容器运行时接口Container Runtime Interface(CRI):这是一个插件接口,它让 kubelet(用于创建 pod 和启动容器的集群节点代理)有使用不同的兼容 OCI 的容器运行时的能力,而不需要重新编译 Kubernetes。在这项工作的基础上,CRI-O 项目([原名 OCID] 13)准备为 Kubernetes 提供轻量级的运行时。
CRI-O 允许你直接从 Kubernetes 运行容器,而不需要任何不必要的代码或工具。只要容器符合 OCI 标准,CRI-O 就可以运行它,去除外来的工具,并让容器做其擅长的事情:加速你的新一代原生云程序。
modprobe overlay modprobe br_netfilter # 创建kubernetes cri需要的网络参数 cat > /etc/sysctl.d/k8s.conf <<EOF net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOF sysctl -p /etc/sysctl.d/k8s.conf # 安装必要组件 yum-config-manager --add-repo=https://cbs.centos.org/repos/paas7-crio-115-release/x86_64/os/ # 安装CRI-O yum install --nogpgcheck cri-o # 启动CRI-O systemctl daemon-reload systemctl start crio
cat > /etc/modules-load.d/containerd.conf <<EOF overlay br_netfilter EOF modprobe overlay modprobe br_netfilter # 安装所需的软件包 yum install yum-utils device-mapper-persistent-data lvm2 # 添加docker存储库 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo # 安装容器(会自动把docker升级到最新版) yum update --skip-broken && yum install containerd.io # 配置containerd mkdir -p /etc/containerd containerd config default > /etc/containerd/config.toml # 重启containerd systemctl restart containerd
关闭swap
swapoff -a vi /etc/fstab
注释swap
# /dev/mapper/cl-swap swap swap defaults 0 0
执行下面命令
mount -a echo "KUBELET_EXTRA_ARGS=--fail-swap-on=false" > /etc/sysconfig/kubelet
使用国内源安装
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF setenforce 0 sed -i ‘s/^SELINUX=enforcing$/SELINUX=permissive/‘ /etc/selinux/config yum install -y kubelet-1.17.0 kubeadm-1.17.0 kubectl-1.17.0 systemctl enable kubelet && systemctl start kubelet
查看当前Kubernetes版本支持的Docker版本,可点击打开https://github.com/kubernetes/kubernetes
进入对应版本CHANGELOG-1.xx.md,查找docker关键就可以看到相关信息
vi /etc/profile
在尾部添加下面配置
export KUBECONFIG=/etc/kubernetes/admin.conf
保存退出后,运行命令,让配置马上生效
source /etc/profile
提交命令,加载所需的镜像,对Kubernetes进行初始化操作
kubeadm init --cri-socket /var/run/dockershim.sock --image-repository=registry.aliyuncs.com/google_containers --kubernetes-version=v1.17.0 --pod-network-cidr=192.168.16.0/20 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
执行完初始化后,会生成加入节点的命令行,并打印出来
kubeadm join 192.168.xx.xxx:6443 --token ryotic.bt5ms3fx0tku0gxd --discovery-token-ca-cert-hash sha256:94014c7543fd0ff86a847959e3f8e149691d4665b7dbc1abdf3d28c9c0ebf75d
这样的命令,需要将它复制下来,后续添加容器到Kubernetes时需要用到
生成的这个令牌24小时内有效,过期后可以使用命令重新生成
如果忘记复制,可以使用下面命令重新打印出来
kubeadm token create –print-join-command
后续可能需要用到admin.conf生成密钥,按下面操作将配置复制到指定位置
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get cs
显示下面信息就表示服务已正常启动了
NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-0 Healthy {"health":"true"}
输入命令
kubectl get nodes
显示
NAME STATUS ROLES AGE VERSION master Ready master 12m v1.17.0
检查全部节点运行状态
kubectl get pods --all-namespaces
可以查看到
NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-9d85f5447-hccsk 1/1 Pending 0 33m kube-system coredns-9d85f5447-jc7dd 1/1 Pending 0 33m kube-system etcd-master 1/1 Running 0 33m kube-system kube-apiserver-master 1/1 Running 0 33m kube-system kube-controller-manager-master 1/1 Running 0 33m kube-system kube-flannel-ds-amd64-gjp99 1/1 Running 0 11m kube-system kube-proxy-t8rrj 1/1 Running 0 33m kube-system kube-scheduler-master 1/1 Running 0 33m
coredns节点状态为Pending,这是因为还没有安装网络插件,按下面部署安装了Weave后,这两个状态就会显示Running
查看master节点的详细信息
kubectl describe node master
下载weave.yaml文件
curl -L "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d ‘\n‘)" > weave.yaml
修改weave.yaml配置
vi weave.yaml
在配置文件中查找到“/home/weave/launch.sh”,在下面的env中添加IPALLOC_RANGE,具体如下
spec: containers: - name: weave command: - /home/weave/launch.sh env: - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: IPALLOC_RANGE value: 192.168.16.0/20
这里将会绑定IP分配范围为本地指定的范围,192.168.16.0/20这个值必须与初始化时的pod-network-cidr值一致,不然可能会导至服务出错
安装插件
kubectl apply -f weave.yaml
删除插件
kubectl delete -f weave.yaml
稍等一会,输入命令查看pod运行状态,就可以看到weave-net的状态处于Running中
kubectl get pod --all-namespaces -o wide
显示内容
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-system coredns-9d85f5447-v9qld 1/1 Running 0 21m 10.244.0.3 master <none> <none> kube-system coredns-9d85f5447-z22vf 1/1 Running 0 21m 10.244.0.2 master <none> <none> kube-system etcd-master 1/1 Running 0 21m 192.168.10.161 master <none> <none> kube-system kube-apiserver-master 1/1 Running 0 21m 192.168.10.161 master <none> <none> kube-system kube-controller-manager-master 1/1 Running 0 21m 192.168.10.161 master <none> <none> kube-system kube-proxy-gn9gv 1/1 Running 0 21m 192.168.10.161 master <none> <none> kube-system kube-scheduler-master 1/1 Running 0 21m 192.168.10.161 master <none> <none> kube-system weave-net-v97dl 2/2 Running 0 4m37s 192.168.10.161 master
查看当前docker镜像,也可以看到weave
docker images
docker镜像列表
REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/kube-proxy v1.17.0 7d54289267dc 2 weeks ago 116MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.17.0 5eb3b7486872 2 weeks ago 161MB registry.aliyuncs.com/google_containers/kube-apiserver v1.17.0 0cae8d5cc64c 2 weeks ago 171MB registry.aliyuncs.com/google_containers/kube-scheduler v1.17.0 78c190f736b1 2 weeks ago 94.4MB weaveworks/weave-npc 2.6.0 5105e13e253e 7 weeks ago 34.9MB weaveworks/weave-kube 2.6.0 174e0e8ef23d 7 weeks ago 114MB registry.aliyuncs.com/google_containers/coredns 1.6.5 70f311871ae1 7 weeks ago 41.6MB registry.aliyuncs.com/google_containers/etcd 3.4.3-0 303ce5db0e90 2 months ago 288MB registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 2 years ago 742kB
查看本机网络信息,会发现新增cni0和flannel.1两个网络节点
ifconfig
如果初始化出现问题,或需要恢复到初始状态重新配置,可以执行下列命令
kubeadm reset ifconfig cni0 down ifconfig flannel.1 down ifconfig weave down ip link delete cni0 ip link delete flannel.1 ip link delete weave rm -rf $HOME/.kube/config rm -rf /var/lib/cni/ rm -rf /var/lib/kubelet/* rm -rf /etc/kubernetes/ rm -rf /etc/cni/
除了清除kubernetes的这些数据外,还需要将对应的docker镜像删除,重新初始化才可能不会出错
Kubernetes学习与应用(05)——安装Kubernetes
原文:https://www.cnblogs.com/EmptyFS/p/13070663.html