系统环境配置(master及work节点)
调整防火墙,设置IPtables扩展功能,关闭SElinux、swap分区
firewall-cmd --set-default-zone=trusted #调整防火墙为trusted
swapoff -a ; sed -i '/swap/d' /etc/fstab #关闭swap分区
#设置IPtables拓展功能
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system #启用设置IPtables拓展功能
vim /etc/hosts #修改hosts文件
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config ; reboot #关闭SElinux
Docker为runtime
1、Docker及k8s组件安装配置(master及work节点)
yum install docker-ce -y #安装Docker
systemctl enable docker.service --now #运行Docker并设置开机启动
#设置Docker加速器及Cgroup Driver
cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://020a69xs.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl daemon-reload ; systemctl restart docker.service #加载Docker配置文件
#安装k8s组件
yum list --showduplicates kubeadm --disableexcludes=kubernetes #查看k8s组件版本
yum install -y kubelet-1.23.3-0 kubeadm-1.23.3-0 kubectl-1.23.3-0 --disableexcludes=kubernetes #安装指定版本的k8s组件
systemctl enable kubelet.service --now #运行kubelet并设置开机启动
2、master节点配置(metric镜像国内网络无法直接下载,需手动上传到各个work节点)
kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.23.3 --pod-network-cidr=10.244.0.0/16 #部署k8s主管理节点
curl https://projectcalico.docs.tigera.io/manifests/calico.yaml -O #下载calico配置文件
#编辑calico配置文件
vim calico.yaml
- name: CALICO_IPV4POOL_CIDR
value: "10.244.0.0/16"
- name: IP_AUTODETECTION_METHOD
value: "interface=ens32"
#部署calico
kubectl apply -f calico.yaml
#部署metric-server
wget https://api.github.com/repos/kubernetes-sigs/metrics-server/tarball/v0.3.6 -O metrics-server-v0.3.6.tar.gz #下载metric配置文件
tar vzxf metrics-server-v0.3.6.tar.gz ; cd kubernetes-sigs-metrics-server-d1f4f6f/deploy/1.8+/ ; vim metrics-server-deployment.yaml #打开需要编辑的配置文件
#修改对应配置
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
imagePullPolicy: IfNotPresent
command:
- /metrics-server
- --metric-resolution=30s
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
#- --cert-dir=/tmp
sed -i 's/rbac\.authorization\.k8s\.io\/v1beta1/rbac\.authorization\.k8s\.io\/v1/g' auth-delegator.yaml
sed -i 's/rbac\.authorization\.k8s\.io\/v1beta1/rbac\.authorization\.k8s\.io\/v1/g' auth-reader.yaml
sed -i 's/apiregistration\.k8s\.io\/v1beta1/apiregistration\.k8s\.io\/v1/g' metrics-apiservice.yaml
docker pull registry.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6 #通过阿里代理拉取镜像
docker tag registry.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6 #对镜像打标
docker rmi -f registry.aliyuncs.com/google_containers/metrics-server-amd64:v0.3.6 #删除阿里代理标记
docker save k8s.gcr.io/metrics-server-amd64:v0.3.6 -o metrics-server-amd64-v0.3.6.tgz #将进行保存至本地
scp metrics-server-amd64-v0.3.6.tgz x.x.x.x:~/ #上传镜像到各work节点
docker load -i metrics-server-amd64-v0.3.6.tgz #在各work节点上加载镜像
kubectl apply -f .
container为runtime
1、container及k8s组件安装配置
yum install containerd.io cri-tools -y #安装container
systemctl enable containerd --now #运行container并设置开机启动
#配置container
containerd config default > /etc/containerd/config.toml #导出container默认配置文件
vim /etc/containerd/config.toml
/mirrors #使用阿里云镜像加速器
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://020a69xs.mirror.aliyuncs.com"]
/sandbox_image #使用阿里云谷歌代理
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.2"
/runc.option #修改cgroup为systemd
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock #连接k8s到container引擎,默认为docker
systemctl restart containerd
https://github.com/containerd/nerdctl #下载nerdctl
tar vzxf nerdctl-0.16.1-linux-amd64.tar.gz
mv nerdctl /usr/local/bin/ #添加nerdctl
vim /etc/profile
source <(nerdctl completion bash)
source /etc/profile #启用tab补全
https://github.com/containernetworking/plugins #下载网络插件
mkdir -p /opt/cni/bin/
tar vzxf cni-plugins-linux-amd64-v1.0.1.tgz -C /opt/cni/bin/ #导入网络插件
export CONTAINERD_NAMESPACE=k8s.io #添加k8s命名空间
cat > /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
好厉害的哦