SfTian Kubernetes 1.30.3 containerd部署教程 # K8S安装与部署-网络部署 > [!NOTE] > > 本次实验环境Ubuntu 24.04安装k8s v1.30.3 CRI为containerd不使用Docker,apt源默认使用mirrors.ustc.edu.cn,配置cgroup,所有机器执行会在后面标注 * | IP | 描述 | | -------------- | --------- | | 192.168.100.20 | k8smaster | | 192.168.100.21 | k8sslave1 | ## 初始化 * > 由于selinux默认不启用所以直接跳过 ```shell #更换apt源 sudo sed -i 's@//.*archive.ubuntu.com@//mirrors.ustc.edu.cn@g' /etc/apt/sources.list sudo apt update #关闭防火墙 sudo systemctl disable --now ufw #关闭swap sudo swapoff -a sudo sed -ri 's/.swap./#&/' /etc/fstab #修改hosts sudo cat >> /etc/hosts << EOF 192.168.100.20 k8s-master 192.168.100.21 k8s-slave1 EOF #更正时区 sudo timedatectl set-timezone Asia/Shanghai #iptables链 sudo modprobe br_netfilter sudo cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF sudo modprobe overlay sudo modprobe br_netfilter sysctl --system #此处仅用于没有开启ipv4转发的情况下kubeadm init报错 sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf sudo sysctl -p #安装前置包 sudo apt-get install -y apt-transport-https ca-certificates curl gpg #添加k8s源并安装 sudo mkdir /etc/apt/keyrings echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.ustc.edu.cn/kubernetes/core:/stable:/v1.30/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg sudo apt-get update sudo apt install kubeadm kubelet kubectl -y sudo apt-mark hold kubeadm kubelet kubectl ``` ### master执行 ```shell sudo hostnamectl set-hostname k8s-master exec bash ``` ### slave1执行 ```shell sudo hostnamectl set-hostname k8s-slave1 exec bash ``` ## 部署Containerd * > 可以输入`contained --version` `ctr` `runc`三个命令进行验证 ```shell #下载并解压 cd /home wget https://hub.whtrys.space/containerd/containerd/releases/download/v1.7.20/cri-containerd-cni-1.7.20-linux-amd64.tar.gz sudo tar xf cri-containerd-cni-1.7.20-linux-amd64.tar.gz -C / #配置containerd sudo mkdir -p /etc/containerd containerd config default > /etc/containerd/config.toml #更换沙盒版本和源(重要) sudo sed -i 's|sandbox_image = "registry.k8s.io/pause:3.8"|sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"|' /etc/containerd/config.toml #设置开机自启 sudo systemctl enable --now containerd ``` ### 换源 对于docker、containerd的拉取:由于国内dockerhub访问不了,所以需要配置加速器,否则后面的calico死活拉不下来,加速器需要自行查找源,containerd替换教程如下 [[docker、containerd 配置国内容器镜像源_containerd 国内源-CSDN博客]](https://blog.csdn.net/sinat_38453878/article/details/123345268) ```shell nano /etc/containerd/config.toml #找到registry.mirrors这行↓ [plugins."io.containerd.grpc.v1.cri".registry.mirrors] #追加下面的内容即可 [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["dh.imxbt.cn"] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"] endpoint = ["registry.aliyuncs.com/google_containers"] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"] endpoint = ["registry.aliyuncs.com/google_containers"] ``` ### 启用cgroup > 用于限制containerd资源 ```shell sudo sed -i 's/ SystemdCgroup = false/ SystemdCgroup = true/' /etc/containerd/config.toml systemctl restart containerd systemctl restart kubelet ``` ## K8S master部署 ```shell #初始化k8s(由于我安装的是最新版,所以不需要指定版本也不需要指定advertise server的IP地址) kubeadm init --pod-network-cidr=10.10.0.0/16 --image-repository registry.aliyuncs.com/google_containers mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config ``` ### (可选)安装Docker > 由于部分同学希望使用docker作为CRI,所以这里提供一个docker的安装脚本,但是不提供更换CRI的方式,如果你提前安装了containerd可能会让你更改/etc/containerd/config.toml,这个直接按N回车即可,否则containerd的配置会被改变 ```shell apt-get install -y -qq apt-transport-https ca-certificates curl curl -fsSL "https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg" -o /etc/apt/keyrings/docker.asc chmod a+r /etc/apt/keyrings/docker.asc echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu noble stable" > /etc/apt/sources.list.d/docker.list apt-get update apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin systemctl enable --now docker ``` ### (可选)提前拉取镜像 由于无法访问k8s.gcr.io拉取镜像所以需要通过下面的操作来实现提前拉取 ```shell kubeadm config images list #kubeadm config images pull --image-repository 加速域名 # --image-repository registry.aliyuncs.com/google_containers kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers ``` ## 配置Calico(master执行) k8s必备网络插件,Calico的地位大家懂得都懂,请自行访问获取最新版本的安装命令与信息 [Quickstart for Calico on Kubernetes | Calico Documentation (tigera.io)](https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart) ```shell kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.28.1/manifests/tigera-operator.yaml #运行之后需要执行 kubectl get pods -n tigera-operator 来验证pods的STATUS为Running,否则无法进行下一步安装 kubectl get pods -n tigera-operator wget https://raw.githubusercontent.com/projectcalico/calico/v3.28.1/manifests/custom-resources.yaml #修改custom-resources.yaml第13行CIDR网段为我们init时指定的10.10.0.0/16 sed -i 's/192\.168\.0\.0\/16/10.10.0.0\/16/g' custom-resources.yaml kubectl create -f custom-resources.yaml #运行后使用kubectl get ns看看有没有calico-system的namespace并进一步输入kubectl get pods -n calico-system验证calico是否在运行,否则依旧不乏进行下一步 kubectl get ns kubectl get pods -n calico-system ``` ### Coredns解析验证 ```shell kubectl get svc -n kube-system #默认IP为10.96.0.10 dig -t a www.baidu.com @10.96.0.10 ``` 如果dns没有问题应该会输出 `www.baidu.com` 的解析内容 ## K8s worker部署 如果你忘记了kubeadm join的内容你可以输入 `kubeadm token create --print-join-command` 重新获取加入master集群的命令 ```shell kubeadm join 192.168.100.20:6443 --token x23de3.kwlrfdd2k9oa3enf --discovery-token-ca-cert-hash sha256:651a2b63a7a9a592ee88f26e89b5c1a819eb811cda7ed806379518fbfd4bbf0a ``` ## init失败,我要重置! 如果你发现使用`kubeadm init`失败了但是重新输入命令又跑不了,那么你就需要进行如下两个步骤 ```shell kubeadm reset #记得打y确认 rm -rf /etc/cni ``` 即可重新init 已有 3 条评论 alert(/xss/) cw August 9th, 2024 at 05:54 pm回复 alert(/xss/) cw August 9th, 2024 at 05:55 pm回复 陈疤乓:文章真不错https://haodnf.cn/news/duowan/20240803/140.html 陈疤乓 August 30th, 2024 at 03:53 pm回复 取消回复 发表新评论 提交评论
已有 3 条评论
alert(/xss/)
alert(/xss/)
陈疤乓:文章真不错https://haodnf.cn/news/duowan/20240803/140.html