作者设置:由于当前各个常用镜像站无法正常代理下载镜像,这篇实验中所用到的镜像建议先从网络下载获取再导入到私仓使用,
或私信后台回复:9521 获取~ ~
另外这份实验材料总结下来出奇的字数多,提示超出字数,所以这篇分为了3章来发布
目录描述
- Kubernetes高可用集群部署架构要求说明
- Kubeadm部署Kubernetes v1.25.0高可用集群(一部分)
- Kubeadm部署Kubernetes v1.25.0高可用集群(二部分)
- Kubeadm部署Kubernetes v1.25.0高可用集群(完结)
3. 所有主机安装Docker并修改配置
配置 cgroup 驱动程序,容器运行时和 kubelet 都具有名字为 "cgroup driver" 的属性,该属性对于在Linux 机器上管理 CGroups 而言非常重要。
警告:你需要确保容器运行时和 kubelet 所使用的是相同的 cgroup 驱动,否则 kubelet 进程会失败。
#Ubuntu20.04可以利用内置仓库安装docker root@master1ha1:~# apt update root@master1ha1:~# apt -y install docker.io #自Kubernetes v1.22版本开始,未明确设置kubelet的cgroup driver时,则默认即会将其设置为systemd。所有主机修改加速和cgroupdriver root@master1ha1:~# cat > /etc/docker/daemon.json <<EOF { "registry-mirrors": [ "https://docker.mirrors.ustc.edu.cn", "https://hub-mirror.c.163.com", "https://reg-mirror.qiniu.com", "https://registry.docker-cn.com" ], "exec-opts": ["native.cgroupdriver=systemd"] } EOF root@master1ha1:~# systemctl restart docker.service root@master1ha1:~# systemctl status docker.service #这里注意!!前面daemon.json是在101节点操作,这里同步给其他节点 for i in {102..105};do scp /etc/docker/daemon.json 192.168.157.$i:/etc/docker/ ;done systemctl restart docker.service systemctl status docker.service #验证修改是否成功 root@master1ha1:~# docker info |grep Cgroup Cgroup Driver: systemd Cgroup Version: 1
4. 所有主机安装kubeadm、kubelet和kubectl
通过国内镜像站点Ali云安装的参考链接:
https://developer.aliyun.com/mirror/kubernetes
#Ubuntu安装配置 #在101节点上操作,然后同步给其他节点 apt-get update && apt-get install -y apt-transport-https curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - cat <<EOF >/etc/apt/sources.list.d/kubernetes.list deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF for i in {102..105};do scp /etc/apt/sources.list.d/kubernetes.list 192.168.157.$i:/etc/apt/sources.list.d/;done #所有节点 apt-get update #查看kubelet kubeadm kubectl的版本 apt list -a kubeadm kubelet kubectl |grep 1.25.0-00 #安装指定版本 apt-get install -y kubeadm=1.25.0-00 kubelet=1.25.0-00 kubectl=1.25.0-00 #安装最新版本(仅参考,本次是1.25.0) apt-get install -y kubelet kubeadm kubectl
5. 所有主机安装 cri-dockerd
Kubernetes自v1.24移除了对docker-shim的支持,而Docker Engine默认又不支持CRI规范,因而二者将无法直接完成整合。为此,Mirantis和Docker联合创建了cri-dockerd项目,用于为Docker Engine提供一个能够支持到CRI规范的垫片,从而能够让Kubernetes基于CRI控制Docker 。
项目地址:https://github.com/Mirantis/cri-dockerd
cri-dockerd项目提供了预制的二制格式的程序包,用户按需下载相应的系统和对应平台的版本即可完成安装,这里以Ubuntu 20.04 64bits系统环境,以及cri-dockerd程序版本v0.3.0.3为例(经测试v0.3.0及之前如v0.2.6安装后会有集群初始化失败等不兼容问题)。
#这步很关键,下载完成后,在当前目录看下有没有安装包,因为下面的操作没包也能执行,但到最后才会报错 curl -LO https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.0/cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb dpkg -i cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb #卸载已安装的cri-dockerd(提示,不执行) dpkg -P cri-dockerd root@master1ha1:~# for i in {102..105};do scp cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb 192.168.157.$i: ; ssh 192.168.157.$i "dpkg -i cri-dockerd_0.3.0.3-0-0.ubuntu-focal_amd64.deb";done #完成安装后,相应的服务cri-dockerd.service便会自动启动。
6. 所有主机配置 cri-dockerd
众所周知的原因,从国内 cri-dockerd 服务无法下载 k8s.gcr.io上面相关镜像,导致无法启动,所以需要修改cri-dockerd 使用国内镜像源
#从国内 cri-dockerd 服务无法下载 k8s.gcr.io上面相关镜像,导致无法启动,所以需要修改cri-dockerd 使用国内镜像源。修改配置文件,设置国内镜像源 sed -ri 's@^(.*fd://).*$@\1 --pod-infra-container-image registry.aliyuncs.com/google_containers/pause:3.7@' /lib/systemd/system/cri-docker.service #重启 systemctl daemon-reload && systemctl restart cri-docker #同步至所有节点 root@master1ha1:~# for i in {102..105};do scp /lib/systemd/system/cri-docker.service 192.168.157.$i:/lib/systemd/system/cri-docker.service; ssh 192.168.157.$i "systemctl daemon-reload && systemctl restart cri-docker.service";done
如果不配置,会出现下面日志提示:
Aug 21 01:35:17 ubuntu2004 kubelet[6791]: E0821 01:35:17.999712 6791 remote_runtime.go:212] "RunPodSandbox from runtime service f ailed" err="rpc error: code = Unknown desc = failed pulling image \"k8s.gcr.io/pause:3.6\": Error response from daemon: Get \"https: //k8s.gcr.io/v2/\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
7. 提前准备Kubernetes初始化所需镜像(可选)
#Kubernetes-v1.25.0下载镜像地址调整为 registry.k8s.io,但仍然无法从国内直接访问 root@master1ha1:~# kubeadm config images list I0619 09:53:53.568739 35332 version.go:256] remote version is much newer: v1.30.2; falling back to: stable-1.25 registry.k8s.io/kube-apiserver:v1.25.16 registry.k8s.io/kube-controller-manager:v1.25.16 registry.k8s.io/kube-scheduler:v1.25.16 registry.k8s.io/kube-proxy:v1.25.16 registry.k8s.io/pause:3.8 registry.k8s.io/etcd:3.5.4-0 registry.k8s.io/coredns/coredns:v1.9.3 #查看国内镜像 root@master1ha1:~# kubeadm config images list --image-repository registry.aliyuncs.com/google_containers I0619 10:33:41.435990 41065 version.go:256] remote version is much newer: v1.30.2; falling back to: stable-1.25 registry.aliyuncs.com/google_containers/kube-apiserver:v1.25.16 registry.aliyuncs.com/google_containers/kube-controller-manager:v1.25.16 registry.aliyuncs.com/google_containers/kube-scheduler:v1.25.16 registry.aliyuncs.com/google_containers/kube-proxy:v1.25.16 registry.aliyuncs.com/google_containers/pause:3.8 registry.aliyuncs.com/google_containers/etcd:3.5.4-0 registry.aliyuncs.com/google_containers/coredns:v1.9.3 获取镜像方法一: #从国内镜像站拉取镜像,1.24以上还需要指定--cri-socket路径 root@master1ha1:~# kubeadm config images pull --kubernetes-version=v1.25.0 --image-repository registry.aliyuncs.com/google_containers --cri-socket unix:///run/cri-dockerd.sock [config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.25.0 [config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.25.0 [config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.25.0 [config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.25.0 [config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.8 [config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.5.4-0 [config/images] Pulled registry.aliyuncs.com/google_containers/coredns:v1.9.3
获取镜像方法二: #用的docker pull到本地 docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.25.0 docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.25.0 docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.25.0 docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.25.0 docker pull registry.aliyuncs.com/google_containers/pause:3.8 docker pull registry.aliyuncs.com/google_containers/etcd:3.5.4-0 docker pull registry.aliyuncs.com/google_containers/coredns:v1.9.3 root@master1ha1:~# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/kube-apiserver v1.25.0 4d2edfd10d3e 22 months ago 128MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.25.0 1a54c86c03a6 22 months ago 117MB registry.aliyuncs.com/google_containers/kube-scheduler v1.25.0 bef2cf311509 22 months ago 50.6MB registry.aliyuncs.com/google_containers/kube-proxy v1.25.0 58a9a0c6d96f 22 months ago 61.7MB registry.aliyuncs.com/google_containers/pause 3.8 4873874c08ef 2 years ago 711kB registry.aliyuncs.com/google_containers/etcd 3.5.4-0 a8a176a5d5d6 2 years ago 300MB registry.aliyuncs.com/google_containers/coredns v1.9.3 5185b96f0bec 2 years ago 48.8MB #导出镜像,打tar包,传给其他节点实现加速,有时候下载太慢了 root@master1ha1:~# docker image save `docker image ls --format "{{.Repository}}:{{.Tag}}"` -o k8s-images-v1.25.0.tar root@master1ha1:~# gzip k8s-images-v1.25.0.tar #在其他节点上传,并解压本地($i泛指其他节点IP) root@master1ha1:~# scp k8s-images-v1.25.0.tar.gz 192.168.157.$i:/root/ root@master2ha2:~# gzip -d k8s-images-v1.25.0.tar.gz root@master2ha2:~# docker load -i k8s-images-v1.25.0.tar root@master2ha2:~# docker images
最后~欢迎关注我! @Linux学习的那些事儿
我的个人资源整理,满满都是干货: → 可按需访问领取
如果本文对你有帮助,欢迎点赞、收藏、转发给朋友,让我有持续创作的动力!
