RockyLinux9.3部署K8s+ContainerD最新部署

Celia 字数: 6892 阅读耗时: 17 分钟 2024/03/22 2024/03/22 博客独享热度: 6 评论: 0

RockyLinux9.3部署k8s+最新ContainerD方式

软件环境

操作系统：Rocky Linux release 9.3
containerd版本：1.7.14
kubernetes版本：v1.28.2
K8S master 节点IP：10.0.0.1
K8S worker节点IP：172.16.0.1
网络插件：flannel
kube-proxy网络转发： ipvs
kubernetes源：阿里云镜像站
service-cidr：10.96.0.0/16
pod-network-cidr：10.244.0.0/16

环境准备

软件包安装

dnf install -y   dnf-utils  ipvsadm  telnet  wget  net-tools  conntrack  ipset  jq  iptables  curl  sysstat  libseccomp  socat  nfs-utils  fuse

内核参数

systemctl stop firewalld
systemctl disable firewalld

# 永久关闭swap分区交换，kubeadm规定，一定要关闭
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
#关闭selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config #重启后生效
# iptables配置
for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;done
#加载内核模块
cat <<EOF | tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
nf_conntrack
EOF
 
cat <<EOF | tee /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
EOF
#内核预检
modprobe overlay
modprobe br_netfilter
#网桥转发
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 将读取该文件中的参数设置，并将其应用到系统的当前运行状态中
sysctl -p /etc/sysctl.d/k8s.conf
# iptables生效参数
sysctl --system
先重启吧
reboot

Containerd部署

下载

wget https://github.com/containerd/containerd/releases/download/v1.7.14/cri-containerd-1.7.14-linux-amd64.tar.gz

解压

tar xf cri-containerd-1.7.14-linux-amd64.tar.gz -C /

containerd 配置

mkdir -p /etc/containerd/
#生成默认配置
containerd config default > /etc/containerd/config.toml
sed -i '/SystemdCgroup/s/false/true/' /etc/containerd/config.toml
#手动修改
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"

服务配置

cat > /etc/default/kubelet << EOF
# 该参数指定了 kubelet 使用 systemd 作为容器运行时的 cgroup 驱动程序
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF

# 启用并立即启动 containerd 服务
systemctl enable --now containerd.service

# 检查 containerd 服务的当前状态
systemctl status containerd.service

验证

# 用于检查 containerd 的版本
containerd --version

# 用于与 CRI（Container Runtime Interface）兼容的容器运行时交互的命令行工具
crictl --version

# 用于运行符合 OCI（Open Container Initiative）标准的容器
runc --version

crictl info|  grep sandboxImage

crictl info|  grep SystemdCgroup

K8S安装

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum list kubeadm --showduplicates | sort -r

安装
默认安装最新

dnf install kubelet kubeadm kubectl

拉取镜像

kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers

初始化

master上操作

kubeadm config print init-defaults > kubeadm-config.yaml

修改配置文件

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 149.104.23.134 #这样改成master的公网ip
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  imagePullPolicy: IfNotPresent
  name: master  #这样要改成解析的主机名
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers #一定要改
kind: ClusterConfiguration
kubernetesVersion: 1.23.6 #确认版本号
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.244.0.0/16  #方便安装网络插件
scheduler: {}

使用配置文件初始化命令

kubeadm init --config=kubeadm-config.yaml

安装网络插件

kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml