内容目录
1. 安装VirtualBox虚拟机
下载地址:
2. 下载Ubuntu 23 ISO
下载地址:Ubuntu 23
3. 创建虚拟机
菜单栏: Machine-> New,如下图所示:
设置网络:
安装Ubuntu 23操作系统
3.1 启动虚拟机开始安装操作系统
3.2 选择Ubuntu Server
3.3 两张网卡信息:
3.4 设置主机及账号信息
3.5 安装OpenSSH Server
3.6 开始安装
3.7 安装完成
4. 安装K8s
4.1 配置containerd运行环境
创建/etc/modules-load.d/containerd.conf配置文件,确保在系统启动时自动加载所需的内核模块,以满足容器运行时的要求:
cat << EOF > /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
配置生效
modprobe overlay
modprobe br_netfilter
4.2 创建/etc/sysctl.d/99-kubernetes-cri.conf
cat << EOF > /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
user.max_user_namespaces=28633
EOF
配置生效
sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf
4.3 开启ipvs
cat > /etc/modules-load.d/ipvs.conf <<EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
EOF
配置生效
modprobe ip_vs
modprobe ip_vs_rr
modprobe ip_vs_wrr
modprobe ip_vs_sh
安装ipvsadm
apt install -y ipset ipvsadm
4.5 安装containerd
wget https://github.com/containerd/containerd/releases/download/v1.7.3/containerd-1.7.3-linux-amd64.tar.gz
解压缩
tar Cxzvf /usr/local containerd-1.7.3-linux-amd64.tar.gz
4.6 安装runc:
wget https://github.com/opencontainers/runc/releases/download/v1.1.9/runc.amd64
install -m 755 runc.amd64 /usr/local/sbin/runc
4.7 生成containerd配置
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
配置containerd使用systemd作为容器cgroup driver
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
国内墙可修改
[plugins."io.containerd.grpc.v1.cri"]
...
# sandbox_image = "registry.k8s.io/pause:3.8"
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"
4.8 下载containerd.service
链接:https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
cat << EOF > /etc/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
#uncomment to enable the experimental sbservice (sandboxed) version of containerd/cri integration
#Environment="ENABLE_CRI_SANDBOXES=sandboxed"
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
4.9 配置Containerd开机启动
systemctl daemon-reload
systemctl enable containerd --now
systemctl status containerd
4.10 安装Crictl
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.28.0/crictl-v1.28.0-linux-amd64.tar.gz
tar -zxvf crictl-v1.28.0-linux-amd64.tar.gz
install -m 755 crictl /usr/local/bin/crictl
测试Crictl
crictl --runtime-endpoint=unix:///run/containerd/containerd.sock version
Version: 0.1.0
RuntimeName: containerd
RuntimeVersion: v1.7.3
RuntimeApiVersion: v1
4.11 更新apt仓库
sudo apt-get update
# apt-transport-https may be a dummy package; if so, you can skip that package
sudo apt-get install -y apt-transport-https ca-certificates curl
4.12 下载k8s包仓库公钥
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
4.13 添加k8s apt 仓库
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
4.14 安装kubelet, kubeadm和kubelet
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
4.15 关闭系统swap
swapoff -a
永久关闭
vim /etc/fstab
开机启动kubelet
systemctl enable kubelet
5. 初始化K8s集群
kubeadm init --apiserver-advertise-address=your_host-only-ip --pod-network-cidr=10.244.0.0/16
初始化完成后
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
6. 安装Helm
wget https://get.helm.sh/helm-v3.12.3-linux-amd64.tar.gz
tar -zxvf helm-v3.12.3-linux-amd64.tar.gz
install -m 755 linux-amd64/helm /usr/local/bin/helm
7. 安装k8s网络插件
下载tigera-operator
wget https://github.com/projectcalico/calico/releases/download/v3.26.1/tigera-operator-v3.26.1.tgz
查看chart中可定制的配置
helm show values tigera-operator-v3.26.1.tgz
做点简单配置定制,保存为vlaues.yaml
apiServer:
enabled: false
installation:
kubeletVolumePluginPath: None
Heml安装colico
helm install calico tigera-operator-v3.26.1.tgz -n kube-system --create-namespace -f values.yaml
等待Pod处于Running
kubectl get pod -n kube-system | grep tigera-operator
安装kubectl插件
cd /usr/local/bin
curl -o kubectl-calico -O -L "https://github.com/projectcalico/calicoctl/releases/download/v3.21.5/calicoctl-linux-amd64"
chmod +x kubectl-calico
验证是否正常工作
kubectl calico -h
8. 测试
8.1 验证k8s DNS
kubectl run curl --image=radial/busyboxplus:curl -it
nslookup kubernetes.default
8.2 发布一个nginx
命令
kubectl apply -f nginx.yaml
yaml文件如下:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
annotations:
change-cause: "Rollout test"
spec:
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
selector:
matchLabels:
app: nginx
replicas: 1
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
resources:
requests:
cpu: 200m
limits:
cpu: 500m
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: NodePort
selector:
app: nginx
ports:
- protocol: TCP
port: 40000
targetPort: 80
nodePort: 32000
9. FAQ
- Nameserver limits exceeded" err="Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 10.22.16.2 10.22.16.254 10.245.0.10"
/run/systemd/resolve/resolv.conf
# 注释掉几个ip
- Master节点作为Node
kubectl taint node k8s-master node-role.kubernetes.io/master:NoSchedule-
- 忘记join集群命令
kubeadm token create --print-join-command
- 部署curl测试
kubectl run curl --image=radial/busyboxplus:curl -it
- kubelet日志查看
journal -xeu kubelet
journal -xeu kubelet > kubelet.log
- kubeadm初始化有问题可以尝试reset后重新初始化
kubeadm reset