本目录记录手动安装 Kubernetes 的基本过程.
请填充内容
手动安装 Kubernetes
记录如何安装 单主节点及高可用(HA)Kubernetes集群
- 1: 节点环境准备
- 2: 安装容器运行时 - Containerd
- 3: Kubeadm 引导集群
- 4: 高可用集群
- 5: 常用下载镜像
1 - 节点环境准备
防火墙规则(TCP 入站)
控制面节点 (Master Nodes)
2379-2380,6443,10250,10251,10252
工作节点 (Worker Nodes)
10250,30000-32767
禁用交换分区 | 桥接流量
swapoff -a
sed -i.bak -r 's/(.+ swap .+)/#\1/' /etc/fstabcat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用 sysctl 参数而不重新启动
sudo sysctl --system2 - 安装容器运行时 - Containerd
方法一:从二进制安装包安装
安装 runc 和 cni 插件
从 Github 下载 Release 安装包
安装 runc
sudo install runc.amd64 /usr/local/sbin/runc安装 cni 插件
$ mkdir -p /opt/cni/bin
$ tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz
./
./macvlan
./static
./vlan
./portmap
./host-local
./vrf
./bridge
./tuning
./firewall
./host-device
./sbr
./loopback
./dhcp
./ptp
./ipvlan
./bandwidth安装 Containerd
$ tar Cxzvf /usr/local containerd-1.6.2-linux-amd64.tar.gz
bin/
bin/containerd-shim-runc-v2
bin/containerd-shim
bin/ctr
bin/containerd-shim-runc-v1
bin/containerd
bin/containerd-stress创建 config.toml 配置文件
containerd config default > /etc/containerd/config.toml配置 systemd cgroup 驱动
结合 runc 使用 systemd cgroup 驱动,在 /etc/containerd/config.toml 中设置:
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true配置 Systemd
下载 https://raw.githubusercontent.com/containerd/containerd/main/containerd.service 到 /usr/local/lib/systemd/system/containerd.service
systemctl daemon-reload
systemctl enable --now containerd方法二:从 APT 源安装
# 安装依赖
apt-get update
apt-get install ca-certificates curl gnupg
# 信任 Docker 的 GPG 公钥并添加仓库:
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/debian \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
# 安装
apt-get update
apt-get install containerd.io3 - Kubeadm 引导集群
初始化控制面节点
kubeadm init
安装网络插件
网络插件列表
kubectl apply -f https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s.yaml4 - 高可用集群
kube-apiserver 创建负载均衡器
针对非云环境,使用软件负载平衡选项,这里以 haproxy 为例子
在负载平衡机器节点安装 haproxy
# 配置安装源
curl https://haproxy.debian.net/bernat.debian.org.gpg \
| gpg --dearmor > /usr/share/keyrings/haproxy.debian.net.gpg
echo deb "[signed-by=/usr/share/keyrings/haproxy.debian.net.gpg]" \
http://haproxy.debian.net bullseye-backports-2.4 main \
> /etc/apt/sources.list.d/haproxy.list
# 安装
apt-get update
apt-get install haproxy=2.4.\*创建 haproxy 配置文件
# Global settings
#---------------------------------------------------------------------
global
log /dev/log local0
log /dev/log local1 notice
daemon
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 1
timeout http-request 10s
timeout queue 20s
timeout connect 5s
timeout client 20s
timeout server 20s
timeout http-keep-alive 10s
timeout check 10s
#---------------------------------------------------------------------
# apiserver frontend which proxys to the control plane nodes
#---------------------------------------------------------------------
frontend apiserver
bind *:8443
mode tcp
option tcplog
default_backend apiserverbackend
#---------------------------------------------------------------------
# round robin balancing for apiserver
#---------------------------------------------------------------------
backend apiserverbackend
option httpchk GET /healthz
http-check expect status 200
mode tcp
option ssl-hello-chk
balance roundrobin
server k8s-api1 10.206.0.13:6443 check
server k8s-api2 10.206.0.14:6443 check
server k8s-api3 10.206.0.15:6443 check- 参考 【软件负载平衡选项指南】
重启 haproxy
systemctl restart haproxy
运行结果如下
5 - 常用下载镜像
| 组件 | 地址 |
|---|---|
| Kubernetes | https://mirrors.tuna.tsinghua.edu.cn/kubernetes/ |
| Kubernetes | https://mirrors.ustc.edu.cn/kubernetes/ |
| Kubernetes二进制 | https://www.downloadkubernetes.com/ |
kubernetes APT 源配置
apt-get update && \
apt-get install -y apt-transport-https ca-certificates curl && \
curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpg && \
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/apt kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list && \
apt-get updateapt-get update && \
apt-get install -y apt-transport-https ca-certificates curl && \
curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpg && \
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list && \
apt-get update常用脚本
kubeadm reset
sudo apt-get purge kubeadm kubectl kubelet kubernetes-cni kube*
sudo apt-get autoremove
sudo rm -rf ~/.kubeapt-mark unhold kubeadm kubelet kubectl && \
apt-get update && apt-get install -y kubeadm=1.27.6-00 kubelet=1.27.6-00 kubectl=1.27.6-00 && \
apt-mark hold kubelet kubectl