K8S集群创建(ubuntu20.04)
clear
# 安装环境: - 安装脚本:基于Ubuntu20.04环境root运行 [SetupK8sCluster.sh](https://www.wangyanhan.com.cn/download/SetupK8sCluster.sh "SetupK8sCluster.sh") - CKA认证考试环境基于ubuntu20.04进行,基于此系统架设k8s集群配置,先安装Ubuntu20.04x64位系统,最小安装即可,如果是在VMware-Workstation上安装可以使用NAT模式,在VM菜单的编辑中选择虚拟网络编辑器,选中VMnet8,点击NAT设置,可以看见网关配置。 - apt update时有时会报:`The following signatures couldn't be verified because the public key is not available: NO_PUBKEY FEEA9169307EA071 NO_PUBKEY 8B57C5C2836F4BEB`需要导入公钥即可 ```shell apt-key adv --keyserver keyserver.ubuntu.com --recv-keys FEEA9169307EA071 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B57C5C2836F4BEB ``` - apt update还会报:`dpkg: error processing package linux-image-5.4.0-104-generic (--configure):`因为linux-image-3.19.0-66-generic这一系列包的安装或配置可能存在问题,导致dpkg不能正常工作,直接结果是apt-get update, apt-get install等都不能正常使用。解决方案: ```shell cd /var/lib/dpkg/ mv info info_bak && mkdir info apt-get update && apt-get -f install mv info/* info_bak/ && rm -rf info && mv info_bak info ``` - Ubuntu默认不允许ROOT登录,且如果使用SecurityCRT连接默认会报错;所以安装完系统后用创建的用户登录,执行 sudo -s -H 切换进ROOT用户,编辑/etc/ssh/sshd.conf ```shell PermitRootLogin yes PasswordAuthentication yes UseDNS no KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 ``` - 关闭Swap ```shell swapoff -a echo 0 > /proc/sys/vm/swappiness #编辑 /etc/fstab 删除其中的swap参数 apt update -y && apt upgrade -y && apt install -yqq wget curl #更新源 ``` - 开启iptables桥接 ```shell modprobe br_netfilter cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sudo sysctl --system ``` # 安装nerdctl - 寻找带有FULL的版本,案例为0.17.1版本,nerdctl和docker命令基本一样,不习惯可以做 alias docker=nerdctl ```shell cd /usr/local/src wget https://ghproxy.com/https://github.com/containerd/nerdctl/releases/download/v0.17.1/nerdctl-full-0.17.1-linux-amd64.tar.gz tar Cxzvvf /usr/local nerdctl-full-0.17.1-linux-amd64.tar.gz #生成配置文件 mkdir -p /etc/containerd containerd config default > /etc/containerd/config.toml nerdctl --version ``` - 修改配置文件连接国内镜像站点 ```shell vim /etc/containerd/config.toml ##编辑内容## sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.6" SystemdCgroup = true ``` - 启动和开启containerd ```shell systemctl enable --now containerd #验证 containerd --version ``` - 添加补齐命令功能 ```shell mkdir -p /etc/bash_completion.d nerdctl completion bash > /etc/bash_completion.d/nerdctl source /etc/bash_completion.d/nerdctl ``` # 安装集群 - 安装Kubelet,Kubeadm,Kubectl及相关组件 ```shell apt-get update && apt-get install -y apt-transport-https curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF apt-get update && apt-get install -y kubelet kubeadm kubectl ``` - Crictl集成Containerd: crictl 是 CRI 兼容的容器运行时命令行接口。 你可以使用它来检查和调试 Kubernetes 节点上的容器运行时和应用程序。 crictl 和它的源代码在 cri-tools 代码库(https://github.com/kubernetes-sigs/cri-tools) ```shell crictl config runtime-endpoint unix:///run/containerd/containerd.sock crictl images #命令不报错即集成成功 ``` 修改crictl配置文件: ```shell vi /etc/crictl.yaml # runtime-endpoint: "unix:///run/containerd/containerd.sock" image-endpoint: "" timeout: 0 debug: false pull-image-on-create: false #此处可以设置为true来减少网络流量和提升创建速度 disable-pull-on-run: false # ``` - 修改kubeadm配置文件: ```shell #创建kubeadm配置文件模板 kubeadm config print init-defaults > kubeadm.yaml #修改kubeadm配置文件 vim kubeadm.yaml ## apiVersion: kubeadm.k8s.io/v1beta3 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 172.27.18.17 #本机内网IP地址 bindPort: 6443 nodeRegistration: criSocket: /run/containerd/containerd.sock #选择使用containerd容器引擎 imagePullPolicy: IfNotPresent name: cka-sim-master #修改master的集群名,需要在hosts中指定 taints: null --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta3 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: {} etcd: local: dataDir: /var/lib/etcd imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers #修改下载镜像源 kind: ClusterConfiguration kubernetesVersion: 1.23.0 networking: dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12 scheduler: {} ## ``` - 创建集群(master) ```shell kubeadm init --config kubeadm.yaml #如果创建失败,可以用 kubeadm reset 重新创建 ``` - 设置环境变量 ```shell mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config #export添加至/etc/profile后source加载 export KUBECONFIG=/etc/kubernetes/admin.conf ``` - 安装网络插件 ```shell wget https://docs.projectcalico.org/manifests/calico.yaml kubectl apply -f calico.yaml ``` - 验证集群安装是否成功 ```shell kubectl get nodes #显示Ready即完成集群安装,多刷几次,安装好calico后有延迟才Ready ``` - 添加kubectl命令补全 ```shell apt install bash-completion source /usr/share/bash-completion/bash_completion source <(kubectl completion bash) ``` 测试没问题后添加进变量文件 /root/.bashrc
~ END ~