Kubernetes 1.28.4 安装步骤

1.安装环境:
系统版本:Ubuntu23.10

root@master01:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 23.10
Release:	23.10
Codename:	mantic

root@master01:~# kubectl version
Client Version: v1.28.2

Kubernetes : 
root@master01:~# kubeadm config images list
registry.k8s.io/kube-apiserver:v1.28.4
registry.k8s.io/kube-controller-manager:v1.28.4
registry.k8s.io/kube-scheduler:v1.28.4
registry.k8s.io/kube-proxy:v1.28.4
registry.k8s.io/pause:3.9
registry.k8s.io/etcd:3.5.9-0
registry.k8s.io/coredns/coredns:v1.10.1

2.机器配置:

	8C*8G 512GB 双网卡 
	VMware 16.0

3.修改主机名: (全部节点)

hostnamectl set-hostname master01 && exec bash
hostnamectl set-hostname node01   && exec bash
hostnamectl set-hostname node02   && exec bash
hostnamectl set-hostname node03   && exec bash

4.修改hosts: (全部节点)

192.168.182.141  master01
192.168.182.142  node01
192.168.182.143  node02
192.168.182.144  node03

5.免密认证: (全部节点)

ssh-keygen
ssh-copy-id root@192.168.182.142
ssh-copy-id root@192.168.182.143
ssh-copy-id root@192.168.182.144

6.安装前准备: (全部节点)
1.所有节点禁用swap分区:
1.1. vim /etc/fstab #注释掉swap的行;

sed -i  '/\/swap/s/^/#/' /etc/fstab
1.2. swapoff -a #立即关闭

2. 验证:
   cat /etc/fstab # 查看是否已经被注释

root@ubuntu-None:~# free -h
total   used        free      shared  	 buff/cache   available
Mem:    7.7Gi       1.2Gi     5.7Gi      31Mi         1.1Gi       6.5Gi
Swap:   0B          0B          0B	# 全部显示"0"则表示已经关闭

7.开启ipv4转发功能: (全部节点)

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf  && sysctl -p

验证:

cat /proc/sys/net/ipv4/ip_forward 	# 如果值为 "1" 这表示已经开启

8.配置内核参数

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br\_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
sudo echo 'net.bridge.bridge-nf-call-iptables = 1' | sudo tee -a /etc/sysctl.conf
sudo echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

9. 同步所有节点时间:

apt install chrony -y 
systemctl status chronyd

10. 添加Kubernetes源(建议使用阿里云的镜像站)

apt-get update && apt-get install -y apt-transport-https

11. 安装集群部署管理工具

apt-get update && apt-get install -y kubelet kubeadm kubectl

报错:

W: GPG error: https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05

解决方法:
安装失败:

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys  ${你的值}

需要多尝试几次;

12. 启动kubelet服务

systemctl start kubelet && systemctl enable kubelet #启动不了是正常的

14. 安装部署Containerd

下载:

wget https://github.com/containerd/containerd/releases/download/v1.7.10/containerd-1.7.10-linux-amd64.tar.gz

解压缩:

tar xvf containerd-1.7.10-linux-amd64.tar.gz -C /usr/local/

加入systemd:

vi /etc/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
#uncomment to enable the experimental sbservice (sandboxed) version of containerd/cri integration
#Environment="ENABLE\_CRI\_SANDBOXES=sandboxed"
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit\*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target

开机启动&&启动

systemctl daemon-reload && systemctl start containerd
systemctl status  containerd

验证安装

root@master01:~# ctr version
Client:
  Version:  v1.7.10
  Revision: 4e1fe7492b9df85914c389d1f15a3ceedbb280ac
  Go version: go1.20.10

Server:
  Version:  v1.7.10
  Revision: 4e1fe7492b9df85914c389d1f15a3ceedbb280ac
  UUID: f58913a0-0faf-433e-99f8-e9f6754c5f2

生成配置文件

mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml
systemctl restart containerd

为containerd配置加速器

vim /etc/containerd/config.toml
168       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
169         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
170           endpoint = ["https://registry.docker-cn.com"]

重启服务

systemctl restart containerd && systemctl status containerd

14. 安装runc:
    #下载

wget https://github.com/opencontainers/runc/releases/download/v1.1.10/runc.amd64

安装:

install -m 755 runc.amd64 /usr/local/sbin/runc

15.安装CNI:

下载:

wget https://github.com/containernetworking/cni/archive/refs/tags/v1.1.2.tar.gz

#安装:

mkdir -pv /usr/local/cni/bin
tar xvf v1.1.2.tar.gz -C /usr/local/cni/bin/ 

16.安装ipvsadm

apt-get install -y ipvsadm

加载模块

cat > /etc/modules << EOF
#!/bin/bash
modprobe -- ip\_vs
modprobe -- ip\_vs\_rr
modprobe -- ip\_vs\_wrr
modprobe -- ip\_vs\_sh
modprobe -- nf_conntrack
EOF

加载模块

bash /etc/modules

验证模块加载是否成功

lsmod | grep -e ip_vs -e nf_conntrack_ipv4

17.所需镜像版本:

root@master01:~# kubeadm config images list
registry.k8s.io/kube-apiserver:v1.28.4
registry.k8s.io/kube-controller-manager:v1.28.4
registry.k8s.io/kube-scheduler:v1.28.4
registry.k8s.io/kube-proxy:v1.28.4
registry.k8s.io/pause:3.9
registry.k8s.io/etcd:3.5.9-0
registry.k8s.io/coredns/coredns:v1.10.1

登录(安装一台docker虚拟机)

docker login --username=xujiangbo@aliyun.com registry.cn-hangzhou.aliyuncs.com
PASS: Yzd@No1!

pull镜像:

docker pull registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/kube-apiserver:v1.28.4
docker pull registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/kube-controller-manager:v1.28.4
docker pull registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/kube-scheduler:v1.28.4
docker pull registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/kube-proxy:v1.28.4
docker pull registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/pause:3.9
docker pull registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/etcd:3.5.9-0
docker pull registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/coredns:v1.10.1

#修改镜像标签

docker tag registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/kube-apiserver:v1.28.4 registry.k8s.io/kube-apiserver:v1.28.4
docker tag registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/kube-controller-manager:v1.28.4 registry.k8s.io/kube-controller-manager:v1.28.4
docker tag registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/kube-scheduler:v1.28.4 registry.k8s.io/kube-scheduler:v1.28.4
docker tag registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/kube-proxy:v1.28.4 registry.k8s.io/kube-proxy:v1.28.4
docker tag registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/pause:3.9 registry.k8s.io/pause:3.9
docker tag registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/etcd:3.5.9-0 registry.k8s.io/etcd:3.5.9-0
docker tag registry.cn-hangzhou.aliyuncs.com/github-k8s-images-sync/coredns:v1.10.1 registry.k8s.io/coredns/coredns:v1.10.1

打包镜像

docker save -o kube-apiserver:v1.28.4.tar registry.k8s.io/kube-apiserver:v1.28.4 
docker save -o kube-controller-manager:v1.28.4.tar registry.k8s.io/kube-controller-manager:v1.28.4
docker save -o kube-scheduler:v1.28.4.tar registry.k8s.io/kube-scheduler:v1.28.4
docker save -o kube-proxy:v1.28.4.tar registry.k8s.io/kube-proxy:v1.28.4
docker save -o pause:3.9.tar registry.k8s.io/pause:3.9
docker save -o etcd:3.5.9-0.tar registry.k8s.io/etcd:3.5.9-0
docker save -o coredns:v1.10.1.tar registry.k8s.io/coredns/coredns:v1.10.1

#导入镜像(所有节点)

ctr -n k8s.io image import coredns:v1.10.1.tar
ctr -n k8s.io image import etcd:3.5.9-0.tar
ctr -n k8s.io image import kube-apiserver:v1.28.4.tar
ctr -n k8s.io image import kube-controller-manager:v1.28.4.tar
ctr -n k8s.io image import kube-proxy:v1.28.4.tar
ctr -n k8s.io image import kube-scheduler:v1.28.4.tar
ctr -n k8s.io image import pause:3.9.tar

#查看所有节点镜像

ctr -n k8s.io images list

18.集群初始化
#查看你kubeadm 版本信息

kubeadm Version
kubeadm version: &version.Info{Major:"1", Minor:"28", GitVersion:"v1.28.2", GitCommit:"89a4ea3e1e4ddd7f7572286090359983e0387b2f", GitTreeState:"clean", BuildDate:"2023-09-13T09:34:32Z", GoVersion:"go1.20.8", Compiler:"gc", Platform:"linux/amd64"}

#生成默认配置文件

kubeadm config print init-defaults  > kubeadm-init-config.yaml

#初始化集群:

kubeadm init  --config=kubeadm-init-config.yaml --dry-run

#报错1:

[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
	[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist

#解决方法:

modprobe  br_netfilter 
sysctl -p

报错02:

[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.

#解决方法:
把containerd 的配置文件里的3.8修改成3.9

vim /etc/containerd/config.toml 
 65     sandbox_image = "registry.k8s.io/pause:3.8"
W1205 23:43:11.164226   19026 checks.go:835] detected that the sandbox image "registry.k8s.io/pause:3.8" of the container runtime is inconsistent with that used by kubeadm. It is recommended that using "registry.k8s.io/pause:3.9" as the CRI sandbox image.

重启containerd服务

systemctl restart containerd

#初始化结果:

root@master01:~# kubeadm init  --config=kubeadm-init-config.yaml 
[init] Using Kubernetes version: v1.28.4
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local master01] and IPs [10.96.0.1 11.0.1.128]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost master01] and IPs [11.0.1.128 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost master01] and IPs [11.0.1.128 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 5.003140 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master01 as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node master01 as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
[bootstrap-token] Using token: abcdef.0123456789abcdef
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 11.0.1.128:6443 --token abcdef.0123456789abcdef \
	--discovery-token-ca-cert-hash sha256:04cf525d1d2b2a13ed218cc937773359420b2b660b77a69cfd52d57779a7b3ce 

19.网络插件安装

kubectl create ns kube-flannel
kubectl label --overwrite ns kube-flannel pod-security.kubernetes.io/enforce=privileged

网络插件安装

kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

注: 安装不成功，需要找寻其他解决办法

修改containerd 的加速器

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://registry.docker-cn.com"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https://k7x8jn3d.mirror.aliyuncs.com"]
          endpoint = ["https://k7x8jn3d.mirror.aliyuncs.com"]