centos7 8离停止服务不远了,试试用ubuntu。
镜像准备
准备要要使用的相关镜像,复用之前搭建的harbor
harbor.tangotz.com -> 192.168.0.190
镜像列表
flannel/flannel:v0.25.1
flannel/flannel-cni-plugin:v1.4.0-flannel1
google_containers/etcd:3.5.12-0
google_containers/pause:3.9
google_containers/coredns:v1.11.1
google_containers/kube-proxy:v1.29.5
google_containers/kube-scheduler:v1.29.5
google_containers/kube-controller-manager:v1.29.5
google_containers/kube-apiserver:v1.29.5节点规划
master01 -> 192.168.0.221
node01 -> 192.168.0.231
在每个主机的hosts文件中添加
192.168.0.221 master01
192.168.0.231 node01
192.168.0.190 harbor.tangotz.com并修改主机名
hostnamectl set-hostname master01修改时区
cp -af /usr/share/zoneinfo/Asia/Shanghai /etc/localtime启用ipvs
ipvs的效率要高于iptables
# 安装ipvs
sudo apt install - ipvsadm
# 启用模块
cat <<EOF | sudo tee /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nfnetlink_queue
ip_set
EOF即时生效(重启服务器也可以,但没必要)
sudo modprobe ip_vs
sudo modprobe ip_vs_rr
sudo modprobe ip_vs_wrr
sudo modprobe ip_vs_sh
sudo modprobe nfnetlink_queue
sudo modprobe ip_set验证
lsmod| grep ip_vs
系统配置
开启ipv4转发,关闭swap,关闭selinux(ubuntu2204默认为关闭状态)
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用 sysctl 参数而不重新启动
sudo sysctl --system
# 关闭swap
sudo swapoff -a
sudo sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
# 关闭selinux ubuntu2204默认为关闭状态 无需操作
#setenforce 0
#sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config安装Docker
# 更新apt索引
sudo apt update
# 安装必要的软件包: 用于添加新的HTTPS仓库到APT
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
# 添加Docker的GPG密钥
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
# 添加Docker的APT仓库: 对于Ubuntu 20.04,可以添加stable仓库。
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
# 更新软件包索引并安装Docker
sudo apt update
sudo apt install -y docker-ce
#镜像加速与自建harbor仓库认证
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://o6tz2nud.mirror.aliyuncs.com"],
"insecure-registries": ["harbor.tangotz.com"]
}
EOF
# 重启Docker并设置开机自启
sudo systemctl restart docker
sudo systemctl enable docker安装cri-dockerd
获取,创建软连接
sudo wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.12/cri-dockerd-0.3.12.amd64.tgz -O /opt/cri-dockerd-0.3.12.amd64.tgz
cd /opt
sudo tar xf cri-dockerd-0.3.12.amd64.tgz
sudo chmod +x /opt/cri-dockerd/cri-dockerd
sudo ln -s /opt/cri-dockerd/cri-dockerd /usr/local/bin/cri-dockerd创建系统服务
cri-dockerd.service
cat <<EOF | sudo tee /etc/systemd/system/cri-dockerd.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9 --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --cri-dockerd-root-directory=/var/lib/dockershim --docker-endpoint=unix:///var/run/docker.sock --cri-dockerd-root-directory=/var/lib/docker
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOFcri-dockerd.socket
cat <<EOF | sudo tee /etc/systemd/system/cri-dockerd.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=/var/run/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF重载systemctl,并启动cri-dockerd,开机自启cri-dockerd
sudo systemctl daemon-reload
sudo systemctl enable cri-dockerd
sudo systemctl start cri-dockerd
