基于Kubernetes v1.25.0和Docker部署高可用集群（02部分）-阿里云开发者社区

作者设置：由于当前各个常用镜像站无法正常代理下载镜像，这篇实验中所用到的镜像建议先从网络下载获取再导入到私仓使用，

或私信后台回复：9521 获取~ ~

另外这份实验材料总结下来出奇的字数多，提示超出字数，所以这篇分为了3章来发布

目录描述

Kubernetes高可用集群部署架构要求说明
Kubeadm部署Kubernetes v1.25.0高可用集群（一部分）
Kubeadm部署Kubernetes v1.25.0高可用集群（二部分）
Kubeadm部署Kubernetes v1.25.0高可用集群（完结）

3. 所有主机安装Docker并修改配置

配置 cgroup 驱动程序,容器运行时和 kubelet 都具有名字为 "cgroup driver" 的属性，该属性对于在Linux 机器上管理 CGroups 而言非常重要。

警告：你需要确保容器运行时和 kubelet 所使用的是相同的 cgroup 驱动，否则 kubelet 进程会失败。

#Ubuntu20.04可以利用内置仓库安装docker
root@master1ha1:~# apt update
root@master1ha1:~# apt -y install docker.io
#自Kubernetes v1.22版本开始，未明确设置kubelet的cgroup driver时，则默认即会将其设置为systemd。所有主机修改加速和cgroupdriver
root@master1ha1:~# cat > /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn",
"https://hub-mirror.c.163.com",
"https://reg-mirror.qiniu.com",
"https://registry.docker-cn.com"
],
"exec-opts": ["native.cgroupdriver=systemd"] 
}
EOF
root@master1ha1:~# systemctl restart docker.service
root@master1ha1:~# systemctl status docker.service
#这里注意！！前面daemon.json是在101节点操作，这里同步给其他节点
for i in {102..105};do scp /etc/docker/daemon.json 192.168.157.$i:/etc/docker/ ;done
systemctl restart docker.service
systemctl status docker.service
#验证修改是否成功
root@master1ha1:~# docker info |grep Cgroup
 Cgroup Driver: systemd
 Cgroup Version: 1

4. 所有主机安装kubeadm、kubelet和kubectl

通过国内镜像站点Ali云安装的参考链接：

https://developer.aliyun.com/mirror/kubernetes

#Ubuntu安装配置
#在101节点上操作，然后同步给其他节点
apt-get update && apt-get install -y apt-transport-https
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - 
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
for i in {102..105};do scp /etc/apt/sources.list.d/kubernetes.list 192.168.157.$i:/etc/apt/sources.list.d/;done
#所有节点
apt-get update
#查看kubelet kubeadm kubectl的版本
apt list -a kubeadm kubelet kubectl |grep 1.25.0-00
   
#安装指定版本
apt-get install -y kubeadm=1.25.0-00 kubelet=1.25.0-00 kubectl=1.25.0-00
#安装最新版本（仅参考，本次是1.25.0）
apt-get install -y kubelet kubeadm kubectl

5. 所有主机安装 cri-dockerd

Kubernetes自v1.24移除了对docker-shim的支持，而Docker Engine默认又不支持CRI规范，因而二者将无法直接完成整合。为此，Mirantis和Docker联合创建了cri-dockerd项目，用于为Docker Engine提供一个能够支持到CRI规范的垫片，从而能够让Kubernetes基于CRI控制Docker 。

项目地址：https://github.com/Mirantis/cri-dockerd

cri-dockerd项目提供了预制的二制格式的程序包，用户按需下载相应的系统和对应平台的版本即可完成安装，这里以Ubuntu 20.04 64bits系统环境，以及cri-dockerd程序版本v0.3.0.3为例（经测试v0.3.0及之前如v0.2.6安装后会有集群初始化失败等不兼容问题）。

#这步很关键，下载完成后，在当前目录看下有没有安装包，因为下面的操作没包也能执行，但到最后才会报错
curl -LO https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.0/cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb
dpkg -i cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb
#卸载已安装的cri-dockerd（提示，不执行）
dpkg -P cri-dockerd
root@master1ha1:~# for i in {102..105};do scp cri-dockerd_0.3.0.3-0.ubuntu-focal_amd64.deb 192.168.157.$i: ; ssh 192.168.157.$i "dpkg -i cri-dockerd_0.3.0.3-0-0.ubuntu-focal_amd64.deb";done
#完成安装后，相应的服务cri-dockerd.service便会自动启动。

6. 所有主机配置 cri-dockerd

众所周知的原因,从国内 cri-dockerd 服务无法下载 k8s.gcr.io上面相关镜像,导致无法启动,所以需要修改cri-dockerd 使用国内镜像源

#从国内 cri-dockerd 服务无法下载 k8s.gcr.io上面相关镜像,导致无法启动,所以需要修改cri-dockerd 使用国内镜像源。修改配置文件，设置国内镜像源
sed -ri 's@^(.*fd://).*$@\1 --pod-infra-container-image registry.aliyuncs.com/google_containers/pause:3.7@' /lib/systemd/system/cri-docker.service
#重启
systemctl daemon-reload && systemctl restart cri-docker
#同步至所有节点
root@master1ha1:~# for i in {102..105};do scp /lib/systemd/system/cri-docker.service 192.168.157.$i:/lib/systemd/system/cri-docker.service; ssh 192.168.157.$i 
"systemctl daemon-reload && systemctl restart cri-docker.service";done

如果不配置,会出现下面日志提示：

Aug 21 01:35:17 ubuntu2004 kubelet[6791]: E0821 01:35:17.999712    6791
remote_runtime.go:212] "RunPodSandbox from runtime service f
ailed" err="rpc error: code = Unknown desc = failed pulling image 
\"k8s.gcr.io/pause:3.6\": Error response from daemon: Get \"https:
//k8s.gcr.io/v2/\": net/http: request canceled while waiting for connection 
(Client.Timeout exceeded while awaiting headers)"

7. 提前准备Kubernetes初始化所需镜像（可选）

#Kubernetes-v1.25.0下载镜像地址调整为 registry.k8s.io,但仍然无法从国内直接访问
root@master1ha1:~# kubeadm config images list
I0619 09:53:53.568739   35332 version.go:256] remote version is much newer: v1.30.2; falling back to: stable-1.25
registry.k8s.io/kube-apiserver:v1.25.16
registry.k8s.io/kube-controller-manager:v1.25.16
registry.k8s.io/kube-scheduler:v1.25.16
registry.k8s.io/kube-proxy:v1.25.16
registry.k8s.io/pause:3.8
registry.k8s.io/etcd:3.5.4-0
registry.k8s.io/coredns/coredns:v1.9.3
#查看国内镜像
root@master1ha1:~# kubeadm config images list --image-repository registry.aliyuncs.com/google_containers
I0619 10:33:41.435990   41065 version.go:256] remote version is much newer: v1.30.2; falling back to: stable-1.25
registry.aliyuncs.com/google_containers/kube-apiserver:v1.25.16
registry.aliyuncs.com/google_containers/kube-controller-manager:v1.25.16
registry.aliyuncs.com/google_containers/kube-scheduler:v1.25.16
registry.aliyuncs.com/google_containers/kube-proxy:v1.25.16
registry.aliyuncs.com/google_containers/pause:3.8
registry.aliyuncs.com/google_containers/etcd:3.5.4-0
registry.aliyuncs.com/google_containers/coredns:v1.9.3
获取镜像方法一：
#从国内镜像站拉取镜像,1.24以上还需要指定--cri-socket路径
root@master1ha1:~# kubeadm config images pull --kubernetes-version=v1.25.0 --image-repository registry.aliyuncs.com/google_containers --cri-socket unix:///run/cri-dockerd.sock
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-apiserver:v1.25.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-controller-manager:v1.25.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-scheduler:v1.25.0
[config/images] Pulled registry.aliyuncs.com/google_containers/kube-proxy:v1.25.0
[config/images] Pulled registry.aliyuncs.com/google_containers/pause:3.8
[config/images] Pulled registry.aliyuncs.com/google_containers/etcd:3.5.4-0
[config/images] Pulled registry.aliyuncs.com/google_containers/coredns:v1.9.3

获取镜像方法二：
#用的docker pull到本地
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.25.0
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.25.0
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.25.0
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.25.0
docker pull registry.aliyuncs.com/google_containers/pause:3.8
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.4-0
docker pull registry.aliyuncs.com/google_containers/coredns:v1.9.3
root@master1ha1:~# docker images
REPOSITORY                                                        TAG       IMAGE ID       CREATED         SIZE
registry.aliyuncs.com/google_containers/kube-apiserver            v1.25.0   4d2edfd10d3e   22 months ago   128MB
registry.aliyuncs.com/google_containers/kube-controller-manager   v1.25.0   1a54c86c03a6   22 months ago   117MB
registry.aliyuncs.com/google_containers/kube-scheduler            v1.25.0   bef2cf311509   22 months ago   50.6MB
registry.aliyuncs.com/google_containers/kube-proxy                v1.25.0   58a9a0c6d96f   22 months ago   61.7MB
registry.aliyuncs.com/google_containers/pause                     3.8       4873874c08ef   2 years ago     711kB
registry.aliyuncs.com/google_containers/etcd                      3.5.4-0   a8a176a5d5d6   2 years ago     300MB
registry.aliyuncs.com/google_containers/coredns                   v1.9.3    5185b96f0bec   2 years ago     48.8MB
#导出镜像，打tar包，传给其他节点实现加速，有时候下载太慢了
root@master1ha1:~# docker image save `docker image ls --format "{{.Repository}}:{{.Tag}}"` -o k8s-images-v1.25.0.tar
root@master1ha1:~# gzip k8s-images-v1.25.0.tar
#在其他节点上传，并解压本地（$i泛指其他节点IP）
root@master1ha1:~# scp k8s-images-v1.25.0.tar.gz 192.168.157.$i:/root/ 
root@master2ha2:~# gzip -d k8s-images-v1.25.0.tar.gz
root@master2ha2:~# docker load -i k8s-images-v1.25.0.tar
root@master2ha2:~# docker images