1.27

第一步，購買三臺云主機

系統(tǒng) ubuntu 22.04 64位
配置 2 vCPU 4 GiB
機器名稱 master-k8s, node1-k8s, node2-k8s

以下命令沒有特殊說明的，三臺機器都要執(zhí)行

第二步，系統(tǒng)準備

• 1.關(guān)閉swap分區(qū)

# 臨時關(guān)閉
root@master-k8s:~# swapoff -a
# 永久關(guān)閉
root@master-k8s:~# sed -ri 's/.*swap.*/#&/' /etc/fstab

• 2.將網(wǎng)橋的ip4流量轉(zhuǎn)接到iptables

root@master-k8s:~# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward                 = 1
EOF

# 效果
root@master-k8s:~# cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward                 = 1
# 使生效
root@master-k8s:~# sysctl --system

第三步，安裝docker

• 1. 安裝docker全家桶

root@master-k8s:~# apt-get update
root@master-k8s:~# apt-get install ca-certificates curl gnupg lsb-release
root@master-k8s:~# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
root@master-k8s:~# apt-get update
root@master-k8s:~# apt-get install -y docker-ce docker-ce-cli
# 驗證docker是否安裝成功
root@master-k8s:~# docker run hello-world  
# 輸出包含如下內(nèi)容表示安裝成功

Hello from Docker!
This message shows that your installation appears to be working correctly.

• 2. 配置docker鏡像加速

root@master-k8s:~# cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
root@master-k8s:~#
root@master-k8s:~# systemctl restart docker

第四步，安裝cri-dockerd

• 1. 安裝運行時rpc

root@master-k8s:~# wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.3/cri-dockerd-0.3.3.amd64.tgz
root@master-k8s:~# tar xzvf cri-dockerd-0.3.3.amd64.tgz
root@master-k8s:~# cd  cri-dockerd
root@master-k8s:~/cri-dockerd# install -o root -g root -m 0755 cri-dockerd /usr/local/bin/cri-dockerd

• 2. 編輯配置文件

root@master-k8s:~/cri-dockerd# wget https://gitee.com/kjpioo2006/cri-dockerd/raw/master/packaging/systemd/cri-docker.service
root@master-k8s:~/cri-dockerd# wget https://gitee.com/kjpioo2006/cri-dockerd/raw/master/packaging/systemd/cri-docker.socket

cri-docker.service文件修改以下一行

ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9

cri-docker.socket文件保持不變

root@master-k8s:~/cri-dockerd# cp cri-docker.service /etc/systemd/system/cri-docker.service
root@master-k8s:~/cri-dockerd# cp cri-docker.socket /etc/systemd/system/cri-docker.socket

• 3. 啟動cri-dockerd

root@master-k8s:~/cri-dockerd# systemctl daemon-reload
root@master-k8s:~/cri-dockerd# systemctl enable cri-docker
root@master-k8s:~/cri-dockerd# systemctl restart cri-docker
root@master-k8s:~/cri-dockerd# systemctl enable cri-docker.service
root@master-k8s:~/cri-dockerd# systemctl enable --now cri-docker.socket
# 檢查
root@master-k8s:~/cri-dockerd# systemctl status cri-docker.socket

啟動cri-dockerd

第四步，安裝Kubernetes

• 1. 配置鏡像源

root@master-k8s:~# apt-get update && apt-get install -y apt-transport-https
root@master-k8s:~# curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
root@master-k8s:~# cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
root@master-k8s:~# apt-get update

• 2. 安裝

root@master-k8s:~# apt install -y  kubeadm=1.27.1-00 kubelet=1.27.1-00 kubectl=1.27.1-00

第五步，配置集群

• 1. 在master-k8s啟動集群

kubeadm config print init-defaults > kubeadm.yaml

修改

advertiseAddress：kubernetes主節(jié)點IP
nodeRegistration.criSocket: unix:///var/run/cri-dockerd.sock
nodeRegistration.name: master-k8s
imageRepository: registry.aliyuncs.com/google_containers # 鏡像倉庫
kubernetesVersion: 1.27.1

• 2. 啟動Kubernetes master

root@master-k8s:~# kubeadm init --config ./kubeadm.yaml --ignore-preflight-errors=all

以上命令會生成以下日志

...
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.30.70.60:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:0ea6acce979e4ad2f02f3d18c689eb19917dbd3bb06779c500cedeecdd60476b

在master-k8s配置命令行

root@master-k8s:~# mkdir -p $HOME/.kube
root@master-k8s:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@master-k8s:~# chown $(id -u):$(id -g) $HOME/.kube/config
root@master-k8s:~# echo 'export KUBECONFIG=$HOME/.kube/config' >> $HOME/.bashrc
root@master-k8s:~# source ~/.bashrc

3. 在node1-k8s和node2-k8s將從節(jié)點加入集群

root@node1-k8s:~# kubeadm join 172.30.70.60:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:0ea6acce979e4ad2f02f3d18c689eb19917dbd3bb06779c500cedeecdd60476b \
    --cri-socket unix:///var/run/cri-dockerd.sock

第六步，配置網(wǎng)絡CNI

回到master-k8s，執(zhí)行如下檢查

root@master-k8s:~# kubectl get nodes
NAME         STATUS     ROLES                  AGE     VERSION
master-k8s   NotReady   control-plane,master   8m51s   v1.27.1
node1-k8s    NotReady   <none>                 87s     v1.27.1
node2-k8s    NotReady   <none>                 82s     v1.27.1

因為集群還需要安裝網(wǎng)絡cni，此處選擇安裝calico

root@master-k8s:~# curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/calico-etcd.yaml -o calico.yaml
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 21088  100 21088    0     0  27756      0 --:--:-- --:--:-- --:--:-- 27747
root@master-k8s:~#
root@master-k8s:~# kubectl apply -f calico.yaml

馬上執(zhí)行以下命令

root@master-k8s:~# kubectl get pods -n kube-system
NAME                                     READY   STATUS     RESTARTS   AGE
calico-kube-controllers-c4d664d7-58zg7   0/1     Pending    0          32s
calico-node-fz485                        0/1     Init:0/2   0          32s
calico-node-hzrb6                        0/1     Init:0/2   0          32s
calico-node-wv7nk                        0/1     Init:0/2   0          32s
coredns-7bdc4cb885-vx29q                 0/1     Pending    0          3m33s
coredns-7bdc4cb885-zrsws                 0/1     Pending    0          3m33s
etcd-master-k8s                          1/1     Running    0          3m37s
kube-apiserver-master-k8s                1/1     Running    0          3m40s
kube-controller-manager-master-k8s       1/1     Running    0          3m37s
kube-proxy-nwpvg                         1/1     Running    0          3m33s
kube-proxy-rwm44                         1/1     Running    0          97s
kube-proxy-rz7x2                         1/1     Running    0          104s
kube-scheduler-master-k8s                1/1     Running    0          3m37s

可以發(fā)現(xiàn)calico-node-*還是Init:0/2狀態(tài)，等一段時間，比如20秒，再次執(zhí)行以上命令

root@master-k8s:~# kubectl get pods -n kube-system
NAME                                      READY   STATUS    RESTARTS   AGE
calico-kube-controllers-6b77fff45-fp2cj   1/1     Running   0          2m59s
calico-node-9tf5w                         1/1     Running   0          2m59s
calico-node-dx5bq                         1/1     Running   0          2m59s
calico-node-x78f8                         1/1     Running   0          2m59s
coredns-6d8c4cb4d-6wpt2                   1/1     Running   0          14m
coredns-6d8c4cb4d-dvqvj                   1/1     Running   0          14m
etcd-master-k8s                           1/1     Running   0          14m
kube-apiserver-master-k8s                 1/1     Running   0          14m
kube-controller-manager-master-k8s        1/1     Running   0          14m
kube-proxy-87tbj                          1/1     Running   0          7m8s
kube-proxy-9w9lv                          1/1     Running   0          7m13s
kube-proxy-s2j4f                          1/1     Running   0          14m
kube-scheduler-master-k8s                 1/1     Running   0          14m

現(xiàn)在已經(jīng)是Running狀態(tài)了，使用kubectl get nodes查看節(jié)點狀態(tài)，現(xiàn)在已經(jīng)都是Ready狀態(tài)了

root@master-k8s:~# kubectl get nodes
NAME         STATUS   ROLES                  AGE     VERSION
master-k8s   Ready    control-plane,master   15m     v1.27.1
node1-k8s    Ready    <none>                 7m44s   v1.27.1
node2-k8s    Ready    <none>                 7m39s   v1.27.1

第六步，創(chuàng)建一個簡單的pod

root@master-k8s:~#  kubectl run test --image=httpd --port=80
pod/test created
root@master-k8s:~#
root@master-k8s:~#
root@master-k8s:~# kubectl get pods -n default
NAME   READY   STATUS              RESTARTS   AGE
test   0/1     ContainerCreating   0          6s

使用manifest文件創(chuàng)建pod

root@master-k8s:~# cat test-nginx.yaml
apiVersion: v1
kind: Pod
metadata:
  name: test-nginx
spec:
  containers:
  - name: nginx-test01
    image: nginx:1.12
    ports:
    - name: http
      containerPort: 80
      protocol: TCP
      hostPort: 33333

root@master-k8s:~# kubectl apply -f test-nginx.yaml
root@master-k8s:~# kubectl get pods -n default
NAME         READY   STATUS              RESTARTS   AGE
test         0/1     ContainerCreating   0          98s
test-nginx   0/1     ContainerCreating   0          3s

至此，一個最新版1.27.1的k8s集群部署完畢

總結(jié)

• 1. 安裝cri-dockerd時的配置文件一定要仔細檢查

ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9

執(zhí)行文件路徑不對直接啟動失敗時，可以通過systemctl status cri-docker.socket核查
基礎鏡像位置改為阿里云的的要不然直接卡死

• 2. kubeadm.yaml的修改項一定要搞對
• 3. kubeadm init --config ./kubeadm.yaml一定要加上 --ignore-preflight-errors=all
• 4. kubeadm join時一定要指定cri-socket因為docker不再是默認的運行時