套件安裝
這裡已安裝 Kubernetes v1.19 為例:
安裝 CRI-O
OS=CentOS_7
VERSION=1.19
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
yum install -y cri-o vim wget bash-completion
systemctl enable crio
systemctl start crio
安裝 containerd
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum install -y containerd.io vim wget bash-completion
containerd config default > /etc/containerd/config.toml
# 修改 /etc/containerd/config.toml
#[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
# SystemdCgroup = true
vim /etc/containerd/config.toml
echo "alias crictl='crictl --runtime-endpoint unix:///run/containerd/containerd.sock'" >> ./.bashrc
systemctl restart containerd
systemctl enable containerd
安裝 kubeadm
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
cat <<EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness=0
EOF
# 這裡是讓 Kubernetes 使用 CRI-O
echo "KUBELET_EXTRA_ARGS=--feature-gates="AllAlpha=false,RunAsGroup=true" --container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' --runtime-request-timeout=5m" > /etc/sysconfig/kubelet
# 這裡是讓 Kubernetes 使用 containerd
echo "KUBELET_EXTRA_ARGS=--feature-gates=AllAlpha=false,RunAsGroup=true --container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///run/containerd/containerd.sock' --runtime-request-timeout=5m" > /etc/sysconfig/kubelet
# 請按下面的設定
vim /usr/lib/systemd/system/kubelet.service
systemctl daemon-reload
systemctl enable --now kubelet
systemctl stop firewalld
systemctl disable firewalld
sysctl --system
最主要是要設定讓 kubelete 在 cri-o 後啟動 /usr/lib/systemd/system/kubelet.service 設定範例:
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/
Wants=network-online.target crio.service containerd.service
After=network-online.target crio.service containerd.service
[Service]
ExecStart=/usr/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
Master
這裡以 calico 網路為例
kubeadm init --pod-network-cidr=10.0.0.0/8
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
echo "source <(kubectl completion bash)" >> /root/.bashrc
kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
wget https://docs.projectcalico.org/manifests/custom-resources.yaml
# 請先修改該檔案內的 cidr: 10.0.0.0/8
kubectl apply -f custom-resources.yaml
Slave
加入節點
kubeadm join 192.168.50.171:6443 --token yourToken \
--discovery-token-ca-cert-hash sha256:yourHash
kubectl label nodes slave1 kubernetes.io/role=worker
kubeadm join 192.168.50.183:6443 --token 89xp94.lb1ntkfmyj1c68ke \
--discovery-token-ca-cert-hash sha256:ab5e754dad6b0a1bfc5d4789ebde0485da491b5b6688ba5cb7be42fe086753a1