debian/ubuntu安裝k8s-v1.24.2

1. 安裝kube三件套

apt-get update 
apt install -y apt-transport-https  gnupg gnupg2 gnupg1 curl lsb-release
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl

2. 系統(tǒng)配置

配置主機(jī)名,不要用localhost,例如:

hostnamectl --static set-hostname node1

關(guān)閉防火墻:

service iptables stop
systemctl stop firewalld.service
ufw disable
iptables -F

關(guān)閉swap:

swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab

橋接的ipv4流量轉(zhuǎn)到iptables:

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

# 設(shè)置所需的 sysctl 參數(shù),參數(shù)在重新啟動(dòng)后保持不變
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# 應(yīng)用 sysctl 參數(shù)而不重新啟動(dòng)
sudo sysctl --system

3. 安裝containerd

apt install containerd
systemctl start containerd
mkdir -p /etc/containerd/
containerd config default > /etc/containerd/config.toml
sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml
systemctl restart containerd

4. 拉取鏡像

從阿里鏡像拉去:
最好指定下版本,這里我使用1.24.2
需要注意的是即便指定了版本,一些image的版本還是會(huì)不匹配,比如pause

 kubeadm config images pull --kubernetes-version=v1.24.2 --image-repository=registry.aliyuncs.com/google_containers

打tag:
注意image的版本號(hào)根據(jù)自己實(shí)際pull拉下來(lái)的進(jìn)行修改。

ctr -n k8s.io image tag registry.aliyuncs.com/google_containers/coredns:v1.8.6 k8s.gcr.io/coredns/coredns:v1.8.6
ctr -n k8s.io image tag registry.aliyuncs.com/google_containers/etcd:3.5.3-0  k8s.gcr.io/etcd:3.5.3-0
ctr -n k8s.io image tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.24.2 k8s.gcr.io/kube-apiserver:v1.24.2
ctr -n k8s.io image tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.24.2 k8s.gcr.io/kube-controller-manager:v1.24.2
ctr -n k8s.io image tag registry.aliyuncs.com/google_containers/kube-proxy:v1.24.2 k8s.gcr.io/kube-proxy:v1.24.2
ctr -n k8s.io image tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.24.2 k8s.gcr.io/kube-scheduler:v1.24.2
ctr -n k8s.io image tag registry.aliyuncs.com/google_containers/pause:3.7 k8s.gcr.io/pause:3.7

這里可能出現(xiàn)超時(shí)的問(wèn)題:

[kubelet-check] Initial timeout of 40s passed.

Unfortunately, an error has occurred:
        timed out waiting for the condition

This error is likely caused by:
        - The kubelet is not running

一般是因?yàn)檎也坏界R像的問(wèn)題,可以執(zhí)行systemctl status containerd查看日志。它的日志不能換行顯示不完整,所以需要先縮小再執(zhí)行,再放大查看日志。就可以找到是哪個(gè)鏡像的哪個(gè)版本找不到。
比如我pull的時(shí)候pause的版本在阿里鏡像中默認(rèn)是3.7,而k8s.gcr.io的是3.5,不斷重新拉去就導(dǎo)致超時(shí)了。
這時(shí)候需要手動(dòng)指定版本拉下image,并打tag:

ctr -n k8s.io image pull registry.aliyuncs.com/google_containers/pause:3.5
ctr -n k8s.io image tag registry.aliyuncs.com/google_containers/pause:3.5 k8s.gcr.io/pause:3.5

5. kubeadm搭建集群

 kubeadm init  --image-repository=registry.aliyuncs.com/google_containers \
    --pod-network-cidr=192.168.0.0/16

非root用戶:(不執(zhí)行可能會(huì)引起證書(shū)錯(cuò)誤)

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

root用戶:

export KUBECONFIG=/etc/kubernetes/admin.conf

安裝Calico:
第二個(gè)命令,需要根據(jù)自己CIDR而修改

kubectl create -f https://projectcalico.docs.tigera.io/manifests/tigera-operator.yaml
kubectl create -f https://projectcalico.docs.tigera.io/manifests/custom-resources.yaml

加入worker節(jié)點(diǎn):
worker節(jié)點(diǎn)上執(zhí)行如下命令:(注意需要提前準(zhǔn)備好相關(guān)必要鏡像“kubeadm config images ”那些)

kubeadm join 192.168.8.125:6443 --token ho3sx8.kq640morilxbff3f  \
  --discovery-token-ca-cert-hash sha256:7a4f647fe3245898528609aeb100967e4b59c55a65142e28bf7af58616095829

去除master節(jié)點(diǎn)污點(diǎn):

kubectl taint nodes <node> node-role.kubernetes.io/master:NoSchedule-
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容