基于 containerd 运行时的 Kubernetes 环境搭建
众说周知,Kubernetes 从 1.24 起就删除了 Dockershim 相关代码,现在整理了一下国内网络环境下使用 containerd 作为运行时的集群搭建步骤
1. 系统准备
# 允许 iptables 检查桥接流量
sudo tee /etc/modules-load.d/containerd.conf << EOF
overlay
br_netfilter
EOF
sudo tee /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 使设置生效
sudo modprobe overlay br_netfilter
sudo sysctl --system
# 禁用虚拟内存
sudo swapoff -a2. 安装 Kubernetes 组件
2.1 Debian/Ubuntu
# 安装 containerd
curl -sL http://mirrors.aliyun.com/docker-ce/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/docker-ce.gpg
echo "deb http://mirrors.aliyun.com/docker-ce/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt update
sudo apt install -y containerd.io
# 安装 kubeadm
curl -sL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/kubernetes-archive-keyring.gpg
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt update
sudo apt install -y kubeadm=1.21.14-00 kubectl=1.21.14-00 kubelet=1.21.14-002.2 CentOS
# 安装 containerd
sudo curl https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
sudo yum install -y containerd.io
sudo systemctl enable containerd
# 安装 kubeadm
sudo tee /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=0
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
sudo yum install -y --enablerepo=kubernetes kubeadm-1.21.14 kubelet-1.21.14 kubectl-1.21.14
sudo systemctl enable kubelet2.3 配置容器运行时
# 配置容器运行时
sudo tee /etc/containerd/config.toml << EOF
version = 2
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://hub-mirror.c.163.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
endpoint = ["http://registry.lan:5000"]
EOF
sudo systemctl restart containerd
# 添加自动填充
sudo tee /etc/profile.d/kubectl.sh << EOF
source <(kubectl completion bash)
source <(crictl completion bash)
export KUBECONFIG=/etc/kubernetes/admin.conf
EOF
# 配置 crictl
sudo tee /etc/crictl.yaml << EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
EOF3. 使用 Kubeadm 引导集群
sudo kubeadm init --kubernetes-version=1.21.14 --token=abcdef.0123456789abcdef \
--apiserver-advertise-address=$(ip addr show dev eth0 | grep -Po 'inet \K[\d.]+') \
--cri-socket=unix:///run/containerd/containerd.sock \
--image-repository=registry.aliyuncs.com/google_containers稍等几分钟,K8S 的 Master 节点就启动起来了
# 其他节点加入集群
sudo kubeadm join node1.lan:6443 --token=abcdef.0123456789abcdef --discovery-token-unsafe-skip-ca-verification3.1 kubernetes 组件安装
# 链接 kubeconfig
sudo chmod +r /etc/kubernetes/admin.conf
# 配置网络插件
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml
# 去除污点
kubectl taint node --all node-role.kubernetes.io/master-
# 安装 Helm
curl -sL https://get.helm.sh/helm-v3.9.2-linux-amd64.tar.gz | sudo tar zxf - --strip-components=1 -C /usr/local/bin
# 安装 Traefik Ingress Controller
helm install traefik -n kube-system --repo https://helm.traefik.io/traefik traefik3.2 集群清理
sudo kubeadm reset --cri-socket=unix:///run/containerd/containerd.sock -f
sudo rm -rf /var/lib/{calico,etcd,kubelet,kubernetes,cni} /etc/cni/net.d /etc/kubernetes /opt/cni/bin/*参考资料