1.27

第一步，购买三台云主机

系统 ubuntu 22.04 64位
配置 2 vCPU 4 GiB
机器名称 master-k8s, node1-k8s, node2-k8s

以下命令没有特殊说明的，三台机器都要执行

第二步，系统准备

• 1.关闭swap分区

# 临时关闭
root@master-k8s:~# swapoff -a
# 永久关闭
root@master-k8s:~# sed -ri 's/.*swap.*/#&/' /etc/fstab

• 2.将网桥的ip4流量转接到iptables

root@master-k8s:~# cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward                 = 1
EOF

# 效果
root@master-k8s:~# cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward                 = 1
# 使生效
root@master-k8s:~# sysctl --system

第三步，安装docker

• 1. 安装docker全家桶

root@master-k8s:~# apt-get update
root@master-k8s:~# apt-get install ca-certificates curl gnupg lsb-release
root@master-k8s:~# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
 echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
root@master-k8s:~# apt-get update
root@master-k8s:~# apt-get install -y docker-ce docker-ce-cli
# 验证docker是否安装成功
root@master-k8s:~# docker run hello-world  
# 输出包含如下内容表示安装成功

Hello from Docker!
This message shows that your installation appears to be working correctly.

• 2. 配置docker镜像加速

root@master-k8s:~# cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
root@master-k8s:~#
root@master-k8s:~# systemctl restart docker

第四步，安装cri-dockerd

• 1. 安装运行时rpc

root@master-k8s:~# wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.3/cri-dockerd-0.3.3.amd64.tgz
root@master-k8s:~# tar xzvf cri-dockerd-0.3.3.amd64.tgz
root@master-k8s:~# cd  cri-dockerd
root@master-k8s:~/cri-dockerd# install -o root -g root -m 0755 cri-dockerd /usr/local/bin/cri-dockerd

• 2. 编辑配置文件

root@master-k8s:~/cri-dockerd# wget https://gitee.com/kjpioo2006/cri-dockerd/raw/master/packaging/systemd/cri-docker.service
root@master-k8s:~/cri-dockerd# wget https://gitee.com/kjpioo2006/cri-dockerd/raw/master/packaging/systemd/cri-docker.socket

cri-docker.service文件修改以下一行

ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9

cri-docker.socket文件保持不变

root@master-k8s:~/cri-dockerd# cp cri-docker.service /etc/systemd/system/cri-docker.service
root@master-k8s:~/cri-dockerd# cp cri-docker.socket /etc/systemd/system/cri-docker.socket

• 3. 启动cri-dockerd

root@master-k8s:~/cri-dockerd# systemctl daemon-reload
root@master-k8s:~/cri-dockerd# systemctl enable cri-docker
root@master-k8s:~/cri-dockerd# systemctl restart cri-docker
root@master-k8s:~/cri-dockerd# systemctl enable cri-docker.service
root@master-k8s:~/cri-dockerd# systemctl enable --now cri-docker.socket
# 检查
root@master-k8s:~/cri-dockerd# systemctl status cri-docker.socket

启动cri-dockerd

第四步，安装Kubernetes

• 1. 配置镜像源

root@master-k8s:~# apt-get update && apt-get install -y apt-transport-https
root@master-k8s:~# curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
root@master-k8s:~# cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
root@master-k8s:~# apt-get update

• 2. 安装

root@master-k8s:~# apt install -y  kubeadm=1.27.1-00 kubelet=1.27.1-00 kubectl=1.27.1-00

第五步，配置集群

• 1. 在master-k8s启动集群

kubeadm config print init-defaults > kubeadm.yaml

修改

advertiseAddress：kubernetes主节点IP
nodeRegistration.criSocket: unix:///var/run/cri-dockerd.sock
nodeRegistration.name: master-k8s
imageRepository: registry.aliyuncs.com/google_containers # 镜像仓库
kubernetesVersion: 1.27.1

• 2. 启动Kubernetes master

root@master-k8s:~# kubeadm init --config ./kubeadm.yaml --ignore-preflight-errors=all

以上命令会生成以下日志

...
Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.30.70.60:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:0ea6acce979e4ad2f02f3d18c689eb19917dbd3bb06779c500cedeecdd60476b

在master-k8s配置命令行

root@master-k8s:~# mkdir -p $HOME/.kube
root@master-k8s:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@master-k8s:~# chown $(id -u):$(id -g) $HOME/.kube/config
root@master-k8s:~# echo 'export KUBECONFIG=$HOME/.kube/config' >> $HOME/.bashrc
root@master-k8s:~# source ~/.bashrc

3. 在node1-k8s和node2-k8s将从节点加入集群

root@node1-k8s:~# kubeadm join 172.30.70.60:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:0ea6acce979e4ad2f02f3d18c689eb19917dbd3bb06779c500cedeecdd60476b \
    --cri-socket unix:///var/run/cri-dockerd.sock

第六步，配置网络CNI

回到master-k8s，执行如下检查

root@master-k8s:~# kubectl get nodes
NAME         STATUS     ROLES                  AGE     VERSION
master-k8s   NotReady   control-plane,master   8m51s   v1.27.1
node1-k8s    NotReady   <none>                 87s     v1.27.1
node2-k8s    NotReady   <none>                 82s     v1.27.1

因为集群还需要安装网络cni，此处选择安装calico

root@master-k8s:~# curl https://raw.githubusercontent.com/projectcalico/calico/v3.25.1/manifests/calico-etcd.yaml -o calico.yaml
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 21088  100 21088    0     0  27756      0 --:--:-- --:--:-- --:--:-- 27747
root@master-k8s:~#
root@master-k8s:~# kubectl apply -f calico.yaml

马上执行以下命令

root@master-k8s:~# kubectl get pods -n kube-system
NAME                                     READY   STATUS     RESTARTS   AGE
calico-kube-controllers-c4d664d7-58zg7   0/1     Pending    0          32s
calico-node-fz485                        0/1     Init:0/2   0          32s
calico-node-hzrb6                        0/1     Init:0/2   0          32s
calico-node-wv7nk                        0/1     Init:0/2   0          32s
coredns-7bdc4cb885-vx29q                 0/1     Pending    0          3m33s
coredns-7bdc4cb885-zrsws                 0/1     Pending    0          3m33s
etcd-master-k8s                          1/1     Running    0          3m37s
kube-apiserver-master-k8s                1/1     Running    0          3m40s
kube-controller-manager-master-k8s       1/1     Running    0          3m37s
kube-proxy-nwpvg                         1/1     Running    0          3m33s
kube-proxy-rwm44                         1/1     Running    0          97s
kube-proxy-rz7x2                         1/1     Running    0          104s
kube-scheduler-master-k8s                1/1     Running    0          3m37s

可以发现calico-node-*还是Init:0/2状态，等一段时间，比如20秒，再次执行以上命令

root@master-k8s:~# kubectl get pods -n kube-system
NAME                                      READY   STATUS    RESTARTS   AGE
calico-kube-controllers-6b77fff45-fp2cj   1/1     Running   0          2m59s
calico-node-9tf5w                         1/1     Running   0          2m59s
calico-node-dx5bq                         1/1     Running   0          2m59s
calico-node-x78f8                         1/1     Running   0          2m59s
coredns-6d8c4cb4d-6wpt2                   1/1     Running   0          14m
coredns-6d8c4cb4d-dvqvj                   1/1     Running   0          14m
etcd-master-k8s                           1/1     Running   0          14m
kube-apiserver-master-k8s                 1/1     Running   0          14m
kube-controller-manager-master-k8s        1/1     Running   0          14m
kube-proxy-87tbj                          1/1     Running   0          7m8s
kube-proxy-9w9lv                          1/1     Running   0          7m13s
kube-proxy-s2j4f                          1/1     Running   0          14m
kube-scheduler-master-k8s                 1/1     Running   0          14m

现在已经是Running状态了，使用kubectl get nodes查看节点状态，现在已经都是Ready状态了

root@master-k8s:~# kubectl get nodes
NAME         STATUS   ROLES                  AGE     VERSION
master-k8s   Ready    control-plane,master   15m     v1.27.1
node1-k8s    Ready    <none>                 7m44s   v1.27.1
node2-k8s    Ready    <none>                 7m39s   v1.27.1

第六步，创建一个简单的pod

root@master-k8s:~#  kubectl run test --image=httpd --port=80
pod/test created
root@master-k8s:~#
root@master-k8s:~#
root@master-k8s:~# kubectl get pods -n default
NAME   READY   STATUS              RESTARTS   AGE
test   0/1     ContainerCreating   0          6s

使用manifest文件创建pod

root@master-k8s:~# cat test-nginx.yaml
apiVersion: v1
kind: Pod
metadata:
  name: test-nginx
spec:
  containers:
  - name: nginx-test01
    image: nginx:1.12
    ports:
    - name: http
      containerPort: 80
      protocol: TCP
      hostPort: 33333

root@master-k8s:~# kubectl apply -f test-nginx.yaml
root@master-k8s:~# kubectl get pods -n default
NAME         READY   STATUS              RESTARTS   AGE
test         0/1     ContainerCreating   0          98s
test-nginx   0/1     ContainerCreating   0          3s

至此，一个最新版1.27.1的k8s集群部署完毕

总结

• 1. 安装cri-dockerd时的配置文件一定要仔细检查

ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9

执行文件路径不对直接启动失败时，可以通过systemctl status cri-docker.socket核查
基础镜像位置改为阿里云的的要不然直接卡死

• 2. kubeadm.yaml的修改项一定要搞对
• 3. kubeadm init --config ./kubeadm.yaml一定要加上 --ignore-preflight-errors=all
• 4. kubeadm join时一定要指定cri-socket因为docker不再是默认的运行时