文章目录
- 1、前期准备
- 1、修改内核参数
- 2、配置k8s源
- 3、安装containerd
- 4、设置容器运行时
- 2、k8s安装
- 1、安装k8s包
- 2、通过配置文件进行初始化
- 3、安装网络插件
- 4、测试
- 5、docker
1、前期准备
-
关闭防火墙和selinux和交换分区
-
修改主机名和免密登录
-
上面的这些不会做的话,趁早别学k8s了,学不明白的
1、修改内核参数
[root@master yum.repos.d]# cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1 # 启用对ipv6流量的桥接网络数据包的iptables的过滤功能,走iptables的规则
net.bridge.bridge-nf-call-iptables = 1 # 对ipv4的iptables的过滤功能
net.ipv4.ip_forward = 1 # 启动对ipv4数据包的转发功能;pod想要访问外网或者访问另外一个Pod,这个功能必须打开,否则系统只会管自己,不会帮别人转发数据包,就是只会管理发给自己的数据包的请求,不是自己的请求不会管
modprobe br_netfilter # 加载linux内核模块
[root@master yum.repos.d]# sysctl -p /etc/sysctl.d/k8s.conf # 加载指定配置文件的参数值,立即生效
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
# 加载这些内核模块
[root@master ~]# cat /etc/sysconfig/modules/ipvs.modules
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
bash /etc/sysconfig/modules/ipvs.modules
# 查看内核
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
2、配置k8s源
[root@master /]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF
3、安装containerd
yum -y install yum-utils
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
# 修改配置文件
containerd config default > /etc/containerd/config.toml
SystemdCgroup = true # 驱动设置为systemd,与kubelet保持一致
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9" # 使用的沙盒镜像是这个,国内可以进行访问到
# 设置containerd镜像仓库地址
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"] # 请求的是registry.k8s.io的地址都重定向到下面的地址,之前用的是阿里云的仓库地址,一直拉取不到镜像
endpoint = ["https://registry-k8s-io.mirrors.sjtug.sjtu.edu.cn"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = [仓库地址]
systemctl enable containerd --now
4、设置容器运行时
-
ctr是containerd的默认的工具
-
crictl是用于支持k8s容器运行时的接口,用于运行containerd中的容器和pod
-
也就是说crictl与指定的容器运行时containerd和镜像服务端点通信,交互操作
# 指容器运行时的终端接口,连接到哪个容器运行时的unix socket
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
# 告诉crictl对镜像做操作时使用的哪个接口
crictl config image-endpoint unix:///var/run/containerd/containerd.sock
2、k8s安装
1、安装k8s包
yum -y install kubelet-1.26.0 kubectl-1.26.0 kubeadm-1.26.0
systemctl enable kubelet
2、通过配置文件进行初始化
kubeadm config print init-defaults > kubeadm.yaml
[root@master ~]# cat kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.104.43.133 # master ip地址
bindPort: 6443
nodeRegistration:
criSocket: unix:///run/containerd/containerd.sock # 容器运行时的接口
imagePullPolicy: IfNotPresent
name: master # 主机名
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 在初始化的时候设置的镜像仓库地址
kind: ClusterConfiguration
kubernetesVersion: 1.26.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16 # pod的网段
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs # 设置ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd # 设置kubelet驱动为systemd
# 初始化
kubeadm init --config=kubeadm.yaml --ignore-preflight-errors=SystemVerification
3、安装网络插件
kubectl apply -f calico.yaml
4、测试
[root@master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready control-plane 49m v1.26.0
node1 Ready <none> 32m v1.26.0
[root@master ~]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default nginx 1/1 Running 0 20m
kube-system calico-kube-controllers-57b57c56f-sfc4w 1/1 Running 0 29m
kube-system calico-node-9hwf6 1/1 Running 0 29m
kube-system calico-node-bnb2s 1/1 Running 0 29m
kube-system coredns-5bbd96d687-8w5wg 1/1 Running 0 49m
kube-system coredns-5bbd96d687-fxzj9 1/1 Running 0 49m
kube-system etcd-master 1/1 Running 1 49m
kube-system kube-apiserver-master 1/1 Running 0 50m
kube-system kube-controller-manager-master 1/1 Running 0 49m
kube-system kube-proxy-rcmrz 1/1 Running 0 32m
kube-system kube-proxy-v6wvt 1/1 Running 0 49m
kube-system kube-scheduler-master 1/1 Running 1 49m
# 创建一个pod,进行访问
5、docker
- 虽然弃用了docker,但是还是可以进行安装的,并且docker构建镜像比较方便的
