[k8s] 基于ubuntu22部署k8s1.28记录
k8s1.28部署已经不依赖docker了,所以不需要安装docker。同理:如果想查看镜像和运行容器,也不能用docker命令去查询了:需要使用crictl。不过crictl命令参数兼容docker,所以使用上手没有啥难度。
1. 配置安装源
根据k8s官方文档:https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/ 配置即可
apt-get install -y apt-transport-https ca-certificates curl
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
# This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
2. 主机系统参数配置
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOFsudo modprobe overlay
sudo modprobe br_netfilter# sysctl params required by setup, params persist across reboots
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF# Apply sysctl params without reboot
sudo sysctl --system
3. 修改containerd配置
k8s 1.24之前,还支持cri-dockerd ;1.24以及之后版本不再支持了。所以必须安装CRI-O或者containerd作为container runtime。这里我选择了containerd
containerd config default > /etc/containerd/config.toml
生成containerd配置文件,然后/etc/containerd/config.toml中修改如下配置项:
a. 修改SystemdCgroup
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]...[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]SystemdCgroup = true
b. 修改pause镜像路径
[plugins."io.containerd.grpc.v1.cri"]#sandbox_image = "registry.k8s.io/pause:3.2"sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"
你要是有魔法能从registry.k8s.io拉下来镜像,这b步骤不改也行
最后重启containerd服务
systemctl restart containerd
4. 生成kubeadm配置文件
kubeadm config print init-defaults > kubeadm-config.yaml
编辑kubeadm-config.yaml文件,修改advertiseAddress和主机name,替换镜像仓库地址,增加podSubnet:
localAPIEndpoint:advertiseAddress: 本机IPbindPort: 6443
nodeRegistration:criSocket: unix:///var/run/containerd/containerd.sockimagePullPolicy: IfNotPresentname: 替换成hostnameimageRepository: registry.aliyuncs.com/google_containers
....
networking:
....podSubnet: 10.244.0.0/165. 部署k8s
kubeadm init --config kubeadm-config.yaml
如果顺利,应该几分钟就ok了
6. 部署flannel
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
测试结果flannel镜像是docker.io拉取,可以直接拉,不需要做国内源替换。但是这边记录一个坑:flannel已经running得情况下,coredns依然是pending状态。 这边参考了一篇博客解决这个问题:https://discuss.kubernetes.io/t/k8s-cni-plugin-issue-cni-plugin-not-initialized-while-kube-flannel-is-running/24136
总结就是:reboot
实践证明,可行