ubuntu 22.04 用containerd安装kubernetes

所用软件包

操作系统 ubuntu 22.04
cri containerd v1.6.10
runc 1.1.4
cni 1.1.1
kubernetes v1.24.3

系统基础相关操作

配置时间同步

apt install ntpdate
ntpdate ntp.aliyun.com
echo '*/10 * * * * ntpdate ntp.aliyun.com' >>/var/spool/cron/crontabs/root

禁用swap

swapoff -a

注意: 该命令只能临时禁用.如果要永久性需要手动修改/etc/fstab文件,将里面swap相关的注释掉(加#号即可),否则重启系统会导致kubelet启动失败!

不管安装系统的时候有没有分swap，此处都要执行关闭和注释两个操作。因为即便安装的时候没有分配swap，也会分一个空间为0的swap分区，这会导致kubelet的启动失败！

示例:

root@gao:~# cat /etc/fstab 
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#                
# / was on /dev/ubuntu-vg/lv-0 during curtin installation
/dev/disk/by-id/dm-uuid-LVM-B5q50FVxIGr7M3ERUN3slAHlOuP4XayZSR84Q1AovBatQEYKiUxL8WG9meCehppz / xfs defaults 0 1
# /boot was on /dev/sda2 during curtin installation
/dev/disk/by-uuid/0185130f-11fc-48f7-a535-139f9e370c55 /boot ext4 defaults 0 1
#/swap.img	none	swap	sw	0	0

修改进程数量等限制

echo '* soft nofile 65536
* hard nofile 131072
*               soft    nproc           4096
*               hard    nproc           4096'>>/etc/security/limits.conf
echo 'vm.max_map_count=655360' >>/etc/sysctl.conf
sysctl -p

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -w net.ipv4.ip_forward=1

# 加载br_netfilter 模块
sudo modprobe br_netfilter
# 检查
lsmod | grep br_netfilter
# 设置iptables查看流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

ipvs模式相关配置修改

# load module 
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
# linux 内核4.19上面的命令会报错 使用如下命令
modprobe -- nf_conntrack 

# to check loaded modules, use
lsmod | grep -e ip_vs -e nf_conntrack_ipv4
# or
cut -f1 -d " "  /proc/modules | grep -e ip_vs -e nf_conntrack_ipv4

组件安装

参考文档:
Getting started with containerd

containerd

下载页面: https://github.com/containerd/containerd/releases

下载较慢可使用迅雷尝试

安装containerd

tar Cxzvf /usr/local containerd-1.6.10-linux-amd64.tar.gz
curl https://raw.githubusercontent.com/containerd/containerd/main/containerd.service >/usr/lib/systemd/system/containerd.service
systemctl daemon-reload
systemctl enable --now containerd

生成配置

mkdir /etc/containerd
containerd config default >/etc/containerd/config.toml

修改配置

sandbox_image = "registry.k8s.io/pause:3.6"
# 值修改为
registry.aliyuncs.com/google_containers/pause:3.8

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] 下此值false修改为true

SystemdCgroup = true

最后重启服务使其生效

systemctl restart containerd.service

runc

下载页面: https://github.com/opencontainers/runc/releases

安装

install -m 755 runc.amd64 /usr/local/sbin/runc

cni

下载页面: https://github.com/containernetworking/plugins/releases

安装

mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz

kubernetes安装

apt-get update && apt-get install -y apt-transport-https

curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt install apt-file && apt-file update
# 查看所有包
apt list kubeadm -a

安装指定版本k8s

apt install kubeadm=1.24.3-00 kubectl=1.24.3-00 kubelet=1.24.3-00

kubelet加入开机自启动

systemctl enable kubelet --now

初始化集群

导出配置

# 主节点声明变量
export KUBE_PROXY_MODE=ipvs
# 导出配置
kubeadm config print init-defaults >Kubernetes-cluster.yaml

打开

vim Kubernetes-cluster.yaml

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  # 将此处IP地址替换为主节点IP ETCD容器会试图通过此地址绑定端口 如果主机不存在则会失败
  advertiseAddress: 10.0.0.11
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  imagePullPolicy: IfNotPresent
  name: node
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
# 修改镜像下载地址
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.23.0
networking:
  dnsDomain: cluster.local
  # 增加配置 指定pod网段
  podSubnet: "10.244.0.0/16"
  serviceSubnet: 10.96.0.0/12
scheduler: {}
# 增加
pod-network-cidr: '10.244.0.0/16'
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd

kubeadm init --config Kubernetes-cluster.yaml

添加命令补全

apt install bash-completion -y
echo "source <(kubectl completion bash)" >> ~/.bashrc
source .bashrc

导入网络

kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml

其他注意点

containerd中镜像,容器这些都是区分名称空间的.如k8s会创建一个k8s.io的名称空间,所有的镜像和容器都是在这个名称空间下的,而命令访问默认的名称空间是查询不到任何东西的.

# 查看所有名称空间
root@gao:~# ctr ns ls 
NAME   LABELS 
k8s.io        
# 指定名称空间查看所有容器
root@gao:~# ctr -n k8s.io c list c为指定操作对象类型为容器 可以写为c container containers
CONTAINER                                                           IMAGE                                                                      RUNTIME                  
03162d102a233ab1abc5c806f2c1373bacf5576195739af0e9d3a01e1ef5d696    docker.io/rancher/mirrored-flannelcni-flannel:v0.20.2                      io.containerd.runc.v2    
13bc61f93a4b1d10952f6c24f78d43879327b3b4c66cb000fbc19231d495f1aa    registry.aliyuncs.com/google_containers/etcd:3.5.3-0                       io.containerd.runc.v2
......
# 指定名称空间查看所有镜像 i为指定操作对象类型为镜像 可以写为i image images
root@gao:~# ctr -n k8s.io i list 
REF                                                                                                                                     TYPE                                                      DIGEST                                                                  SIZE      PLATFORMS                                                                    LABELS                          
docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.0                                                                         application/vnd.docker.distribution.manifest.list.v2+json sha256:28d3a6be9f450282bf42e4dad143d41da23e3d91f66f19c01ee7fd21fd17cb2b 3.6 MiB   linux/amd64,linux/arm/v6,linux/arm64/v8,linux/s390x                          io.cri-containerd.image=managed 
docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin@sha256:28d3a6be9f450282bf42e4dad143d41da23e3d91f66f19c01ee7fd21fd17cb2b        application/vnd.docker.distribution.manifest.list.v2+json sha256:28d3a6be9f450282bf42e4dad143d41da23e3d91f66f19c01ee7fd21fd17cb2b 3.6 MiB   linux/amd64,linux/arm/v6,linux/arm64/v8,linux/s390x                          io.cri-containerd.image=managed 
docker.io/rancher/mirrored-flannelcni-flannel:v0.20.2                                                                                   application/vnd.docker.distribution.manifest.list.v2+json sha256:ec0f0b7430c8370c9f33fe76eb0392c1ad2ddf4ccaf2b9f43995cca6c94d3832 19.9 MiB  linux/amd64,linux/arm/v6,linux/arm64/v8,linux/s390x                          io.cri-containerd.image=managed
......