kubeadm+docker(cri-dockerd)方式部署k8s单master集群 (v1.24.3)
一、环境配置
关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
关闭selinux
setenforce 0
sed -i 's/enforcing/disabled/' /etc/selinux/config
关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab (永久关闭)
主机名与IP对应关系
vi /etc/hosts
192.168.247.101 keepalive-haproxy-01 k8s-master
192.168.247.102 keepalive-haproxy-02 k8s-node1
192.168.247.103 keepalive-haproxy-03 k8s-node2
192.168.247.100 keepalive-haproxy-vip
添加内核优化参数
cat << EOF > /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
user.max_user_namespaces=28633
EOF
使其生效
sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf
配置ipvs转发
yum install -y ipset ipvsadm
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
配置时间同步 dnf install chronyd -y cat > /etc/chrony.conf <<EOF server ntp.aliyun.com iburst stratumweight 0 driftfile /var/lib/chrony/drift rtcsync makestep 10 3 bindcmdaddress 127.0.0.1 bindcmdaddress ::1 keyfile /etc/chrony.keys commandkey 1 generatecommandkey logchange 0.5 logdir /var/log/chrony EOF systemctl enable chronyd && systemctl start chronyd
二、安装docker-ce
yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum install docker-ce 配置加速器 mkdir -p /etc/docker cat <<EOF > /etc/docker/daemon.json { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ], "experimental": false, "debug": false, "max-concurrent-downloads": 10, "registry-mirrors": ["https://a7h8080e.mirror.aliyuncs.com"] } EOF systemctl enable docker && systemctl start docker && systemctl status docker
下载golang 1.18 版本
wget https://golang.google.cn/dl/go1.18.3.linux-amd64.tar.gz
解压golang至指定目录
tar -C /usr/local/ -zxvf ./go1.18.3.linux-amd64.tar.gz
创建gopath目录
mkdir /home/gopath
添加环境变量,编辑/etc/profile 文件,在文件末尾添加以下配置
export GOROOT=/usr/local/go
export GOPATH=/home/gopath
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
加载/etc/profile文件
source /etc/profile
配置go proxy代理
go env -w GOPROXY="https://goproxy.io,direct"
验证golang是否安装完成,执行 go version命令
-
三、部署cri-dockerd
下载cri-dockerd源码 git clone https://github.com/Mirantis/cri-dockerd.git 进入cri-dockerd目录 cd cri-dockerd/ 执行 依赖包下载和命令构建 go get && go build
# go get && go build
go: downloading k8s.io/apiserver v0.20.4
go: downloading k8s.io/component-base v0.20.4
go: downloading github.com/sirupsen/logrus v1.8.1
go: downloading github.com/spf13/cobra v1.1.1
go: downloading github.com/spf13/pflag v1.0.5
go: downloading k8s.io/cri-api v0.20.4
go: downloading github.com/go-logr/logr v0.2.0
go: downloading k8s.io/apimachinery v0.20.4
go: downloading k8s.io/klog/v2 v2.4.0
go: downloading github.com/coreos/go-systemd/v22 v22.1.0
go: downloading github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e
go: downloading github.com/pkg/errors v0.9.1
go: downloading google.golang.org/grpc v1.27.1
go: downloading k8s.io/kubernetes v1.20.4
go: downloading github.com/Microsoft/hcsshim v0.8.10-0.20200715222032-5eafd1556990
go: downloading github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e
go: downloading github.com/blang/semver v3.5.1+incompatible
go: downloading github.com/docker/docker v17.12.0-ce-rc1.0.20200916142827-bd33bbf0497b+incompatible
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/opencontainers/image-spec v1.0.1
go: downloading golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8
go: downloading k8s.io/api v0.20.4
go: downloading k8s.io/client-go v0.20.4
go: downloading github.com/emicklei/go-restful v2.9.5+incompatible
go: downloading github.com/inconshreveable/mousetrap v1.0.0
go: downloading github.com/gogo/protobuf v1.3.1
go: downloading go.uber.org/zap v1.10.0
go: downloading github.com/evanphx/json-patch v4.9.0+incompatible
go: downloading github.com/go-openapi/spec v0.19.3
go: downloading github.com/google/uuid v1.1.2
go: downloading golang.org/x/net v0.0.0-20220225172249-27dd8689420f
go: downloading k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd
go: downloading k8s.io/utils v0.0.0-20201110183641-67b214c5f920
go: downloading github.com/google/gofuzz v1.1.0
go: downloading github.com/docker/distribution v2.7.1+incompatible
go: downloading github.com/docker/go-connections v0.4.0
go: downloading github.com/Microsoft/go-winio v0.4.15
go: downloading github.com/opencontainers/runc v1.0.0-rc92
go: downloading github.com/containernetworking/cni v0.8.0
go: downloading github.com/vishvananda/netlink v1.1.0
go: downloading github.com/davecgh/go-spew v1.1.1
go: downloading github.com/docker/go-units v0.4.0
go: downloading github.com/morikuni/aec v1.0.0
go: downloading github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab
go: downloading github.com/google/cadvisor v0.38.7
go: downloading github.com/golang/protobuf v1.5.2
go: downloading google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a
go: downloading github.com/json-iterator/go v1.1.10
go: downloading go.uber.org/atomic v1.4.0
go: downloading go.uber.org/multierr v1.1.0
go: downloading github.com/go-openapi/jsonpointer v0.19.3
go: downloading github.com/go-openapi/jsonreference v0.19.3
go: downloading github.com/go-openapi/swag v0.19.5
go: downloading sigs.k8s.io/structured-merge-diff/v4 v4.0.2
go: downloading sigs.k8s.io/yaml v1.2.0
go: downloading sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14
go: downloading github.com/googleapis/gnostic v0.4.1
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46
go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
go: downloading gopkg.in/inf.v0 v0.9.1
go: downloading go.opencensus.io v0.22.3
go: downloading github.com/cyphar/filepath-securejoin v0.2.2
go: downloading github.com/opencontainers/runtime-spec v1.0.3-0.20200728170252-4d89ac9fbff6
go: downloading github.com/moby/sys/mountinfo v0.1.3
go: downloading github.com/prometheus/client_golang v1.7.1
go: downloading github.com/prometheus/client_model v0.2.0
go: downloading github.com/prometheus/procfs v0.2.0
go: downloading github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae
go: downloading github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78
go: downloading google.golang.org/protobuf v1.26.0
go: downloading github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading github.com/modern-go/reflect2 v1.0.1
go: downloading github.com/PuerkitoBio/purell v1.1.1
go: downloading github.com/mailru/easyjson v0.7.0
go: downloading github.com/hashicorp/golang-lru v0.5.1
go: downloading golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
go: downloading github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
go: downloading go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489
go: downloading golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e
go: downloading golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0
go: downloading golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
go: downloading golang.org/x/text v0.3.7
go: downloading github.com/containerd/containerd v1.4.1
go: downloading github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59
go: downloading github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e
go: downloading github.com/godbus/dbus/v5 v5.0.3
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.1.1
go: downloading github.com/prometheus/common v0.10.0
go: downloading github.com/lithammer/dedent v1.1.0
go: downloading github.com/google/go-cmp v0.5.5
go: downloading github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578
go: downloading github.com/imdario/mergo v0.3.7
go: downloading github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369
go: downloading github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f
go: downloading github.com/coreos/go-semver v0.3.0
go: downloading google.golang.org/appengine v1.6.5
构建完成后生成cri-dockerd命令
接下来执行cri-dockerd命令的安装及环境配置命令 install -o root -g root -m 0755 cri-dockerd /usr/bin/cri-dockerd cp -a packaging/systemd/* /etc/systemd/system systemctl daemon-reload systemctl enable cri-docker.service systemctl enable --now cri-docker.socket
四、 安装kubeadm、kubelet、kubectl(每个节点都执行)
添加阿里云yum源 cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF 检查yum源是不是有跟kube相关的安装源 # yum list | grep kube 指定版本安装 yum install kubeadm kubectl kubelet -y
设置开机自启 systemctl enable kubelet && systemctl start kubelet
也可执行 yum list kubeadm kubelet kubectl --showduplicates | sort -r 按照输出的列表项安装特定版本.
拉取k8s指定版本的镜像 kubeadm config images pull --cri-socket unix:///var/run/cri-dockerd.sock --image-repository registry.aliyuncs.com/google_containers
master节点执行如下命令安装k8s kubeadm init --kubernetes-version=v1.24.3 \ --pod-network-cidr=10.224.0.0/16 \ --apiserver-advertise-address=192.168.247.101 \ --cri-socket unix:///var/run/cri-dockerd.sock \ --image-repository registry.aliyuncs.com/google_containers
查看 /var/log/messages 日志可以找到相关报错
该问题可能属于k8s代码问题,解决办法使用国内源下载该版本镜像,然后重新打tag docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6 docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6 k8s.gcr.io/pause:3.6
重新执行执行初始化命令,即可成功 # kubeadm init --kubernetes-version=v1.24.3 --pod-network-cidr=10.224.0.0/16 --apiserver-advertise-address=192.168.247.101 --cri-socket unix:///var/run/cri-dockerd.sock --image-repository registry.aliyuncs.com/google_containers
接下来在worker节点上执行相关的操作,worker节点与master节点的操作步骤的唯一区别是:master节点执行kubeadm init操作,woker节点执行kubeadm join操作, 因此上面的步骤除了kubeadm init步骤之外,其他所有的步骤woker节点同样也需要执行。 执行kubeadm init 成功之后输出的 最后一行kubeadm join 命令 kubeadm config images pull --cri-socket unix:///var/run/cri-dockerd.sock --image-repository registry.aliyuncs.com/google_containers kubeadm join 192.168.247.101:6443 --token o4zf8w.rw20jhmskiyk0ton --discovery-token-ca-cert-hash sha256:376e215a51620ac699223ac80cbd57f2adcf46b2c0eef0a7dfd003a55f7dac78 --cri-socket unix:///var/run/cri-dockerd.sock
参考文档:https://blog.csdn.net/u011415722/article/details/125472772