diff --git "a/docs/zh/docs/Kubernetes/Kubernetes\351\233\206\347\276\244\351\203\250\347\275\262\346\214\207\345\215\227 - containerd.md" "b/docs/zh/docs/Kubernetes/Kubernetes\351\233\206\347\276\244\351\203\250\347\275\262\346\214\207\345\215\227 - containerd.md" new file mode 100644 index 0000000000000000000000000000000000000000..a001d3995a73bc80d7e9431d8697f710f7cbfc4d --- /dev/null +++ "b/docs/zh/docs/Kubernetes/Kubernetes\351\233\206\347\276\244\351\203\250\347\275\262\346\214\207\345\215\227 - containerd.md" @@ -0,0 +1,183 @@ +# Kubernetes集群部署指南 - containerd +Kubernetes自1.21版本开始不再支持Kubernetes+docker部署Kubernetes集群,本文介绍以containerd作为容器运行时快速搭建Kubernetes集群。若需要对集群进行个性化配置,请查阅https://kubernetes.io/zh-cn/docs/home/ +## 软件包安装 +### 1. 安装必要软件包 +``` +$ yum install -y containerd +$ yum install -y kubernetes* +$ yum install -y cri-tools +$ wget https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml --no-check-certificate +``` +**注意:**如果系统中已经安装了Docker,请确保在安装containerd之前卸载Docker,否则可能会引发冲突。 + +我们要求使用1.6.22-15或更高版本的containerd,如果下载的版本过低请运行以下命令升级成1.6.22-15版本,或自行升级: + +``` +$ wget --no-check-certificate https://repo.openeuler.org/openEuler-24.03-LTS/update/x86_64/Packages/containerd-1.6.22-15.oe2403.x86_64.rpm +$ rpm -Uvh containerd-1.6.22-15.oe2403.x86_64.rpm +``` +### 2. 下载cni组件 + +``` +$ mkdir -p /opt/cni/bin +$ cd /opt/cni/bin +$ wget --no-check-certificate https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz +$ tar -xzvf ./cni-plugins-linux-amd64-v1.5.1.tgz -C . +``` +**注意**:这里提供的是AMD64架构版本的下载链接,请根据系统架构选择合适的版本,其他版本可从https://github.com/containernetworking/plugins/releases/获取。 + +### 3. 教程软件包版本 + +``` +1. containerd + -架构:x86_64 + -版本:1.6.22-15 +2. kubernetes - client/help/kubeadm/kubelet/master/node + -架构:x86_64 + -版本:1.29.1-4 +3. cri-tools + -架构:X86_64 + -版本:1.29.0-3 +``` +## 环境配置 +本节对Kubernetes运行时所需的操作系统环境进行配置。 +### 1. 设置主机名 + +``` +$ hostnamectl set-hostname nodeName +``` +### 2. 关闭防火墙 + +``` +$ systemctl stop firewalld +$ systemctl disable firewalld +``` +### 3. 禁用SELinux +``` +$ setenforce 0 +$ sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config +``` +### 4. 禁用swap +``` +$ swapoff -a +$ sed -ri 's/.*swap.*/#&/' /etc/fstab +``` +### 5. 网络配置 + +``` +$ cat > /etc/sysctl.d/k8s.conf << EOF +net.bridge.bridge-nf-call-ip6tables = 1 +net.bridge.bridge-nf-call-iptables = 1 +net.ipv4.ip_forward = 1 +vm.swappiness=0 +EOF +$ modprobe br_netfilter +$ sysctl -p /etc/sysctl.d/k8s.conf +``` +## 配置containerd +本节对containerd进行配置,包括设置pause_image、cgroup驱动、关闭"registry.k8s.io"镜像源证书验证、配置代理 + +``` +$ containerd_conf="/etc/containerd/config.toml" +$ mkdir -p /etc/containerd +$ containerd config default > "${containerd_conf}" +$ pause_img=$(kubeadm config images list | grep pause | tail -1) +$ sed -i "/sandbox_image/s#\".*\"#\"${pause_img}\"#" "${containerd_conf}" +$ sed -i "/SystemdCgroup/s/=.*/= true/" "${containerd_conf}" +$ sed -i '/plugins."io.containerd.grpc.v1.cri".registry.configs/a\[plugins."io.containerd.grpc.v1.cri".registry.configs."registry.k8s.io".tls]\n insecure_skip_verify = true' /etc/containerd/config.toml + +$ server_path="/etc/systemd/system/containerd.service.d" +$ mkdir -p "${server_path}" +$ cat > "${server_path}"/http-proxy.conf << EOF +[Service] +Environment="HTTP_PROXY=http://peulerosweb:EulerOS_123@proxyhk.huawei.com:8080" +Environment="HTTPS_PROXY=http://peulerosweb:EulerOS_123@proxyhk.huawei.com:8080" +Environment="NO_PROXY=localhost,rnd-dockerhub.huawei.com,10.96.0.1" +EOF + +$ systemctl daemon-reload +$ systemctl restart containerd +``` +## 配置crictl使用containerd +``` +$ crictl config runtime-endpoint unix:///run/containerd/containerd.sock +$ crictl config image-endpoint unix:///run/containerd/containerd.sock +``` +## 配置kubelet使用systemd作为cgroup驱动 + +``` +$ systemctl enable kubelet.service +$ echo 'KUBELET_EXTRA_ARGS="--runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice"' >> /etc/sysconfig/kubelet +$ systemctl restart kubelet +``` +## 使用Kubeadm创建集群(仅控制平面需要) +### 1. 配置集群信息 + +``` +$ kubeadm config print init-defaults --component-configs KubeletConfiguration >> kubeletConfig.yaml +$ vim kubeletConfig.yaml +``` +在kubeletConfig.yaml文件中,配置节点名称、广播地址(advertiseAddress)以及Pod网络的CIDR。 +**修改name为主机名,与环境配置第一步一致** +![](./figures/name.png) +**将advertiseAddress修改为控制平面的ip地址:** +![](./figures/advertiseAddress.png) +**在Networking中添加podSubnet指定CIDR范围** +![](./figures/podSubnet.png) + +### 2. 部署集群 +这里使用kubeadm部署集群,许多配置是默认生成的(如认证证书),如需修改请查阅https://kubernetes.io/zh-cn/docs/home/ + +**关闭代理(如有)** +``` +$ unset http_proxy https_proxy +``` +使用kubeadm init部署集群: + +``` +$ kubeadm init --config kubeletConfig.yaml +$ mkdir -p "$HOME"/.kube +$ cp -i /etc/kubernetes/admin.conf "$HOME"/.kube/config +$ chown "$(id -u)":"$(id -g)" "$HOME"/.kube/config +$ export KUBECONFIG=/etc/kubernetes/admin.conf +``` +### 3. 部署cni插件(flannel) +本教程中使用flannel作为cni插件,以下介绍flannel下载和部署。 +以下使用的flannel从registry-1.docker.io镜像源下载,为避免证书验证失败的问题,请在containerd配置文件(/etc/containerd/config.toml)中配置该镜像源跳过证书验证。 +![](http://image.huawei.com/tiny-lts/v1/images/4e8b7f5034df701007d90e920aa58447_691x113.png) + +使用kubectl apply部署我们最开始在软件包安装中下载的kube-flannel.yml +``` +$ kubectl apply -f kube-flannel.yml +``` +注:控制平面可能会有污点的问题,导致kubeamd get nodes中节点状态无法变成ready,请查阅:https://kubernetes.io/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/ 去除污点。 +## 加入集群(仅工作节点需要) +**关闭代理(如有)** +``` +$ unset http_proxy https_proxy +``` +工作节点安装配置完环境后可以通过以下命令加入集群。 + +``` +$ kubeadm join : --token --discovery-token-ca-cert-hash sha256: +``` +这个命令会在控制平面库kubeadm init结束后生成,也可以在控制平面按照以下命令获取: + +``` +$ kubeadm token create #生成token +$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \ + openssl dgst -sha256 -hex | sed 's/^.* //' #获取hash +``` + +加入后可以在控制平面通过以下命令查看工作节点的状态: + +``` +$ kubectl get nodes +``` +如果节点状态显示为not ready,可能是因为Flannel插件未成功部署。在这种情况下,请运行本地生成的Flannel可执行文件来完成部署。 +**在工作节点运行kubectl命令(可选)** +如果需要在工作节点上运行kubectl命令,需要将控制面板的/etc/kubernetes/admin.conf复制到同样的目录,然后运行以下命令: + +``` +$ export KUBECONFIG=/etc/kubernetes/admin.conf +``` \ No newline at end of file diff --git a/docs/zh/docs/Kubernetes/figures/advertiseAddress.png b/docs/zh/docs/Kubernetes/figures/advertiseAddress.png new file mode 100644 index 0000000000000000000000000000000000000000..b36e5c4664f2d2e5faaa23128fd4711c11e30179 Binary files /dev/null and b/docs/zh/docs/Kubernetes/figures/advertiseAddress.png differ diff --git a/docs/zh/docs/Kubernetes/figures/name.png b/docs/zh/docs/Kubernetes/figures/name.png new file mode 100644 index 0000000000000000000000000000000000000000..dd6ddfdc3476780e8c896bfd5095025507f62fa8 Binary files /dev/null and b/docs/zh/docs/Kubernetes/figures/name.png differ diff --git a/docs/zh/docs/Kubernetes/figures/podSubnet.png b/docs/zh/docs/Kubernetes/figures/podSubnet.png new file mode 100644 index 0000000000000000000000000000000000000000..b368f77dd7dfd7722dcf7751b3e37ec28755e42d Binary files /dev/null and b/docs/zh/docs/Kubernetes/figures/podSubnet.png differ diff --git a/docs/zh/menu/index.md b/docs/zh/menu/index.md index 199fd6f50ed05336a49353586568d6036700269d..2d1f2db4ff005a83d79fd696452987c5a22d37a0 100644 --- a/docs/zh/menu/index.md +++ b/docs/zh/menu/index.md @@ -280,6 +280,7 @@ headless: true - [拆除集群]({{< relref "./docs/Kubernetes/eggo拆除集群.md" >}}) - [运行测试pod]({{< relref "./docs/Kubernetes/运行测试pod.md" >}}) - [常见问题与解决方法]({{< relref "./docs/Kubernetes/常见问题与解决方法.md" >}}) + - [基于containerd部署集群]({{< relref "./docs/Kubernetes/Kubernetes集群部署指南 - containerd.md" >}}) - [云原生混合部署rubik用户指南]({{< relref "./docs/rubik/overview.md" >}}) - [安装与部署]({{< relref "./docs/rubik/安装与部署.md" >}}) - [http接口文档]({{< relref "./docs/rubik/http接口文档.md" >}})