Ubuntu20.04安装基于docker的最新版K8sv1.25.4版本

基础环境

主机名 配置 角色 系统版本 IP
master 4核4G master Ubuntu20.04 10.0.0.61
node 4核4G worker Ubuntu20.04 10.0.0.62

系统初始化配置

注意:集群内的主机都要执行

配置免密互信

$ ssh-keygen
$ ssh-copy-id 10.0.0.61
$ ssh-copy-id 10.0.0.62

配置本地域名解析

$ cat << EOF >>/etc/hosts
10.0.0.61 master
10.0.0.62 node
EOF

设置内核参数

$ cat >> /etc/sysctl.conf <<EOF
vm.swappiness = 0
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
#加载模块
$ modprobe  br_netfilter
#让配置生效
$ sysctl -p

关闭系统的交换分区swap

$ swapoff -a
$ sed -i '/swap/s/^/#/' /etc/fstab && cat /etc/fstab && free -h

swap坑

在centos中,这样配置就可以了,但是ubuntu中却不行,重启了主机,swap分区还是会打开,而k8s非常依赖swap的关闭,所以如果swap分区没有关闭,k8s集群是起不来的。

解决办法

编辑/etc/fstab ,sudo vim /etc/fstab,找到如下行

/dev/disk/by-uuid/5fea4562-481e-4bdc-9373-0a55b3420cc0 none swap sw 0 0

修改成

/dev/disk/by-uuid/5fea4562-481e-4bdc-9373-0a55b3420cc0 none swap sw,noauto 0 0

sed -ri '/swap/s/^(.*swap sw)( .*)$/\1,noauto\2/' /etc/fstab

在sw后面添加noauto就是让swap分区不自动启动

将如下行注释,即在行首添加#

/swap.img	none	swap	sw	0	0

重启系统并验证

安装docker

注意:集群内的主机都要执行

$ apt update
$ apt -y install docker.io
$ cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn",
"https://hub-mirror.c.163.com",
"https://reg-mirror.qiniu.com",
"https://registry.docker-cn.com"
],
 "exec-opts": ["native.cgroupdriver=systemd"] 
}
EOF
$ systemctl restart docker.service
$ docker info

安装k8s必要软件

注意:集群内的主机都要执行

apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl

注意:经测试,需要一起复制粘贴才行,否在会报找不到k8s的三个软件

安装 cri-dockerd

注意:集群内的主机都要执行

Kubernetes自v1.24移除了对docker-shim的支持,而Docker Engine默认又不支持CRI规范,因而二者将无法直接完成整合。

为此,Mirantis和Docker联合创建了cri-dockerd项目,用于为Docker Engine提供一个能够支持到CRI规范的垫片,从而能够让Kubernetes基于CRI控制Docker 。

项目地址:https://github.com/Mirantis/cri-dockerd

cri-dockerd项目提供了安装包

Ubuntu有三个版本,分别是bionic、focal、jammy

分别代表不同的大版本

  • 22.04:jammy
  • 20.04:focal
  • 18.04:bionic
  • 16.04:xenial
  • 14.04:trusty

这里我们是20.04版本,所以选择focal

$ wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.2.6/cri-dockerd_0.2.6.3-0.ubuntu-focal_amd64.deb
#安装
$ dpkg -i ./cri-dockerd_0.2.6.3-0.ubuntu-focal_amd64.deb

配置 cri-dockerd

从国内 cri-dockerd 服务无法下载 k8s.gcr.io上面相关镜像,导致无法启动,所以需要修改cri-dockerd 使用国内镜像源

修改配置文件,设置国内镜像源

$ sed -ri 's@^(.*fd://).*$@\1 --pod-infra-container-image registry.aliyuncs.com/google_containers/pause@' /usr/lib/systemd/system/cri-docker.service
#重启
$ systemctl daemon-reload && systemctl restart cri-docker

在master节点上初始化

只需要在一个master节点上执行就可以了,worker节点不需要执行

$ kubeadm init --control-plane-endpoint="master"  \
--kubernetes-version=v1.25.0 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--token-ttl=0 \
#区别于1.23及之前的版本,一定要加上下面这行,指定容器运行时
--cri-socket unix:///run/cri-dockerd.sock \
--image-repository registry.aliyuncs.com/google_containers \
--upload-certs

出现下面的情况,就表明初始化成功

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join master:6443 --token fryk5b.yzjas1k5chmtufii \
	--discovery-token-ca-cert-hash sha256:170c7c2b6dcea2a078d7c203915c8cefdeffe1ac2f10140ed7df71f6c8d92760 \
	--control-plane --certificate-key ab5f8a8f97b780ca6e13a74692cceaaf10b254c32d454c44de0a46b08cea0fc3

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join master:6443 --token fryk5b.yzjas1k5chmtufii \
	--discovery-token-ca-cert-hash sha256:170c7c2b6dcea2a078d7c203915c8cefdeffe1ac2f10140ed7df71f6c8d92760

按照提示要求,创建配置文件目录以及复制配置文件

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

加入worker节点

在worker节点上执行

kubeadm join master:6443 --token fryk5b.yzjas1k5chmtufii \
	--discovery-token-ca-cert-hash sha256:170c7c2b6dcea2a078d7c203915c8cefdeffe1ac2f10140ed7df71f6c8d92760 --cri-socket unix:///run/cri-dockerd.sock

注意,一定要加上--cri-socket unix:///run/cri-dockerd.sock

指定容器运行时

执行完成,查看节点

$ kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE                         ERROR
scheduler            Healthy   ok                              
controller-manager   Healthy   ok                              
etcd-0               Healthy   {"health":"true","reason":""} 

$ kubectl get nodes 
NAME     STATUS     ROLES           AGE   VERSION
master   NotReady   control-plane   11m   v1.25.4
node     NotReady   <none>          10m   v1.25.4

加入master节点

因为这里只是单master集群,所以不需要加入master节点,如果有需要可以按照如下的方法加入

在其他两个master节点上,接入主节点

用的是第一个master节点初始化时输出的另一个证书

也就是这部分

kubeadm join master:6443 --token fryk5b.yzjas1k5chmtufii \
	--discovery-token-ca-cert-hash sha256:170c7c2b6dcea2a078d7c203915c8cefdeffe1ac2f10140ed7df71f6c8d92760 \
	--control-plane --certificate-key ab5f8a8f97b780ca6e13a74692cceaaf10b254c32d454c44de0a46b08cea0fc3

出现这个,就表示加入完成

This node has joined the cluster and a new control plane instance was created:

* Certificate signing request was sent to apiserver and approval was received.
* The Kubelet was informed of the new secure connection details.
* Control plane label and taint were applied to the new node.
* The Kubernetes control plane instances scaled up.
* A new etcd member was added to the local/stacked etcd cluster.

To start administering your cluster from this node, you need to run the following as a regular user:

	mkdir -p $HOME/.kube
	sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
	sudo chown $(id -u):$(id -g) $HOME/.kube/config

Run 'kubectl get nodes' to see this node join the cluster

同样根据提示,创建文件夹,拷贝文件

$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

安装pod网络calico

注意:只需要在其中一个master节点上执行

下载资源清单文件

在线下载配置文件地址是: https://docs.projectcalico.org/manifests/calico.yaml

$ wget https://docs.projectcalico.org/manifests/calico.yaml

修改资源清单文件

查找 DaemonSet
找到下面的容器containers部分

如果有多个网卡,需要添加网卡

- name: CLUSTER_TYPE
  value: "k8s,bgp"
# Auto-detect the BGP IP address.
- name: IP
  value: "autodetect"
# Enable IPIP
- name: CALICO_IPV4POOL_IPIP
  value: "Always"
#在这里指定网卡 添加下面两行
- name: IP_AUTODETECTION_METHOD
  value: "interface=ens33"
# Enable or Disable VXLAN on the default IP pool.
- name: CALICO_IPV4POOL_VXLAN
  value: "Never"

修改CIDR,将CIDR修改成上面初始化时pod的内部网段

对应项:

  • --pod-network-cidr=10.244.0.0/16
  • podSubnet: 10.244.0.0/16
# The default IPv4 pool to create on startup if none exists. Pod IPs will be
# chosen from this range. Changing this value after installation will have
# no effect. This should fall within `--cluster-cidr`.
#
#这部分原本是注释的,需要去掉#号,将192.168.0.0/16修改成10.244.0.0/16
- name: CALICO_IPV4POOL_CIDR
  value: "10.244.0.0/16"
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
  value: "true"

安装calico

$ kubectl apply -f calico.yaml

查看各节点

$ kubectl get nodes
NAME     STATUS   ROLES           AGE   VERSION
master   Ready    control-plane   21m   v1.25.4
node     Ready    <none>          20m   v1.25.4

测试集群网络是否正常

$ kubectl run busybox --image busybox:1.28 --restart=Never --rm -it busybox -- sh
/ # nslookup kubernetes.default.svc.cluster.local
Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes.default.svc.cluster.local
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local

10.96.0.10 就是我们coreDNS的clusterIP,说明coreDNS配置好了。
解析内部Service的名称,是通过coreDNS去解析的。

注意:
busybox要用指定的1.28版本,不能用最新版本,最新版本,nslookup会解析不到dns和ip

posted @ 2022-12-09 00:44  厚礼蝎  阅读(2333)  评论(0编辑  收藏  举报