K8S1.25.2搭建（ubuntu2002）

deploy

发布日期: 2023-05-20

更新日期: 2024-03-05

文章字数: 1.9k

阅读时长: 9 分

阅读次数:

Kubernetes 是一个可移植、可扩展的开源平台，用于管理容器化的工作负载和服务，可促进声明式配置和自动化。 Kubernetes 拥有一个庞大且快速增长的生态，其服务、支持和工具的使用范围相当广泛。

Kubernetes这个名字源于希腊语，意为“舵手”或“飞行员”。k8s 这个缩写是因为 k 和 s 之间有八个字符的关系。 Google 在 2014 年开源了 Kubernetes 项目。

基础介绍

containerd简介

containerd是一个工业级标准的容器运行时，它强调简单性、健壮性和可移植性。containerd可以在宿主机中管理完整的容器生命周期，包括容器镜像的传输和存储、容器的执行和管理、存储和网络等。

Docker VS Containerd

containerd是从Docker中分离出来的一个项目，可以作为一个底层容器运行时，现在它成了Kubernete容器运行时更好的选择。

kubernetes为什么要弃用docker作为容器运行时，而选择contianerd呢？

如果你使用Docker作为K8S容器运行时的话，kubelet需要先要通过 dockershim 去调用Docker，再通过Docker去调用containerd。
如果你使用containerd作为K8S容器运行时的话，由于containerd内置了 CRI (Container Runtime Interface：容器运行时接口)插件，kubelet可以直接调用containerd。

环境准备

每台机器RAM至少2G，2CPU核或更多，每台机器保证可以正常访问公网

Hardware	System	hostname	IP	Cluster Version	Containerd Version
2V4G100G	Ubuntu20.04	k8s-master-node1	192.168.31.128/24	1.25.2	1.6.21
2V6G60G	Ubuntu20.04	k8s-worker-node1	192.168.31.129/24	1.25.2	1.6.21
2V6G60G	Ubuntu20.04	k8s-worker-node2	192.168.31.130/24	1.25.2	1.6.21

一、搭建前准备

关闭swap分区

root@k8s:~# swapoff  -a
root@k8s:~# sed -ri 's/.*swap.*/#&/' /etc/fstab
root@k8s:~# mount -a
root@k8s:~# free -h
              total        used        free      shared  buff/cache   available
Mem:          3.8Gi       1.2Gi       100Mi       8.0Mi       2.5Gi       2.3Gi
Swap:            0B          0B          0B

关闭防火墙

root@k8s:~# systemctl disable ufw --now
Synchronizing state of ufw.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ufw

安装辅助软件

apt-get -y install apt-transport-https ca-certificates curl software-properties-common wget net-tools

升级所有已安装软件包

apt-get upgrade -y

二、安装containerd

1、安装前的基础配置

cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

2、设置必要的系统参数

cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

# 应用 sysctl 参数无需重新启动,并查看参数是否生效
sudo sysctl --system | grep net.bridge.

3、安装containerd

curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
apt-get update 
apt-get install containerd.io -y

4、配置containerd

用containerd生成默认配置文件

containerd config default > /etc/containerd/config.toml

修改配置文件

vim /etc/containerd/config.toml
#默认镜像用的是k8s官方的，需使用科学上网，这里改为国内阿里云镜像仓库。
sandbox_image = "registry.k8s.io/pause:3.6"
改为
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
            BinaryName = ""
            CriuImagePath = ""
            CriuPath = ""
            CriuWorkPath = ""
            IoGid = 0
            IoUid = 0
            NoNewKeyring = false
            NoPivotRoot = false
            Root = ""
            ShimCgroup = ""
#            SystemdCgroup = false
#这里将SystemdCgroup = false改为True
			SystemdCgroup = True

到这里重启containerd即可

systemctl restart containerd

这里会遇到一个错误使用ctictl 命令会报错（具体报错如下）,需配置unix套件

WARN[0000] image connect using default endpoints: [unix:///var/run/dockershim.sock unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock]. As the default settings are now deprecated, you should set the endpoint instead. 
ERRO[0002] connect endpoint 'unix:///var/run/dockershim.sock', make sure you are running as root and the endpoint has been started: context deadline exceeded

#配置unix套件
crictl config runtime-endpoint unix:///run/containerd/containerd.sock

三、安装kubernetes

1、添加国内kubernetes源

curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update

2、安装kubelet、kubeadm、kubectl

#查看软件有哪些版本并确定安装版本
apt-cache madison kubelet
apt-cache madison kubeadm
apt-cache madison kubectl
#这里集群安装1.25.2版本所以三个组件都安装1.25.2-00版本
apt-get -y install kubelet=1.25.2-00 kubeadm=1.25.2-00 kubectl=1.25.2-00

四、集群初始化

1、打印初始化yaml文件

kubeadm config print init-defaults > kubeadm-init.yaml

2、修改yaml文件

vim kubeadm-init.yaml


apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.31.128  #填写master节点IP，也就是集群IP
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: k8s-master-node1   #填写master节点主机名
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers  #改为国内镜像仓库
kind: ClusterConfiguration
kubernetesVersion: 1.25.9
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.244.0.0/16
scheduler: {}

3、初始化

kubeadm init --config kubeadm-init.yaml

看到以下提示表示master节点初始化成功

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

# Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.31.128:6443 --token 4m78tv.xjhrpamweyda7ya0 \
    --discovery-token-ca-cert-hash sha256:c05ae406919442d23c14a5a3f4c5ebe530bde038e7939e6e495e13eecb596051

4、按照提示cp文件到用户家目录下，并做配置

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#添加kubectl命令补全
root@k8s:~# vim .bashrc
source <(kubectl completion bash)
root@k8s:~# source .bashrc

kubectl get node 
NAME        STATUS   ROLES           AGE    VERSION
k8s         NotReady    control-plane   3d3h   v1.25.2
#现在节点状态是NotReady，因为缺少网络组件
kubectl get pods -A
NAMESPACE      NAME                              READY   STATUS    RESTARTS       AGE
kube-system    coredns-c676cc86f-2ztg5           1/1     Pending   10 (23h ago)   3d3h
kube-system    coredns-c676cc86f-sxt29           1/1     Pending   11 (23h ago)   3d3h
kube-system    etcd-k8s                          1/1     Running   3 (23h ago)    3d3h
kube-system    kube-apiserver-k8s                1/1     Running   3 (23h ago)    3d3h
kube-system    kube-controller-manager-k8s       1/1     Running   3 (23h ago)    3d2h
kube-system    kube-proxy-lp9p7                  1/1     Running   0              9h
kube-system    kube-proxy-pnpvc                  1/1     Running   3 (23h ago)    3d3h
kube-system    kube-proxy-vxgmm                  1/1     Running   1              9h
kube-system    kube-scheduler-k8s                1/1     Running   4 (23h ago)    3d3h
#可以看到没有网络组件，两个coredns的pod也是pending状态

5、部署cni网络组件flannel

#下载flannel的yaml文件
wget https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

#修改yaml文件
vim kube-flannel.yaml

  net-conf.json: |
    {
      "Network": "10.244.0.0/16", #这里填写和初始化时kubeadm-init.yaml文件里的podsubnet一样即可
      "Backend": {
        "Type": "vxlan"
      }
    }

应用yaml文件

kubectl apply -f kube-flannel.yml 
#等待片刻
kubectl get pods -A
NAMESPACE      NAME                              READY   STATUS    RESTARTS       AGE
kube-flannel   kube-flannel-ds-9jm8j             1/1     Running   0              9h
kube-flannel   kube-flannel-ds-cl9s9             1/1     Running   0              9h
kube-flannel   kube-flannel-ds-qdbbg             1/1     Running   3 (23h ago)    3d2h
kube-system    coredns-c676cc86f-2ztg5           1/1     Running   10 (23h ago)   3d3h
kube-system    coredns-c676cc86f-sxt29           1/1     Running   11 (23h ago)   3d3h
kube-system    etcd-k8s                          1/1     Running   3 (23h ago)    3d3h
kube-system    kube-apiserver-k8s                1/1     Running   3 (23h ago)    3d3h
kube-system    kube-controller-manager-k8s       1/1     Running   3 (23h ago)    3d2h
kube-system    kube-proxy-lp9p7                  1/1     Running   0              9h
kube-system    kube-proxy-pnpvc                  1/1     Running   3 (23h ago)    3d3h
kube-system    kube-proxy-vxgmm                  1/1     Running   1              9h
kube-system    kube-scheduler-k8s                1/1     Running   4 (23h ago)    3d3h
#集群可正常使用，节点状态也变为Ready

五、创建加入token

kubeadm token create

1、查ca证书she256编码hash值

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

2、控制节点加入集群

kubeadm token create --print-join-command --certificate-key `openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'`

3、节点加入集群

kubeadm join 192.168.31.127:6443 --token ... --discovery-token-ca-cert-hash ...

4、kubectl命令补全

vim /etc/profile

source <(kubectl completion bash)
alias k='kubectl'
complete -F __start_kubectl k

https://iwhig.github.io/2023/05/20/k8s1.25.2-da-jian-ubuntu2002/

本博客所有文章除特別声明外，均采用 CC BY 4.0 许可协议。转载请注明来源 IW !

Docker Linux Container Ubuntu Shell Kubernetes

Docker部署Wordpress

WordPress是一款能让您建立出色网站、博客或应用程序的开源软件，下面是以Docker的方式部署

2023-09-07 deploy

Mysql Docker

OpenStack开放镜像权限

OpenStack对不同租户进行权限控制

2023-05-10 IW

Linux OpenStack