k8s 1.26安装

1、前期准备

• 关闭防火墙和selinux和交换分区

• 修改主机名和免密登录

• 上面的这些不会做的话，趁早别学k8s了,学不明白的

1、修改内核参数

[root@master yum.repos.d]# cat /etc/sysctl.d/k8s.conf 
net.bridge.bridge-nf-call-ip6tables = 1  # 启用对ipv6流量的桥接网络数据包的iptables的过滤功能，走iptables的规则
net.bridge.bridge-nf-call-iptables = 1  # 对ipv4的iptables的过滤功能
net.ipv4.ip_forward = 1    # 启动对ipv4数据包的转发功能；pod想要访问外网或者访问另外一个Pod,这个功能必须打开，否则系统只会管自己，不会帮别人转发数据包，就是只会管理发给自己的数据包的请求，不是自己的请求不会管

modprobe br_netfilter  # 加载linux内核模块

[root@master yum.repos.d]# sysctl -p /etc/sysctl.d/k8s.conf   # 加载指定配置文件的参数值，立即生效
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

# 加载这些内核模块
[root@master ~]# cat /etc/sysconfig/modules/ipvs.modules 
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4

bash /etc/sysconfig/modules/ipvs.modules 

# 查看内核
lsmod | grep  -e ip_vs -e nf_conntrack_ipv4

2、配置k8s源

[root@master /]# cat > /etc/yum.repos.d/kubernetes.repo << EOF
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
> EOF

3、安装containerd

yum -y install  yum-utils

yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum -y install docker-ce


# 修改配置文件
containerd config default > /etc/containerd/config.toml
SystemdCgroup = true   # 驱动设置为systemd，与kubelet保持一致
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9" # 使用的沙盒镜像是这个,国内可以进行访问到

# 设置containerd镜像仓库地址

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]  # 请求的是registry.k8s.io的地址都重定向到下面的地址，之前用的是阿里云的仓库地址，一直拉取不到镜像
            endpoint = ["https://registry-k8s-io.mirrors.sjtug.sjtu.edu.cn"]
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
            endpoint = [仓库地址]


systemctl enable containerd --now

4、设置容器运行时

• ctr是containerd的默认的工具

• crictl是用于支持k8s容器运行时的接口，用于运行containerd中的容器和pod

• 也就是说crictl与指定的容器运行时containerd和镜像服务端点通信，交互操作

# 指容器运行时的终端接口,连接到哪个容器运行时的unix socket
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock   

# 告诉crictl对镜像做操作时使用的哪个接口
crictl config image-endpoint unix:///var/run/containerd/containerd.sock

2、k8s安装

1、安装k8s包

yum -y install kubelet-1.26.0 kubectl-1.26.0 kubeadm-1.26.0

systemctl enable kubelet

2、通过配置文件进行初始化

kubeadm config print init-defaults > kubeadm.yaml

[root@master ~]# cat kubeadm.yaml 
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 10.104.43.133   # master ip地址
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///run/containerd/containerd.sock  # 容器运行时的接口 
  imagePullPolicy: IfNotPresent
  name: master   # 主机名 
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers   # 在初始化的时候设置的镜像仓库地址
kind: ClusterConfiguration
kubernetesVersion: 1.26.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.244.0.0/16  # pod的网段
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration   
mode: ipvs  # 设置ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd   # 设置kubelet驱动为systemd

# 初始化
kubeadm init --config=kubeadm.yaml --ignore-preflight-errors=SystemVerification

3、安装网络插件

kubectl apply -f calico.yaml

4、测试

[root@master ~]# kubectl get node
NAME     STATUS   ROLES           AGE   VERSION
master   Ready    control-plane   49m   v1.26.0
node1    Ready    <none>          32m   v1.26.0
[root@master ~]# kubectl get pod -A
NAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGE
default       nginx                                     1/1     Running   0          20m
kube-system   calico-kube-controllers-57b57c56f-sfc4w   1/1     Running   0          29m
kube-system   calico-node-9hwf6                         1/1     Running   0          29m
kube-system   calico-node-bnb2s                         1/1     Running   0          29m
kube-system   coredns-5bbd96d687-8w5wg                  1/1     Running   0          49m
kube-system   coredns-5bbd96d687-fxzj9                  1/1     Running   0          49m
kube-system   etcd-master                               1/1     Running   1          49m
kube-system   kube-apiserver-master                     1/1     Running   0          50m
kube-system   kube-controller-manager-master            1/1     Running   0          49m
kube-system   kube-proxy-rcmrz                          1/1     Running   0          32m
kube-system   kube-proxy-v6wvt                          1/1     Running   0          49m
kube-system   kube-scheduler-master                     1/1     Running   1          49m


# 创建一个pod，进行访问

5、docker

• 虽然弃用了docker,但是还是可以进行安装的,并且docker构建镜像比较方便的