kubernetes 1.28安装部署
简介
本文采用centos7环境,使用kubeadm安装部署k8s1.28版本,使用containerd运行时
禁用selinux
# 将 SELinux 设置为 permissive 模式(相当于将其禁用)
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
禁用swap
# 关闭swap分区
swapoff -a
sed -i 's|^\(/.*swap\)|#\1|' /etc/fstab
禁用防火墙
# 关闭防火墙
systemctl stop iptables
systemctl disable iptables
升级操作系统内核
yum -y update kernel*
开启网络转发
cat <<EOF | tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用 sysctl 参数而不重新启动
sudo sysctl --system
检查开启结果
lsmod | grep br_netfilter
lsmod | grep overlay
sysctl \
net.bridge.bridge-nf-call-iptables \
net.bridge.bridge-nf-call-ip6tables \
net.ipv4.ip_forward
安装containerd
# 配置docker-ce软件源
# 移除已经安装的docker版本
yum remove -y docker docker-common docker-selinux docker-engine
# 下载docker-ce软件源文件
curl -o /etc/yum.repos.d/docker-ce.repo \
https://download.docker.com/linux/centos/docker-ce.repo
# 替换官方源地址为国内yum源地址。
sed -e 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' \
-i.bak /etc/yum.repos.d/docker-ce.repo
# 安装docker-ce
yum makecache fast
# 安装containerd
yum install -y containerd
配置containerd
# 备份默认配置文件
mv /etc/containerd/config.toml /etc/containerd/config.toml.default
# 重新生成配置文件
containerd config default > /etc/containerd/config.toml
sed -i 's|registry.k8s.io|registry.aliyuncs.com/google_containers|g' /etc/containerd/config.toml
# 关闭Cgroup
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
systemctl restart containerd
启动containerd
systemctl enable containerd
systemctl restart containerd
systemctl status containerd
配置客户端工具
# 工具使用方法参考:cri-tools/docs/crictl.md at master · kubernetes-sigs/cri-tools
# 配置crictl工具运行时接口地址(runtime-endpoint)
crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock
crictl ps
配置yum源
官网参考地址:https://kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
sed -e "s|packages.cloud.google.com|mirrors.ustc.edu.cn/kubernetes|" \
-e "s|gpgcheck=1|gpgcheck=0|" \
-i /etc/yum.repos.d/kubernetes.repo
安装kubeadm
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable --now kubelet
准备容器镜像
kubeadm config images list --image-repository registry.aliyuncs.com/google_containers
拉取镜像
kubeadm config images pull \
--image-repository registry.aliyuncs.com/google_containers
初始化集群
kubeadm init \
--apiserver-advertise-address 192.168.240.11 \
--apiserver-bind-port 6443 \
--control-plane-endpoint 192.168.240.11 \
--service-cidr=10.119.0.0/16 \
--service-dns-domain="cluster.local" \
--pod-network-cidr=10.120.0.0/16 \
--image-repository registry.aliyuncs.com/google_containers
配置环境变量
export KUBECONFIG=/etc/kubernetes/admin.conf
cat <<EOF | tee -a ~/.bash_profile
export KUBECONFIG=/etc/kubernetes/admin.conf
EOF
source ~/.bash_profile
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# cp /etc/kubernetes/admin.conf ~/.kube/config
安装网络插件
Calico
cd /root
mkdir -pv k8s/calico
cd k8s/calico
wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/tigera-operator.yaml
wget https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml
sed -i "s|192.168|10.120|" custom-resources.yaml
kubectl create -f tigera-operator.yaml
kubectl create -f custom-resources.yaml
其他
安装Flannel插件的yaml文件以及Calico3.27.3版本的镜像包参考附件