kubeadm安装K8S 1.23.1(containerd形式)

kubeadm安装K8S 1.23.1(containerd形式)

K8S的版本一直在升级，之前安装是使用Docker，这次我们使用containerd来安装新版的K8S

192.168.0.2   master   CentOS7

192.168.0.3   woker   CentOS7

192.168.0.4  worker   CentOS7

首先在所有机器上初始化:

1.关闭SELinux

sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinuxsed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config

2.关闭不必要的开机服务

systemctl disable auditdsystemctl disable postfixsystemctl disable irqbalancesystemctl disable remote-fssystemctl disable tunedsystemctl disable rhel-configuresystemctl disable firewalld

3.修改文件打开数

cat >>/etc/security/limits.conf <

4.内核优化

cat >>/etc/sysctl.conf <

5.升级内核

rpm --import -y install --enablerepo=elrepo-kernel install kernel-lt -ygrub2-set-default 0grub2-mkconfig -o /etc/grub2.cfgreboot //重启服务器

6.重启过后，卸载系统默认的3.10内核

rpm -qa|grep kernel|grep 3.10|xargs yum remove -y yum -y --enablerepo=elrepo-kernel install kernel-lt-tools kernel-lt-headers

7.更换yum源

wget -O /etc/yum.repos.d/epel.repo -O /etc/yum.repos.d/CentOS-Base.repo clean all && yum makecache

8.安装必要的软件

yum -y install vim-enhanced wget curl rsync net-tools bind-utils ntpdateyum -y update

9.新增同步时区

echo "*/5 * * * * /usr/sbin/ntpdate ntp.aliyun.com >/dev/null " >>/var/spool/cron/root

接下来进行，进行K8S的初始化安装

10.关闭交换分区

echo "swapoff -a">>/etc/rc.localchmod +x /etc/rc.localswapoff -a

11.安装ipvsadm，使得K8S集群使用ipvs进行流量转发

yum -y install ipvsadm ipset conntrack-toolscat </etc/sysconfig/modules/ipvs.modules #!/bin/bashipvs_modules="ip_vs ip_vs_lc ip_vs_wlc ip_vs_rr ip_vs_wrr ip_vs_lblc ip_vs_lblcr ip_vs_dh ip_vs_sh ip_vs_fo ip_vs_nq ip_vs_sed ip_vs_ftp nf_conntrack_ipv4"for kernel_module in \${ipvs_modules}; do /sbin/modinfo -F filename \${kernel_module} > /dev/null 2>&1 if [ $? -eq 0 ]; then /sbin/modprobe \${kernel_module} fidoneEOFchmod +x /etc/sysconfig/modules/ipvs.modules sh /etc/sysconfig/modules/ipvs.modules

12.安装containerd，这里使用最新版的containerd，请勿使用yum -y install contained，版本太低不支持

yum -y install runc libcgroup criu protobuf-cwget zxf containerd-1.5.8-linux-amd64.tar.gzcd binrsync -av . /usr/bin/mkdir -p /etc/containerdcontainerd config default > /etc/containerd/config.toml#修改k8s.gcr.io/pause:3.5为registry.aliyuncs.com/google_containers/pause:3.5sed -i 's#k8s.gcr.io#registry.aliyuncs.com/google_containers#g' /etc/containerd/config.tomlsed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml#增加containerd启动文件cat < /etc/systemd/system/containerd.service[Unit]Description=containerd container runtimeDocumentation=overlayExecStartPre=/sbin/modprobe br_netfilterExecStart=/usr/bin/containerdRestart=alwaysRestartSec=5Delegate=yesKillMode=processOOMScoreAdjust=-999LimitNOFILE=1048576LimitNPROC=infinityLimitCORE=infinity[Install]WantedBy=multi-user.targetEOFsystemctl daemon-reloadsystemctl enable containerdsystemctl start containerdsystemctl status containerd

13.安装kubeadm

cat < /etc/yum.repos.d/kubernetes.repo [kubernetes]name=Kubernetesbaseurl=-y install yum-utils device-mapper-persistent-data lvm2 net-tools conntrack-tools wget vim ntpdate libseccomp libtool-ltdlyum install -y kubelet-1.23.6 kubeadm-1.23.6 kubectl-1.23.6 socatsystemctl enable kubelet#修改kubelet使用containerdsed -i 's#KUBELET_EXTRA_ARGS=#KUBELET_EXTRA_ARGS="--cgroup-driver=systemd --container-runtime=remote --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock"#g' /etc/sysconfig/kubelet

14.增加hosts文件

cat <> /etc/hosts192.168.0.2 node002192.168.0.3 node003192.168.0.4 node004EOF

15.kubeamd初始化集群主节点(在192.168.0.2服务器上执行)

kubeadm init --kubernetes-version=1.23.6 \--apiserver-advertise-address=192.168.0.2 \--image-repository registry.aliyuncs.com/google_containers \--service-cidr=10.254.0.0/16 \--pod-network-cidr=172.60.0.0/16#执行完成功之后，再执行如下mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config

复制生成的

kubeadm join 192.1680.2:6443 --token nc55ei.bjjj6akr2t1d59pd \

--discovery-token-ca-cert-hash sha256:11bec6bed0194493380e6077429de78e65393a3fafe411e484a510c3b9eb0131

16.在192.168.0.3、192.168.0.4服务器上执行，注意一下，不能复制下面的命令

kubeadm join 192.1680.2:6443 --token nc55ei.bjjj6akr2t1d59pd \ --discovery-token-ca-cert-hash sha256:11bec6bed0194493380e6077429de78e65393a3fafe411e484a510c3b9eb0131

17.安装calico网络插件(192.168.0.2主节点执行)

#小于50节点#curl -Ocurl -Osed 's#192.168.0.0/16#172.60.0.0/16#g' calico.yaml |kubectl apply -f -#大于50节点's#192.168.0.0/16#172.60.0.0/16#g' calico-typha.yaml |kubectl apply -f -

18.修改网络模式为ipvs（主节点执行）

kubectl edit configmap/kube-proxy -nkube-system#搜索修改mode为ipvsfor a in `kubectl get pods -nkube-system|grep kube-proxy|awk '{print $1}'`; do kubectl delete pods/$a -nkube-system;doneipvsadm -Ln

19.增加主节点svc的IP转发(主节点)

echo "iptables -t nat -A POSTROUTING -d 10.253.0.0/16 -j MASQUERADE">>/etc/rc.localchmod +x /etc/rc.localiptables -t nat -A POSTROUTING -d 10.253.0.0/16 -j MASQUERADE

20.创建nginx服务测试（主节点）

kubectl create deployment nginx --image=nginxkubectl expose deployment nginx --port=80 --type=NodePort

21.metrics-server安装

wget zxf v0.5.2.tar.gzcd metrics-server-0.5.2/manifests/sed -i 's#gcr.io/k8s-staging-metrics-server#bitnami#g' base/deployment.yamlsed -i 's#k8s.gcr.io#registry.aliyuncs.com/google_containers#g' autoscale/patch.yamlcd autoscalekubectl apply -k .#如果出现error: unable to recognize "kustomization.yaml": no matches for kind "Kustomization" in version "kustomize.config.k8s.io/v1beta1"请使用kubectl apply -k . 不是-f#执行完可能会无法启动，提示bx509: cannot validate certificate for because it doesn't contain any IP SANs"解决方案：在 base/deployment.yaml文件里deployment 添加 - --kubelet-insecure-tls - args: - --cert-dir=/tmp - --secure-port=443 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --kubelet-insecure-tls - --metric-resolution=15s

22.metrice-server测试

kubectl top nodeskubectl top pods --all-namespaces

QA

1.如果kubeadm执行失败或者想重新初始化集群可以执行:

kubeadm resetipvsadm --clearrm -rf /etc/kubernetes/

2.如果忘记kubeadm join增加节点的命令可以使用如下命令重新生成

kubeadm token create --print-join-command

3.如果你想把pod调度到主节点则可以使用

kubectl taint nodes node001 node-role.kubernetes.io/master-

4.如果需要对某台服务器停止调度

#设置节点不可调度kubectl cordon node001#取消节点不可调度kubectl uncordon node001

5.对某个节点驱逐已经运行的容器

#驱逐已经运行的业务容器kubectl drain --ignore-daemonsets node001

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。