前言
前六步跟flannel操作相同,可以看我上一篇的kubeadm-flannel,我这里接着第七步操作
一、环境
|服务器|IP地址|
|–|–|–|–|
|k8s-m| 192.168.3.11|
|k8s-node01| 192.168.3.12|
|k8s-node02|192.168.3.13|
二、部署容器网络(CNI、master操作)
1.下载yamll
wget https://docs.projectcalico.org/manifests/calico.yaml
2.修改yaml
vim calico.yaml
#去掉注释并修改value:的地址与前面kubeadm init的 --pod-network-cidr指定的一样
。。。
4222 - name: CALICO_IPV4POOL_CIDR
4223 value: "10.244.0.0/16"
。。。
3.部署
kubectl apply -f calico.yaml
kubectl get pods -n kube-system
三、部署 Dashboard
1.下载yaml
https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
2.修改yaml
- 默认Dashboard只能集群内部访问,修改Service为NodePort类型,暴露到外部:
vim recommended.yaml
...
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001 //此处修改
selector:
k8s-app: kubernetes-dashboard
type: NodePort //此处修改
...
3.部署
kubectl apply -f recommended.yaml
kubectl get pods -n kubernetes-dashboard
- 访问地址:https://192.168.3.11:30001
- 使用token登陆,如果过期或者忘了可以
kubeadm token create --print-join-command
快速生成
4.创建管理员
- 创建service account并绑定默认cluster-admin管理员集群角色:
# 创建用户
kubectl create serviceaccount dashboard-admin -n kube-system
# 用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
# 获取用户Token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
四、切换容器引擎为Containerd
1.配置先决条件
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 设置必需的 sysctl 参数,这些参数在重新启动后仍然存在。
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
2.安装containerd
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum install -y containerd.io
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
3.修改配置文件
vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.2"
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://b9pmyelo.mirror.aliyuncs.com"]
systemctl restart containerd
4.配置kubelet使用containerd
vi /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=unix:///run/containerd/containerd.sock --cgroup-driver=systemd
systemctl restart kubelet
5.验证
kubectl get node -o wide
k8s-node1 xxx containerd://1.4.4
6.管理容器工具
6.1 下载crictl
wget https://github.com/kubernetes-sigs/cri-tools/
6.2 设置crictl连接containerd
vi /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
6.3 测试
crictl images
- 如果想切回Docker引擎,把/etc/sysconfig/kubelet配置参数去掉即可