kuberentes 1.25 安装及指南

1.25 较之前版本有什么区别

在1.25及之后的版本中,k8s将docker-shim进行了移除,代之的是cri-containerd与containerd进行直接交互,从某种意义上来说,和docker进行了解绑。
另外一方面,k8s在与docker进行解绑后,docker同时开始维护cri-dockerd项目,用于代替原有的docker-shim,下载地址:https://github.com/Mirantis/cri-dockerd/releases
其关系如图所示:

一、docker,cri-containerd,cri-o常用命令比较

命令 docker cri-containerd cri-o
查看运行的容器 docker ps ctr task ls/ctr container ls crictl ps
查看镜像 docker images ctr image ls crictl images
查看容器日志 docker logs crictl logs
查看容器数据信息 docker inspect ctr container info crictl inspect
查看容器资源 docker stats crictl stats
启动/关闭已有的容器 docker start/stop ctr task start/kill crictl start/stop
运行一个新的容器 docker run ctr run 无(最小单元为pod)
修改镜像标签 docker tag ctr image tag
创建一个新的容器 docker create ctr container create crictl create
导入镜像 docker load ctr image import
导出镜像 docker save ctr image export
删除容器 docker rm ctr container rm crictl rm
删除镜像 docker rmi ctr image rm crictl rmi
拉取镜像 docker pull ctr image pull ctictl pull
推送镜像 docker push ctr image push
在容器内部执行命令 docker exec crictl exec

二、kubernetes Master 安装

yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum -y install docker-ce

systemctl daemon-reload && systemctl restart docker


#安装cri-dockerd
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.1/cri-dockerd-0.3.1-3.el7.x86_64.rpm
rpm -ivh cri-dockerd-0.3.1-3.el7.x86_64.rpm


vim /usr/lib/systemd/system/cri-docker.service
#重载沙箱(pause)镜像
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 --container-runtime-endpoint fd://
#启动并设置开机重启cri-docker
systemctl start cri-docker
systemctl enable cri-docker

rm -rf /etc/containerd/config.toml
systemctl restart containerd



#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

vim /etc/selinux/config
SELINUX=disabled


#修改 sysctl 配置
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

sysctl --system


#关闭 swap 前面#需要把下面的注释掉,否则会启动不了kubelet,这个需要全程关闭掉
swapoff -a
vim /etc/fstab
#/dev/mapper/centos-swap swap swap defaults 0 0

#添加 iptable 内核模块,istio会用到iptables转发功能

lsmod |grep -E "ip_tables|iptable_filter"
modprobe ip_tables
modprobe iptable_filter
lsmod |grep -E "ip_tables|iptable_filter"
[root@k8s-node02 ~]# vim /etc/sysconfig/modules/iptables.modules
modprobe -- ip_tables
modprobe -- iptable_filter
[root@k8s-node02 ~]# chmod 755 /etc/sysconfig/modules/iptables.modules   #设置权限
[root@k8s-node02 ~]# sh /etc/sysconfig/modules/iptables.modules          #临时生效,重启后也会生效

#kubernetes yum源

vim /etc/yum.repos.d/kubernetes.repo
[kubernetes] 
name=Kubernetes 
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ 
enabled=1 
gpgcheck=0


yum -y install epel-release
yum clean all
yum makecache
yum install -y kubelet-1.25.0 kubeadm-1.25.0 kubectl-1.25.0


//拉取k8s的docker镜像
kubeadm config images list
编辑镜像文件:
set ff=unix //设置为unix格式
./get_image_docker.sh 拉取镜像


//初始化kubernetes
//pod-network 的IP千万不要和局域网的IP重合,否则会造成pod内网不通外网的情况,一定切记切记
//另外特别注意--pod-network-cidr的网段必须和kube-flannel的网段地址要保持一样,否则也会造成pod内部IP不通的情况,最好设成默认的10.244.0.0/16
//注意容器运行时的选择,cri-socket unix:///var/run/cri-dockerd.sock

kubeadm config print init-defaults > kubeadm-init.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 172.17.0.15 #主机地址
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/cri-dockerd.sock #docker运行时
  imagePullPolicy: IfNotPresent
  name: VM-0-15-almalinux #主机名
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers #阿里云仓库
kind: ClusterConfiguration
kubernetesVersion: 1.25.0 #版本号
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16 #pod网络地址
  serviceSubnet: 10.96.0.0/12 #svc网络地址
scheduler: {}

kubeadm init --config kubeadm-init.yaml


单机版kubernetes为了运行Pod.需要删除主机上的Train.允许master执行Pod.
kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl taint nodes iz2vcf9v41doxowbcqr492z node-role.kubernetes.io/master=:NoSchedule


error: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
vim /etc/profile
export KUBECONFIG=/etc/kubernetes/admin.conf
立即生效
source /etc/profile


部署flannel网络,否则节点无法运行
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f kube-flannel.yml
kubectl get nodes


配置访问集群的,同时好需要执行如下命令:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

#查询执行错误
journalctl -f -u kubelet
docker images|grep flannel
systemctl restart kubelet

#卸载服务
kubeadm reset

二、kubernetes Node 安装

--加入集群
创建token
kubeadm token create --print-join-command

kubeadm join 192.168.0.148:6443 --token byuls7.w9l9wclaoj033b5y \
	--discovery-token-ca-cert-hash sha256:ce8fe73dd96184e51bec79727c91ca64de4682119db25c3df3c7cb91799fae2a --cri-socket unix:///var/run/cri-dockerd.sock

#从Master复制过来 
scp root@172.17.0.15:/etc/kubernetes/admin.conf /etc/kubernetes/admin.conf

vim /etc/profile
export KUBECONFIG=/etc/kubernetes/admin.conf
立即生效
source /etc/profile

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

posted @ 2022-12-23 14:19  littlewrong  阅读(590)  评论(0编辑  收藏  举报