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]\n endpoint = ["https://8aj710su.mirror.aliyuncs.com" ,"https://registry-1.docker.io"]' /etc/containerd/config.toml
5、启动
systemctl daemon-reload
systemctl enable --now containerd
2)runc安装
1、runc下载
地址:https://github.com/opencontainers/runc/releases,选择版本,本次选择1.3.0
2、安装runc
install -m 755 runc.amd64 /usr/local/sbin/runc
3)cni安装
1、下载cni压缩包
地址:https://github.com/containernetworking/plugins/releases ,
2、解压安装
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.3.0.tgz
三、k8s安装
1)配置iptables
转发 IPv4 并让 iptables 看到桥接流量配置
#配置cgroup
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
#设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
#应用 sysctl 参数而不重新启动
sudo sysctl --system
#通过运行以下指令确认 br_netfilter 和 overlay 模块被加载:
lsmod | grep br_netfilter
lsmod | grep overlay
#通过运行以下指令确认 net.bridge.bridge-nf-call-iptables、net.bridge.bridge-nf-call-ip6tables 和 net.ipv4.ip_forward 系统变量在你的 sysctl 配置中被设置为 1:
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
2)安装kubect、kubelet、kubeadm
1、下载kubect、kubelet、kubeadm
curl -LO https://dl.k8s.io/release/v1.26.3/bin/linux/amd64/kubectl
curl -LO https://dl.k8s.io/release/v1.26.3/bin/linux/amd64/kubelet
curl -LO https://dl.k8s.io/release/v1.26.3/bin/linux/amd64/kubeadm
2、安装到可运行目录
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
sudo install -o root -g root -m 0755 kubelet /usr/local/bin/kubelet
sudo install -o root -g root -m 0755 kubeadm /usr/local/bin/kubeadm
3、创建kubelet.service
复制到/usr/local/lib/systemd/system 目录
mkdir -p /usr/local/lib/systemd/system
vim /usr/local/lib/systemd/system/kubelet.service
kubelet.service文件写入以下内容。
#kubelet.service
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/local/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
4、创建配置文件10-kubeadm.conf
复制到/usr/local/lib/systemd/system/kubelet.service.d 目录
mkdir -p /usr/local/lib/systemd/system/kubelet.service.d
vim /usr/local/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
文件写入内容如下。
#10-kubeadm.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
#This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
#This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
#the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
5、启动kubelet
systemctl daemon-reload
systemctl enable kubelet
四、创建k8s集群
1、导出k集群启动默认配置文件
kubeadm config print init-defaults > init.yaml
2、修改inti.yaml文件
- 修改advertiseAddress: 192.168.22.101,为自己的master IP
- 修改name: master,为自己的主机名
- imageRepository: registry.aliyuncs.com/google_containers,修改国内镜像源
- 配置网络段
#serviceSubnet: 10.96.0.0/12
service-cidr: 10.96.0.0/12
pod-network-cidr: 10.244.0.0/16 - 修改kubelet使用systemd驱动
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.22.101
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: master
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.26.0
networking:
dnsDomain: cluster.local
# serviceSubnet: 10.96.0.0/12
service-cidr: 10.96.0.0/12
pod-network-cidr: 10.244.0.0/16
scheduler: {}
---
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd
【【卸载】】
kubeadm reset
systemctl disable kubelet
rm /usr/local/bin/kubelet
rm /usr/local/bin/kubectl
rm /usr/local/bin/kubeadm
rm /usr/local/lib/systemd/system/kubelet.service
rm -rf /usr/local/lib/systemd/system/kubelet.service.d
更多推荐
所有评论(0)