Docker + Containerd + Flannel 安裝部署K8S
系統環境準備
# 1. 設置主機名
hostnamectl set-hostname k8s-n1 && bash# hostnamectl set-hostname k8s-n2 && bash
# hostnamectl set-hostname k8s-n3 && bash
# 2. 刪除系統自帶的容器軟件(可選,最小化安裝的系統這一步可省略)
dnf remove podman container* -y# 3. 關閉防火墻
systemctl --now disable firewalld# 4. 關閉 Selinux
setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config && getenforce# 5. 關閉虛擬內存
swapoff -a && sed -ri 's/.*swap.*/#&/' /etc/fstab && free -m# 6. 設置地址解析
cat << 'EOF' >> /etc/hosts
192.168.110.144 k8s-n1
192.168.110.145 k8s-n2
192.168.110.146 k8s-n3
EOF# 7. 加載橋接過濾內核模塊
modprobe br_netfilter
modprobe overlay# 永久生效(重啟后仍自動加載)
tee /etc/modules-load.d/k8s.conf <<EOF
br_netfilter
overlay
EOF# 8. 設置所需的 sysctl 參數,參數在重新啟動后保持不變
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
EOF# 應用 sysctl 參數而不重新啟動
sudo sysctl --system# 使用以下命令驗證 `net.ipv4.ip_forward` 是否設置為 1
sysctl net.ipv4.ip_forward
安裝Docker
安裝 docker-ce 時會自動安裝 containerd.io 、Runc 和 docker-compose 等軟件依賴
curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo && dnf install docker-ce -y && docker -v && systemctl enable --now docker
安裝 cri-dockerd(用于適配 K8S )
cri-dockerd 倉庫地址
libcgroup 倉庫地址
libcgroup 的 rpm 包下載地址:cri-dockerd 依賴 libcgroup,Rocky Linux 系統默認源不提供軟件包安裝,需要單獨下載
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.18/cri-dockerd-0.3.18-3.fc36.x86_64.rpm https://pkgs.sysadmins.ws/el9/base/x86_64/libcgroup-3.0-1.el9.0.1.x86_64.rpm && dnf install libcgroup-3.0-1.el9.0.1.x86_64.rpm cri-dockerd-0.3.18-3.fc36.x86_64.rpm -y && systemctl --now enable cri-docker.service
Docker 配置修改
如果當前網絡能夠訪問 k8s (registry.k8s.io)和 Docker Hub(registry-1.docker.io)的鏡像倉庫這一步可以跳過
Pause 鏡像≈ Pod 的“隱形操作系統內核”,用來管理 Pod 的 Namespace 和生命周期。(每個 Pod 的容器列表中會有一個隱藏的
pause容器,通常不直接顯示在kubectl get pods輸出中)
# 1. 修改容器運行時(如 containerd、Docker)配置,使用可訪問的鏡像源。調整 Kubernetes 拉取 pause 鏡像的專用參數,只有一個——pause(infra)鏡像
sudo sed -i 's|^ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://|ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.10|' /usr/lib/systemd/system/cri-docker.service# 2. 創建目錄
sudo mkdir -p /etc/docker# 3. 寫入配置文件(使用國內源)
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://docker.1panel.live/","https://docker.1ms.run","https://docker.xuanyuan.me","https://lispy.org","https://docker.xiaogenban1993.com","https://docker-0.unsee.tech","https://666860.xyz","https://hub.rat.dev","https://docker.m.daocloud.io","https://dockerproxy.net","https://demo.52013120.xyz","https://proxy.vvvv.ee","https://registry.cyou","https://dockerpull.org","http://cjie.eu.org","https://dockerhub.icu","https://hub.rat.dev","http://docker.wanpeng.top","https://doublezonline.cloud","https://atomhub.openatom.cn","https://docker.fxxk.dedyn.io"]
}
EOF# 4. 重啟 docker 服務
systemctl daemon-reload && sudo systemctl restart docker
部署 k8s
添加倉庫源
# 此操作會覆蓋 /etc/yum.repos.d/kubernetes.repo 中現存的所有配置
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
安裝 kubelet、kubeadm 和 kubectl
disableexcludes=kubernetes` 就是告訴 dnf:“別管 kubernetes 倉庫里的 exclude 規則,我就是要裝!”(如果存在這樣的 exclude 規則,默認會阻止系統默認更新或安裝這些包)
dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes && systemctl enable --now kubelet
初始化集群
默認 criSocket: unix:///var/run/containerd/containerd.sock,直接使用的是containerd.sock,如果是用 docker 則修改為: --cri-socket=unix:///var/run/cri-dockerd.sock
默認 apiserver-advertise-address:非多網卡的情況下可以不指定IP地址,會自動選擇默認的網絡接口的 IP 地址作為 API 服務器的通告地址
service-cidr:可以通過
kubeadm config print init-defaults | grep serviceSubnet命令查看默認為 10.96.0.0/12 網段pod-network-cidr:參數用于指定 Pod 網絡的 IP 地址范圍(CIDR)。如不指定該參數,kubeadm 則不會自動分配 Pod 網絡 CIDR,而是由后續安裝的 CNI(Container Network Interface)插件決定默認值。安裝 CNI 插件(如 Calico、Flannel、WeaveNet 等)時,插件會使用自己的默認 CIDR:
- Calico:默認 `192.168.0.0/16
- Flannel:默認 10.244.0.0/16
- WeaveNet:默認 10.32.0.0/12–image-repository:用于指定拉取Kubernetes 官方組件鏡像(如 kube-apiserver、kube-controller-manager、kube-proxy 等),可通過
kubeadm config print init-defaults | grep imageRepository查看默認拉取鏡像的地址為:registry.k8s.io
kubeadm init --apiserver-advertise-address=192.168.110.144 --image-repository registry.aliyuncs.com/google_containers --cri-socket=unix:///var/run/cri-dockerd.sock
復制 admin.conf 到 $HOME/.kube/config
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
worker 節點加入集群
kubeadm join 192.168.110.144:6443 --token 4y2hkh.79cm5x0suufkp43v \--discovery-token-ca-cert-hash sha256:32cc83b7f2a270fad6db95e15139db41ab20d9b44818279c2b79458c589c1eee \--cri-socket=unix:///var/run/cri-dockerd.sock
安裝 calico 網絡插件
wget https://docs.projectcalico.org/manifests/calico.yaml && kubectl apply -f calico.yaml
驗證安裝
[root@k8s-n1 ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-7498b9bb4c-s9r6n 1/1 Running 0 136m
kube-system calico-node-65l2j 1/1 Running 0 136m
kube-system calico-node-jxxnf 1/1 Running 0 136m
kube-system calico-node-m8f9p 1/1 Running 0 136m
kube-system coredns-757cc6c8f8-bqztg 1/1 Running 0 151m
kube-system coredns-757cc6c8f8-d4r4x 1/1 Running 0 151m
kube-system etcd-k8s-n1 1/1 Running 1 (137m ago) 151m
kube-system kube-apiserver-k8s-n1 1/1 Running 1 (137m ago) 151m
kube-system kube-controller-manager-k8s-n1 1/1 Running 1 (138m ago) 151m
kube-system kube-proxy-c67s9 1/1 Running 1 (136m ago) 145m
kube-system kube-proxy-ck2fc 1/1 Running 1 (138m ago) 151m
kube-system kube-proxy-qlzqs 1/1 Running 1 (136m ago) 145m
kube-system kube-scheduler-k8s-n1 1/1 Running 1 (138m ago) 151m[root@k8s-n1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-n1 Ready control-plane 151m v1.33.3
k8s-n2 Ready <none> 145m v1.33.3
k8s-n3 Ready <none> 145m v1.33.3[root@k8s-n1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.aliyuncs.com/google_containers/kube-apiserver v1.33.3 a92b4b92a991 2 weeks ago 102MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.33.3 bf97fadcef43 2 weeks ago 94.6MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.33.3 41376797d512 2 weeks ago 73.4MB
registry.aliyuncs.com/google_containers/kube-proxy v1.33.3 af855adae796 2 weeks ago 97.9MB
registry.aliyuncs.com/google_containers/etcd 3.5.21-0 499038711c08 4 months ago 153MB
registry.aliyuncs.com/google_containers/coredns v1.12.0 1cf5f116067c 8 months ago 70.1MB
registry.aliyuncs.com/google_containers/pause 3.10 873ed7510279 14 months ago 736kB
calico/kube-controllers v3.25.0 5e785d005ccc 2 years ago 71.6MB
calico/cni v3.25.0 d70a5947d57e 2 years ago 198MB
calico/node v3.25.0 08616d26b8e7 2 years ago 245MB[root@k8s-n1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d12b62b15869 calico/kube-controllers "/usr/bin/kube-contr…" 3 hours ago Up 3 hours k8s_calico-kube-controllers_calico-kube-controllers-7498b9bb4c-s9r6n_kube-system_f44345be-9733-4533-8a5c-bfc412558411_0
558ea4826f18 1cf5f116067c "/coredns -conf /etc…" 3 hours ago Up 3 hours k8s_coredns_coredns-757cc6c8f8-d4r4x_kube-system_e45c0ce6-f00e-46b1-b934-04735f3594ce_0
a398f003d09b 1cf5f116067c "/coredns -conf /etc…" 3 hours ago Up 3 hours k8s_coredns_coredns-757cc6c8f8-bqztg_kube-system_c3147e5a-55d6-405a-a155-4ace28874e63_0
b2cbf6d8d63a registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_coredns-757cc6c8f8-bqztg_kube-system_c3147e5a-55d6-405a-a155-4ace28874e63_2
d7e53937b112 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_coredns-757cc6c8f8-d4r4x_kube-system_e45c0ce6-f00e-46b1-b934-04735f3594ce_2
d121eafeac5f registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_calico-kube-controllers-7498b9bb4c-s9r6n_kube-system_f44345be-9733-4533-8a5c-bfc412558411_3
9e0493628085 08616d26b8e7 "start_runit" 3 hours ago Up 3 hours k8s_calico-node_calico-node-65l2j_kube-system_ea3ebed7-986b-47b3-9e50-7a2b11e6adfe_0
1da1ced65603 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_calico-node-65l2j_kube-system_ea3ebed7-986b-47b3-9e50-7a2b11e6adfe_0
9b52c1709536 41376797d512 "kube-scheduler --au…" 3 hours ago Up 3 hours k8s_kube-scheduler_kube-scheduler-k8s-n1_kube-system_8002c56a1a9e4cbda46304d0353a1cf0_1
0fe4352fd8ef 499038711c08 "etcd --advertise-cl…" 3 hours ago Up 3 hours k8s_etcd_etcd-k8s-n1_kube-system_86e38a1b0b52714d200360b69ca8a141_1
df71f0502ff8 a92b4b92a991 "kube-apiserver --ad…" 3 hours ago Up 3 hours k8s_kube-apiserver_kube-apiserver-k8s-n1_kube-system_ac629295faa78072f27d01c8b7ec40cd_1
868191fec8c9 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_etcd-k8s-n1_kube-system_86e38a1b0b52714d200360b69ca8a141_1
425ccbc47628 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_kube-apiserver-k8s-n1_kube-system_ac629295faa78072f27d01c8b7ec40cd_1
f1c3160f39c4 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_kube-scheduler-k8s-n1_kube-system_8002c56a1a9e4cbda46304d0353a1cf0_1
9f67b206adf2 af855adae796 "/usr/local/bin/kube…" 3 hours ago Up 3 hours k8s_kube-proxy_kube-proxy-ck2fc_kube-system_f387171a-8cde-44c9-8472-10fb901c775c_1
669d57eb7739 bf97fadcef43 "kube-controller-man…" 3 hours ago Up 3 hours k8s_kube-controller-manager_kube-controller-manager-k8s-n1_kube-system_4fe303f337b51aa756c9e5b7c9d1a43b_1
6799ce918856 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_kube-proxy-ck2fc_kube-system_f387171a-8cde-44c9-8472-10fb901c775c_1
6b53a72e664f registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_kube-controller-manager-k8s-n1_kube-system_4fe303f337b51aa756c9e5b7c9d1a43b_1
)
:表結構與元數據查詢——快速掌握數據庫“DNA”)
)
