0


ubuntu 20.4安装k8s 1.24.0(使用containerd)

目录

前言

环境:
本篇来讲解如何在ubuntu20.4下使用kubeadm安装部署k8s 1.24集群

服务器初始化、环境准备

准备3台虚拟机,1个master,2个node节点。
主机说明192.168.118.145master节点,能连外网,ubuntu 20.04版本,至少2核CPU,2G内存192.168.118.146node1节点,能连外网,ubuntu 20.04版本,至少2核CPU,2G内存192.168.118.147node2节点,能连外网,ubuntu 20.04版本,至少2核CPU,2G内存

3台主机都根据实际情况做如下6大步骤配置

注意:3台虚拟机使用的都是root账号,所以命令前面均没有加sudo 命令

1、关闭防火墙

root@master:~# ufw status                    #ufw查看当前的防火墙状态:inactive状态是防火墙关闭状态 active是开启状态。
root@master:~# ufw enable | disable    #启动、关闭防火墙

2、禁用selinux

默认ubunt默认是不安装selinux的,如果没有selinux命令和配置文件则说明没有安装selinux,则下面步骤就不用做了

root@master:~# setenforce 0                        #临时关闭selinux
root@master:~# getenforce                         #查看selinux状态
Permissive
root@master:~# vim /etc/selinux/config            #永久关闭selinuxSELINUX=disabled

3、关闭swap分区(必须,因为k8s官网要求)

注意:最好是安装虚拟机时就不要创建swap交换分区

root@master:~#  swapoff -a                            #禁用所有swap交换分区
root@master:~#  free -h
              total        used        free      shared  buff/cache   available
Mem:           1.8G        280M        1.2G        9.6M        286M        1.4G
Swap:            0B          0B          0B
root@master:~#  vim /etc/fstab            #永久禁用swap,删除或注释掉/etc/fstab里的swap设备的挂载命令即可#/swap.img      none    swap    sw      0       0

4、设置主机名

cat>> /etc/hosts <<EOF
192.168.118.145 master
192.168.118.146 node1
192.168.118.147 node2
EOF

5、时间同步

root@master:~# date                                        #查看时区,时间
root@master:~# timedatectl set-timezone Asia/Shanghai    #先查看时区是否正常,不正确则替换为上海时区
root@master:~# yum -y install ntp                         #安装ntp服务
root@master:~# systemctl start ntp                        #开始ntpd服务,或者做定时任务如:*/5 * * * * /usr/sbin/ntpdate -u 192.168.11.100
root@master:~# systemctl enable ntp

6、将桥接的IPv4流量传递到iptables的链

(有一些ipv4的流量不能走iptables链,因为linux内核的一个过滤器,每个流量都会经过他,然后再匹配是否可进入当前应用进程去处理,所以会导致流量丢失),配置k8s.conf文件(k8s.conf文件原来不存在,需要自己创建的)

root@master:~#  touch /etc/sysctl.d/k8s.conf                #创建k8s.conf文件
root@master:~#  cat >> /etc/sysctl.d/k8s.conf <<EOF          #往k8s.conf文件添加内容> net.bridge.bridge-nf-call-ip6tables=1> net.bridge.bridge-nf-call-iptables=1>net.ipv4.ip_forward=1>vm.swappiness=0> EOF
root@master:~#  sysctl --system                                #重新加载系统全部参数,或者使用sysctl -p亦可

7、设置服务器之间免密登陆(3台彼此之间均设置)

root@master:~#   ssh-keygen -t rsa
root@master:~#  ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
root@master:~#  ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
root@master:~#  ssh node1
root@master:~#  ssh node2

使用kubeadm安装k8s(本篇讲解使用kubeadm安装k8s)

以上6大步骤在每一台虚拟机做完之后,开始安装k8s。本篇讲解使用kubeadm安装k8s),kubeadm是官方社区推出的一个用于快速部署kubernetes集群的工具,这个工具能通过两条指令完成一个kubernetes集群的部署。

1、创建一个master节点,kubeadm init。
2、将node节点加入kubernetes集群,kubeadm join<master_IP:port >。

步骤一、安装containerd

(在所有节点服务器上都执行,因为k8s 1.24版本默认CRI为containerd,cri称之为容器运行时插件)
containerd的官网:

https://containerd.io/downloads/

containerd官网安装教程:

https://github.com/containerd/containerd/blob/main/docs/getting-started.md

,官网安装文档提供了源码包安装和普通的yum、apt-get安装,这里使用源码包安装。

#安装containerd
https://github.com/containerd/containerd/releases/download/v1.6.8/containerd-1.6.8-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-1.6.8-linux-amd64.tar.gz    #解压到/usr/local/bin目录下了
bin/                                                        #解压到/usr/local/bin目录下了
bin/containerd-shim-runc-v2                                    #这6个可执行文件就是解压出来的containerd相关命令
bin/containerd-shim
bin/ctr
bin/containerd-shim-runc-v1
bin/containerd
bin/containerd-stress
#使用systemcd来管理containerdwget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service 
mv containerd.service  /usr/lib/systemd/system/
systemctl daemon-reload && systemctl enable--now containerd 
systemctl  status containerd        #containerd已经是running状态了
#安装runc#runc是容器运行时,runc实现了容器的init,run,create,ps...我们在运行容器所需要的cmd:curl-LO https://github.com/opencontainers/runc/releases/download/v1.1.1/runc.amd64 &&\install-m755 runc.amd64 /usr/local/sbin/runc
#安装 CNI plugins
https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
mkdir-p /opt/cni/bin        #根据官网的安装步骤来,创建一个目录用于存放cni插件tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz    #解压
./                                                            #会在/opt/cni/bin目录下生成下面这样可执行文件
./macvlan
./static
./vlan
./portmap
./host-local
./vrf
./bridge
./tuning
./firewall
./host-device
./sbr
./loopback
./dhcp
./ptp
./ipvlan
./bandwidth
#修改containerd的配置,因为containerd默认从k8s官网拉取镜像mkdir-p /etc/containerd                #创建一个目录用于存放containerd的配置文件
containerd config default |sudotee /etc/containerd/config.toml    #把containerd配置导出到文件vim /etc/containerd/config.toml            #修改配置文件[plugins."io.containerd.grpc.v1.cri"]..................................
sandbox_image ="registry.aliyuncs.com/google_containers/pause:3.2"#搜索sandbox_image,把原来的k8s.gcr.io/pause:3.6改为"registry.aliyuncs.com/google_containers/pause:3.2" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]..........................
SystemdCgroup =true#搜索SystemdCgroup,把这个false改为true        [plugins."io.containerd.grpc.v1.cri".registry]
     config_path ="/etc/containerd/certs.d"#搜索config_path,配置镜像加速地址(这是一个目录下面创建)#创建镜像加速的目录 mkdir /etc/containerd/certs.d/docker.io -pv#配置加速cat> /etc/containerd/certs.d/docker.io/hosts.toml <<EOF
server = "https://docker.io"
[host."https://b9pmyelo.mirror.aliyuncs.com"]
  capabilities = ["pull", "resolve"]
EOF#加载containerd的内核模块cat<<EOF|sudotee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOFsudo modprobe overlay
sudo modprobe br_netfilter

#重启containerd
systemctl restart containerd 
systemctl status containerd
#拉取镜像,测试containerd是否能创建和启动成功
ctr i pull docker.io/library/nginx:alpine        #能正常拉取镜像说明没啥问题
ctr images ls#查看镜像
ctr c create --net-host docker.io/library/nginx:alpine nginx #创建容器
ctr task start -d nginx                            #启动容器,正常说明containerd没啥问题
ctr containers ls#查看容器
ctr tasks kill-s SIGKILL  nginx                #终止容器
ctr containers rm nginx                            #删除容器

步骤二、配置kubernetes的阿里云apt源(所有节点服务器都需要执行)

apt-getinstall-y apt-transport-https ca-certificates curl# 编辑镜像源文件,加入阿里云k8s镜像源配置vi /etc/apt/sources.list
#在文件末尾加入以下内容
deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main

#更新证书curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg |sudo apt-key add#更新源apt-get update

步骤三、yum安装kubeadm、kubelet、kubectl(所有节点都执行)

在3台虚拟机上都执行安装kubeadm、kubelet
在master节点上安装kubectl(kubeadm和kubectl都是命令行工具,kubelet才是系统服务)
root@master:~# apt-cache madison  kubeadm            #查看apt可获取的kubeadm版本,这里安装1.24.0版本,不指定版本的话默认安装最新版本
root@master:~# apt-get install -y kubelet=1.24.0-00 kubeadm=1.24.0-00         #在所有节点上安装kubeadm、kubelet、kubectl
root@master:~# apt-get install -y kubectl=1.24.0-00                            #在master节点上安装kubectl即可
root@master:~# systemctl enable kubelet                                        #设置kubelet开机自启(先不用启动,也起不了,后面kubeadm init初始化master时会自动拉起kubelet)

步骤四、初始化master节点的控制面板

root@master:~# kubeadm config images list
k8s.gcr.io/kube-apiserver:v1.24.8
k8s.gcr.io/kube-controller-manager:v1.24.8
k8s.gcr.io/kube-scheduler:v1.24.8
k8s.gcr.io/kube-proxy:v1.24.8
k8s.gcr.io/pause:3.7
k8s.gcr.io/etcd:3.5.3-0
k8s.gcr.io/coredns/coredns:v1.8.6
root@master:~# 
kubeadm init --help可以查看命令的具体参数用法
root@master:~# kubeadm init \                                                #在master节点执行初始化(node节点不用执行)
--apiserver-advertise-address=192.168.118.145 \#指定apiserver的IP,即master节点的IP
--image-repository registry.aliyuncs.com/google_containers \#设置镜像仓库为国内的阿里云镜像仓库
--kubernetes-version v1.24.0 \#设置k8s的版本,跟步骤三的kubeadm版本一致
--service-cidr=10.96.0.0/12 \#这是设置service的网络地址端
--pod-network-cidr=10.244.0.0/16                                            #这是设置node节点的pod网络地址段
#最后kubeadm init初始化成功,提示信息如下:
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir-p$HOME/.kube
  sudocp-i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudochown$(id-u):$(id-g)$HOME/.kube/config

Alternatively, if you are the root user, you can run:

  exportKUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join192.168.118.145:6443 --token nrefdp.2mtcwkkshizkj1qa \
    --discovery-token-ca-cert-hash sha256:564dbb8ec1993f3e38f3b757c324ad6190950156f30f89f7f7d4b244d2b29ec7 

#我们根据输入的提示信息复制粘贴照着做即可
root@master:~# mkdir -p $HOME/.kube                                        #复制上面提示照着做即可
root@master:~# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config    #复制上面提示照着做即可
root@master:~# sudo chown $(id -u):$(id -g) $HOME/.kube/config            #复制上面提示照着做即可
root@master:~#  export KUBECONFIG=/etc/kubernetes/admin.conf

步骤五、将node节点加入k8s集群

在步骤四初始化完成master节点之后会提示你在node节点执行如下的命令来将node节点加入k8s集群,如下所示,复制它到node节点执行即可;
注意:这段kubeamd join命令的token只有24h,24h就过期,需要执行kubeadm token create --print-join-command 重新生成。

root@node1:/etc/apt# kubeadm join 192.168.118.145:6443 --token nrefdp.2mtcwkkshizkj1qa \
        --discovery-token-ca-cert-hash sha256:564dbb8ec1993f3e38f3b757c324ad6190950156f30f89f7f7d4b244d2b29ec7
[preflight] Running pre-flight checks
    [WARNING SystemVerification]: missing optional cgroups: blkio
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'[kubelet-start] Writing kubelet configuration to file"/var/lib/kubelet/config.yaml"[kubelet-start] Writing kubelet environment file with flags to file"/var/lib/kubelet/kubeadm-flags.env"[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this nodejoin the cluster.

root@node1:/etc/apt# 

步骤六、部署容器网络,CNI网络插件

在master节点配置pod网络。16
#node节点加入k8s集群后,在master上执行kubectl get nodes发现状态是NotReady,因为还没有部署CNI网络插件,其实在步骤四初始化
#完成master节点的时候k8s已经叫我们去配置pod网络了。在k8s系统上Pod网络的实现依赖于第三方插件进行,这类插件有近数十种之多,较为著名的有flannel、calico、canal和kube-router等。

wget https://docs.projectcalico.org/manifests/calico.yaml
vim calico.yaml            #找到下面这两句,去掉注释,修改ip为当前你设置的pod ip段
- name: CALICO_IPV4POOL_CIDR
  value: "10.244.0.0/16"

kubectl apply -f calico.yaml     #镜像拉取没有问题的话最好

calico镜像拉取出现问题

calico的镜像总是拉取不下来,报错如下:

Dec 02 21:58:49 node2 containerd[7285]: time="2022-12-02T21:58:49.627179374+08:00"level=error msg="Failed to handle backOff event &ImageCreate{Name:docker.io/calico/cni:v3.24.5,Labels:map[string]string{io.cri-containerd.image: managed,},XXX_unrecognized:[],} for docker.io/calico/cni:v3.24.5"error="update image store for \"docker.io/calico/cni:v3.24.5\": get image info from containerd: get image diffIDs: unexpected media type text/html for sha256:0238205317023105e6589e4001e2a3d81b84c71740b0d9563f6157ddb32c4ea4: not found"
Dec 02 21:58:50 node2 containerd[7285]: time="2022-12-02T21:58:50.627858264+08:00"level=info msg="ImageCreate event &ImageCreate{Name:docker.io/calico/kube-controllers:v3.24.5,Labels:map[string]string{io.cri-containerd.image: managed,},XXX_unrecognized:[],}"
Dec 02 21:58:50 node2 containerd[7285]: time="2022-12-02T21:58:50.627954441+08:00"level=error msg="Failed to handle backOff event &ImageCreate{Name:docker.io/calico/kube-controllers:v3.24.5,Labels:map[string]string{io.cri-containerd.image: managed,},XXX_unrecognized:[],} for docker.io/calico/kube-controllers:v3.24.5"error="update image store for \"docker.io/calico/kube-controllers:v3.24.5\": get image info from containerd: get image diffIDs: unexpected media type text/html for sha256:0238205317023105e6589e4001e2a3d81b84c71740b0d9563f6157ddb32c4ea4: not found"
Dec 02 21:59:01 node2 containerd[7285]: time="2022-12-02T21:59:01.446288924+08:00"level=info msg="Events for \"docker.io/calico/cni:v3.24.5\" is in backoff, enqueue event &ImageDelete{Name:docker.io/calico/cni:v3.24.5,XXX_unrecognized:[],}"
Dec 02 21:59:10 node2 containerd[7285]: time="2022-12-02T21:59:10.628919112+08:00"level=info msg="ImageCreate event &ImageCreate{Name:docker.io/calico/node:v3.24.5,Labels:map[string]string{io.cri-containerd.image: managed,},XXX_unrecognized:[],}"
Dec 02 21:59:10 node2 containerd[7285]: time="2022-12-02T21:59:10.629086106+08:00"level=error msg="Failed to handle backOff event &ImageCreate{Name:docker.io/calico/node:v3.24.5,Labels:map[string]string{io.cri-containerd.image: managed,},XXX_unrecognized:[],} for docker.io/calico/node:v3.24.5"error="update image store for \"docker.io/calico/node:v3.24.5\": get image info from containerd: get image diffIDs: unexpected media type text/html for sha256:0238205317023105e6589e4001e2a3d81b84c71740b0d9563f6157ddb32c4ea4: not found"
Dec 02 21:59:39 node2 containerd[7285]: time="2022-12-02T21:59:39.956573672+08:00"level=error msg="(*service).Write failed"error="rpc error: code = Canceled desc = context canceled"expected="sha256:0797c5cde8c8c54e2b4c3035fc178e8e062d3636855b72b4cfbb37e7a4fb133d"ref="layer-sha256:0797c5cde8c8c54e2b4c3035fc178e8e062d3636855b72b4cfbb37e7a4fb133d"total=86081905

使用ctr命令能正常拉取下来,但是使用ctr拉取下来的镜像即使放到了k8s.io命名空间,仍是不能使用的:

ctr  -n k8s.io i pull  docker.io/calico/cni:v3.24.5 
ctr  -n k8s.io i pull docker.io/calico/kube-controllers:v3.24.5
ctr  -n k8s.io i pull  docker.io/calico/node:v3.24.5

必须要使用crictl 命令拉取的镜像,k8s才能使用,这一点有待研究,但是使用crictl 命令总是报错:

crictl pull  docker.io/calico/cni:v3.24.5 
crictl pull docker.io/calico/kube-controllers:v3.24.5
crictl pull  docker.io/calico/node:v3.24.5

crictl   pull  docker.io/calico/node:v3.24.5        #总是报这种错误
E1202 21:25:47.261446    7560 remote_image.go:242]"PullImage from image service failed"err="rpc error: code = NotFound desc = failed to pull and unpack image \"docker.io/calico/node:v3.24.5\": failed to unpack image on snapshotter overlayfs: unexpected media type text/html for sha256:0c95980b6412e81bd466d0f2f7846f828c62417db9880081fef92f3b9d9d11f5: not found"image="docker.io/calico/node:v3.24.5"
FATA[0008] pulling image: rpc error: code = NotFound desc = failed to pull and unpack image "docker.io/calico/node:v3.24.5": failed to unpack image on snapshotter overlayfs: unexpected media type text/html for sha256:0c95980b6412e81bd466d0f2f7846f828c62417db9880081fef92f3b9d9d11f5: not found 
解决办法:
尝试将
vim  /etc/containerd/certs.d/docker.io/hosts.toml 
server ="https://docker.io"[host."https://xxxmyelo.mirror.aliyuncs.com"]#这个配置为自己阿里云的镜像加速地址
  capabilities =["pull", "resolve"]
root@node2:~# systemctl  stop  containerd.service && systemctl  start  containerd.service 
还是不行啊啊啊啊啊啊啊啊啊。

听网友说,删掉了步骤一中的配置的containerd镜像加速器
[plugins."io.containerd.grpc.v1.cri".registry]
     config_path =""#改回空地址

root@node2:~# systemctl  stop  containerd.service && systemctl  start  containerd.service 
靠,居然可以了,这是为什么呢,百思不得其解,反正现在是正常了,calico的镜像能正常拉取了。靠。

步骤七、测试k8s集群

在k8s中创建一个pod,验证是否正常运行:

root@master:~# kubectl create deployment httpd --image=httpd                    #创建一个httpd服务测试
deployment.apps/httpd created
root@master:~# kubectl expose deployment httpd --port=80 --type=NodePort        #端口就写80,如果你写其他的可能防火墙拦截了
service/httpd exposed
root@master:~# kubectl get pod,svc                                            #对外暴露端口
NAME                         READY   STATUS    RESTARTS   AGE
pod/httpd-757fb56c8d-w42l5   1/1     Running   0          39s

NAME                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
service/httpd        NodePort    10.109.29.1   <none>80:32569/TCP   42s            #外部端口32569
service/kubernetes   ClusterIP   10.96.0.1     <none>443/TCP        3h22m

root@master:~# 

网页测试访问,使用master节点的IP或者node节点的IP都可以访问,端口就是32569。

http://192.168.118.145:32569/
It works!#成功了
标签: kubernetes 运维 linux

本文转载自: https://blog.csdn.net/MssGuo/article/details/128149704
版权归原作者 MssGuo 所有, 如有侵权,请联系我们删除。

“ubuntu 20.4安装k8s 1.24.0(使用containerd)”的评论:

还没有评论