K8S 1.28.9基于docker容器 启动 相关组件部署方式

# 关闭防火墙 
systemctl  stop     firewalld  && systemctl  disable  firewalld 


# 关闭swap分区
sed  -i   's/.*swap.*/#&/'  /etc/fstab 
swapoff -a

# 关闭selinux
sed -i 's/enforcing/disabled/'  /etc/selinux/config
setenforce 0

# 添加hosts
echo "192.168.31.219 master \
192.168.31.220 node01 \
192.168.31.221 node02"  >> /etc/hosts

# 添加hostname
hostnamectl  set-hostname [主机名称如  master]

# 使其hsots文件生效
systemctl restart NetworkManager
# 升级linux内核
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

yum -y install https://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm

yum --enablerepo="elrepo-kernel" -y install kernel-lt.x86_64

grub2-set-default 0

grub2-mkconfig -o /boot/grub2/grub.cfg

reboot  

# 查看内核=是否变更
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg

# 时间同步配置
yum install chrony -y
systemctl start chronyd && systemctl enable chronyd && chronyc sources
date

# 内核路由转发  以及网桥过滤
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward=1
vm.swappiness=0
EOF


# 网桥转发生效执行此命令
sysctl --system

# 加载br_netfilter模块
modprobe  br_netfilter

# 查看加载情况
lsmod |grep  br_netfilter


# 网桥转发生效执行此命令
sysctl --system

# 安装ipset
yum -y install ipset ipvsadm

# 加载
cat > /etc/sysconfig/modules/ipvs.modules << EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF

# 赋予权限
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack


# 中间需要安装docker



# 添加docker镜像地址 
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://registry.docker-cn.com",
"https://docker.mirrors.ustc.edu.cn",
"https://dockerhub.azk8s.cn",
"http://hub-mirror.c.163.com"
]
}
EOF

#安装wget  命令
 yum  install  wget

# 下载最新版本 cri-docker
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.8/cri-dockerd-0.3.8.amd64.tgz

tar xf cri-dockerd-0.3.8.amd64.tgz 

mv cri-dockerd/cri-dockerd  /usr/bin/

rm -rf  cri-dockerd  cri-dockerd-0.3.8.amd64.tgz

# 配置cri-docker的启动项目
cat > /usr/lib/systemd/system/cri-docker.service<<EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9 --container-runtime-endpoint fd:// 
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF


cat > /usr/lib/systemd/system/cri-docker.socket<<EOF
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service

[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
EOF


# 更新systemd相关 cri-docker配置  同时设置成开机自启动
systemctl daemon-reload 

systemctl enable cri-docker && systemctl start cri-docker && systemctl status cri-docker


# 添加k8s镜像源地址
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/repodata/repomd.xml.key
EOF

# 安装相关组件yum源
yum install -y kubelet kubeadm kubectl

# 设置kublet 开机自启动  同时启动kubelet
systemctl enable kubelet && systemctl start kubelet

# 配置 cgroup 驱动与docker一致
cp /etc/sysconfig/kubelet{,.bak}

cat > /etc/sysconfig/kubelet <<EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF

# 安装kubectl  自动补全命令组件

yum install  -y bash-completion  

source /usr/share/bash-completion/bash_completion

echo "source <(kubectl completion bash)" >> ~/.bashrc

source  ~/.bashrc  

# 查看镜像仓库是否有相关镜像
kubeadm config images list --image-repository registry.aliyuncs.com/google_containers

# 拉取相关镜像	
kubeadm config images pull  --image-repository registry.aliyuncs.com/google_containers \
--cri-socket=unix:///var/run/cri-dockerd.sock

# 上述所有配置主从都要进行配置  下方master和node自己配置自己的
# master节点运行  启动master节点相关组件及容器【master】
kubeadm init \
--apiserver-advertise-address 192.168.31.219 \
--kubernetes-version v1.28.11 \
--pod-network-cidr=10.244.0.0/16 \
--image-repository registry.aliyuncs.com/google_containers \
--cri-socket=unix:///var/run/cri-dockerd.sock \
--ignore-preflight-errors=all

# 创建kubeconfig master启动完成后也会提示此命令【master】

mkdir -p $HOME/.kube

cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

chown $(id -u):$(id -g) $HOME/.kube/config

# 创建相关kubeadm token 【master】
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

# 使用我们自己生成的证书  在子节点进行join时需要token  以及sha【masert】
kubeadm token create --ttl 0  --print-join-command

# 查看是否已经创建成功证书 在node节点join要用到 【master】

kubeadm token list


# 【master】查看pod是否启动【master】

kubectl get pods -n kube-system

# 【master】查看kubectl   node节点状态
kubectl  get nodes 

# node节点join到master上  【node】
kubeadm join 192.168.31.219:6443  --token  acghar.ou14qezy8dale4fe  --discovery-token-ca-cert-hash sha256:f399d1b10c978428ec3d41e485f3c06a509f5eecf073ffcdfb1bbf03eb397f5e  --cri-socket=unix:///var/run/cri-dockerd.sock

# 下载网络插件cni  如果不添加网络插件kublet会报相关错误【master】【https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart】
wget https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/calico.yaml

# 【master】修改相关配置 cni.yml文件中相关配置CALICO_IPV4POOL_CIDR 改成admin init中  --pod-network-cidr 参数相同

kubectl apply -f /你的路下的/calico.yaml