1、安装containerd
先安装yum-utils工具
yum install -y yum-utils
配置Docker官方的yum仓库,如果做过,可以跳过
yum-config-manager \
--add-repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装containerd
yum install containerd.io -y
启动服务
systemctl enable containerd
systemctl start containerd
生成默认配置
containerd config default > /etc/containerd/config.toml
修改配置
vi /etc/containerd/config.toml
sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9" # 修改为阿里云镜像地址
SystemdCgroup = true #搜索关键字SystemdCgroup, 默认值是false,改为true,这里不改,后面初始化会报错。
配置containerd镜像加速,参考https://articles.zsxq.com/id_eva0rcb1xc5p.html
vi /etc/containerd/config.toml ## 定位到 plugins."io.containerd.grpc.v1.cri".registry ,它下面有一行 config_path,给它设置一个路径
config_path = "/etc/containerd/certs.d"
重启containerd服务
systemctl daemon-reload ; systemctl restart containerd
创建/etc/containerd/certs.d目录,并在其他设置要代理的镜像地址相关配置信息
# docker hub镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://docker.m.daocloud.io"]
capabilities = ["pull", "resolve"]
EOF
# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "https://registry.k8s.io"
[host."https://k8s.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF'
server = "https://gcr.io"
[host."https://gcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF'
server = "https://quay.io"
[host."https://quay.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
2、配置kubernetes仓库,安装1.30版本
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/repomd.xml.key
EOF
说明:这个k8s的仓库为1.30,如果想要安装其它版本,需要修改配置文件中的版本号,将1.30改为其它,比如1.28
3、安装kubeadm和kubelet
yum install -y kubelet-1.30.4 kubeadm-1.30.4 kubectl-1.30.4
启动kubelet服务
systemctl start kubelet.service
systemctl enable kubelet.service
4、设置crictl连接 containerd
crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock
5、初始化
kubeadm init --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.222.129 --kubernetes-version=v1.30.4 --service-cidr=10.15.0.0/16 --pod-network-cidr=10.18.0.0/16
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.222.129:6443 --token u529o4.invnj3s6anxekg79 \
--discovery-token-ca-cert-hash sha256:27b967c444cf3f4a45fedae24ed886663a1dc2cd6ceae03930fcbda491ec5ece
说明: 上面这条命令就是如果需要将node节点加入到集群需要执行的命令,这个token有效期为24小时,如果过期,可以使用下面命令获取
kubeadm token create --print-join-command
6、创建目录
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown
(
i
d
−
u
)
:
(id -u):
(id−u):(id -g) $HOME/.kube/config
获取节点信息:
kubectl get node
kubectl get pod --all-namespaces
7、安装calico网络
curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml -O
下载完后还需要修改⾥⾯定义 Pod ⽹络(CALICO_IPV4POOL_CIDR),与前⾯ kubeadm init 的 --podnetwork-cidr 指定的⼀样
vi calico.yaml
# - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"
# 修改为:
- name: CALICO_IPV4POOL_CIDR
value: "10.18.0.0/16"
修改镜像地址
sed -i 's/docker.io/docker.m.daocloud.io/' calico.yaml
部署
kubectl apply -f calico.yaml
查看
kubectl get pods -n kube-system
8、安装dashboard
下载yaml文件
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
如果无法下载,请到这里访问 https://gitee.com/aminglinux/linux_study/blob/master/k8s/recommended.yaml
修改
vi recommended.yaml
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard ##这是第38行
spec:
type: NodePort ###添加这行
ports:
- port: 443
targetPort: 8443
nodePort: 30002 ###添加这行
selector:
k8s-app: kubernetes-dashboard
创建pod
kubectl apply -f recommended.yaml
查看
kubectl get pod -n kubernetes-dashboard
kubectl get svc -n kubernetes-dashboard
pendding状态,查看原因:
Warning FailedScheduling 4m31s (x18 over 89m) default-scheduler 0/1 nodes are available: 1 node(s) had untolerated taint {node-role.kubernetes.io/control-plane: }. preemption: 0/1 nodes are available: 1 Preemption is not helpful for scheduling.
这是因为master节点上不允许该pod部署,需要解除限制:
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
访问:
https://192.168.222.129:30002
chrome浏览器无法访问,提示“该网站发回了异常的错误凭据。这可能是因为有攻击者在试图冒充”,则空白地方输入: thisisunsafe
创建 service account 并绑定默认 cluster-admin 管理员集群⻆⾊:
创建用户
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin
获取用户Token
kubectl create token dashboard-admin -n kubernetes-dashboard
使⽤输出的 token 登录 Dashboard。
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
