kubeadm 安装v1.24.x版本k8s

发表于 更新于 分类于 本文字数: 941 阅读时长 ≈ 3 分钟

ubuntu安装containerd

以下以Ubuntu为例
说明:安装containerd与安装docker流程基本一致,差别在于不需要安装docker-ce

  1. containerd: apt-get install -y containerd.io
  2. docker: apt-get install docker-ce docker-ce-cli containerd.io

卸载旧版本

1
2
3
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd

准备包环境
更新apt,允许使用https

1
2
3
4
5
6
sudo apt-get update
sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release

添加docker官方GPG key

1
2
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

设置软件仓库源

1
2
3
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

安装containerd

1
2
3
4
5
6
7
8
9
10
# 安装containerd
sudo apt-get update
sudo apt-get install -y containerd.io

# 如果是安装docker则执行:
#sudo apt-get install docker-ce docker-ce-cli containerd.io

# 查看运行状态
systemctl enable containerd
systemctl status containerd

或者安装指定版本

1
2
3
4
5
# 查看版本
apt-cache madison containerd

# 指定版本
sudo apt-get install containerd=<VERSION>

修改配置
在 Linux 上,containerd 的默认 CRI 套接字是 /run/containerd/containerd.sock

生成默认配置

1
containerd config default > /etc/containerd/config.toml

修改CgroupDriver为systemd
k8s官方推荐使用systemd类型的CgroupDriver

1
2
3
4
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  ...
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    SystemdCgroup = true

重启containerd

1
systemctl restart containerd

离线二进制安装containerd

把containerd、runc、cni-plugins、nerdctl二进制下载到本地,再上传到对应服务器,解压文件到对应目录,修改containerd配置文件,启动containerd。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/bash
set -e

ContainerdVersion=$1
ContainerdVersion=${ContainerdVersion:-1.6.6}

RuncVersion=$2
RuncVersion=${RuncVersion:-1.1.3}

CniVersion=$3
CniVersion=${CniVersion:-1.1.1}

NerdctlVersion=$4
NerdctlVersion=${NerdctlVersion:-0.21.0}

CrictlVersion=$5
CrictlVersion=${CrictlVersion:-1.24.2}

echo "--------------install containerd--------------"
wget https://github.com/containerd/containerd/releases/download/v${ContainerdVersion}/containerd-${ContainerdVersion}-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-${ContainerdVersion}-linux-amd64.tar.gz

echo "--------------install containerd service--------------"
wget https://raw.githubusercontent.com/containerd/containerd/681aaf68b7dcbe08a51c3372cbb8f813fb4466e0/containerd.service
mv containerd.service /lib/systemd/system/

mkdir -p /etc/containerd/
containerd config default > /etc/containerd/config.toml

echo "--------------install runc--------------"
wget https://github.com/opencontainers/runc/releases/download/v${RuncVersion}/runc.amd64
chmod +x runc.amd64
mv runc.amd64 /usr/local/bin/runc

echo "--------------install cni plugins--------------"
wget https://github.com/containernetworking/plugins/releases/download/v${CniVersion}/cni-plugins-linux-amd64-v${CniVersion}.tgz
rm -fr /opt/cni/bin
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v${CniVersion}.tgz

echo "--------------install nerdctl--------------"
wget https://github.com/containerd/nerdctl/releases/download/v${NerdctlVersion}/nerdctl-${NerdctlVersion}-linux-amd64.tar.gz
tar Cxzvf /usr/local/bin nerdctl-${NerdctlVersion}-linux-amd64.tar.gz

echo "--------------install crictl--------------"
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v${CrictlVersion}/crictl-v${CrictlVersion}-linux-amd64.tar.gz
tar Cxzvf /usr/local/bin crictl-v${CrictlVersion}-linux-amd64.tar.gz

# 启动containerd服务
systemctl daemon-reload
systemctl restart contaienrd

安装crictl

Containerd中默认带有ctr命令工具,它是一个简单的 CLI 接口,用作 containerd 本身的一些调试用途,投入生产使用时还是应该配合docker 或者 cri-containerd。

crictl是一个命令行接口,用于与CRI兼容的容器运行时。你可以使用它来检查和调试Kubernetes节点上的容器运行时和应用程序。crictl及其源代码托管在cri-tools仓库中。

1
2
3
4
VERSION="v1.26.0"
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz
sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm -f crictl-$VERSION-linux-amd64.tar.gz

配置 crictl
要查看或编辑当前配置,请查看或编辑/etc/crictl.yaml的内容

1
2
3
4
5
6
7
cat /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: true

# /run/containerd/containerd.sock 为containerd中的“grpc.address” 配置,两个需要对应上。

crictl 测试

1
2
3
4
5
root@work001:/tmp# crictl version 
Version:  0.1.0
RuntimeName:  containerd
RuntimeVersion:  1.6.16
RuntimeApiVersion:  v1

安装k8s

安装kubeadm,kubelet, kubectl 指定版本

1
2
3
4
sudo apt-get install -y kubelet=1.24.10-00 kubeadm=1.24.10-00 kubectl=1.24.10-00 --allow-downgrades

# 锁定版本不升级
sudo apt-mark hold kubelet kubeadm kubectl

安装master节点

1
2
3
4
5
# 创建master结点
sudo kubeadm init --kubernetes-version=v1.24.10 --apiserver-advertise-address=192.168.122.10 --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.123.0.0/16 --service-cidr=10.86.0.0/16

# 不安装kube-proxy 参数 --kubernetes-version=v1.24.10
# 输出node加入集群命令:kubeadm token create --print-join-command

加入node节点

1
2
# 登入各个节点
kubeadm join 192.168.122.10:6443 --token d2171t.6f3ybg6j313440qz --discovery-token-ca-cert-hash sha256:6674692af2959148fa84205b628646e03e81da4d75e988ba742909e821b6511a