一、部署k8s单机版¶
为了节省成本,这里我们可以部署一台单机版的k8s
机器配置建议:CUP:2c, 内存:4G, 磁盘:40G
4.1.1 准备工作¶
1、关闭防火墙firewalld、selinux
2、设置主机名
设置/etc/hosts
3、关闭swap
swapoff -a
永久关闭,vi /etc/fstab 注释掉swap那行
4、将桥接的ipv4流量传递到iptables链
modprobe br_netfilter ##生成bridge相关内核参数
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system # 生效
5、时间同步
yum install -y chrony;
systemctl start chronyd;
systemctl enable chronyd
4.1.2 安装containerd¶
1、安装yum-utils工具
yum install -y yum-utils
2、配置Docker官方的yum仓库,如果做过,可以跳过
yum-config-manager \
--add-repo \ https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3、安装containerd
yum install containerd.io -y
4、启动服务
systemctl enable containerd
systemctl start containerd
5、生成默认配置
containerd config default > /etc/containerd/config.toml
6、修改配置
vi /etc/containerd/config.toml
sandbox = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10" # 修改为阿里云镜像地址
SystemdCgroup = true #搜索关键字SystemdCgroup, 默认值是false,改为true,这里不改,后面初始化会报错。
7、配置containerd镜像加速
vi /etc/containerd/config.toml ## 定位到 [plugins.'io.containerd.cri.v1.images'.registry]
下面的config_path改为:
config_path = "/etc/containerd/certs.d"
8、重启containerd服务
systemctl daemon-reload ; systemctl restart containerd
9、创建/etc/containerd/certs.d目录,并在其他设置要代理的镜像地址相关配置信息
docker hub镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://docker.m.daocloud.io"]
capabilities = ["pull", "resolve"]
EOF
# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "https://registry.k8s.io"
[host."https://k8s.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF'
server = "https://gcr.io"
[host."https://gcr.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF'
server = "https://quay.io"
[host."https://quay.m.daocloud.io"]
capabilities = ["pull", "resolve", "push"]
EOF
4.1.3 配置kubernetes仓库,安装1.32版本¶
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.32/rpm/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.32/rpm/repodata/repomd.xml.key
EOF
说明:这个k8s的仓库为1.32,如果想要安装其它版本,需要修改配置文件中的版本号,将1.32改为其它,比如1.34
4.1.4 安装kubeadm和kubelet¶
1、安装kubeadm和kubelet
yum install -y kubelet-1.32.4 kubeadm-1.32.4 kubectl-1.32.4
2、启动kubelet服务
systemctl start kubelet.service
systemctl enable kubelet.service
4.1.5 设置crictl连接 containerd¶
crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock
4.1.6 初始化¶
kubeadm init --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers --apiserver-advertise-address=192.168.222.129 --kubernetes-version=v1.32.4 --service-cidr=10.15.0.0/16 --pod-network-cidr=10.18.0.0/16
4.1.7 创建目录¶
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
获取节点信息:
kubectl get node
kubectl get pod --all-namespaces
4.1.8 安装calico网络¶
wget下载calico的yaml文件:
地址: https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml
下载完后还需要修改⾥⾯定义 Pod ⽹络(CALICO_IPV4POOL_CIDR),与前⾯ kubeadm init 的 --podnetwork-cidr 指定的⼀样
vi calico.yaml
# - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"
# 修改为:
- name: CALICO_IPV4POOL_CIDR
value: "10.18.0.0/16"
修改镜像地址
sed -i 's/docker.io/docker.m.daocloud.io/' calico.yaml
部署
kubectl apply -f calico.yaml
查看
kubectl get pods -n kube-system
4.1.9 解除节点限制¶
kubectl taint nodes --all node-role.kubernetes.io/control-plane-