kuberentes 1.25 安装及指南
1.25 较之前版本有什么区别
在1.25及之后的版本中,k8s将docker-shim进行了移除,代之的是cri-containerd与containerd进行直接交互,从某种意义上来说,和docker进行了解绑。
另外一方面,k8s在与docker进行解绑后,docker同时开始维护cri-dockerd项目,用于代替原有的docker-shim,下载地址:https://github.com/Mirantis/cri-dockerd/releases
其关系如图所示:
一、docker,cri-containerd,cri-o常用命令比较
| 命令 | docker | cri-containerd | cri-o |
|---|---|---|---|
| 查看运行的容器 | docker ps | ctr task ls/ctr container ls | crictl ps |
| 查看镜像 | docker images | ctr image ls | crictl images |
| 查看容器日志 | docker logs | 无 | crictl logs |
| 查看容器数据信息 | docker inspect | ctr container info | crictl inspect |
| 查看容器资源 | docker stats | 无 | crictl stats |
| 启动/关闭已有的容器 | docker start/stop | ctr task start/kill | crictl start/stop |
| 运行一个新的容器 | docker run | ctr run | 无(最小单元为pod) |
| 修改镜像标签 | docker tag | ctr image tag | 无 |
| 创建一个新的容器 | docker create | ctr container create | crictl create |
| 导入镜像 | docker load | ctr image import | 无 |
| 导出镜像 | docker save | ctr image export | 无 |
| 删除容器 | docker rm | ctr container rm | crictl rm |
| 删除镜像 | docker rmi | ctr image rm | crictl rmi |
| 拉取镜像 | docker pull | ctr image pull | ctictl pull |
| 推送镜像 | docker push | ctr image push | 无 |
| 在容器内部执行命令 | docker exec | 无 | crictl exec |
二、kubernetes Master 安装
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce
systemctl daemon-reload && systemctl restart docker
#安装cri-dockerd
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.x86_64.rpm
rpm -ivh cri-dockerd-0.3.1-3.el7.x86_64.rpm
vim /usr/lib/systemd/system/cri-docker.service
#重载沙箱(pause)镜像
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 --container-runtime-endpoint fd://
#启动并设置开机重启cri-docker
systemctl start cri-docker
systemctl enable cri-docker
rm -rf /etc/containerd/config.toml
systemctl restart containerd
#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
vim /etc/selinux/config
SELINUX=disabled
#修改 sysctl 配置
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
sysctl --system
#关闭 swap 前面#需要把下面的注释掉,否则会启动不了kubelet,这个需要全程关闭掉
swapoff -a
vim /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0
#添加 iptable 内核模块,istio会用到iptables转发功能
lsmod |grep -E "ip_tables|iptable_filter"
modprobe ip_tables
modprobe iptable_filter
lsmod |grep -E "ip_tables|iptable_filter"
[root@k8s-node02 ~]# vim /etc/sysconfig/modules/iptables.modules
modprobe -- ip_tables
modprobe -- iptable_filter
[root@k8s-node02 ~]# chmod 755 /etc/sysconfig/modules/iptables.modules #设置权限
[root@k8s-node02 ~]# sh /etc/sysconfig/modules/iptables.modules #临时生效,重启后也会生效
#kubernetes yum源
vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
yum -y install epel-release
yum clean all
yum makecache
yum install -y kubelet-1.25.0 kubeadm-1.25.0 kubectl-1.25.0
//拉取k8s的docker镜像
kubeadm config images list
编辑镜像文件:
set ff=unix //设置为unix格式
./get_image_docker.sh 拉取镜像
//初始化kubernetes
//pod-network 的IP千万不要和局域网的IP重合,否则会造成pod内网不通外网的情况,一定切记切记
//另外特别注意--pod-network-cidr的网段必须和kube-flannel的网段地址要保持一样,否则也会造成pod内部IP不通的情况,最好设成默认的10.244.0.0/16
//注意容器运行时的选择,cri-socket unix:///var/run/cri-dockerd.sock
kubeadm config print init-defaults > kubeadm-init.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 172.17.0.15 #主机地址
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/cri-dockerd.sock #docker运行时
imagePullPolicy: IfNotPresent
name: VM-0-15-almalinux #主机名
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers #阿里云仓库
kind: ClusterConfiguration
kubernetesVersion: 1.25.0 #版本号
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16 #pod网络地址
serviceSubnet: 10.96.0.0/12 #svc网络地址
scheduler: {}
kubeadm init --config kubeadm-init.yaml
单机版kubernetes为了运行Pod.需要删除主机上的Train.允许master执行Pod.
kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl taint nodes iz2vcf9v41doxowbcqr492z node-role.kubernetes.io/master=:NoSchedule
error: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
vim /etc/profile
export KUBECONFIG=/etc/kubernetes/admin.conf
立即生效
source /etc/profile
部署flannel网络,否则节点无法运行
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
kubectl get nodes
配置访问集群的,同时好需要执行如下命令:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
#查询执行错误
journalctl -f -u kubelet
docker images|grep flannel
systemctl restart kubelet
#卸载服务
kubeadm reset
二、kubernetes Node 安装
--加入集群
创建token
kubeadm token create --print-join-command
kubeadm join 192.168.0.148:6443 --token byuls7.w9l9wclaoj033b5y \
--discovery-token-ca-cert-hash sha256:ce8fe73dd96184e51bec79727c91ca64de4682119db25c3df3c7cb91799fae2a --cri-socket unix:///var/run/cri-dockerd.sock
#从Master复制过来
scp root@172.17.0.15:/etc/kubernetes/admin.conf /etc/kubernetes/admin.conf
vim /etc/profile
export KUBECONFIG=/etc/kubernetes/admin.conf
立即生效
source /etc/profile
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
