centos7 部署 k8s1.25.3 （使用containerd）

k8s部署，使用的国内镜像：registry.aliyuncs.com/google_containers

 

1.关闭防火墙、selinux

sed -i 's/^ *SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

systemctl stop firewalld.service

systemctl disable firewalld

添加yum源

1.添加centos7 aliyun 源

mv CentOS-Base.repo CentOS-Base.repo.bak
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

2.添加docker源

yum-config-manager     --add-repo     https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

3. 添加k8s源

[root@k8s-master ~]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

 

yum clean all
yum makecache

安装 containerd
yum install -y yum-utils   device-mapper-persistent-data   lvm2

yum list docker-ce --showduplicates | sort -r

 yum install containerd.io

设置主机名

 hostnamectl set-hostname k8s-node01
hostnamectl set-hostname k8s-master01

同步时间
timedatectl set-timezone Asia/Shanghai
ntpdate ntp1.aliyun.com

关闭交换分区

sed -ri 's/.*swap.*/#&/' /etc/fstab 

swapoff -a
[root@k8s-master ~]# free -m
              total        used        free      shared  buff/cache   available
Mem:           8077         955        6047          20        1074        6706
Swap:             0           0           0

 

加载模块

1. 永久添加模块

[root@k8s-master01 ~]# vim /etc/modules-load.d/k8s.conf
overlay
br_netfilter
2.手动添加


modprobe br_netfilter

modprobe overlay、

3.查看添加效果

lsmod | grep overlay

[root@k8s-master01 ~]# lsmod | grep br_netfilter
br_netfilter           28672  0

 

修改内核参数

[root@k8s-master ~]# cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
vm.swappiness=0                               #可选

 

[root@k8s-master ~]# sysctl -p /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1

 sysctl --system

 

安装ipvs模块

yum -y install ipset ipvsadm
[root@localhost ~]# vim /etc/sysconfig/modules/ipvs.modules

modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack

[root@k8s-master01 ~]# chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack
nf_conntrack_netlink    49152  0
nfnetlink              20480  4 nf_conntrack_netlink,nf_tables,ip_set
ip_vs_sh               16384  0
ip_vs_wrr              16384  0
ip_vs_rr               16384  0
ip_vs                 163840  6 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack          163840  6 xt_conntrack,nf_nat,xt_nat,nf_conntrack_netlink,xt_MASQUERADE,ip_vs
nf_defrag_ipv6         24576  2 nf_conntrack,ip_vs
nf_defrag_ipv4         16384  1 nf_conntrack
libcrc32c              16384  5 nf_conntrack,nf_nat,nf_tables,xfs,ip_vs

rm /etc/containerd/config.toml
containerd config default > /etc/containerd/config.toml

配置镜像加速

vim /etc/containerd/config.toml

 

     [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://registry.aliyuncs.com"]

 

# sed -i ‘/registry.mirrors]/a\ \ \ \ \ \ \ \ [plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“docker.io”]’ /etc/containerd/config.toml    网上的内容，没有配置
#sed -i ‘/registry.mirrors.“docker.io”]/a\ \ \ \ \ \ \ \ \ \ endpoint = [“https://0x3urqgf.mirror.aliyuncs.com”]’ /etc/containerd/config.toml   网上的内退  ，没有配置

找到config_path = ""，修改成如下目录：
config_path = "/etc/containerd/certs.d"
# 保存退出 wq
 mkdir /etc/containerd/certs.d/docker.io/ -p
vim /etc/containerd/certs.d/docker.io/hosts.toml
# 写入如下内容：
[host."https://vh3bm52y.mirror.aliyuncs.com",host."https://registry.docker-cn.com"]
capabilities = ["pull"]
#  此部分可选，有的配了有的没配。

 

修改成阿里云镜像

sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.8"

 修改systemCgroup

SystemdCgroup = true

systemctl enable containerd
systemctl restart containerd

 

 yum install  kubectl kubeadm kubelet -y    这一步会安装 crictl 。

安装crictl    ，这是网上的步骤，作为参考，上一步yum已经胡自动安装crictl
# 所有节点执行
#[root@master1 opt]# VERSION="v1.23.0"
#[root@master1 opt]# curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-${VERSION}-linux-amd64.tar.gz --output crictl-${VERSION}-linux-amd64.tar.gz

#crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock

 

 

crictl config runtime-endpoint unix:///run/containerd/containerd.sock
crictl config image-endpoint unix:///run/containerd/containerd.sock

 

 

或者：

vim /etc/crictl.yaml

runtime-endpoint: unix:///run/containerd/containerd.sock

image-endpoint: unix:///run/containerd/containerd.sock

timeout: 10

debug: false

 

systemctl restart  containerd

crictl info

 

[root@k8s-master01 ~]# vim /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
systemctl enable kubelet

 

 kubeadm config print init-defaults > kubeadm-init.yaml

 

[root@k8s-master01 ~]# vim kubeadm-init.yaml

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.30.119
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: k8s-master01
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.25.3
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.244.0.0/16
scheduler: {}
---                           #  新增
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---                          # 新增
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd

 

 

kubeadm config images pull --config=kubeadm-init.yaml

kubeadm init --config kubeadm-init.yaml

 export KUBECONFIG=/etc/kubernetes/admin.conf

curl https://docs.projectcalico.org/manifests/calico.yaml -O

vim calico.yaml

 # The default IPv4 pool to create on startup if none exists. Pod IPs will be
            # chosen from this range. Changing this value after installation will have
            # no effect. This should fall within `--cluster-cidr`.
            - name: CALICO_IPV4POOL_CIDR
              value: "10.244.0.0/16"
            # Disable file logging so `kubectl logs` works.
            - name: CALICO_DISABLE_FILE_LOGGING

 

 

 

kubectl apply -f calico.yaml

 images=(`cat calico.yaml |grep image: | awk '{print$2}'`)

 for imagename in ${images[@]} ; do crictl pull $imagename; done

 

 

yum install bash-completion -y

vim ~/.bashrc

source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)

source ~/.bashrc

重启以后遇到的故障：

[root@k8s-master01 k8s]# kubectl get pods
The connection to the server localhost:8080 was refused - did you specify the right host or port?

vim /etc/profile

export KUBECONFIG=/etc/kubernetes/admin.conf
source /etc/profile

 

卸载node

kubeadm reset && rm -rf /etc/cni/net.d && ipvsadm --clear && rm -rf $HOME/.kube && rm -rf /etc/kubernetes/*
# 删除所有的k8s节点
kubectl delete node --all
# 重置kubeadm
kubeadm reset
modprode -r ipip
lsmod
rm -rf ~/.kube/
rm -rf /etc/kubernetes/
rm -rf /etc/systemd/system/kubelet.service.d
rm -rf /etc/systemd/system/kubelet.serive
rm -rf /usr/bin/kube*
rm -rf /etc/cni
rm -rf /opt/cni
rm -rf /var/lib/etcd
rm -rf /var/etcd
yum uninstall kube*