概述
描述了在ARM架构Centos8下安装containerd+Kubernetes-1.27.2+helm3+metrics的安装
containerd安装
## 卸载docker-ce、docker
yum remove docker-ce docker
## 下载contained 注意选择对应的版本
mkdir -p /usr/local/src/containerd_install && cd /usr/local/src/containerd_install
wget https://github.com/containerd/containerd/releases/download/v1.7.0/containerd-1.7.0-linux-amd64.tar.gz
wget https://github.com/containerd/containerd/releases/download/v1.7.0/containerd-1.7.0-linux-arm64.tar.gz
## 解压
tar Cxzvf /usr/local containerd-1.7.0-linux-arm64.tar.gz
## 配置contained服务
cat << EOF > /lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
## 重启服务
systemctl daemon-reload
systemctl enable --now containerd
## 配置containerd
mkdir -p /etc/containerd
containerd config default | tee /etc/containerd/config.toml
str1="registry.k8s.io/pause:3.8"
str2="registry.aliyuncs.com/google_containers/pause:3.9"
sed -i "/sandbox_image/ s%${str1}%${str2}%g" /etc/containerd/config.toml
sed -i '/SystemdCgroup/ s/false/true/g' /etc/containerd/config.toml
## 重启containerd
systemctl restart containerd && systemctl status containerd
## 配置cri客户端
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 0
debug: false
pull-image-on-create: false
EOF
systemctl restart containerd && systemctl status containerd
安装runc和cni
##下载runc 注意选择对应的版本
mkdir -p /usr/local/src/runc_cni-install&&cd /usr/local/src/runc_cni-install
wget https://github.com/opencontainers/runc/releases/download/v1.1.3/runc.amd64
wget https://github.com/opencontainers/runc/releases/download/v1.1.3/runc.arm64
#安装runc
install -m 755 runc.arm64 /usr/local/sbin/runc
##下载cni 注意选择对应的版本
wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-arm64-v1.1.1.tgz
mkdir -p /opt/cni/bin
tar xf cni-plugins-linux-arm64-v1.1.1.tgz -C /opt/cni/bin/
关闭swap
swapoff -a
sed -i '/swap/ s%/swap%#/swap%g' /etc/fstab
修改内核参数
modprobe overlay
modprobe br_netfilter
lsmod | grep br_netfilter
cat <<EOF > /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system
安装 kubeadm、kubectl、kubelet
## 查询是否已经安装相关工具
rpm -qa |grep 'kubectl\|kubeadm\|kubelet'
## 如有卸载
yum remove kubectl kubeadm kubelet
## 配置yum源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-aarch64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
## 清除并加载缓存
yum clean all
yum makecache
## 设置上海时区
timedatectl set-timezone Asia/Shanghai
## 安装配置ipvs
yum -y install ipset ipvsadm
echo << EOF > /etc/sysconfig/modules/ipvs.modules
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack
## 安装必要组件
yum install -y yum-utils device-mapper-persistent-data lvm2 wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlibdevel python-devel epel-release openssh-server socat ipvsadm conntrack ntpdate telnet ipvsadm
#查看可安装的kubernetes 的版本
yum list kubelet --showduplicates | sort -r
#安装
yum install -y kubelet-1.27.0 kubeadm-1.27.0 kubectl-1.27.0 --disableexcludes=kubernetes
#配置开机自启
systemctl enable --now kubelet
#指定容器运行时为containerd
crictl config runtime-endpoint /run/containerd/containerd.sock
Master初始化
#生成文件
cd /usr/local/src/&&mkdir -p /usr/local/src/install-k8s&&cd /usr/local/src/install-k8s
kubeadm config print init-defaults > kubeadm.yaml
vim kubeadm.yaml
--------------------------------------------vim kubeadm.yaml------------------------------------------------------------------
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.2.40 #master节点ip
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: k8s-master #主节点名
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers #替换镜像仓库
kind: ClusterConfiguration
kubernetesVersion: 1.27.2
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16 #pod 网段
serviceSubnet: 10.96.0.0/12
scheduler: {}
--- #新增
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
--------------------------------------------vim kubeadm.yaml------------------------------------------------------------------
#初始化apiserver等依赖镜像
kubeadm config images pull --config=kubeadm.yaml
#初始化k8s 服务器起码2C,否则报错 如报错,可以使用kubeadm reset 重置
kubeadm init --config kubeadm.yaml | tee kubeadm-init.log
--------------------------------------------回显如下表示初始化成功------------------------------------------------------------------
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.132.15.50:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:837978034fccf6351dba574a64a58ed95fe577368876d3805973d164f719ff6e
##配置kubectl环境变量
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
加入node节点
node节点计入前 完成章节#1#2#3#4操作才可进行以下操作。
kubeadm join 10.132.15.50:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:837978034fccf6351dba574a64a58ed95fe577368876d3805973d164f719ff6e --v=5
## 如报错token过期
[discovery] The cluster-info ConfigMap does not yet contain a JWS signature for token ID "abcdef", will try again
## 重新获取tokeon并替换后重新加入
# 查询是否还有token
kubeadm token list
# 重新生成token
kubeadm token create
# 重新生成 discovery-token-ca-cert-hash
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
kubeadm join 10.132.15.50:6443 --token cqlppf.tku67gyr6tdwymzi \
--discovery-token-ca-cert-hash sha256:837978034fccf6351dba574a64a58ed95fe577368876d3805973d164f719ff6e --v=5
配置containerd加速器
## 该配置调试时报错,未进行配置,谨慎参考
https://xxxxx.mirror.aliyuncs.com
sed -i 's#config_path = ""#config_path = "/etc/containerd/certs.d"#' /etc/containerd/config.toml
mkdir /etc/containerd/certs.d/docker.io/ -p
cat >/etc/containerd/certs.d/docker.io/hosts.toml <<EOF
[host."https://xxxxx.mirror.aliyuncs.com",host."https://registry.docker-cn.com"]
capabilities = ["pull"]
EOF
#重启containerd
[root@pengfei-master1 ~]# systemctl restart containerd
安装网络插件
mkdir -p /usr/local/src/calico-install &&cd /usr/local/src/calico-install
wget https://raw.githubusercontent.com/cloudzun/K8SKB/main/02-k8s-basic/calico.yaml
kubectl apply -f
crictl pull docker.io/calico/cni:v3.25.1
crictl pull docker.io/calico/node:v3.25.1
crictl pull docker.io/calico/kube-controllers:v3.25.1
helm3安装
## 下载安装包;注意选择版本
wget https://get.helm.sh/helm-v3.13.0-rc.1-linux-arm64.tar.gz
tar -zxvf helm-v3.13.0-rc.1-linux-arm64.tar.gz
mv linux-arm64/helm /usr/local/bin/helm
helm --help
Metrics安装
wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/high-availability-1.21+.yaml
vim high-availability-1.21+.yaml
- args:
- --kubelet-insecure-tls #增加
vim /etc/kubernetes/manifests/kube-apiserver.yaml
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.6.4/components.yaml
kubectl create -f high-availability-1.21+.yaml
## 参考:https://github.com/kubernetes-sigs/metrics-server
