目录
单机K8S
docker
containerd
image依赖
kubeadm初始化
验证
crictl工具
K8S核心组件
上文安装单机docker是很简单docker,但是生产环境需要多个主机,主机上启动多个docker容器,相同容器会绑定形成1个服务service,微服务场景中多个service会互相调用,那么就需要保证多个service服务的编排、高可用、负载均衡,docker提供了自己的解决方案:docker-compose + docker-swarm,也可以不用docker提供的解决方案,自己通过Nginx+服务网关+HaProxy实现。
但是基本上所有线上生产环境都是用K8S来服务治理,这也被认为是标准答案,K8S从V1.24版本不支持docker而是contained做为默认容器管理,contained实际上是轻量化的docker,本次搭建k8s+containerd的集群,因此k8s多节点集群相对繁琐且有资源要求,本次单机搭建。
单机K8S
2022年k8s的1.24版本正式剔除dockershim,不再支持让docker去调用containerd,而是直接操作containerd,先安装containerd来替换CRI接口调用,本次使用最新版本v1.28.0;
docker
安装docker用于后续依赖 image拉取;
containerd
# 下载 containerd
wget https://github.com/containerd/containerd/releases/download/v1.6.19/containerd-1.6.19-linux-amd64.tar.gz
# 下载contained服务
wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service -o /usr/lib/systemd/system/containerd.service
# 启动服务
systemctl daemon-reload && systemctl enable containerd
# 配置文件
mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml
# 需要镜像地址为国内的
vi /etc/containerd/config.toml
将 sandbox_image = "registry.k8s.io/pause:3.6"
修改为 sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6"
# 配置镜像加速器,在 [plugins."io.containerd.grpc.v1.cri".registry.mirrors] 后面增加两行配置,注意缩进
[plugins."io.containerd.grpc.v1.cri".registry.mirrors][plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["http://mirrors.ustc.edu.cn"][plugins."io.containerd.grpc.v1.cri".registry.mirrors."*"]endpoint = ["http://hub-mirror.c.163.com"]
# 启动服务
systemctl restart containerd
image依赖
kubeadm:用来初始化集群的指令,kubelet在集群中的每个节点上用来启动 Pod 和容器等,kubectl:用来与集群通信的命令行工具,步骤中的docker image安装可以不用;
# 关闭selinux
setenforce 0
# 增加yum源
vi /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttp://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
# yum 安装
yum makecache all
yum install -y kubelet kubeadm kubectl
# 启动kubelet
systemctl enable kubelet && systemctl start kubelet
# docker依赖安装(可选)
vi install.sh
#!/bin/bash
images=(kube-apiserver:v1.28.0kube-controller-manager:v1.13.2kube-scheduler:v1.28.0kube-proxy:v1.28.0pause:3.6etcd:3.2.24coredns:1.2.6
)
for imageName in ${images[@]} ; dodocker pull registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName} k8s.gcr.io/${imageName}docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/${imageName}
done
# 运行install.sh(可选)
sh -x install.sh
# 查看镜像(可选)
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-apiserver v1.28.0 bb5e0dde9054 2 days ago 126 MB
k8s.gcr.io/kube-controller-manager v1.28.0 4be79c38a4ba 2 days ago 122 MB
k8s.gcr.io/kube-scheduler v1.28.0 f6f496300a2a 2 days ago 60.1 MB
k8s.gcr.io/kube-proxy v1.28.0 ea1030da44aa 2 days ago 73.1 MB
docker.io/becivells/soar-web latest 93daf9d511a1 11 months ago 134 MB
k8s.gcr.io/coredns 1.2.6 f59dcacceff4 4 years ago 40 MB
k8s.gcr.io/etcd 3.2.24 3cab8e1b9802 4 years ago 220 MB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 5 years ago 742 kB# 网络
vi /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1kubeadm初始化
# 使用root启动设置环境变量
export KUBECONFIG=/etc/kubernetes/admin.conf
# 初始化
kubeadm init --apiserver-advertise-address=10.121.198.235 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version=v1.28.0 --service-cidr=172.96.0.0/12 --pod-network-cidr=10.244.0.0/16验证
# 查看集群信息
kubectl cluster-info
Kubernetes control plane is running at https://10.121.198.235:6443
CoreDNS is running at https://10.121.198.235:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy# 查看pod信息
get pod -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-66f779496c-d4rk9 1/1 Running 0 71m
coredns-66f779496c-fvmzn 1/1 Running 0 71m
etcd-localhost.localdomain 1/1 Running 0 71m
kube-apiserver-localhost.localdomain 1/1 Running 0 71m
kube-controller-manager-localhost.localdomain 1/1 Running 0 71m
kube-proxy-tr75q 1/1 Running 0 71m
kube-scheduler-localhost.localdomain 1/1 Running 0 71m
crictl工具
# 安装 containerd 的 cli 管理工具(此步骤是非必选项)
# 官方文档https://github.com/kubernetes-sigs/cri-tools/blob/master/docs/crictl.md
# 下载解压
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.26.0/crictl-v1.26.0-linux-amd64.tar.gz
tar zxvf crictl-v1.26.0-linux-amd64.tar.gz -C /usr/local/bin
# 创建配置文件,运行 crictl config 命令可获取参数说明
cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 2
debug: false
pull-image-on-create: false
disable-pull-on-run: false
EOF
# 测试
crictl pods
POD ID CREATED STATE NAME NAMESPACE ATTEMPT RUNTIME
c9f1f5a8e5f3b About an hour ago Ready coredns-66f779496c-fvmzn kube-system 0 (default)
92acc7d225059 About an hour ago Ready coredns-66f779496c-d4rk9 kube-system 0 (default)
2fdff0229921a About an hour ago Ready kube-proxy-tr75q kube-system 0 (default)
8cad99418e8dd About an hour ago Ready kube-apiserver-localhost.localdomain kube-system 0 (default)
2f366285dbe4e About an hour ago Ready kube-controller-manager-localhost.localdomain kube-system 0 (default)
ab2fb7aa95e40 About an hour ago Ready kube-scheduler-localhost.localdomain kube-system 0 (default)
c25f77697cc84 About an hour ago Ready etcd-localhost.localdomain kube-system 0 (default)
K8S核心组件
待续
参考:搭建containerd+k8s集群-v1.26
参考:安装docker依赖
