kubernetes 1.28安装部署

kubernetes 1.28安装部署

简介

本文采用centos7环境，使用kubeadm安装部署k8s1.28版本，使用containerd运行时

禁用selinux

# 将 SELinux 设置为 permissive 模式（相当于将其禁用）
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

禁用swap

# 关闭swap分区 
swapoff -a
sed -i 's|^\(/.*swap\)|#\1|' /etc/fstab

禁用防火墙

# 关闭防火墙
systemctl stop iptables
systemctl disable iptables

升级操作系统内核

yum -y update kernel*

开启网络转发

cat <<EOF | tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

# 设置所需的 sysctl 参数，参数在重新启动后保持不变
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# 应用 sysctl 参数而不重新启动
sudo sysctl --system

检查开启结果

lsmod | grep br_netfilter
lsmod | grep overlay

sysctl \
net.bridge.bridge-nf-call-iptables \
net.bridge.bridge-nf-call-ip6tables \
net.ipv4.ip_forward

安装containerd

# 配置docker-ce软件源
# 移除已经安装的docker版本
yum remove -y docker docker-common docker-selinux docker-engine
# 下载docker-ce软件源文件
curl -o /etc/yum.repos.d/docker-ce.repo \
    https://download.docker.com/linux/centos/docker-ce.repo
# 替换官方源地址为国内yum源地址。
sed -e 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' \
    -i.bak /etc/yum.repos.d/docker-ce.repo
# 安装docker-ce
yum makecache fast


# 安装containerd
yum install -y containerd

配置containerd

# 备份默认配置文件
mv /etc/containerd/config.toml /etc/containerd/config.toml.default
# 重新生成配置文件
containerd config default > /etc/containerd/config.toml
sed -i 's|registry.k8s.io|registry.aliyuncs.com/google_containers|g' /etc/containerd/config.toml
# 关闭Cgroup
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
systemctl restart containerd

启动containerd

systemctl enable containerd
systemctl restart containerd
systemctl status containerd

配置客户端工具

# 工具使用方法参考：cri-tools/docs/crictl.md at master · kubernetes-sigs/cri-tools
# 配置crictl工具运行时接口地址(runtime-endpoint)
crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock
crictl ps

配置yum源

官网参考地址：https://kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm/

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF

sed -e "s|packages.cloud.google.com|mirrors.ustc.edu.cn/kubernetes|" \
    -e "s|gpgcheck=1|gpgcheck=0|" \
    -i /etc/yum.repos.d/kubernetes.repo

安装kubeadm

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable --now kubelet

准备容器镜像

kubeadm config images list --image-repository registry.aliyuncs.com/google_containers

拉取镜像

kubeadm config images pull \
--image-repository registry.aliyuncs.com/google_containers

初始化集群

kubeadm init \
--apiserver-advertise-address 192.168.240.11 \
--apiserver-bind-port 6443 \
--control-plane-endpoint 192.168.240.11 \
--service-cidr=10.119.0.0/16 \
--service-dns-domain="cluster.local" \
--pod-network-cidr=10.120.0.0/16 \
--image-repository registry.aliyuncs.com/google_containers 

配置环境变量

export KUBECONFIG=/etc/kubernetes/admin.conf
cat <<EOF | tee -a ~/.bash_profile
export KUBECONFIG=/etc/kubernetes/admin.conf
EOF
source  ~/.bash_profile

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# cp /etc/kubernetes/admin.conf ~/.kube/config

安装网络插件

Calico

cd /root
mkdir -pv k8s/calico
cd k8s/calico
wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/tigera-operator.yaml
wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml
sed -i "s|192.168|10.120|" custom-resources.yaml
kubectl create -f tigera-operator.yaml
kubectl create -f custom-resources.yaml

其他

安装Flannel插件的yaml文件以及Calico3.27.3版本的镜像包参考附件