kubernetes1.24+containerd搭建
1. 安装containerd
k8s1.24不支持docker作为运行时容器,需要采用containerd
k8s1.24可以支持docker的远程镜像
1.1. 安装
apt-get install containerd.io=1.6.6-1
1.2. 生成containerd默认配置文件(所有节点)
mv /etc/containerd/config.toml /etc/containerd/config.toml.orig
containerd config default > /etc/containerd/config.toml
1.3. 修改config.toml文件
- endpoint加速器
[plugins."io.containerd.tracing.processor.v1.otlp"]
endpoint = "https://docker.mirrors.ustc.edu.cn/"
insecure = false
protocol = “"
- 修改sandbox_image
#sandbox_image = "k8s.gcr.io/pause:3.6"
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"
- 修改Systemdcgroup
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = true
- 修改root和state的路径(看硬盘情况)
required_plugins = []
root = "/home/containerd/root"
state = "/home/containerd/state"
temp = ""
version = 2
1.4. 重启containerd
systemctl restart containerd
1.5. 查看镜像
sudo crictl image ls
1.6. 查看容器
sudo crictl ps
qiteck@server:~$ sudo crictl ps WARN[0000] runtime connect using default endpoints: [unix:///var/run/dockershim.sock unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead. ERRO[0000] unable to determine runtime API version: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial unix /var/run/dockershim.sock: connect: no such file or directory" WARN[0000] image connect using default endpoints: [unix:///var/run/dockershim.sock unix:///run/containerd/containerd.sock unix:///run/crio/crio.sock unix:///var/run/cri-dockerd.sock]. As the default settings are now deprecated, you should set the endpoint instead. ERRO[0000] unable to determine image API version: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial unix /var/run/dockershim.sock: connect: no such file or directory" CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD ef543e51cfa0c b008bec0252cb 5 hours ago Running omp 0 0fa6d165a2c35 omp-7696d4c57-2r6fl 706fb4abbdd02 cec7ba5a893a8 6 hours ago Running omp2 0 2d63b9953013f omp2-77689d4c5b-vmz2l c589f102227c3 beac3508eacfe 30 hours ago Running account 0 27abc088678b6 account-794585bbbb-p927k 433d94b8dd567 6358d98c814a7 31 hours ago Running game 0 2c41d2412209b game-7f44bb65f8-cjbrq 6b035346f216c d9814b25e52ba 46 hours ago Running consul 0 c390fa719ff8d consul-server-2 6774c93cb6c59 d9814b25e52ba 46 hours ago Running consul 0 6ab43d041c87a consul-client-m7jwf 0134002a22882 d9814b25e52ba 46 hours ago Running consul 0 54f1d07e965d1 consul-server-0 fb04bc0d7364e 2e858e385e1d1 46 hours ago Running gateway 0 f0416f209774a gateway-6d5fc9979f-99mmk 6d5fcf76bb4fa 4e845a6c446da 46 hours ago Running ota 1 baa0a202dab7c ota-848849756c-zgz78 835c6b1d4d477 d349e70825881 46 hours ago Running advertise 1 e6de5d636a3e1 advertise-74d996d7dd-w7fnh 46a2861697792 6e715ec1cdef6 46 hours ago Running file 1 7e0ddf0e5d55d file-7bbd64f796-frfff f2a039b8e6cb6 94a191ac1e06d 46 hours ago Running device 1 84607636a1206 device-75777b668c-n25kq 588286ca925e0 408c00be0844f 46 hours ago Running count 1 5645003fb9953 count-679b5fb4bb-lfhbl 8a575ea4e8421 94a191ac1e06d 46 hours ago Running device 1 20963e33e429d device-75777b668c-w5dnx 086ed6c6e5be1 6e715ec1cdef6 46 hours ago Running file 1 a11fcbbd7e88d file-7bbd64f796-hn5pj a83d8fc2ee00a ef376b69a2934 46 hours ago Running sport 1 f33a7bcafb377 sport-89bc7648f-4w46v e7f76b6f1c84f 2f2f9a205f3c1 46 hours ago Running rcache 1 ca980f5411acb rcache-55f4549cb8-6cqmx b709db2369dc1 ae97cd3e4622d 46 hours ago Running course 1 96d75555bb645 course-694b96bd8d-6qqmk 97be53613824b 82a5eb76d151c 46 hours ago Running msg 1 1b2e5ea5c2aa8 msg-7dbd97bddd-mg6d4 546a1501a6ccd 49512e7b89bc1 46 hours ago Running erp 1 4d2c7b154361d erp-6b879f8d7-krn5p d598b2782d979 e237e85065092 46 hours ago Running kube-flannel 5 26bb55717d190 kube-flannel-ds-rt8z5 2746d12ffc426 77b49675beae1 46 hours ago Running kube-proxy 5 c4daf9ff2bba3 kube-proxy-ngnrv
2. 安装kubeadm、kubelet 和 kubectl
- kubeadm:用来初始化集群的指令。
- kubelet:在集群中的每个节点上用来启动 pod 和容器等。
- kubectl:用来与集群通信的命令行工具。
安装1.24.0版本
环境是ubuntu22.04
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
需要能访问google
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
国内的源(此源可以使用,本次搭建使用的是此源):
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet=1.24.2-00 kubeadm=1.24.2-00 kubectl=1.24.2-00
sudo apt-mark hold kubelet kubeadm kubectl
安装完,看下版本:
xxxx@iZ2zeabl8ta0jq1nd850igZ:~/program$ kubectl version WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version. Client Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.2", GitCommit:"f66044f4361b9f1f96f0053dd46cb7dce5e990a8", GitTreeState:"clean", BuildDate:"2022-06-15T14:22:29Z", GoVersion:"go1.18.3", Compiler:"gc", Platform:"linux/amd64"} Kustomize Version: v4.5.4 The connection to the server localhost:8080 was refused - did you specify the right host or port
3. 关闭swap
如果不关闭kubernetes运行会出现错误, 即使安装成功了,node重启后也会出现kubernetes server运行错误。
- 暂时关闭
sudo swapoff -a
- 永久关闭
编辑 /etc/fstab 文件
vi /etc/fstab
将 /dev/mapper/centos-swap swap swap default 0 0 这一行前面加个 # 号将其注释掉。
4. master主节点启动
4.1. 清空数据
sudo rm -rf /var/lib/etcd
4.2. 生成默认配置文件
kubeadm config print init-defaults --kubeconfig ClusterConfiguration > kubeadm.yml
4.3. 修改配置文件
name: logic需要是host的name,hostname获取
name也可以随便取,只要/etc/hosts里面有配置地址就可以,
podSubnet的地址需要和flannel一致,因为是通过flannel来分配ip地址的, k8s会在各个子王上面划分对应的ip网段
4.4. 指定配置文件初始化
xxxx@iZ2zeabl8ta0jq1nd850igZ:~/program/k8s$ sudo kubeadm init --config kubeadm.yml
提示这样就初始化成功k8s的master主节点了
如果要先关闭,采用这个命令:
sudo kubeadm reset
4.4. 查看pods:
xxxx@server:~$ sudo kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE default account-794585bbbb-p927k 1/1 Running 0 29h default account-794585bbbb-xdlt7 1/1 Running 0 29h default advertise-74d996d7dd-qtxzf 1/1 Running 0 2d22h default advertise-74d996d7dd-w7fnh 1/1 Running 1 (46h ago) 2d22h default consul-client-m7jwf 1/1 Running 0 45h default consul-client-vpd94 1/1 Running 0 45h default consul-server-0 1/1 Running 0 45h default consul-server-1 1/1 Running 0 45h default consul-server-2 1/1 Running 0 45h default count-679b5fb4bb-hlqrj 1/1 Running 0 2d22h default count-679b5fb4bb-lfhbl 1/1 Running 1 (46h ago) 2d22h default course-694b96bd8d-6qqmk 1/1 Running 1 (46h ago) 2d22h default course-694b96bd8d-j6lfw 1/1 Running 0 2d22h
4.5. 拷贝授权登陆文件给当前用户:
配置文件设置kubectl的使用,包括连接api服务器,证书权限等等
K8s会用到当前用户的权限,可以拷贝配置文件,或者设置链接
拷贝:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
软连接:
mkdir -p $HOME/.kube
sudo ln -sf /etc/kubernetes/admin.conf ~/.kube/config
否则将报错:The connection to the server localhost:8080 was refused - did you specify the right host or port?
如果按照前面这么配置还有问题的话,需要注意区分sudo和非sudo的情况,非sudo的情况下要保证对/etc/kubernetes/admin.conf的权限,
8080端口是kubectl默认请求的端口,这个是不安全的端口,安全的访问方式是https://localhost:6443
4.6. 修改nodeport端口范围:
Nodeport的默认端口范围是30000-32767
很影响使用,把它改成1-65535
编辑 kube-apiserver.yaml文件
vim /etc/kubernetes/manifests/kube-apiserver.yaml
找到 --service-cluster-ip-range 这一行,在这一行的下一行增加 如下内容
- --service-node-port-range=1-65535
实际内容如下:
最后 重启 kubelet
sudo systemctl daemon-reload
sudo systemctl restart kubelet
4.7. 设置master节点可以部署pod
这是因为kubernetes出于安全考虑默认情况下无法在master节点上部署pod,
- 1 node(s) had taint {node-role.kubernetes.io/master: } that the pod didn't tolerate.:
kubectl taint nodes --all node-role.kubernetes.io/master-
执行后将输出如下信息(其中报错可忽略):
- 1 node(s) had untolerated taint {node-role.kubernetes.io/control-plane: }. preemption: 0/1 nodes are available:
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
4.8. 日志查看
systemctl status kubelet
journalctl -xefu kubelet
vim /var/log/pods/kube-system_kube-apiserver
4.9. POD网络差距flannel安装
用来部署pod的地址
- 下载配置:
wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
- 修改配置文件:
确保kube-flannel.yml的这个字段“Network”: “10.244.0.0/16" 与kubeadm.conf的podSubnet地址一致
- 部署:
kubectl apply -f kube-flannel.yml
- 检测flannel进程是否启动:
qiteck@logic:~/program/k8s_1.24.2$ ps -ef|grep flannel
root 4673 4326 0 09:16 ? 00:00:00 /opt/bin/flanneld --ip-masq --kube-subnet-mgr
- 检测flannel进程是否启动:
xxxx@server:~$ sudo kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-74586cf9b6-8mbqz 1/1 Running 3 (6d23h ago) 6d23h coredns-74586cf9b6-hz48p 1/1 Running 3 (6d23h ago) 6d23h etcd-master.cluster.k8s 1/1 Running 5 (6d23h ago) 6d23h kube-apiserver-master.cluster.k8s 1/1 Running 0 3d1h kube-controller-manager-master.cluster.k8s 1/1 Running 7 (2d23h ago) 6d23h kube-flannel-ds-rt8z5 1/1 Running 5 (46h ago) 3d kube-flannel-ds-t6nrc 1/1 Running 1 (6d23h ago) 6d23h kube-proxy-ngnrv 1/1 Running 5 (46h ago) 3d kube-proxy-tjh8h 1/1 Running 4 (6d23h ago) 6d23h kube-scheduler-master.cluster.k8s 1/1 Running 7 (2d23h ago) 6d23h
- 看下cni0网卡是否有了:
xxxx@server:~$ ifconfig br-0480d1b7cefb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255 inet6 fe80::42:e1ff:fe6e:8e3c prefixlen 64 scopeid 0x20<link> ether 02:42:e1:6e:8e:3c txqueuelen 0 (Ethernet) RX packets 84662 bytes 119261797 (119.2 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 83663 bytes 121420317 (121.4 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 cni0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450 inet 10.244.1.1 netmask 255.255.255.0 broadcast 10.244.1.255 inet6 fe80::b821:f2ff:fe1d:809a prefixlen 64 scopeid 0x20<link> ether ba:21:f2:1d:80:9a txqueuelen 1000 (Ethernet) RX packets 9016802 bytes 993361285 (993.3 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6600536 bytes 1003467886 (1.0 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 看下是否有生成/run/flannel/subnet.env文件:
设置flannel插件的信息, 一旦flanneld启动,它会自动将一些数据写入/run/flannel/subnet.env
至此,k8s主节点已经搭建起来了。
