Kubernetes installation:修订间差异
第138行: | 第138行: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Configure docker/containerd proxy === | === (Optional) Configure docker/containerd proxy === | ||
proxy server: | proxy server: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> |
2024年4月10日 (三) 09:00的版本
Ubuntu 22.04
System preparation
Updrage
sudo apt update
sudo apt upgrade
do-release-update
Mount data disk
mkfs.xfs /dev/vdb
lsof /var
mv /var/ /var0
mkdir /mnt/newvar/
mount /dev/vdb /mnt/newvar/
rsync -aqxP /var0/* /mnt/newvar/
umount /mnt/newvar
mkdir /var
mount /dev/vdb /var
vim /etc/fstab
# /dev/vdb /var xfs defaults 0 0
System configuration
hostnamectl set-hostname master.xx.com
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# sysctl params required by setup, params persist across reboots
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# Apply sysctl params without reboot
sudo sysctl --system
Verify:
root@vm10-19-30-61:~# lsmod | grep br_netfilter
br_netfilter 32768 0
bridge 307200 1 br_netfilter
root@vm10-19-30-61:~# lsmod | grep overlay
overlay 151552 0
root@vm10-19-30-61:~# sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
Disable swap
# check if swap is disabled
swapon -s
Install Kubernetes
Containerd runtime
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Use mirror instead:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo usermod -aG docker $USER
sudo systemctl enable docker.service
sudo systemctl enable containerd.service
Generate containerd config using systemd:
sudo containerd config default | sudo tee /etc/containerd/config.toml
And modify it:
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"
Restart the service:
sudo systemctl restart containerd
Install Kubeadm
sudo apt-get install -y apt-transport-https ca-certificates curl gpg
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
(Optional) Configure docker/containerd proxy
proxy server:
sudo mkdir -p /etc/systemd/system/docker.service.d
vim /etc/systemd/system/docker.service.d/http-proxy.conf
# Must configure HTTPS_PROXY
[Service]
Environment="HTTP_PROXY=http://user:password@riguz.com:8080/"
Environment="HTTPS_PROXY=http://user:password@riguz.com:8080/"
Also create /etc/systemd/system/containerd.service.d/http-proxy.conf with same content. Must restart the servecie:
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo systemctl restart containerd
systemctl show --property=Environment docker
(Master) Create cluster
sudo systemctl start kubelet
sudo systemctl enable kubelet
MASTER_IP="10.19.30.61"
NODENAME=$(hostname -s)
POD_CIDR="192.168.0.0/16"
KUBERNETES_VERSION="v1.29.3"
HTTP_PROXY="xxx"
HTTPS_PROXY="xxx"
kubeadm init \
--pod-network-cidr=$POD_CIDR \
--apiserver-advertise-address $MASTER_IP \
--node-name $NODENAME
It takes long time to pull images, so we can pull images first:
kubeadm config images list
kubeadm config images pull
to view images in local host:[8]
ctr -n k8s.io images list
Dump and import images
kubeadm config images list
# download images in a server:
sudo ctr images pull registry.k8s.io/kube-apiserver:v1.29.3
sudo ctr images pull registry.k8s.io/kube-controller-manager:v1.29.3
sudo ctr images pull registry.k8s.io/kube-scheduler:v1.29.3
sudo ctr images pull registry.k8s.io/kube-proxy:v1.29.3
sudo ctr images pull registry.k8s.io/coredns/coredns:v1.11.1
sudo ctr images pull registry.k8s.io/pause:3.9
sudo ctr images pull registry.k8s.io/etcd:3.5.12-0
# export
sudo ctr images export kubeadm-1.29.3-images.tar registry.k8s.io/kube-apiserver:v1.29.3 registry.k8s.io/kube-controller-manager:v1.29.3 registry.k8s.io/kube-scheduler:v1.29.3 registry.k8s.io/kube-proxy:v1.29.3 registry.k8s.io/coredns/coredns:v1.11.1 registry.k8s.io/pause:3.9 registry.k8s.io/etcd:3.5.12-0
# import
ctr -n k8s.io images import kubeadm-1.29.3-images.tar
# Verify all images has been pulled:
kubeadm config images pull
W0410 16:58:19.699693 323494 version.go:104] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get "https://cdn.dl.k8s.io/release/stable-1.txt": dial tcp 151.101.89.55:443: i/o timeout (Client.Timeout exceeded while awaiting headers)
W0410 16:58:19.699757 323494 version.go:105] falling back to the local client version: v1.29.3
[config/images] Pulled registry.k8s.io/kube-apiserver:v1.29.3
[config/images] Pulled registry.k8s.io/kube-controller-manager:v1.29.3
[config/images] Pulled registry.k8s.io/kube-scheduler:v1.29.3
[config/images] Pulled registry.k8s.io/kube-proxy:v1.29.3
[config/images] Pulled registry.k8s.io/coredns/coredns:v1.11.1
[config/images] Pulled registry.k8s.io/pause:3.9
[config/images] Pulled registry.k8s.io/etcd:3.5.12-0
- ↑ https://kubernetes.io/docs/setup/production-environment/container-runtimes/#forwarding-ipv4-and-letting-iptables-see-bridged-traffic
- ↑ https://docs.docker.com/engine/install/ubuntu/
- ↑ https://mirrors.tuna.tsinghua.edu.cn/help/docker-ce/
- ↑ https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
- ↑ https://docs.docker.com/config/daemon/systemd/
- ↑ https://e-whisper.com/posts/36730/
- ↑ https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
- ↑ https://serverfault.com/questions/1079369/kubeadm-with-containerd-cannot-use-locally-loaded-images