kubeadm部署v1.26.1
kubeadm部署v1.26.1
文章目录
- kubeadm部署v1.26.1
- 部署介绍
- 环境准备
- 安装部署
-
- 基础环境搭建
-
- 时钟同步
- 主机名解析
- 禁用swap设备
- 关闭防火墙
- 安装docker
- 安装cri-dockerd
- 安装kubelet、kubeadm、kubectl
- 整合kubelet与cri-dockerd
- 配置代理(选作)
- 初始化第一个节点
- 添加flannel插件
- 添加其他master节点
- 添加所有node节点
- 重置集群(危险)
部署介绍
kubelet与CNI需要手动部署,但是其他组件全部可以通过容器部署。
环境准备
OS: Ubuntu22.04
Docker: 23.0.1
CGroup Driver: systemd
Kubernetes: v1.26.1
CRI: cri-dockerd 0.3.1.3
CNI: flannel
网络环境:
vip: 10.0.0.6(nginx+keepalive或haproxy+keepalive)
节点网络:10.0.0.0/24
Pod网络:10.244.0.0/16
Service:10.96.0.0/12
安装部署
基础环境搭建
时钟同步
apt install chrony -y
systemctl enable --now chrony.service
timedatectl set-timezone Asia/Shanghai
date
主机名解析
10.0.0.6 kubeapi.ldy.com
10.0.0.21 k8s-master01.ldy.com k8s-master01
10.0.0.22 k8s-master02.ldy.com k8s-master02
10.0.0.23 k8s-master03.ldy.com k8s-master03
10.0.0.41 k8s-node01.ldy.com k8s-node01
10.0.0.42 k8s-node02.ldy.com k8s-node02
10.0.0.43 k8s-node03.ldy.com k8s-node03
禁用swap设备
swapoff -a
//编辑配置文件
vim /etc/fstab
//列出是否还有swap设备
systemctl --type swap
//如果还有swap,禁用
systemctl mask SWAP_DEV
关闭防火墙
ufw disable
ufw status
安装docker
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
apt-get -y update
apt install docker-ce=5:23.0.1-1~ubuntu.22.04~jammy
优化
{
"registry-mirrors": ["https://g27ti0mw.mirror.aliyuncs.com"],
"insecure-registries": ["harbor.ldy.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-opts": {
"max-size": "300m",
"max-file": "2"
},
"live-restore": true,
"storage-driver": "overlay2"
}
systemctl restart docker
安装cri-dockerd
curl -LO https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd_0.3.1.3-0.ubuntu-jammy_amd64.deb
apt install ./cri-dockerd_0.3.1.3-0.ubuntu-jammy_amd64.deb
systemctl status cri-docker.service
安装kubelet、kubeadm、kubectl
apt update && apt install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
cat </etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt update
apt install -y kubelet=1.26.1-00 kubeadm=1.26.1-00 kubectl=1.26.1-00
systemctl enable kubelet
整合kubelet与cri-dockerd
配置cri-dockerd
vim /usr/lib/systemd/system/cri-docker.service
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d
systemctl daemon-reload && systemctl restart cri-docker.service
配置kubelet配置kubelet,为其指定cri-dockerd在本地打开的Unix Sock文件的路径,该路径一般默认为“/run/cri-dockerd.sock“
root@k8s-master01:~# mkdir /etc/sysconfig
root@k8s-master01:~# vim /etc/sysconfig/kubelet
KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/run/cri-dockerd.sock"
需要说明的是,该配置也可不进行,而是直接在后面的各kubeadm命令上使用“–cri-socket unix:///run/cri-dockerd.sock”选项。
配置代理(选作)
初始化第一个节点
//查看需要哪些images
kubeadm config images list
kubeadm config images list --image-repository=registry.aliyuncs.com/google_containers
//拉去所需镜像(可能拉去不了)
kubeadm config images pull --cri-socket unix:///run/cri-dockerd.sock
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.26.2
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.26.2
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.26.2
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.26.2
docker pull registry.aliyuncs.com/google_containers/pause:3.9
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.6-0
docker pull registry.aliyuncs.com/google_containers/coredns:v1.9.3
//通过其他方法将pause3.6放入主机
docker load -i pause-3.6.tar
kubeadm init \
--control-plane-endpoint="kubeapi.ldy.com" \
--kubernetes-version=v1.26.2 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--token-ttl=0 \
--cri-socket unix:///run/cri-dockerd.sock \
--upload-certs \
--image-repository=registry.aliyuncs.com/google_containers
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
添加flannel插件
官方链接:https://github.com/coreos/flannel-cni
kubectl apply -f kube-flannel.yml
添加其他master节点
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.26.2
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.26.2
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.26.2
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.26.2
docker pull registry.aliyuncs.com/google_containers/pause:3.9
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.6-0
docker pull registry.aliyuncs.com/google_containers/coredns:v1.9.3
//通过其他方法将pause3.6放入主机
docker load -i pause-3.6.tar
--cri-socket unix:///run/cri-dockerd.sock
添加所有node节点
//通过其他方法将pause3.6放入主机
docker load -i pause-3.6.tar
--cri-socket unix:///run/cri-dockerd.sock
重置集群(危险)
kubeadm reset --cri-socket unix:///run/cri-dockerd.sock
//危险及其危险。尤其是rm生产千万不能执行
//现在worker节点执行,再去master节点执行
kubeadm reset --cri-socket unix:///run/cri-dockerd.sock && \
rm -rf /etc/kubernetes/ /var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni /etc/cni/net.d /var/lib/etcd