K8s 运维

• K8s 组件介绍
• Kubernetes（K8s）安装

TODO

安装命令未指明版本。

Ubuntu 24.04 通过 kubeadm 安装 K8s（v1.28.15）

K8s 安装手册

设置时区

保证各个节点的时间一致。

sudo timedatectl set-timezone Asia/Shanghai

CRI 前置配置

# Reference: https://v1-28.docs.kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/#install-and-configure-prerequisites
# 转发 IPv4 并让 iptables 看到桥接流量

# 设置开机加载 overlay、br_netfilter 内核模块
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
# 立即加载 overlay、br_netfilter 内核模块
sudo modprobe overlay
sudo modprobe br_netfilter

# 设置所需的 sysctl 参数，参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# 应用 sysctl 参数而不重新启动
sudo sysctl --system

安装 containerd

Getting started with containerd

# 安装 containerd
wget https://github.com/containerd/containerd/releases/download/v1.7.24/containerd-1.7.24-linux-amd64.tar.gz
sudo tar Cxzvf /usr/local containerd-1.6.2-linux-amd64.tar.gz

# 安装 [runc](https://github.com/opencontainers/runc)
# runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.
wget https://github.com/opencontainers/runc/releases/download/v1.2.3/runc.amd64
sudo install -m 755 runc /usr/local/sbin/runc

# 安装 cni 
wget https://github.com/containernetworking/plugins/releases/download/v1.6.1/cni-plugins-linux-amd64-v1.6.1.tgz
sudo mkdir -p /opt/cni/bin
sudo tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.6.1.tgz

# 通过 systemd 管理 containerd 服务
wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
[ ! -d "/usr/local/lib/systemd/system/" ] && sudo mkdir -p /usr/local/lib/systemd/system/
sudo mv containerd.service /usr/local/lib/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now containerd
sudo systemctl restart containerd.service

配置 containerd

sudo containerd config default > config.toml
sudo mv config.toml /etc/containerd/

config.toml修改下面几处内容。

# Reference: https://v1-28.docs.kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/#containerd-systemd
# 139 行
SystemdCgroup = true

# 67 行
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.8"

# 添加镜像地址
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
        endpoint = ["https://docker.m.daocloud.io", "https://dockerproxy.com", "https://docker.mirrors.ustc.edu.cn", "https://docker.nju.edu.cn"]

安装 kubelet、kubeadm 与 kubectl

安装 kubeadm、kubelet 和 kubectl

sudo apt-get update
# apt-transport-https 可能是一个虚拟包（dummy package）；如果是的话，你可以跳过安装这个包
sudo apt-get install -y apt-transport-https ca-certificates curl gpg

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpG

# 此操作会覆盖 /etc/apt/sources.list.d/kubernetes.list 中现存的所有配置。
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl # 锁定版本，防止自动更新

创建集群

kubeadm init --image-repository=registry.aliyuncs.com/google_containers

配置 kubectl

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

配置 Calico

Quickstart for Calico on Kubernetes

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/tigera-operator.yaml
kubectl create -f custom-resources.yaml

custom-resources.yaml文件内容如下：

apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
  name: default
spec:
  # Configures Calico networking.
  calicoNetwork:
    ipPools:
    - name: default-ipv4-ippool
      blockSize: 26
      cidr: 192.168.0.0/16
      encapsulation: VXLANCrossSubnet
      natOutgoing: Enabled
      nodeSelector: all()
---

# This section configures the Calico API server.
# For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.APIServer
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
  name: default
spec: {}

（可选）配置 alias

echo "alias kp='kubectl get pods -A'
alias kn='kubectl get nodes -A'
alias k='kubectl'" >> $HOME/.my_profile

加入集群

# 在主节点获取加入集群命令
kubeadm token create --print-join-command

调试容器

apiVersion: v1
kind: Pod
metadata:
  name: ubuntu
  labels:
    app: ubuntu
spec:
  containers:
  - image: ubuntu
    command:
      - "sleep"
      - "604800"
    imagePullPolicy: IfNotPresent
    name: ubuntu
  restartPolicy: Always