转载文章请注明源地址:https://www.latiao.org/707.html
按照本文一步一步来,有Linux基础就可以成功!
本文实验基于Centos7.9 机器均为4C 4GB;
Master centos7 10.12.0.100
Worker1 centos7 10.12.0.101
Worker2 centos7 10.12.0.102
所有节点操作:
1.修改 /etc/hosts做如下增加:
10.12.0.100 master master.latiao.org
10.12.0.101 worker1 worker1.latiao.org
10.12.0.102 worker2 worker2.latiao.org效果如下:
2.关闭防火墙
systemctl disable firewalld --now效果如下:
3.关闭 swap
swapoff -a ; sed -i '/swap/d' /etc/fstab效果如下:
4.修改内核参数
cat > /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOFcat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOFmodprobe overlay
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf效果如下:
5.新加yum源:
cat > /etc/yum.repos.d/k8s.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.tuna.tsinghua.edu.cn/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
cat > /etc/yum.repos.d/containerd.repo <<EOF
[containerd]
name=containerd
baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/7.9/x86_64/stable/
enabled=1
gpgcheck=0
EOF
6.安装containerd
containerd作为runtime是一个引擎
yum install containerd.io cri-tools -y7.配置 containerd
让crictl知道到哪里找containerd
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock效果如下:
8.修改containerd配置文件
containerd config default > /etc/containerd/config.toml第一步:将
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
改为
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://frz7i079.mirror.aliyuncs.com"]第二步:将
sandbox_image = "k8s.gcr.io/pause:3.6"
改为
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"第三步:将
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = false
改成
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = truesystemctl enable containerd --now 开机自启并立即启动。9.安装nerdctl
nerdctl是一个较新的containerd工具,兼容Docker命令行工具,比ctr覆盖更全面,另外还支持docker-compose(不包括swarm)以及一些可选的高级特性
官网下载:
https://github.com/containerd/nerdctl/releases https://github.com/containernetworking/plugins/releases/
将离线包上传至服务器;
并nerdctl-1.2.0-linux-amd64.tar.gz存档提取到/usr/local/bin
tar Cxzvvf /usr/local/bin/ nerdctl-1.2.0-linux-amd64.tar.gz将cni-plugins-linux-amd64-v1.2.0.tgz存档提取到/opt/cni/bin/
mkdir -p /opt/cni/bin/
tar Cxzvvf /opt/cni/bin/ cni-plugins-linux-amd64-v1.2.0.tgz生成nerdctl配置文件
[root@master ~]# mkdir /etc/nerdctl/
[root@master ~]# cat > /etc/nerdctl/nerdctl.toml <<EOF
debug = false
debug_full = false
address = "unix:///var/run/containerd/containerd.sock"
namespace = "k8s.io"
#snapshotter = "stargz"
cgroup_manager = "systemd"
#hosts_dir = ["/etc/containerd/certs.d","/etc/nerdctl/certs.d"]
insecure_registry = false
EOF配置nerdctl加速
[root@master ~]# mkdir -p /etc/containerd/certs.d/docker.io
[root@master ~]# cat > /etc/containerd/certs.d/docker.io/hosts.toml <<EOF
server = "https://docker.io"
[host."https://g0v522ip.mirror.aliyuncs.com"]
capabilities = ["pull","resolve"]
[host."https://docker.mirrors.ustc.edu.cn"]
capabilities = ["pull","resolve"]
[host."https://registry-1.docker.io"]
capabilities = ["pull","resolve","push"]
EOF重启containerd
systemctl restart containerd10.安装kubernetes
yum install -y kubelet-1.26.0-0 kubeadm-1.26.0-0 kubectl-1.26.0-0 --disableexcludes=kubernetessystemctl enable kubelet --now #开机自启并立即启动,可以注意到现在的状态时 activating 不是active
Master 操作: 初始化集群
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.26.0 --pod-network-cidr=10.24.0.0/16#–image-repository 直接用阿里云的地址;初始化的过程会拉取镜像。
安装完毕后会提示执行命令,按要求执行即可;创建认证文件。
Worker(1和2都执行)加入集群 执行后面的:
kubeadm join 10.12.0.100:6443 --token ilmzoi.8pqfax9yg4u34l32 \
--discovery-token-ca-cert-hash sha256:c5fa6310eb2b265a33796f251dc92424a8cc14efedf9afa730c2b0897598b96b
效果如下:
(如果碰到添加失败,重新添加记得执行一次 kubeadm reset 清除重置再行加入)
Master 执行 kubectl get nodes;已经可以看到节点了。
之所以是NotReady 是因为快速通道还没建立。 需要部署CNI 容器接口网络插件;我们选择 calico;
11.部署calico
Calico 是一种容器之间互通的网络方案
下载最新版calico文件:wget https://docs.projectcalico.org/manifests/calico.yaml
编辑配置文件:
修改calico里pod所在网段
编辑配置文件:
修改calico里pod所在网段;需要与之前的--pod-network-cidr对应
- name: CALICO_IPV4POOL_CIDR
value: "10.24.0.0/16"
为了防止多张网卡带来的问题,修改calico.yaml
- name: IP_AUTODETECTION_METHOD
value: "interface=ens32"
修改完毕后 grep image calico.yaml 查看一下缺少那些组件直接安装:
效果如图:
master,worker都需要安装
nerdctl pull docker.io/calico/cni:v3.25.0
nerdctl pull docker.io/calico/node:v3.25.0
nerdctl pull docker.io/calico/kube-controllers:v3.25.0效果如下:
在master上执行kubectl apply -f calico.yaml 即可
节点上线成功
12.部署metric
想查看另外两个节点资源情况;可以部署 metric。
在所有节点导入: nerdctl load -i metric-img-v0.6.1.tar 在master上执行安装metric-server的操作
Yaml:https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.1/components.yaml
kubectl apply -f components.yaml稍等大概1分钟
kubectl top nodes
内容详实!