Kubeadm工具部署K8S 1.24

kubeadm工具安装

安装容器运行时

适用操作系统说明

Centos/Rocky

转发 IPv4 并让 iptables 看到桥接流量

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter

# 设置所需的 sysctl 参数，参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# 应用 sysctl 参数而不重新启动
sudo sysctl --system

配置Cgroup v2

sudo yum install -y grubby && \
  sudo grubby \
  --update-kernel=ALL \
  --args="systemd.unified_cgroup_hierarchy=1"

安装容器运行时：containerd

Centos/Rocky操作系统安装

# 卸载docker残余组件
sudo yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine

# 添加yum的安装源
sudo yum install -y yum-utils
sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

# yum安装containerd
sudo yum install -y containerd.io

# containerd设为默认开机启动，并启动
sudo systemctl enable containerd --now

修改containerd配置文件，使其适合k8s部署

生成默认配置

containerd config default > /etc/containerd/config.toml

修改配置内容

vim /etc/containerd/config.toml

修改cgroup驱动为: systemd

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  ...
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    SystemdCgroup = true

重载沙箱（pause）镜像，并国内源下载

[plugins."io.containerd.grpc.v1.cri"]
  sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"

修改镜像仓库为国内源

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://n54dih5b.mirror.aliyuncs.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
          endpoint = ["https://registry.aliyuncs.com/k8sxio"]

重载配置

systemctl daemon-reload

重启containerd服务加载配置

systemctl restart containerd.service

安装 kubeadm、kubelet 和 kubectl

# 配置国内源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
        http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

# 将 SELinux 设置为 permissive 模式（相当于将其禁用）
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

# 禁用swap分区(否则kubelet无法启动)
swapoff -a
sed -r -e '/^[^#]*swap/s@^@#@' -i.bak /etc/fstab

# 开始安装
sudo yum install -y kubelet-1.24.0 kubeadm-1.24.0 kubectl-1.24.0 --disableexcludes=kubernetes

# kubelet设为开机默认启动，并启动服务
sudo systemctl enable --now kubelet

使用kubeadm部署k8s集群

部署master节点

创建配置文件: kubeadm.yml

注意：自行修改advertiseAddress为自己的ip

cat <<EOF > kubeadm.yml
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd # 制定cgroup驱动为systemd

---
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 172.16.92.196 # 修改为本机IP
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock # containerd的sock文件位置
  imagePullPolicy: IfNotPresent
  name: k8s-1
  taints: null

---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 修改为国内源
kind: ClusterConfiguration
kubernetesVersion: 1.24.0
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16 # 使用flannel网络插件的ip网段
  # podSubnet: 192.168.0.0/16 # 使用calico网络插件的ip网段，这里建议用flannel简单快速
  serviceSubnet: 10.96.0.0/12
scheduler: {}
EOF

验证配置文件

kubeadm config images pull --config kubeadm.yml

安装部署集群

kubeadm init --config kubeadm.yml

如果部署过程中报错: missing required cgroups: cpu
修改: vim /etc/default/grub
添加: GRUB_CMDLINE_LINUX="cgroup_enable=cpu"
重启服务器: reboot

配置常规用户使用kubectl访问k8s集群

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

添加kubectl命令行自动补全

yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc

让master节点也能运行pods: kubectl taint nodes --all node-role.kubernetes.io/control-plane- node-role.kubernetes.io/master-

检查k8s集群节点状态: kubectl get nodes

修改网络组件

选择一、使用flannel

kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

选择二、使用Calico （此教程只限单节点k8s）

安装Calico

kubectl create -f https://raw.fastgit.org/projectcalico/calico/v3.24.0/manifests/tigera-operator.yaml
kubectl create -f https://raw.fastgit.org/projectcalico/calico/v3.24.0/manifests/custom-resources.yaml

检查安装情况，等待所有的pod都安装成功，状态变成Running

watch kubectl get pods -n calico-system

检查k8s集群节点状态，确认Ready: kubectl get nodes -o wide

加入worker节点

1. worker节点安装kubeadm
2. master节点执行: kubeadm token create --print-join-command
3. 登录worker节点服务器执行: master节点生成命令行