k8s 1.26.3 安装--使用containerd

2023-10-27

机器准备（或虚拟机）

三台机器

一、环境准备

1、三台机器分别设置主机名
hostnamectl set-hostname master
hostnamectl set-hostname node2
hostnamectl set-hostname node2

2、配置本地dns（修改为自己ip,三台机器都需要配置）

vim /etc/hosts

192.168.22.101 master
192.168.22.102 node2
192.168.22.102 node2

3、时间同步（三台）

yum install -y ntpdate
ntpdate ntp1.aliyun.com

4、关闭防火墙（三台）

systemctl stop firewalld
systemctl disable firewalld

5、关闭selinux（三台）
#重启后生效

sed -i 's/enforcing/disabled/' /etc/selinux/config

6、禁用swap（三台）
#只是临时禁用

swapoff -a

#永久禁用（命令方式）

sed -ri 's/.*swap.*/#&/' /etc/fstab

或直接修改/etc/fstab，将swap行注释 # 永久禁用

二、安装容器运行时

k8s使用containerd
1、需要containerd
2、需要runc环境
3、需要cni网络接口
注：containerd默认不会自带runc（真正创建容器的程序），所以需要安装runc程序，以及cni网络插件（容器之间网络通信所需）。

1）containerd安装

1、下载压缩包
进入gihub下载containerd压缩包
文档说明地址：https://github.com/containerd/containerd/blob/main/docs/getting-started.md
下载地址：https://github.com/containerd/containerd/releases , 选择自己的版本，本次选择1.6.20

2、解压到安装目录

tar Cxzvf /usr/local containerd-1.6.20-linux-amd64.tar.gz

3、下载服务文件containerd.service
下载地址：https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
然后复制到/usr/local/lib/systemd/system/containerd.service,

#或者直接复制以下内容到/usr/local/lib/systemd/system/containerd.service
#containerd.service

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
#uncomment to enable the experimental sbservice (sandboxed) version of containerd/cri integration
#Environment="ENABLE_CRI_SANDBOXES=sandboxed"
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5

LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity

TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

4、修改containder配置文件
#生成Containerd配置文件

mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml

#3处配置修改：
1、修改沙箱镜像pause为国内镜像

sed -i "s#registry.k8s.io/pause#registry.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml

#2设置驱动为system

sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml

#3设置拉去镜像地址为aliyun镜像地址

sed -i '/\[plugins\."io\.containerd\.grpc\.v1\.cri"\.registry\.mirrors\]/a\      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]\n        endpoint = ["https://8aj710su.mirror.aliyuncs.com" ,"https://registry-1.docker.io"]' /etc/containerd/config.toml

5、启动

systemctl daemon-reload
systemctl enable --now containerd

2）runc安装

1、runc下载
地址：https://github.com/opencontainers/runc/releases，选择版本，本次选择1.3.0
2、安装runc

install -m 755 runc.amd64 /usr/local/sbin/runc

3）cni安装

1、下载cni压缩包
地址：https://github.com/containernetworking/plugins/releases ,
2、解压安装

mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.3.0.tgz

三、k8s安装

1）配置iptables

转发 IPv4 并让 iptables 看到桥接流量配置

#配置cgroup

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

#设置所需的 sysctl 参数，参数在重新启动后保持不变

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

#应用 sysctl 参数而不重新启动

sudo sysctl --system

#通过运行以下指令确认 br_netfilter 和 overlay 模块被加载：

lsmod | grep br_netfilter
lsmod | grep overlay

#通过运行以下指令确认 net.bridge.bridge-nf-call-iptables、net.bridge.bridge-nf-call-ip6tables 和 net.ipv4.ip_forward 系统变量在你的 sysctl 配置中被设置为 1：

sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward

2）安装kubect、kubelet、kubeadm

1、下载kubect、kubelet、kubeadm

curl -LO https://dl.k8s.io/release/v1.26.3/bin/linux/amd64/kubectl
curl -LO https://dl.k8s.io/release/v1.26.3/bin/linux/amd64/kubelet
curl -LO https://dl.k8s.io/release/v1.26.3/bin/linux/amd64/kubeadm

2、安装到可运行目录

sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
sudo install -o root -g root -m 0755 kubelet /usr/local/bin/kubelet
sudo install -o root -g root -m 0755 kubeadm /usr/local/bin/kubeadm

3、创建kubelet.service
复制到/usr/local/lib/systemd/system 目录

mkdir -p /usr/local/lib/systemd/system
vim /usr/local/lib/systemd/system/kubelet.service

kubelet.service文件写入以下内容。
#kubelet.service

[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/
Wants=network-online.target
After=network-online.target

[Service]
ExecStart=/usr/local/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10

[Install]
WantedBy=multi-user.target

4、创建配置文件10-kubeadm.conf
复制到/usr/local/lib/systemd/system/kubelet.service.d 目录

mkdir -p /usr/local/lib/systemd/system/kubelet.service.d
vim /usr/local/lib/systemd/system/kubelet.service.d/10-kubeadm.conf

文件写入内容如下。
#10-kubeadm.conf

[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"

#This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
#This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
#the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/sysconfig/kubelet
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

5、启动kubelet

systemctl daemon-reload
systemctl enable kubelet

四、创建k8s集群

1、导出k集群启动默认配置文件

kubeadm config print init-defaults > init.yaml

2、修改inti.yaml文件

修改advertiseAddress: 192.168.22.101，为自己的master IP
修改name: master，为自己的主机名
imageRepository: registry.aliyuncs.com/google_containers，修改国内镜像源
配置网络段
#serviceSubnet: 10.96.0.0/12
service-cidr: 10.96.0.0/12
pod-network-cidr: 10.244.0.0/16
修改kubelet使用systemd驱动
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd

- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.22.101
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: master
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.26.0
networking:
  dnsDomain: cluster.local
#  serviceSubnet: 10.96.0.0/12
  service-cidr: 10.96.0.0/12
  pod-network-cidr: 10.244.0.0/16
scheduler: {}

---
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd

【【卸载】】
kubeadm reset
systemctl disable kubelet

rm /usr/local/bin/kubelet
rm /usr/local/bin/kubectl
rm /usr/local/bin/kubeadm

rm /usr/local/lib/systemd/system/kubelet.service
rm -rf /usr/local/lib/systemd/system/kubelet.service.d

本文内容由网友自发贡献，版权归原作者所有，本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容，请联系:hwhale#tublm.com(使用前将#替换为@)