当前位置：首页 > news >正文

k8s集群部署：安装 kubeadm

news 来源：原创 2024/9/20 3:58:52

1、确保已经将 SELinux 设置为permissive模式：

这些说明适用于 Kubernetes 1.31。

# Set SELinux in permissive mode (effectively disabling it)
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

2、下载并安装相关软件包

sudo yum install -y yum-utils// 在可联网环境将相关包下载到本地，后续可以在无网络环境进行安装，如果无法找到对应包，
// 请转到10章节，配置官方镜像库
sudo yumdownloader kubelet-1.31.0 kubeadm-1.31.0 kubectl-1.31.0 --disableexcludes=kubernetes// 下载依赖项
yumdownloader kubernetes-cni cri-tools --disableexcludes=kubernetes// 安装依赖项
sudo yum localinstall -y kubernetes-cni-1.5.0-150500.2.1.aarch64.rpm cri-tools-1.31.1-150500.1.1.aarch64.rpm// 安装 kubelet、kubeadm、kubectl
sudo yum localinstall -y kubelet-1.31.0-150500.1.1.aarch64.rpm kubeadm-1.31.0-150500.1.1.aarch64.rpm kubectl-1.31.0-150500.1.1.aarch64.rpm// 启动
sudo systemctl enable kubelet && sudo systemctl start kubelet// 验证
kubelet --version 
kubeadm version 
kubectl version --client

3、使用 Kubeadm 初始化 Kubernetes

接下来，你可以使用 kubeadm 来初始化 Kubernetes 集群。记得替换命令中的参数以适应你的环境：

sudo kubeadm config print init-defaults > kubeadm-init.yaml

修改kubeadm配置文件：该文件需要修改的地方:将advertiseAddress: 1.2.3.4修改为当前服务器IP地址,比如使用10.211.55.3作为master，就修改advertiseAddress: 10.211.55.3。将imageRepository: k8s.gcr.io修改为imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers将networking: podSubnet:分配Pod分配的子网网断，定义Pod的IP地址范围。

apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:- system:bootstrappers:kubeadm:default-node-token  # 为 Kubeadm 引导节点设置默认组token: abcdef.0123456789abcdef  # 设定的引导 token，用于节点加入集群ttl: 24h0m0s  # token 的有效期为 24 小时usages:- signing  # 用于签名- authentication  # 用于身份验证
kind: InitConfiguration  # 初始化配置的种类
localAPIEndpoint:advertiseAddress: 10.211.55.51  # 本地API的广告地址，通常是 master 节点的IP地址bindPort: 6443  # 本地API的绑定端口，默认为 6443
nodeRegistration:criSocket: unix:///var/run/cri-dockerd.sock  # 指定使用 cri-dockerd 作为容器运行时imagePullPolicy: IfNotPresent  # 镜像拉取策略，若本地无镜像则拉取imagePullSerial: true  # 指定镜像拉取是否串行name: kmaster  # 设置节点的主机名taints: null  # 清除节点上的污点，允许任何 Pod 调度到此节点上
timeouts:controlPlaneComponentHealthCheck: 4m0s  # 控制面组件健康检查的超时时间discovery: 5m0s  # 发现节点的超时时间etcdAPICall: 2m0s  # etcd API 调用超时kubeletHealthCheck: 4m0s  # kubelet 健康检查超时时间kubernetesAPICall: 1m0s  # Kubernetes API 调用超时tlsBootstrap: 5m0s  # TLS 引导超时时间upgradeManifests: 5m0s  # 升级清单处理超时时间
---
apiServer: {}  # Kube API Server 的相关配置
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 87600h0m0s  # CA 证书的有效期（大约10年）
certificateValidityPeriod: 8760h0m0s  # 其他证书的有效期（大约1年）
certificatesDir: /etc/kubernetes/pki  # 证书存储目录
clusterName: kubernetes  # 集群名称
controllerManager: {}  # 控制器管理器相关配置
dns: {}  # DNS 配置
encryptionAlgorithm: RSA-2048  # 证书加密算法，使用 RSA 2048位
etcd:local:dataDir: /var/lib/etcd  # etcd 数据存储路径
imageRepository: registry.k8s.io  # Kubernetes 镜像仓库地址
kind: ClusterConfiguration  # 集群配置的种类
kubernetesVersion: 1.31.0  # Kubernetes 版本
networking:dnsDomain: cluster.local  # 集群的 DNS 域名serviceSubnet: 10.96.0.0/12  # Service 子网范围podSubnet: 10.244.0.0/16  # Pod 网络范围（新增的配置）
proxy: {}  # 代理相关配置
scheduler: {}  # 调度器相关配置

执行初始化kubeadm配置文件

sudo kubeadm init --config kubeadm-init.yaml
// 如果初始化卡住4分钟处，则
sudo vi /usr/lib/systemd/system/kubelet.service
// 修改以下内容
ExecStart=/usr/local/bin/kubelet --container-runtime-endpoint=unix:///run/cri-dockerd.sock
// 并确保文件里的内容是否如下
sudo vim /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --hostname-override=node --pod-infra-container-image=registry.k8s.io/pause:3.10"

3.1 如果报错：

[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster error execution phase upload-config/kubelet: Error writing Crisocket information for the control-plane node: nodes "kmaster" not found To see the stack trace of this error execute with --v=5 or high// 则进行以下操作
sudo kubeadm reset -f --cri-socket /var/run/cri-dockerd.sock
sudo systemctl stop kubelet 
sudo rm -rf /etc/cni/net.d 
sudo rm -rf /var/lib/kubelet/* 
sudo rm -rf /var/lib/etcd 
sudo systemctl start kubelet 
sudo kubeadm init --config kubeadm-init.yaml

3.2 如果报错：

[kubernetes@Kubernetes02 ~]$ sudo kubeadm join 10.211.55.43:6443 --token lbik51.q7ti5ekg4un7x8a1 --discovery-token-ca-cert-hash sha256:85bc771d5cc7b8406673dfc6e4e0cef00bd6d5de199454fd9c2314e4ae262e9a [preflight] Running pre-flight checks [WARNING Swap]: swap is supported for cgroup v2 only. The kubelet must be properly configured to use swap. Please refer to https://kubernetes.io/docs/concepts/architecture/nodes/#swap-memory, or disable swap on the node [WARNING FileExisting-crictl]: crictl not found in system path [WARNING FileExisting-socat]: socat not found in system path error execution phase preflight: [preflight] Some fatal errors occurred: [ERROR FileExisting-conntrack]: conntrack not found in system path [preflight] If you know what you are doing, you can make a check non-fatal with --ignore-preflight-errors=... To see the stack trace of this error execute with --v=5 or higher

则，安装 conntrack-tools 和socat

sudo yum install -y epel-release
sudo yumdownloader --resolve conntrack-tools
sudo yum localinstall conntrack-tools-*.rpm
sudo yumdownloader --resolve socat
sudo yum localinstall socat-*.rpm

并安装crictl：
1、首先，解压 crictl 的压缩包。你可以使用 tar 命令：

tar -xvf crictl-v1.31.1-linux-arm64.tar

这会解压出包含 crictl 可执行文件的目录。
2、移动 crictl 到系统路径
解压后，通常会得到一个 crictl 可执行文件。将其移动到系统的 PATH 目录中，例如 /usr/local/bin：

sudo mv crictl /usr/local/bin/

3、检查安装
确认 crictl 已正确安装并在 PATH 中。你可以使用 which 命令来检查：

which crictl

应该会显示 /usr/local/bin/crictl 的路径。
4、设置权限
确保 crictl 可执行文件有执行权限：

sudo chmod +x /usr/local/bin/crictl

5、验证安装
验证 crictl 是否能正常工作：

crictl --version

这应该会输出 crictl 的版本信息。

3.3 如果init的过程中报错，再次init的时候出现如下情况：

[init] Using Kubernetes version: v1.31.0
[preflight] Running pre-flight checks[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
error execution phase preflight: [preflight] Some fatal errors occurred:[ERROR FileAvailable--etc-kubernetes-manifests-kube-apiserver.yaml]: /etc/kubernetes/manifests/kube-apiserver.yaml already exists[ERROR FileAvailable--etc-kubernetes-manifests-kube-controller-manager.yaml]: /etc/kubernetes/manifests/kube-controller-manager.yaml already exists[ERROR FileAvailable--etc-kubernetes-manifests-kube-scheduler.yaml]: /etc/kubernetes/manifests/kube-scheduler.yaml already exists[ERROR FileAvailable--etc-kubernetes-manifests-etcd.yaml]: /etc/kubernetes/manifests/etcd.yaml already exists[ERROR Port-10250]: Port 10250 is in use
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher

则进行以下操作：

sudo kubeadm reset
sudo rm -rf /etc/kubernetes
sudo rm -rf /var/lib/etcd

4、从节点加入主节点

主节点init后，会出现以下信息

Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 10.211.55.56:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:3a45611fc0a8bca7940837c5868e05fd1923b3c561776d1b111b65212993a8d0

使用以下命令加入集群

sudo kubeadm join 10.211.55.56:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:3a45611fc0a8bca7940837c5868e05fd1923b3c561776d1b111b65212993a8d0 \--cri-socket unix:///var/run/cri-dockerd.sock

5、配置 kubectl

初始化完成后，按照输出的提示配置 kubectl：

sudo mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

6、部署网络插件

安装 Flannel 网络插件（或者其他你选择的网络插件）：

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

或安装Calico网络插件
查看calico和Kubernetes versions对应关系https://docs.tigera.io/calico/3.26/getting-started/kubernetes/requirements
获取配置：

wget https://raw.githubusercontent.com/projectcalico/calico/v3.26.4/manifests/calico.yaml

编辑calico.yaml，增加- name: IP_AUTODETECTION_METHOD，修改CALICO_IPV4POOL_IPIP的VALUE为"Never"
配置Calico网络段，将- name: CALICO_IPV4POOL_CIDR配置 value: “10.211.55.0/24”

# Cluster type to identify the deployment type
- name: CLUSTER_TYPEvalue: "k8s,bgp"  # 指定集群类型为 Kubernetes 并启用 BGP（边界网关协议）# IP automatic detection
- name: IP_AUTODETECTION_METHODvalue: "interface=en.*"  # 自动检测网络接口，使用匹配 en.* 的网卡，如 en0、en1# Auto-detect the BGP IP address.
- name: IPvalue: "autodetect"  # 自动检测 BGP IP 地址# Enable IPIP
- name: CALICO_IPV4POOL_IPIPvalue: "Never"  # 禁用 IPIP 隧道模式（只启用 BGP）# Configure Calico subnet
# The default IPv4 pool to create on startup if none exists. Pod IPs will be
# chosen from this range. Changing this value after installation will have
# no effect. This should fall within `--cluster-cidr`.
- name: CALICO_IPV4POOL_CIDRvalue: "10.211.55.0/24"  # 配置 Calico 的 IPv4 地址池，Pod 的 IP 将从该范围内分配

修改完后应用calico.yaml配置

7、补充

yum仓库镜像设置

# 国内镜像配置(国内建议配置)
sudo tee /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-aarch64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpghttp://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF#配置完成后，你可以使用以下命令来清理YUM缓存并生成新的缓存：
sudo yum clean all 
sudo yum makecache# 官网镜像配置
sudo tee /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.31/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF