容器相关
非root用户Docker与K8S
Containerd安装
Containerd常用命令
Docker
镜像创建
国内镜像仓库
容器创建(Dockerfile)
容器系统
docker配置
docker数据管理
docker网络管理
docker容器自启动
docker镜像加速
docker问题
搭建Portainer可视化界面
Docker Swarm
Swarm搭建Docker集群
Docker Compose
Docker Compose命令
Docker Compose模板
Docker Machine
Kubernetes常用命令
k8s部署(kubeadmin)
k8s高可用部署
MiniKube
k8s1.24部署(containerd)
k8s1.24部署(docker)
部署 Dashboard
Kuboard K8S管理台
k8s权限管理
k8s网络插件
私有仓密码镜像拉取
k8s集群管理
POD--基本单位
Pod模板
Pod生命周期
Pod健康检查
初始化容器(initContainer)
Deployment--Pod的管理
Deployment模板
Deployment升级与回滚
DaemonSet控制器
StatefulSet控制器(有状态)
JOB与CRONJOB
Service--发布服务
ingress-traefix
ingress-nginx
MetalLB
存储与配置
持久存储卷
配置存储卷
资源管理
标签、选择器与注解
资源预留
调度管理
自动扩容
Proxy API与API Server
Helm--K8S的包管理器
helm常用命令
自定义Chart
私有chart仓库
helm dashboard
K8S证书过期
K8S问题解决
Harbor安装
Harbor操作
Harbor问题
Harbor升级
Docker Registry安装
Docker Registry鉴权
Registry用Nginx代理SSL及鉴权
Docker Registry问题
Istio 服务网络
常用示例
Gateway【服务网关】
kiali 可视化页面
开启HTTPS
linkerd 服务网络
本文档使用MrDoc发布
返回首页
-
+
k8s1.24部署(docker)
2023年11月10日 17:49
admin
#资料 #Centos kubeadm 部署 kubernetes 1.24.0 (单节点)(containerd & cri-docker 做 container runtime) https://blog.csdn.net/qq_41896122/article/details/124937475 #改动 ####Kubernetes 正式移除对 Dockershim 的支持,讨论很久的 “弃用 Dockershim” 也终于在这个版本画上了句号。 --- ####1.24版本前对比1.24版本后(含)  --- #系统环境 ##1、升级内核5.4 ####1)安装ELRepo软件仓库的yum源并安装内核 安装yum源: rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm 安装内核: yum --enablerepo=elrepo-kernel install -y kernel-lt --- ####2)查看是否安装成功 awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg 0 : CentOS Linux (5.4.249-1.el7.elrepo.x86_64) 7 (Core) 1 : CentOS Linux (3.10.0-862.el7.x86_64) 7 (Core) 2 : CentOS Linux (0-rescue-a79544e75afc4d968b08fdfcc4623c6d) 7 (Core) --- ####3)设置开机从新内核启动并查看 grub2-set-default 0 reboot uname -r #5.4.249-1.el7.elrepo.x86_64 --- #Docker安装 ##[Docker安装](http://baodoc.frp.bao-server.club:22080/project/35/173/ "Docker安装") --- #安装cri-dockerd #cri-dockerd Releases 按照Redeme安装 https://github.com/Mirantis/cri-dockerd ####安装 golang yum install golang ####安装 git yum install git ####安装 cri-docker --- ####注意:也可直接将编译好的cri-dockerd放到/usr/local/bin/cri-dockerd --- git clone https://github.com/Mirantis/cri-dockerd.git cd cri-dockerd mkdir bin go build -o bin/cri-dockerd mkdir -p /usr/local/bin install -o root -g root -m 0755 bin/cri-dockerd /usr/local/bin/cri-dockerd ####更改 packaging/systemd 目录下 cri-docker.service 和 cri-docker.socket 文件【文件内容见下面】 ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// 改为: ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 ListenStream 的值 改为: ListenStream=/var/run/cri-dockerd.sock --- cp -a packaging/systemd/* /etc/systemd/system sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service systemctl daemon-reload systemctl enable docker systemctl restart docker systemctl enable cri-docker.service systemctl enable cri-docker.socket systemctl restart cri-docker.service systemctl restart cri-docker.socket crictl config runtime-endpoint unix:///run/cri-dockerd.sock crictl config image-endpoint unix:///run/cri-dockerd.sock --- ####cri-docker.service [Unit] Description=CRI Interface for Docker Application Container Engine Documentation=https://docs.mirantis.com After=network-online.target firewalld.service docker.service Wants=network-online.target Requires=cri-docker.socket [Service] Type=notify #ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint fd:// ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.8 ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity Delegate=yes KillMode=process [Install] WantedBy=multi-user.target --- ####cri-docker.socket [Unit] Description=CRI Docker Socket for the API PartOf=cri-docker.service [Socket] #ListenStream=%t/cri-dockerd.sock ListenStream=/var/run/cri-dockerd.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target --- #K8S安装 ##添加阿里云YUM源 cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg EOF yum clean all yum makecache fast --- ##安装kubectl、kubelet、kubeadm --- ##Master节点执行 yum install kubectl-1.24.1 kubelet-1.24.1 kubeadm-1.24.1 -y --- ##Node节点执行 yum install kubeadm-1.24.1 kubelet-1.24.1 -y --- ####为了实现docker使用的cgroupdriver与kubelet使用的cgroup的一致性,建议修改如下文件内容。 vim /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--cgroup-driver=systemd" --- ####设置kubelet为开机自启动即可,由于没有生成配置文件,集群初始化后自动启动 systemctl enable kubelet --- ##查看k8s版本镜像 kubeadm config images list --kubernetes-version=v1.24.1 --image-repository registry.aliyuncs.com/google_containers --- ##拉取k8s版本镜像 kubeadm config images pull --kubernetes-version=v1.24.1 --image-repository registry.aliyuncs.com/google_containers --cri-socket=unix:///var/run/cri-dockerd.sock --- ##初始化系统参数 systemctl stop firewalld && systemctl disable firewalld setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config swapoff -a && sed -i.bak '/swap/s/^/#/' /etc/fstab modprobe br_netfilter echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables echo 1 > /proc/sys/net/ipv4/ip_forward ##使用kubeadm init 进行集群的初始化,并将node加入集群 ####1)在Master节点common1执行集群初始化操作 #简化: kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.24.1 --pod-network-cidr=10.244.0.0/16 --cri-socket=unix:///var/run/cri-dockerd.sock #指定CRI --------------------------------------------------------- kubeadm init --apiserver-advertise-address=192.168.110.93 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.24.1 --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16 --cri-socket=unix:///var/run/cri-dockerd.sock #指定CRI --- ####配置访问 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config export KUBECONFIG=/etc/kubernetes/admin.conf --- ####2)加入集群用请在node1、2节点上执行如下命令 kubeadm join 172.16.2.91:6443 --token w483ne.gutiagazrrw3hh5s \ --discovery-token-ca-cert-hash sha256:c8ce0b8373e70876e6e4f7947a22ddb39b8913396e273e4b965fc643e0fbe604 --cri-socket=unix:///var/run/cri-dockerd.sock  ####如果忘记了加入集群的token可使用如下命令查询: kubeadm token create --print-join-command --- ####3)安装网络插件 ##[网络插件](http://baodoc.frp.bao-server.club:22080/project/35/593/ "安装网络插件")
分享到: