Centos 7 部署Kubernetes集群 (基于cri-dockerd)
<h1>前言</h1><h3>基础描述</h3>
<p>从 k8s 1.24开始,dockershim已经从kubelet中移除,但因为历史问题docker却不支持kubernetes主推的CRI(容器运行时接口)标准,所以docker不能再作为k8s的容器运行时了,即从k8s v1.24开始不再使用docker了<br>但是如果想继续使用docker的话,可以在kubelet和docker之间加上一个中间层cri-docker。cri-docker是一个支持CRI标准的shim(垫片)。一头通过CRI跟kubelet交互,另一头跟docker api交互,从而间接的实现了kubernetes以docker作为容器运行时。但是这种架构缺点也很明显,调用链更长,效率更低。<br>本文采用了cri-docker的使用,但是更推荐使用containerd作为k8s的容器运行时</p>
<h3>温馨提示:</h3>
<ul>
<li>请注意各节点所需执行命令</li>
</ul>
<h2>一、准备环境</h2>
<p>k8s集群版本:<strong>kubernetes v1.25.0</strong></p>
<table style="height: 137px; width: 536px" border="0">
<tbody>
<tr>
<td style="text-align: center">服务器系统</td>
<td style="text-align: center">节点IP</td>
<td style="text-align: center">节点类型</td>
<td style="text-align: center">CUP/内存</td>
<td style="text-align: center">Hostname</td>
</tr>
<tr>
<td style="text-align: center">Centos 7.4.1708</td>
<td style="text-align: center">192.168.1.89</td>
<td style="text-align: center">主节点</td>
<td style="text-align: center">2核/4G</td>
<td style="text-align: center">master</td>
</tr>
<tr>
<td style="text-align: center">Centos 7.4.1708</td>
<td style="text-align: center">192.168.1.90</td>
<td style="text-align: center">工作节点1</td>
<td style="text-align: center">2核/4G</td>
<td style="text-align: center">node1</td>
</tr>
<tr>
<td style="text-align: center">Centos 7.4.1708</td>
<td style="text-align: center">192.168.1.91</td>
<td style="text-align: center">工作节点2</td>
<td style="text-align: center">2核/4G</td>
<td style="text-align: center">node2</td>
</tr>
</tbody>
</table>
<h2> 二、安装检查</h2>
<div class="table-wrapper">
<p><span style="color: rgba(255, 0, 0, 1)">注:在三台机器上执行------------------------开始----------------------------</span></p>
</div>
<div class="table-wrapper">2.1 修改hostname</div>
<div class="table-wrapper">
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">hostnamectl set-hostname master
hostnamectl set-hostname node1
hostnamectl set-hostname node2</pre>
</div>
</div>
<div class="table-wrapper">
<p>2.2 三台机器网络连通(修改所有节点)</p>
</div>
<div class="table-wrapper">
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;"># cat /etc/hosts
192.168.1.89 master
192.168.1.90 node1
192.168.1.91 node2
</pre>
</div>
<p>2.3 关闭防火墙</p>
</div>
<div class="table-wrapper">
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">systemctl stop firewalld && systemctl disable firewalld && systemctl status firewalld && firewall-cmd --state</pre>
</div>
<p>2.4 关闭selinux</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config && sestatus
</pre>
</div>
<p>2.5 关闭swap</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">swapoff -a
sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
</pre>
</div>
<p>2.6 配置iptables的ACCEPT规则</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT
</pre>
</div>
<p>2.7 设置系统参数</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">cat <<EOF > /etc/sysctl.d/k8s.conf
vm.swappiness = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system</pre>
</div>
</div>
<div class="table-wrapper">
<h2>三、yum 更新</h2>
<p>3.1 更新系统及安装依赖</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">yum install update
yum install -y lrzsz conntrack ipvsadm ipset jq sysstat curl iptables libseccomp
</pre>
</div>
<h2>四、安装docker</h2>
</div>
<p class="table-wrapper">4.1 设置repo</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
</pre>
</div>
<p>注:如果提示命令未找到,执行安装软件:<span style="color: rgba(255, 0, 0, 1)">yum -y install yum-utils</span></p>
<p>4.2 设置国内镜像并重启 daemon</p>
<div class="table-wrapper">
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://tsvqojsz.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
</pre>
</div>
<p>4.3 下载repo源</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
</pre>
</div>
<p>4.4 安装并启动</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">yum install -y docker-ce
systemctl start docker
systemctl enable docker
</pre>
</div>
<p>4.5 验证安装结果</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">docker info</pre>
</div>
<h2>五、安装 cri-dockerd</h2>
<h3>官方信息</h3>
<ul>
<li>开源地址 https://github.com/Mirantis/cri-dockerd</li>
<li>下载地址 https://github.com/Mirantis/cri-dockerd/releases</li>
<li>百度网盘下载地址</li>
</ul>
</div>
<div class="table-wrapper">
<p>链接:https://pan.baidu.com/s/1J77dItAnPoO_v2Yi8ibn6A?pwd=tkky <br>提取码:tkky</p>
</div>
<div class="table-wrapper">5.1 上传安装包并解压</div>
<div class="table-wrapper">
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">tar xf cri-dockerd-0.2.6.amd64.tgz
cp cri-dockerd/cri-dockerd /usr/bin/
chmod +x /usr/bin/cri-dockerd
</pre>
</div>
<p>5.2 配置启动⽂件,执行如下命令</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">cat <<"EOF" > /usr/lib/systemd/system/cri-docker.service
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.7
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
WantedBy=multi-user.target
EOF</pre>
</div>
<p>5.3 ⽣成 socket ⽂件,执行如下命令</p>
</div>
<div class="table-wrapper">
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">cat <<"EOF" > /usr/lib/systemd/system/cri-docker.socket
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
WantedBy=sockets.target
EOF
</pre>
</div>
<p>5.4 启动 cri-docker 并设置开机⾃动启动</p>
</div>
<div class="table-wrapper">
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">systemctl daemon-reload
systemctl enable cri-docker --now
systemctl is-active cri-docker</pre>
</div>
<h2>六 、安装k8s</h2>
<h3>部署 kubeadm kubelet kubectl</h3>
<p>6.1 添加阿⾥云 yum源</p>
</div>
<div class="table-wrapper">
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">cat > /etc/yum.repos.d/kubernetes.repo << EOF
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
</pre>
</div>
<p>6.2 安装三大件</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">yum install -y kubelet-1.25.0 kubeadm-1.25.0 kubectl-1.25.0
kubeadm version
systemctl enable kubelet
</pre>
</div>
<p>6.3 修改初始化系统管理器</p>
<p>说明:</p>
<p>ubuntu 系统,debian 系统,centos7 系统,都是使用 systemd 初始化系统。systemd 这边已经有一套 cgroup 管理器了,如果容器运行时和 kubelet 使用 cgroupfs,此时就会存在 cgroups 和 systemd 两种 cgroup 管理器。也就意味着操作系统里面存在两种资源分配的视图,当操作系统上存在 CPU,内存等等资源不足的时候,操作系统上的进程会变得不稳定。</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">cat <<EOF > /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF
</pre>
</div>
<p><span style="color: rgba(255, 0, 0, 1)">注:在三台机器上执行------------------------结束----------------------------</span></p>
<p>6.4 初始化master节点</p>
</div>
<div class="table-wrapper">
<ul>
<li>此命令只在master节点执行,192.168.1.89 替换为你的master节点IP</li>
<li>【若要重新初始化集群状态:kubeadm reset,然后再进行以下初始化操作】</li>
</ul>
</div>
<div class="table-wrapper">
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">kubeadm init \
--apiserver-advertise-address=192.168.1.89 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.25.0 \
--service-cidr=10.10.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--cri-socket /var/run/cri-dockerd.sock \
--ignore-preflight-errors=all
</pre>
</div>
<p>迁移配置</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config</pre>
</div>
</div>
<p class="table-wrapper">6.5 将work节点加入集群</p>
<div class="table-wrapper">
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">kubeadm join 192.168.1.89:6443 --token dy9bff.3lksz1ppp208zapx \
--discovery-token-ca-cert-hash sha256:534b3bd0ad6e0faa20da83979987aaa852550fbc4a1db7d331d50bb29d04ac84 \
--cri-socket /var/run/cri-dockerd.sock
</pre>
</div>
<h2>七、安装网络插件flannel</h2>
<p>7.1 安装flannel</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
</pre>
</div>
<p>7.2 查看pod状态</p>
<ul>
<li>查看所有pod信息:kubectl get pods -A -o wide</li>
</ul>
</div>
<div class="table-wrapper">
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;"># kubectl get pod --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-flannel kube-flannel-ds-kt72s 1/1 Running 0 3h43m
kube-flannel kube-flannel-ds-ppl2v 1/1 Running 0 3h43m
kube-flannel kube-flannel-ds-tqj52 1/1 Running 0 3h43m
kube-system coredns-c676cc86f-hg4bx 1/1 Running 0 2d23h
kube-system coredns-c676cc86f-pp6gs 1/1 Running 0 2d23h
kube-system etcd-master 1/1 Running 3 (6h13m ago) 2d23h
kube-system kube-apiserver-master 1/1 Running 3 (6h13m ago) 2d23h
kube-system kube-controller-manager-master 1/1 Running 2 (6h13m ago) 2d23h
kube-system kube-flannel-ds-g4j29 1/1 Running 0 3h49m
kube-system kube-flannel-ds-sngvm 1/1 Running 0 3h49m
kube-system kube-flannel-ds-w8g45 1/1 Running 0 3h49m
kube-system kube-proxy-6pbqd 1/1 Running 1 (6h12m ago) 2d23h
kube-system kube-proxy-jzc4n 1/1 Running 3 (6h13m ago) 2d23h
kube-system kube-proxy-mvtwg 1/1 Running 1 (6h12m ago) 2d23h
kube-system kube-scheduler-master 1/1 Running 2 (6h13m ago) 2d23h
</pre>
</div>
<p>7.3 查看集群状态</p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;"># kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready control-plane 2d23h v1.25.0
node1 Ready <none> 2d23h v1.25.0
node2 Ready <none> 2d23h v1.25.0
</pre>
</div>
<p> </p>
</div>
<div class="table-wrapper"> </div><br><br>
来源:https://www.cnblogs.com/yangzp/p/16911078.html
頁:
[1]