k8s全套安装部署(基于docker容器版本)

滔小白
2,044 阅读4分钟

1. 系统环境准备

1.1.部署环境

本篇部署环境采用vmware虚拟机进行部署,准备三台虚拟机,一个Master节点,两个Worker节点。
linux系统: centos7.9
系统配置: cpu 4核,内存:2GB,硬盘:20GB
解释:参照k8s官方文档提示,服务器机器的配置内存最低2GB,cpu是2核,否则系统功能会受到影响。
IP划分清单如下:

192.168.75.157  k8s-master
192.168.75.158  k8s-node1
192.168.75.159  k8s-node2

每台机器设置hostname,采用hostnamectl set-hostname k8s-master可设置永久有效的hostname。

1.2. k8s安装版本

本文选择当前k8s官方最新的v1.2.5,如果选择此版本需要安装cri-dockerd,官方文档也详细指出。

Docker Engine 没有实现 CRI, 而这是容器运行时在 Kubernetes 中工作所需要的。 为此,必须安装一个额外的服务 cri-dockerd。 cri-dockerd 是一个基于传统的内置 Docker 引擎支持的项目, 它在 1.24 版本从 kubelet 中移除

k8s的安装镜像版本

kube-apiserver:v1.25.2
kube-controller-manager:v1.25.2
kube-scheduler:v1.25.2
kube-proxy:v1.25.2
pause:3.8
etcd:3.5.4-0
coredns/coredns:v1.9.3
cri-dockerd:v0.2.5 flannelcni/flannel:v0.19.2-amd64(来源:github.com/flannel-io/…) kubernetesui/dashboard:v2.7.0
kubernetesui/metrics-scraper:v1.0.8
此文docker版本是20.10.9。

2.docker安装

采用tar包安装,本人认为是最简单的一种安装方式。
下载离线包 下载地址:download.docker.com/linux/stati…
解压 tar -zxvf docekr-xxx.tgz
 复制压缩后的文件到指定文件夹:
cp docker/* /usr/bin
注册编辑docker服务:
vim /etc/systemd/system/docker.service
docker.service文本内容如下:

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
 
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
 
[Install]
WantedBy=multi-user.target

 添加可执行权限:
chmod +x /etc/systemd/system/docker.service
设置cgroups
新建/etc/docker/daemon.json,加入以下内容:

{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
  "max-size": "100m"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
  "overlay2.override_kernel_check=true"
  ]
 }

 设置开机自启动
systemctl daemon-reload
systemctl enable docker.service
systemctl start docker
 docker命令查看
docker info
docker version

3. 安装cri-docker

CRI的Github的tags下载。
本文下载版本:cri-dockerd-0.2.5.amd64.tgz
tar -zvxf cri-dockerd-0.2.5.amd64.tgz
cd cri-dockerd-0.2.5
cp cri-dockerd /usr/bin/
设置cri-docker.service服务
vi /usr/systemd/system/cri-docker.service
gittub中获取以下内容:

[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket

[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint=fd:// --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target

这里/usr/bin/cri-dockerd一定要加上参数
–pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7。

vi /usr/systemd/system/cri-docker.socket
加入以下内容:

[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service

[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=root

[Install]
WantedBy=sockets.target

新建运行的cri-docker的用户组
groupadd docker
chmod +x /etc/systemd/system/cri-docker.service
chmod +x /etc/systemd/system/cri-docker.socket
启动与设置开机自启动:
systemctl daemon-reload
systemctl enable cri-docker
systemctl start cri-docker

4.设置iptables系统参数

cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

输入sysctl -p /etc/sysctl.d/k8s.conf使配置起效果。

5.# kuadm安装

国内因为墙的关系,谷歌的服务器是访问不到的。需要用到阿里云镜像服务器。 首先配置yum访问源。

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF

开始安装
sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet

6.初始化K8s master节点

使用以下命令进行初始化
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.25.2 --pod-network-cidr=10.244.0.0/16 --cri-socket /var/run/cri-dockerd.sock
解释:–pod-network-cidr 是指生成容器的ip地址范围
初始化完成之后需要将:

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

按照初始化完成最后的日志进行操作。

7.# 加入work节点

执行以下命令加入节点。
kubeadm join --token : --discovery-token-ca-cert-hash sha256:
解释:
192.168.75.161:6443 是集群master节点地址与端口
token如果忘记,可以通过以下命令查看

kubeadm token list

输出以下信息:

    [root@k8s-master sysconfig]# kubeadm token list   
    TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS   
    n8mmg4.7pezadotuhs09lzs 20h 2022-09-24T05:47:33Z authentication,signing The default bootstrap token generated by 'kubeadm init'. system:bootstrappers:kubeadm:default-node-token

默认情况下,令牌会在 24 小时后过期。如果要在当前令牌过期后将节点加入集群, 则可以通过在控制平面节点上运行以下命令来创建新令牌:

    kubeadm token create

如果你没有 --discovery-token-ca-cert-hash 的值,则可以通过在控制平面节点上执行以下命令链来获取它:

    openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \ openssl dgst -sha256 -hex | sed 's/^.* //'

输出以下信息:

    [root@k8s-master sysconfig]# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \ > openssl dgst -sha256 -hex | sed 's/^.* //' b  
    19aa1b069cb53ea16a94461a1c07fb06f02cbf6f32d6ab492b7b5397444279fb

加入节点示例:

    kubeadm join 192.168.75.161:6443 --token n8mmg4.7pezadotuhs09lzs \
	--discovery-token-ca-cert-hash sha256:19aa1b069cb53ea16a94461a1c07fb06f02cbf6f32d6ab492b7b5397444279fb
avatar
文章
阅读
粉丝