k8s 1.26版本不在使用docker ,而是containerd
内核版本必须是4.19以上的版本,请先升级内核
机器配置
192.168.10.106=n1
192.168.10.107=n2
192.168.10.108=m1
在106机器设置机器名称n1
hostnamectl set-hostname n1
在107机器设置机器名称n2
hostnamectl set-hostname n2
在108机器设置机器名称m1
hostnamectl set-hostname m1
在3台机器上都配置hosts
vi /etc/hosts
192.168.10.106 n1
192.168.10.107 n2
192.168.10.108 m1
准备containerd环境
3台机器都按照docker,内置containerd
yum install docker-ce-20.10.* docker-ce-cli-20.10.* -y
3台机器都执行,启用containerd.conf的应用模块
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe -- overlay
modprobe -- br_netfilter
3台机器都执行 设置网络参数 开启iptables桥接模式 和ip_forward转发
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
3台机器都执行 配置系统生效
sysctl --system
3台机器都执行 生成containerd的配置文件路径
mkdir -p /etc/containerd
containerd config default | tee /etc/containerd/config.toml
3台机器都执行 编辑配置
把SystemdCgroup 的值改为 true
把sandbox_image的值改为 registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6
vim /etc/containerd/config.toml
3台机器都执行 重载配置文件,设置containerd自启动
systemctl daemon-reload
systemctl enable --now containerd
3台机器都执行 添加对外暴露的sock端点,k8s通过端点和containerd交互
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF
网络配置
3台机器都执行下面的操作
# 关闭防火墙
systemctl disable firewalld
systemctl stop firewalld
systemctl disable NetworkManager
systemctl stop NetworkManager
# 关闭selinux
# 临时禁用selinux
setenforce 0
# 永久关闭 修改/etc/sysconfig/selinux文件设置
sed -i 's/SELINUX=permissive/SELINUX=disabled/' /etc/sysconfig/selinux
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
# 禁用交换分区
swapoff -a
# 永久禁用,打开/etc/fstab注释掉swap那一行。
sed -i 's/.*swap.*/#&/' /etc/fstab
3台机器都安装 基础配置
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum clean all
yum makecache
yum -y install yum-utils device-mapper-persistent-data lvm2 wget psmisc net-tools telnet git
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
3台机器都安装 设置网络环境和参数
yum install ipvsadm ipset sysstat conntrack libseccomp -y
3台机器都安装 设置内核自动加载的网络模块
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
cat >> /etc/modules-load.d/ipvs.conf <<-'EOF'
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
3台机器都配置 加载内核模块
systemctl enable --now systemd-modules-load.service
3台机器都配置 设置基础网络参数
cat > /etc/sysctl.d/k8s.conf <<-'EOF'
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
net.ipv4.conf.all.route_localnet = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
sysctl --system
3台机器都重启 并验证
reboot
lsmod | grep --color=auto -e ip_vs -e nf_conntrack
安装 kubeadm,kubelet,kubectl
3台机器都安装 kubeadm,kubelet,kubectl
yum install kubeadm-1.26* kubelet-1.26* kubectl-1.26* -y
在108 主节点机器上 配置kubeadm
export LOCAL_IP=192.168.10.108
echo $LOCAL_IPmkdir /etc/k8s
cd /etc/k8s
rm -f kubeadm-config.yaml
wget http://manongbiji.oss-cn-beijing.aliyuncs.com/ittailkshow/k8s/download/kubeadm-config.yaml
sed -i 's/{LOCAL_IP}/'$LOCAL_IP'/' kubeadm-config.yaml
cd /etc/k8s
kubeadm config migrate --old-config kubeadm-config.yaml --new-config new.yaml
在108机器 启动kubelet,并设置开机启动
systemctl start kubelet
systemctl enable kubelet
在108主节点机器初始化k8s
然后等5分钟
kubeadm init --config /etc/k8s/new.yaml --upload-certs
把kubeadm join 保留下来,一会在从节点上使用
kubeadm join 192.168.10.108:6443 --token 7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash sha256:07b32d2ed2800f9499f361a7c94703652227cd18333548044dd03db1dc140538
如果安装失败,可以使用下面命令进行清除
kubeadm reset -f
ipvsadm --clear
rm -rf ~/.kube
在108 主节点机器执行kube配置
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
cat >> /etc/profile <<-'EOF'
export KUBECONFIG=/etc/kubernetes/admin.conf
EOF
在106,107从节点机器 加入join
kubeadm join 192.168.10.108:6443 --token 7t2weq.bjbawausm0jaxury \
--discovery-token-ca-cert-hash sha256:07b32d2ed2800f9499f361a7c94703652227cd18333548044dd03db1dc140538
在106,107从节点机器 设置开机自启动kubelet
systemctl start kubelet
systemctl enable kubelet
108机器主节点安装calico网络插件
mkdir /etc/k8s
cd /etc/k8s
rm -f calico.yaml
wget http://manongbiji.oss-cn-beijing.aliyuncs.com/ittailkshow/k8s/download/calico.yaml
kubectl delete -f calico.yaml
kubectl apply -f calico.yaml
在108主节点机器查看是否安装成功
然后等5分钟,状态都会变成ready
status的变化主要是calico网络插件的问题
kubectl get nodes
查看crictl的pods
crictl pods