【K8s】kubeadm 安装 k8s 集群

原创

Librant

修改于 2025-01-15 07:25:31

2050

文章被收录于专栏：跟我一起学 K8s跟我一起学 K8s

本篇文章主要是通过 VMware 来创建虚拟机，在虚拟机上通过 kubeadm 安装 k8s 集群；

第一部分：虚拟机创建

1 环境信息

安装镜像：ubuntu-22.04.5-live-server-amd64.iso

下载地址：https://mirrors.aliyun.com/ubuntu-releases/22.04/ubuntu-22.04.5-live-server-amd64.iso

2 创建虚拟机

1）打开 VMware 软件，创建新的虚拟机，这里只展示关键的步骤，详细安装步骤可以自行搜索；

2）选择磁盘大小为 120GB，将整个磁盘存储为耽搁文件；

3）这里创建的 worker 节点为4C4GB 大小，使用桥接模式；

4）安装 Ubuntu 22.04 系统

5）其他按照默认安装，填写对应用户名和密码即可，开启 SSH Server

6）选择安装的软件，这里其实可以什么都不选，后面根据需要再进行安装；

等待系统安装完成，登录系统，查看 IP 地址；

第二部分：k8s 集群创建

安装的环境信息：

主机名	配置	IP
master01	4C4G	192.168.31.175
node01	4C4G	192.168.31.213
node02	4C4G	192.168.31.246

【登录机器切换到 root 用户】

1 配置镜像源

配置阿里云 ubuntu 22.04 镜像源并进行更新

sudo bash -c "cat << EOF > /etc/apt/sources.list && apt update
deb http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
EOF"

2 安装前准备

1）设置主机名称

hostnamectl set-hostname master01
hostnamectl set-hostname node01
hostnamectl set-hostname node02

2）配置 hosts 映射

cat >> /etc/hosts << EOF
192.168.31.175 master01
192.168.31.213 node01
192.168.31.246 node02
EOF

3）关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

4）关闭 selinux

setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

5）关闭交换分区

swapoff -a
sed -i 's/.*swap.*/#&/' /etc/fstab

6）开启 IPV4 转发

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

sysctl --system

7）加载 overlay/netfilter 模块

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter
lsmod | grep br_netfilter

8）配置时间同步

timedatectl set-timezone Asia/Shanghai

安装 ntp 服务：

apt install ntp
systemctl start ntp

3 k8s 组件安装

1）containerd 安装

wget https://github.com/containerd/containerd/releases/download/v1.7.25/containerd-1.7.25-linux-amd64.tar.gz
tar Cvzxf /usr/local containerd-1.7.25-linux-amd64.tar.gz

# tar -zxf containerd-1.7.25-linux-amd64.tar.gz -C containerd-1.7.25

通过 systemd 启动 containerd：

下载地址：https://raw.githubusercontent.com/containerd/containerd/refs/heads/main/containerd.service

# 直接下载 containerd.service，拷贝到 /etc/systemd/system/ 目录下
wget https://raw.githubusercontent.com/containerd/containerd/refs/heads/main/containerd.service

# 可以通过拷贝方式创建
vim /etc/systemd/system/containerd.service

# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
#uncomment to enable the experimental sbservice (sandboxed) version of containerd/cri integration
#Environment="ENABLE_CRI_SANDBOXES=sandboxed"
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

加载配置、启动：

systemctl daemon-reload
systemctl enable --now containerd

# 查看 containerd 状态
systemctl status containerd

# 查看安装的 containerd 版本
ctr version

生成配置文件：

mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml

# 重启 containerd
systemctl restart containerd

2）runc 安装

# 下载 runc
wget https://github.com/opencontainers/runc/releases/download/v1.2.4/runc.amd64

# 安装 runc
install -m 755 runc.amd64 /usr/local/sbin/runc

验证:

runc -v

3）CNI 安装

wget https://github.com/containernetworking/plugins/releases/download/v1.6.2/cni-plugins-linux-amd64-v1.6.2.tgz

mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.6.2.tgz

# tar -zxf cni-plugins-linux-amd64-v1.6.2.tgz -C cni-plugins-1.6.2/

4）配置加速器

阿里云的镜像加速，自2024年07月02日起，ACR对镜像加速功能的使用范围进行了调整：

仅限阿里云用户在具备公网访问的阿里云产品上使用该镜像加速能力。
仅支持通过镜像加速器拉取限定范围内的容器镜像。

会导致部分镜像拉取不到，可以不配置阿里云镜像加速；

mkdir -p /etc/containerd/certs.d/docker.io

添加 config_path = "/etc/containerd/certs.d"

sed -i 's/config_path\ =.*/config_path = \"\/etc\/containerd\/certs.d\"/g' /etc/containerd/config.toml

# 或者直接在文件中进行修改
# vim /etc/containerd/config.toml

cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://51bhdfwh.mirror.aliyuncs.com"]
  capabilities = ["pull", "resolve"]
EOF

systemctl daemon-reload
systemctl restart containerd

5）配置 CGroup 驱动

把 SystemdCgroup = false 修改为：SystemdCgroup = true

sed -i 's/SystemdCgroup\ =\ false/SystemdCgroup\ =\ true/g' /etc/containerd/config.toml

把 sandbox_image = "k8s.gcr.io/pause:3.6" 修改为：sandbox_image="registry.aliyuncs.com/google_containers/pause:3.8"

sed -i 's/sandbox_image\ =.*/sandbox_image\ =\ "registry.aliyuncs.com\/google_containers\/pause:3.8"/g' /etc/containerd/config.toml|grep sandbox_image

systemctl daemon-reload
systemctl restart containerd

6）安装 crictl

wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.25.0/crictl-v1.25.0-linux-amd64.tar.gz
tar Cxzvf /usr/local/bin/ crictl-v1.25.0-linux-amd64.tar.gz

# tar -zxf crictl-v1.25.0-linux-amd64.tar.gz -C crictl-v1.25.0

cat >>  /etc/crictl.yaml << EOF
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: true
EOF

systemctl restart containerd

4 k8s 集群部署

1）更换阿里云 k8s 镜像源

echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main"  | sudo tee /etc/apt/sources.list.d/kubernetes.list

apt-get update

问题1：更新的时候回出现如下错误

解决：安装安装 GPG 秘钥

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05

curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg |sudo apt-key add -

2）安装 kubeadm、kubelet、kubectl

apt install -y kubelet=1.25.3-00 kubeadm=1.25.3-00 kubectl=1.25.3-00

查看安装版本：

3）master 节点安装

生成默认的配置：

kubeadm config print init-defaults > kubeadm.yaml

修改文件配置信息：

advertiseAddress: 192.168.31.175  # 修改为宿主机ip,主节点IP
imageRepository: registry.aliyuncs.com/google_containers
name: master01   # 修改为宿主机名
podSubnet: 10.244.0.0/16 # 设置pod网段

在配置文件最后添加：

---
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd

拉取镜像：

kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.25.3

初始化集群：

kubeadm init --config kubeadm.yaml

拷贝 config 文件：

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

查看 master 节点是否加入成功：

kubectl get node

创建 token：

kubeadm init phase upload-certs --upload-certs
kubeadm token create --print-join-command --ttl=0

4）node 节点安装

加入集群：

kubeadm join 192.168.31.175:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:edef560fa7df88926ee02668da7c2f7179d8d56ccc82320a7a582a625c2c2a7c

查看节点：

kubectl get node

此时节点状态是 NotReady 的状态；

5）网络插件部署

这里 flannel 和 calico 任选其一即可；

1）创建 flannel.yaml 配置文件：

wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

2）创建 calico.yaml

wget https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/tigera-operator.yaml

wget https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/custom-resources.yaml

wget https://projectcalico.docs.tigera.io/archive/v3.24/manifests/calico.yaml --no-check-certificate

#修改网络段
vim calico.yaml

由于 calico 的镜像拉取问题，这里可以先将镜像拉到本地，再进行导入；

# 下载对应版本的 calico 镜像
wget https://github.com/projectcalico/calico/releases/download/v3.25.0/release-v3.25.0.tgz
tar -zxf release-v3.25.0.tgz

# 导入镜像
ctr -n k8s.io images import calico-cni.tar 
ctr -n k8s.io images import calico-dikastes.tar
ctr -n k8s.io images import calico-flannel-migration-controller.tar
ctr -n k8s.io images import calico-kube-controllers.tar
ctr -n k8s.io images import calico-node.tar
ctr -n k8s.io images import calico-pod2daemon.tar
ctr -n k8s.io images import calico-typha.tar

查看集群导入的镜像列表：

crictl image list

清理镜像：

crictl rmi imageID

6）查看部署的集群

kubectl get node -owide

kubectl get pod -A -owide

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

kubernetes

原创声明：本文系作者授权腾讯云开发者社区发表，未经许可，不得转载。

如有侵权，请联系 cloudcommunity@tencent.com 删除。

kubernetes

登录后参与评论

0 条评论

热度