环境
操作系统:centos7.9
机器:1个master 和 1个node 节点(云ECS)
系统设置
# 所有机器设置hostname
hostnamectl set-hostname master1
hostnamectl set-hostname node1# 所有机器增加内网ip和 master1 对应关系
vi /etc/hosts如:
192.168.0.121 master1
192.168.0.172 node1
注:使用的云上ECS.防火墙默认关闭,用的安全组,selinux关闭、swap交互分区关闭
配置源
#k8s的源
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
# 是否开启本仓库
enabled=1
# 是否检查 gpg 签名文件
gpgcheck=0
# 是否检查 gpg 签名文件
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpgEOF#docker源
get https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
配置网桥
# 设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
vm.swappiness = 0
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1EOF# 应用 sysctl 参数而不重新启动
sudo sysctl --system
安装containerd
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum install -y containerd.io containerdsudo systemctl stop containerd.servicesudo containerd config default > /etc/containerd/config.toml
sudo sed -i "s#registry.k8s.io/pause#registry.cn-hangzhou.aliyuncs.com/google_containers/pause#g" /etc/containerd/config.toml# 修改cgroup
sudo sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.tomlsudo systemctl enable --now containerd.service
sudo systemctl status containerd.servicesudo modprobe br_netfilter
安装k8s
sudo yum install -y kubelet-1.27.3-0 kubeadm-1.27.3-0 kubectl-1.27.3-0 --disableexcludes=kubernetes --nogpgcheck
sudo systemctl daemon-reload
sudo systemctl restart kubelet
sudo systemctl enable kubelet
master节点安装
kubeadm init --image-repository=registry.aliyuncs.com/google_containers mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config# 让master参与服务调度,不做control-plane
kubectl taint node master1 node-role.kubernetes.io/control-plane-
kubectl label node master1 kubernetes.io/role=mastersudo crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
node节点加入
kubeadm join 192.168.0.121:6443 --token token.fake --discovery-token-ca-cert-hash sha256:fake
安装calico插件
wget --no-check-certificate https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml
# 修改 calico.yaml 文件
vim calico.yaml
# 在 - name: CLUSTER_TYPE 下方添加如下内容
- name: CLUSTER_TYPEvalue: "k8s,bgp"# 下方为新增内容
- name: IP_AUTODETECTION_METHODvalue: "interface=网卡名称"
# 例如:- name: IP_AUTODETECTION_METHOD
# 例如: value: "interface=eth0" 可使用通配符,例如:interface="eth.*|en.*"#由于用的ECS,入方向未放通全部端口,安全组需要增加179端口放通
kubectl apply -f calico.yaml
集群检查
kubectl cluster-info
kubectl get nodes
kubectl get pods -A -o wide
containerd命令
# 查看镜像
crictl images# 拉取镜像, 分为非k8s容器用 和 k8s容器用。一定要加上--all-platforms
ctr i pull --all-platforms registry.xxxxx/pause:3.2
ctr -n k8s.io i pull --all-platforms registry.aliyuncs.com/google_containers/pause:3.2
或者,要登录的harbor
ctr i pull --user user:passwd --all-platforms registry.aliyuncs.com/google_containers /pause:3.2
或者,不推荐,没有 --all-platforms
crictl pull --creds user:passwd registry.aliyuncs.com/google_containers /pause:3.2# 镜像打tag
镜像标记tag
ctr -n k8s.io i tag registry.xxxxx/pause:3.2 k8s.gcr.io/pause:3.2
或者 强制覆盖
ctr -n k8s.io i tag --force registry.xxxxx/pause:3.2 k8s.gcr.io/pause:3.2# 删除镜像tag
ctr -n k8s.io i rm registry.xxxxx/pause:3.2# 推送镜像
ctr i push --all-platforms --user user:passwd registry.xxxxx/pause:3.2
# 导出/保存镜像ctr -n=k8s.io i export kube-apiserver:v1.28.0.tar xxxxx.com/kube-apiserver:v1.28.0 --all-platformsctr -n=k8s.io i import kube-apiserver:v1.28.0.tar