Centos9 部署 kubernetes 1.28.2
配置说明 Centos 9 Kubernetes 1.28.2 calico 3.28.0
注意事项:
Kubelet与Calico存在兼容问题 选择版本时要注意
在kuberneters1.24.0版本及以后,kuberneters底层已经不在使用docker做为底层支持服务,对于V1.24.0版本及以上版本的kuberneters环境中无需在部署docker环境,请安装containerd环境,但考虑到containerd镜像环境的不足,建议在其中某一台服务器中部署docker服务,便于底层镜像的拉取及变更。
环境规划
| 角色 | 主机名 | IP |
|---|---|---|
| master | k8s-master | 192.168.186.128 |
| node | k8s-node1 | 192.168.186.129 |
关闭防火墙、selinux 禁用 swap 分区
# 永久关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# 永久关闭selinux
sed -i 's/enforcing/disabled/g' /etc/selinux/config
# 关闭swap分区,重启生效
sed -ri 's/.*swap.*/#&/' /etc/fstab
# 查看防火墙状态
systemctl status firewalld | grep active
# 查看selinux状态
cat /etc/selinux/config | grep ^SELINUX
# 查看swap状态
cat /etc/fstab | grep swap
修改主机名
#修改主机名
hostnamectl set-hostname k8s-master
#使用cat命令将ip地址和主机名映射添加到hosts文件中
cat >> /etc/hosts << EOF
192.168.186.128 k8s-master
192.168.186.129 k8s-node1
EOF
# 将桥接的IPv4流量传递到iptables的链
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
# 生效
sysctl --system
安装 kubeadm、kubelet、kubectl 等组件
# 添加 Kubernetes 的 yum 源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 可根据如下命令来选择你想下载的k8s版本
yum list --showduplicates kubeadm --disableexcludes=kubernetes
# 安装k8s及其相应依赖包
yum install -y kubelet-1.28.2 kubeadm-1.28.2 kubectl-1.28.2
# 将其设置为开机自启
systemctl enable kubelet
安装 containerd
# 部署containerd依赖插件
yum -y install yum-utils device-mapper-persistent-data lvm2
# 添加docker-ce源地址
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 配置 containerd
cat >>/etc/modules-load.d/containerd.conf <<EOF
Overlay
br_netfilter
EOF
# 加载overlay模块
modprobe overlay
# 加载br_netfilter模块
modprobe br_netfilter
# 安装containerd
yum install containerd.io-1.7.22-3.1.el9.x86_64 -y
# 备份原始配置文件config.toml
cp /etc/containerd/config.toml /etc/containerd/config.toml.ori
# 生成containerd的默认配置
containerd config default > /etc/containerd/config.toml
# 使用systemd管理cgroups
sed -i '/SystemdCgroup/s/false/true/g' /etc/containerd/config.toml
# 配置sadnbox image
sed -i 's#sandbox_image = "registry.k8s.io/pause:3.8"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"#' /etc/containerd/config.toml
# 编辑/etc/containerd/config.toml文件,找到 [plugins.“io.containerd.grpc.v1.cri”.registry] 在下方添加
[root@k8s-master ~]# vi /etc/containerd/config.toml
config_path = "/etc/containerd/certs.d"
# 设置镜像源目录
mkdir -p /etc/containerd/certs.d/docker.io
cat>/etc/containerd/certs.d/docker.io/hosts.toml << EOF
server ="https://docker.io"
[host."https://dockerproxy.com"]
capabilities = ["pull","resolve"]
[host."https://docker.m.daocloud.io"]
capabilities = ["pull","resolve"]
[host."https://docker.chenby.cn"]
capabilities = ["pull","resolve"]
[host."https://registry.docker-cn.com"]
capabilities = ["pull","resolve" ]
[host."http://hub-mirror.c.163.com"]
capabilities = ["pull","resolve" ]
EOF
#containerd服务启动
systemctl start containerd.service
#containerd服务查看
systemctl status containerd.service
#containerd设置为开机自启动
systemctl enable containerd.service
#containerd服务重启
systemctl restart containerd
# 创建指定的工作需要的配置文件/etc/crictl.yaml
cat <<EOF | tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: true
EOF
# 验证crictl命令
crictl images
重启系统
reboot
注:以上服务全部服务器都要安装
Kuberneters集群初始化(只master)
kubeadm init \
--apiserver-advertise-address=192.168.186.128 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.28.2 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.224.0.0/16
mkdir -p $HOME/.kube && sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config && sudo chown $(id -u):$(id -g) $HOME/.kube/config
Kuberneters节点加入(只node)
# 获取token
kubeadm token create --print-join-command
# 加入集群
kubeadm join 192.168.186.128:6443 \
--token kie5df.s4r1kocecvqo16a9 --discovery-token-ca-cert-hash sha256:7f5a76f8a690e4e2f29bf7ab1a6f119c18da71cc0ca2d40ce9266125e324ed38
# 将Master节点上的"/etc/kubernetes/admin.conf"拷贝到Node上"/etc/kubernetes/"
scp /etc/kubernetes/admin.conf root@k8s-node1:/etc/kubernetes/
# 设置环境变量,在Node节点上执行
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profile && source ~/.bash_profile
添加calico网络(只master)
# 下载安装yaml
curl https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/calico.yaml -O
vi calico.yaml
# CLUSTER_TYPE 下方添加信息
- name: CLUSTER_TYPE
value: "k8s,bgp"
# 下方为新增内容 (ens160 为网卡名称 ip addr 查看自己网卡名替换)
- name: IP_AUTODETECTION_METHOD
value: "interface=ens160"
# 部署calico网络服务
kubectl apply -f calico.yaml
# 查看节点情况
kubectl get node -n kube-system
# 查看pod情况
kubectl get pod -n kube-system
# 查看pod详细
kubectl describe pod calico-node-49z8w -n kube-system
节点STATUS为Ready表示部署完成
如果pod状态为Init:ImagePullBackOff 表示拉取镜像失败 修改/etc/containerd/certs.d/docker.io/hosts.toml 镜像源地址 或 手动拉取镜像添加到containerd
验证安装
# 下载安装yaml
kubectl create deployment nginx --image=nginx
# 暴露端口
kubectl expose deployment nginx --port=80 --type=NodePort
# 查看 pod 以及服务信息
kubectl get pod,svc
其他命令
# 部署calico网络服务
kubectl apply -f calico.yaml
# 删除calico网络服务
kubectl delete -f calico.yaml
# 列出镜像
crictl images
#拉取镜像:
crictl pull nginx:latest
#删除镜像:
crictl rmi {镜像ID}
#查看容器镜像详细信息
crictl inspecti {镜像ID}
#查看pod
kubectl get pod -n kube-system
#查看pod详细
kubectl describe pod nginx-7854ff8877-2zsx2 -n kube-system
#删除pod
kubectl delete pod calico-node-6nj7q -n kube-system --force
参考文档
https://blog.csdn.net/zxcsd11/article/details/140839442 https://blog.csdn.net/yu33575/article/details/135387548