kubeadm极速部署k8s1.24版本集群
k8s1.24版本发布及重磅改动
Kubernetes 1.24 发布
2022年5月3日,Kubernetes 1.24 正式发布,在新版本中,我们看到 Kubernetes 作为容器编排的事实标准,正愈发变得成熟,有 12 项功能都更新到了稳定版本,同时引入了很多实用的功能,例如 StatefulSets 支持批量滚动更新,NetworkPolicy 新增 NetworkPolicyStatus 字段方便进行故障排查等
Kubernetes 1.24 重磅改动
Kubernetes 正式移除对 Dockershim 的支持,讨论很久的 “弃用 Dockershim” 也终于在这个版本画上了句号
kubernetes 1.24版本集群部署
参考"kubeadm部署单Master节点k8s1.21集群"
部署环境准备
使用CentOS7u9操作系统,然后准备如下配置的三个节点
| ip | CPU | 内存 | 硬盘 | 角色 | 主机名 |
|---|---|---|---|---|---|
| 192.168.91.220 | 2C | 2G | 40GB | master | master01 |
| 192.168.91.221 | 2C | 2G | 40GB | worker(node) | worker01 |
| 192.168.91.222 | 2C | 2G | 40GB | worker(node) | worker02 |
在上面准备的所有节点中操作
# 配置hosts
cat >> /etc/hosts << EOF
192.168.91.220 master01
192.168.91.221 worker01
192.168.91.222 worker02
EOF
# 时间同步配置,最小化安装系统需要安装ntpdate软件
yum -y install ntpdate
echo "0 */1 * * * ntpdate time1.aliyun.com" >> /var/spool/cron/root
# 关闭防火墙
systemctl disable firewalld && systemctl stop firewalld
# 关闭selinux
sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
# 升级操作系统内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
yum -y install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
yum --enablerepo="elrepo-kernel" -y install kernel-ml.x86_64
grub2-set-default 0
grub2-mkconfig -o /boot/grub2/grub.cfg
# 重启
reboot
# 配置内核转发及网桥过滤
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
# 安装ipset及ipvsadm
yum -y install ipset ipvsadm
# 配置ipvsadm模块加载方式,添加需要加载的模块
cat > /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules
# 关闭SWAP分区
sed -i 's&/dev/mapper/centos-swap&#/dev/mapper/centos-swap&' /etc/fstab
swapoff -a
# Docker安装
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install --setopt=obsoletes=0 docker-ce-24.0.6-1.el7
cat << EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://zwyx2n3v.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl enable --now docker
cri-dockerd安装
# 安装cri-dockerd
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.7/cri-dockerd-0.3.7.20231027185657.170103f2-0.el7.x86_64.rpm
yum -y install cri-dockerd-0.3.7.20231027185657.170103f2-0.el7.x86_64.rpm
sed -i 's#ExecStart=/usr/bin/cri-dockerd#ExecStart=/usr/bin/cri-dockerd --pod-infra-container-image=registry.k8s.io/pause:3.7#' /usr/lib/systemd/system/cri-docker.service
systemctl enable --now cri-docker
k8s 1.24集群部署
| kubeadm | kubelet | kubectl | |
|---|---|---|---|
| 版本 | 1.24.17 | 1.24.17 | 1.24.17 |
| 安装位置 | 集群所有节点 | 集群所有节点 | 集群所有节点 |
| 作用 | 初始化集群、管理集群等 | 用于接收api-server指令,对pod生命周期进行管理 | 集群应用命令行管理工具 |
没有特别说明则在所有节点中操作
# 阿里云YUM源
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# 安装指定版本
yum -y install --setopt=obsoletes=0 kubeadm-1.24.17-0 kubelet-1.24.17-0 kubectl-1.24.17-0
# 配置kubelet
sed -ri 's/KUBELET_EXTRA_ARGS=/KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"/' /etc/sysconfig/kubelet
systemctl enable kubelet
# 集群镜像准备
cat > image_download.sh << "EOF"
#!/bin/bash
images_list=`kubeadm config images list --kubernetes-version=v1.24.17`
for image in $images_list
do
replace_uri=`echo $image | awk -F'/' '{print $1}'`
image_aliyun=`echo $image | sed -e "s#$replace_uri#registry.aliyuncs.com/google_containers#" -e 's#coredns/##'`
docker pull $image_aliyun
docker tag $image_aliyun $image
docker rmi $image_aliyun
done
EOF
# 执行脚本下载镜像,可能由于网络原因导致一些镜像下载不了,这个脚本可以多执行几次
sh image_download.sh
# master01
# 集群初始化
kubeadm init --kubernetes-version=v1.24.17 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.91.220 --cri-socket unix:///var/run/cri-dockerd.sock
...
Your Kubernetes control-plane has initialized successfully!
...
kubeadm join 192.168.91.220:6443 --token 6tayvj.3miugxzgqzdl73d8 \
--discovery-token-ca-cert-hash sha256:5ca8d9f724d8ddbb98c85ac325275b1d63b2fe38daba60cbb5a9b1dba2d8aace
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
# 网络插件calico安装
wget https://raw.githubusercontent.com/projectcalico/calico/v3.26.3/manifests/tigera-operator.yaml
kubectl create -f tigera-operator.yaml
# 监视calico-sysem命名空间中pod运行情况,等待所有pod的STATUS变成Running
watch kubectl get pods -n tigera-operator
wget https://raw.githubusercontent.com/projectcalico/calico/v3.26.3/manifests/custom-resources.yaml
sed -i 's/192.168/10.244/' custom-resources.yaml
kubectl create -f custom-resources.yaml
# 监视calico-sysem命名空间中pod运行情况,等待所有pod的STATUS变成Running
watch kubectl get pods -n calico-system
kubectl taint nodes --all node-role.kubernetes.io/master-
# worker01和worker02
# 集群工作节点添加
kubeadm join 192.168.91.220:6443 --token 6tayvj.3miugxzgqzdl73d8 \
--discovery-token-ca-cert-hash sha256:5ca8d9f724d8ddbb98c85ac325275b1d63b2fe38daba60cbb5a9b1dba2d8aace --cri-socket unix:///var/run/cri-dockerd.sock
# master01
# 验证集群可用性
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master01 Ready control-plane 14h v1.24.17
worker01 Ready <none> 14h v1.24.17
worker02 Ready <none> 14h v1.24.17
kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true","reason":""}
# 所有pod都是Running状态
kubectl get pods -A -o wide
