对《使用kubeadm安装Kubernetes1.29(上)》、《使用kubeadm安装Kubernetes1.29(下)》内容简化,只保留主要信息和步骤。
一、官方文档
2、Creating a cluster with kubeadm
二、环境准备
2.1 虚机信息
1、vmware workstation pro 16.5.2
2、ubuntu-22.04.4-live-server-amd64.iso
3、部署3台虚机(hostname分别为:k8s-1、k8s-2、k8s-3)
内存:2.2 G
CPU:2
网卡:1块,设置为NAT;设置静态P地址,三台虚机IP地址分别为11.0.1.21/24,11.0.1.22/24,11.0.1.23/24
2.2 Disable Swap
需要在所有节点执行!!!
1、sudo swapoff -a
2、编辑/etc/fstab,注释含有swap的语句
3、删除/swap.img
三、安装container runtime
需要在所有节点执行!!!
3.1、启用IPv4转发和让iptables能够看到桥接流量
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# sysctl params required by setup, params persist across reboots
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# Apply sysctl params without reboot
sudo sysctl --system
验证br_netfilter
和overlay
模块是否已加载,如果输出中包含这些模块的名称,则表示它们已成功加载到内核中。
lsmod | grep br_netfilter
lsmod | grep overlay
验证net.bridge.bridge-nf-call-iptables
,net.bridge.bridge-nf-call-ip6tables
和net.ipv4.ip_forward
系统变量是否设置为1,运行以下命令:
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
3.2、containerd的安装
1、设置 Docker 的 apt 仓库
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
2、安装conterd.io(注意,只安装containerd.io,不按照docker)
sudo apt-get install containerd.io
3、containerd设置systemd cgroup driver
lxhub@k8s-1:~$ sudo -i
root@k8s-1:~# containerd config default > /etc/containerd/config.toml
root@k8s-1:~# vi /etc/containerd/config.toml
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true <---由false改为true
root@k8s-1:~# systemctl restart containerd
root@k8s-1:~# systemctl enable containerd
四、安装kubeadm, kubelet和kubectl
需要在所有节点执行!!!
1、更新 apt 包索引并安装使用 Kubernetes apt 仓库所需的软件包
sudo apt-get update
# apt-transport-https may be a dummy package; if so, you can skip that package
sudo apt-get install -y apt-transport-https ca-certificates curl gpg
2、Download the public signing key for the Kubernetes package repositories. 下载 Kubernetes 包仓库的公共签名密钥
# If the directory `/etc/apt/keyrings` does not exist, it should be created before the curl command, read the note below.
# sudo mkdir -p -m 755 /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
3、Add the appropriate Kubernetes apt
repository.注意版本号是1.29.
# This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
4、Update the apt
package index, install kubelet, kubeadm and kubectl, and pin their version:
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
接下来使用kubeadm引导安装kubernetes集群。
五、Initializing your control-plane node
只在k8s-1上执行以下命令。
lxhub@k8s-1:~$ sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=11.0.1.21
执行kubeadm init命令后,输出有“Your Kubernetes control-plane has initialized successfully!”表示初始化成功。
根据kubeadm init命令输出中的提示,继续执行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
需要复制输出中的以下命令,用于后面节点加入集群时使用:
kubeadm join 11.0.1.21:6443 --token y1wqi3.xsn8x5vlctxsb7x8 \
--discovery-token-ca-cert-hash sha256:165cf4057b99b964234e2987802172fde221bee1970f5ce8df80e45a4ecec1fa
六、Installing a Pod network add-on
只在k8s-1上执行以下命令。
1、Download the Calico networking manifest for the Kubernetes API datastore.
curl https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/calico.yaml -O
2、Apply the manifest using the following command.
kubectl apply -f calico.yaml
七、Joining your nodes
只在k8s-2、k8s-3(worker node)上执行以下命令。
lxhub@k8s-2:~$ sudo su -
[sudo] password for lxhub:
root@k8s-2:~# kubeadm join 11.0.1.21:6443 --token y1wqi3.xsn8x5vlctxsb7x8 \
> --discovery-token-ca-cert-hash sha256:165cf4057b99b964234e2987802172fde221bee1970f5ce8df80e45a4ecec1fa
lxhub@k8s-3:~$ sudo su -
[sudo] password for lxhub:
root@k8s-3:~# kubeadm join 11.0.1.21:6443 --token y1wqi3.xsn8x5vlctxsb7x8 \
> --discovery-token-ca-cert-hash sha256:165cf4057b99b964234e2987802172fde221bee1970f5ce8df80e45a4ecec1fa