k8s集群搭建教程(使用cri-docker+flannel)
1. 准备工作(所有节点)
1.1 系统环境(我是没配置也部署成功了,可以先部署,如果失败了再回来进行系统环境优化)
CentOs 7.x系统自带的3.10.x内核存在一些bug,导致运行的docker,kubernetes不稳定,获取源:
1 rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm
安装内核,装完成后检查 /boot/grub2/grub.cfg中对应内核menuentry中是否包含 initrd16 配置,如果没有,再安装一次!耗时可能会有点久
1 yum --enablerepo=elrepo-kernel install -y kernel-lt
1 2 3 4 5 6 7 8 9 10 11 12 13 14 #查看系统的全部内核 rpm -qa | grep kernel #kernel-3.10.0-1160.el7.x86_64 #kernel-lt-5.4.271-1.el7.elrepo.x86_64 #kernel-tools-libs-3.10.0-1160.el7.x86_64 #kernel-tools-3.10.0-1160.el7.x86_64 #设置开机从新内核启动 grub2-set-default 'CentoS Linux(5.4.271-1.el7.elrepo.x86_64) 7 (Core)' reboot #查看正在使用的内核 uname -r
1.2 系统参数设置
1 2 3 4 5 6 systemctl stop firewalld systemctl disable firewalld #临时关闭swapoff swapoff -a #永久关闭swapoff(如果想永久关闭,将下面命令的#去掉) #sed -ri 's/.*swap.*/#&/' /etc/fstab
1 2 setenforce 0 sed -i 's/enforcing/disabled/' /etc/selinux/config
1 2 3 hostnamectl set-hostname k8s-master hostnamectl set-hostname k8s-node1 hostnamectl set-hostname k8s-node2
1 2 3 4 5 6 vi /etc/hosts 加入如下内容: 192.168.183.132 k8s-master 192.168.183.133 k8s-node1 192.168.183.134 k8s-node2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 cat > kubernetes.conf <<EOF net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 net.ipv4.tcp_tw_recycle=0 vm.swappiness=0 #禁止使用swap空间,只有当系统OOM时才允许使用它 vm.overcommit_memory=1 #不检查物理内存是否够用 vm.panic_on_oom=0 #开启OOM fs.inotify.max_user_instances=8192 fs.inotify.max_user_watches=1048576 fs.file-max=52706963 fs.nr_open=52706963 net.ipv6.conf.all.disable_ipv6=1 net.netfilter.nf_conntrack_max=2310720 net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_probes = 3 net.ipv4.tcp_keepalive_intvl =15 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_orphans = 327680 net.ipv4.tcp_orphan_retries = 3 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.ip_conntrack_max = 65536 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_timestamps = 0 net.core.somaxconn = 16384 EOF cp kubernetes.conf /etc/sysctl.d/kubernetes.conf sysctl -p /etc/sysctl.d/kubernetes.conf
1 2 3 4 5 6 7 8 9 10 ulimit -SHn 65535 cat <<EOF >> /etc/security/limits.conf soft nofile 655360 hard nofile 131072 soft nproc 655350 hard nproc 655350 soft memlock unlimited hard memlock unlimited EOF
2. 组件安装(所有节点)
2.1 Docker安装
如果你的系统未安装过Docker,直接按照下面步骤操作即可。如果之前安装过,请先自行百度卸载干净。
1 2 yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
1 yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
1 2 3 systemctl start docker systemctl enable docker docker info
1 2 3 4 5 6 7 8 9 10 11 12 mkdir /etc/docker #配置daemon cat > /etc/docker/daemon.json <<EOF { "exec-opts":["native.cgroupdriver=systemd"], "log-driver":"json-file", "log-opts":{ "max-size":"100m" } } EOF
1 2 3 4 mkdir -p /etc/systemd/system/docker.service.d #重启docker服务 systemctl daemon-reload && systemctl restart docker && systemctl enable docker
1 kubernetes 1.24+版本之后,docker必须要加装cir-docker
2.2 安装cri-docker
go安装
1 wget https://golang.google.cn/dl/go1.20.12.linux-amd64.tar.gz
1 2 #安装go rm -rf /usr/local/go && tar -C /usr/local/ -xzvf go1.20.12.linux-amd64.tar.gz
1 2 3 4 5 6 7 8 9 vi /etc/profile 添加以下内容到profile 文件中(gopath应提前创建好,或者配置完成后别忘了创建) #go setting export GOROOT=/usr/local/go export GOPATH=/usr/local/gopath export PATH=$PATH:$GOROOT/bin #保存退出执行 source /etc/profile
构建cri-dockerd
1 git clone https://github.com/Mirantis/cri-dockerd.git
编译
1 2 3 4 5 6 7 cd cri-dockerd mkdir bin go build -o bin/cri-dockerd mkdir -p /usr/local/bin install -o root -g root -m 0755 bin/cri-dockerd /usr/local/bin/cri-dockerd cp -a packaging/systemd/* /etc/systemd/system sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service
Kubernetes使用
1 vi /etc/systemd/system/cri-docker.service
在ExecStart后面追加,如:
1 ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9
创建cri-docker启动文件,然后拷贝到其他节点
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 vi /usr/lib/systemd/system/cri-docker.service [Unit] Description=CRI Interface for Docker Application Container Engine Documentation=https://docs.mirantis.com After=network-online.target firewalld.service docker.service Wants=network-online.target Requires=cri-docker.socket [Service] Type=notify ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9 ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always StartLimitBurst=3 StartLimitInterval=60s LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity Delegate=yes KillMode=process [Install] WantedBy=multi-user.target
1 2 3 4 5 6 7 8 9 10 11 12 13 vi /usr/lib/systemd/system/cri-docker.socket [Unit] Description=CRI Docker Socket for the API PartOf=cri-docker.service [Socket] ListenStream=%t/cri-dockerd.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target
1 2 3 scp /usr/lib/systemd/system/cri-docker.service /usr/lib/systemd/system/cri-docker.socket root@k8s-node1:/usr/lib/systemd/system/ scp /usr/lib/systemd/system/cri-docker.service /usr/lib/systemd/system/cri-docker.socket root@k8s-node2:/usr/lib/systemd/system/
1 2 3 systemctl daemon-reload ; systemctl enable cri-docker --now #查看状态 systemctl is-active cri-docker
2.3 所有节点安装 kubeadm,kubelet 和 kubectl
1 2 3 4 5 6 7 8 9 10 11 12 cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF setenforce 0 yum install -y kubelet kubeadm kubectl systemctl enable kubelet && systemctl start kubelet
1 systemctl enable --now kubelet.service
3. 搭建k8s集群
3.1 k8s初始化
1 2 3 4 5 6 7 kubeadm init \ --apiserver-advertise-address=192.168.183.132 \ --image-repository=registry.aliyuncs.com/google_containers \ --kubernetes-version=v1.28.2 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16 \ --cri-socket=unix:///var/run/cri-dockerd.sock
1 2 3 mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config
1 2 3 4 5 6 7 8 kubeadm reset --cri-socket /var/run/cri-dockerd.sock rm -rf .kube/ sudo mkdir ~/.kube sudo cp /etc/kubernetes/admin.conf ~/.kube/ cd ~/.kube mv admin.conf config systemctl restart kubelet
3.2 node节点的加入
在node节点如k8s-node1上执行:
1 2 3 kubeadm join kubeadm初始化成功后的token --cri-socket /var/run/cri-dockerd.sock 例如我的kubeadm初始化成功后的token为: 192.168.183.132:6443 --token vib96t.hmkd7hj7ykdigmp1 --discovery-token-ca-cert-hash sha256:c0bb3a82a4642cc4fe253edd0533ad8136b34dc243f274aa3cea27abc46e321f
1 2 3 kubectl get nodes 此时所有节点的状态为NotReady,这是因为还没有安装flannel网络插件
1 2 3 4 5 6 #如果网络故障也可直接在网站中下载好文件后上传至虚拟机中(自行翻墙) wget https://github.com/flannel-io/flannel/releases/download/v0.24.3/kube-flannel.yml #执行 kubectl apply -f kube-flannel.yml #或者(两者的结果是一样的,只是执行工作原理不一样,想深究的可以自行查阅资料) kubectl create -f kube-flannel.yml
1 2 kubectl get nodes #如果查看节点没有变成ready,先等个几分钟,因为网络传输需要一定的时间。等几分钟后如果还是NotReady,再根据报错原因查找解决方案
