Kubernetes M1 Mac 重新搭建
/etc/hosts
192.168.104.100 k8s-master01 m1
192.168.104.101 k8s-node01 n1
192.168.104.102 k8s-node02 n2
禁用网卡
# 永久禁用
nmcli device set enp0s2 managed no
# 永久启用
nmcli device set enp0s2 managed yes
nmcli connection modify enp0s2 connection.autoconnect yes
# 设置主机名以及hosts文件的相互解析
hostnamectl set-hostname k8s-master01
yum install -y conntrack ipvsadm ipset iptables curl sysstat libseccomp wget vim net-tools git
# 打开 /etc/chrony.conf
# 将当前的server区域都注视掉
pool ntp1.aliyun.com iburst
pool ntp2.aliyun.com iburst
pool ntp3.aliyun.com iburst
allow 192.168.104.0/24
local stratum 10
systemctl restart chronyd
systemctl enable chronyd
timedatectl set-timezone Asia/Shanghai
#将当前的 UTC 时间写入硬件时钟
timedatectl set-local-rtc 0
systemctl restart rsyslog
systemctl restart crond
# 设置防火墙为Iptables并设置空规则
systemctl stop firewalld && systemctl disable firewalld
yum install -y iptables-services && systemctl start iptables && systemctl enable iptables && iptables -F && service iptables save
# double check
systemctl status iptables
iptables -L # empty
cat /etc/sysconfig/iptables # empty
# 关闭SELINUX
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
# 调整内核参数,对于k8s
cat << EOF > /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
user.max_user_namespaces=28633
EOF
sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf
# centos 9 没有postfix服务,有没有其他的邮件服务
# 关闭系统不需要的服务,如邮件服务 postfix,比较占资源
# systemctl stop postfix && systemctl disable postfix
# 日志服务配置
mkdir /var/log/journal # 持久化保存日志的目录
mkdir /etc/systemd/journald.conf.d
cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
[journal]
# 持久化保存到磁盘
Storage=persistent
# 压缩历史日志
Compress=yes
SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000
# 最大占用空间
SystemMaxUse=10G
# 单日志文件最大 200M
SystemMaxFileSize=200M
# 日志保存时间 2 周
MaxRetentionSec=2week
# 不将日志发送到 syslog
ForwardToSyslog=no
EOF
systemctl restart systemd-journald
kube-proxy 开启 ipvs 的前置条件
cat << EOF > /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
# 5.4内核中没有nf_conntrack_ipv4
# https://github.com/kubernetes-sigs/kubespray/issues/7176
# 加载网桥连接模块
modprobe br_netfilter
mkdir -p /etc/sysconfig/modules
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack
初始化 master
curl -OL https://github.com/containerd/containerd/releases/download/v1.7.14/containerd-1.7.14-linux-arm64.tar.gz
tar Cxzvf /usr/local containerd-1.7.14-linux-arm64.tar.gz
curl -OL https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.arm64
install -m 755 runc.arm64 /usr/local/sbin/runc
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
修改前面生成的配置文件/etc/containerd/config.toml:
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
再修改/etc/containerd/config.toml中的
[plugins."io.containerd.grpc.v1.cri"]
...
# sandbox_image = "registry.k8s.io/pause:3.8"
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"
# 为了通过systemd启动containerd,请还需要从https://raw.githubusercontent.com/containerd/containerd/main/containerd.service下载containerd.service单元文件,并将其放置在 /etc/systemd/system/containerd.service中。
cat << EOF > /etc/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
#配置containerd开机启动,并启动containerd,执行以下命令:
systemctl daemon-reload
systemctl enable containerd --now
systemctl status containerd
curl -OL https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-arm64.tar.gz
tar -zxvf crictl-v1.29.0-linux-arm64.tar.gz
install -m 755 crictl /usr/local/bin/crictl
#使用crictl测试一下,确保可以打印出版本信息并且没有错误信息输出:
crictl --runtime-endpoint=unix:///run/containerd/containerd.sock version
安装 Kuberadm (主从配置)
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet
# 可以使用下面命令查看系统支持的cgroup版本:
grep cgroup /proc/filesystems
配置 kubernetes
kubeadm config print init-defaults > kubeadm.yaml
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.104.100
bindPort: 6443
nodeRegistration:
criSocket: unix:///run/containerd/containerd.sock
taints:
- effect: PreferNoSchedule
key: node-role.kubernetes.io/master
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: 1.29.0
imageRepository: registry.aliyuncs.com/google_containers
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
failSwapOn: false
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
启动 Kubernetes
kubeadm config images list --config kubeadm.yaml
kubeadm config images pull --config kubeadm.yaml
kubeadm init --config kubeadm.yaml | tee kubeadm-init.log
配置 Worker 节点
将 master 虚拟机 clone 一份
hostnamectl set-hostname k8s-node01
nmcli connection modify enp0s1 ipv4.addresses 192.168.104.101/24 ipv4.gateway 192.168.104.2 ipv4.dns "192.168.104.2 8.8.8.8" ipv4.method manual
nmcli conn up enp0s1
kubeadm reset
hostnamectl set-hostname k8s-node02
nmcli connection modify enp0s1 ipv4.addresses 192.168.104.102/24 ipv4.gateway 192.168.104.2 ipv4.dns "192.168.104.2 8.8.8.8" ipv4.method manual
nmcli conn up enp0s1
kubeadm reset
将所有的 worker 节点加入集群
kubeadm join 192.168.104.100:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:5c81348991e838a0471c78115d26431f996d4c9006a6abb1449929538a269401
在 master 节点配置集群
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
curl -OL https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
kubectl apply -f kube-flannel.yml