一、吐槽前言:
1.最开始安装部署cri-o时,就想到的是通过yum的方式来进行部署,但是安装官方推荐的yum源配置后,根本就不能够安装成功,后面某个机缘下,看到同事就是通过yum源的方式安装部署,查看的它的步骤,突然发现在配置官方yum源的时候,少配置了两个变量,就导致配置的yum源不能够生效,所以在次编写此文章做记录分享(这方面的资料实在是太少了,都是坑)
2. 官方安装说明方法链接
https://cri-o.io/
二、CRI-O的安装部署方法
3. 配置yum源:
1. 老规矩,k8s环境下的特殊配置
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/enforcing/disabled/' /etc/selinux/config
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
hostnamectl set-hostname k8s-master
modprobe overlay
modprobe br_netfilter
cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
vm.swappiness=0
EOF
sysctl -p /etc/sysctl.d/k8s.conf
2. 这一步非常重要,最开始,我自己就坑在这一步上面(我是centos7的环境,其它系统大家参照修改,因为计划安装cri-o的21版本,所以这里VERSION写的1.21)
VERSION=1.21
OS=CentOS_7
3. 安装官方的步骤,下载yum源
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/devel:kubic:libcontainers:stable.repo
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
4. 下载完后官方源如下:
[root@k8s-master yum.repos.d]# ll devel\:kubic\:libcontainers\:stable*
-rw-r--r-- 1 root root 381 Nov 23 17:52 devel:kubic:libcontainers:stable:cri-o:1.21.repo
-rw-r--r-- 1 root root 359 Nov 23 17:52 devel:kubic:libcontainers:stable.repo
5. 内容如下:
[root@k8s-master yum.repos.d]# cat devel\:kubic\:libcontainers\:stable*
[devel_kubic_libcontainers_stable_cri-o_1.21]
name=devel:kubic:libcontainers:stable:cri-o:1.21 (CentOS_7)
type=rpm-md
baseurl=https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.21/CentOS_7/
gpgcheck=1
gpgkey=https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.21/CentOS_7/repodata/repomd.xml.key
enabled=1
[devel_kubic_libcontainers_stable]
name=Stable Releases of Upstream github.com/containers packages (CentOS_7)
type=rpm-md
baseurl=https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/
gpgcheck=1
gpgkey=https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/repodata/repomd.xml.key
enabled=1
6. 但是只有上面两个yum源还不够,我在安装的时候runc的依赖找不到,所以还需要在配置一个yum源,我配置的内容如下:
[root@k8s-master yum.repos.d]# cat Centos-Mirro.repo
[Centos Mirro]
name=Centos Mirro
baseurl=http://mirror.centos.org/centos/7/extras/x86_64/
enabled=1
gpgcheck=0
proxy=_none
7. yum的方式安装cri-o,现在真正的是太痛快了
yum install -y cri-o
systemctl start crio
systemctl enable crio
systemctl start cri-o
systemctl enable cri-o
systemctl list-unit-files | grep cri-o
systemctl list-unit-files | grep cri
三、 kubelet、kubectl、cri-tools、kubeadm组件安装
8 . 老规矩,先配置k8s的yum源:
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
9 . 安装部署时,也需要指定版本安装部署,版本需要和cri-o的版本保持一致,不知道原因,反正就听老人言,三个组件的顺序也很重要,因为会有依赖,如果先安装kubeadm,目前centos最新的为v2.22版本,如果先安装kubeadm,他会将kubelet,kubectl也一起安装,安装的版本会为2.22,而不是你想安装的v2.21
yum install -y kubelet-1.21.2-0.x86_64 --nogpgcheck
yum install -y kubectl-1.21.2-0.x86_64 --nogpgcheck
yum install -y kubeadm-1.21.2-0.x86_64 --nogpgcheck
yum install -y cri-tools-1.21.0
systemctl enable kubelet
10. 这一步非常重要,指定kubelet使用crio创建容器
[root@k8s-master mwt]# cat /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' --runtime-request-timeout=5m"
11. 安装cni插件,其实就是把编译好的二进制文件,放到/opt/cni/bin目录下,让kublet程序根据/etc/cni/net.d/中的confg文件中指定的type类型去调用,然后创建相关的pod的接口和ip地址的分配(应该不是很严谨,只是自己大致的感觉理解,参见)
下载地址(这个我是从自己环境中压缩上传的):
https://wws.lanzoui.com/i1NPlwwcu8j
密码:3n6s
下载完毕后,将压缩文件解压后,将二进制文件拷贝到/opt/cni/bin目录下面,如果不存在该目录就先创建该目录
第四步、部署K8S集群
crio config --default > /etc/crio/crio.conf
修改添加内容如下:
registries = ['4v2510z7.mirror.aliyuncs.com:443/library']
pause_image = "registry.aliyuncs.com/google_containers/pause:3.2"
13.生成kueadm的初始文件,如果不通过文件来部署,好像会存在问题,因为k8s默认CRI是docker,所以需要生成,然后修改文件才行, podSubnet的字段需要指定,不然部署flannel时,网段划分会存在问题,无法成功分配ip所以就无法正常创建pod
kubeadm config print init-defaults > kubeadm-config.yaml
修改后的内容如下:
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.0.2.93
bindPort: 6443
nodeRegistration:
# criSocket: /var/run/dockershim.sock
criSocket: /var/run/crio/crio.sock
# name: node
taints:
- effect: PreferNoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.21.0
networking:
dnsDomain: cluster.local
podSubnet: 10.85.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
kubeadm config images pull --config kubeadm.yaml --image-repository registry.aliyuncs.com/google_containers
curl -O https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
crictl pull quay.io/coreos/flannel:v0.14.0
27 .说了这么多废话,开始干吧
1) master执行
kubeadm init --config kubeadm-config.yaml
2) 初始化成功后的打印信息:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.0.2.120:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:3db371d75d6029e5527233b9ec8400cdc6826a4cb88d626216432f0943232eba
3) master执行:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
4) node上执行kubeadm join
kubeadm join 10.0.2.93:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:3db371d75d6029e5527233b9ec8400cdc6826a4cb88d626216432f0943232eba
5) 在master部署flannl插件
kubectl apply -f kube-flannel.yml
1) 查看前的小问题解决
查看kubectl get cs状态(总觉得k8s好像就是存在该问题,修改配置文件,重启kubelet进行恢复)
[root@cri-2 crio-v1.19.0]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
scheduler Unhealthy Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused
controller-manager Unhealthy Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused
etcd-0 Healthy {"health":"true"}
原因是kube-controller-manager.yaml和kube-scheduler.yaml设置的默认端口是0,只需在文件中注释掉即可。
在每个主节点上执行
vim /etc/kubernetes/manifests/kube-scheduler.yaml
# and then comment this line
# - --port=0
重启kubelet后的结果
[root@k8s-master ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health":"true"}
2) 如果大家也是搭建测试环境,只有两个机器,但是想让pod能够在两个master和node上都能够启动,充分利用硬件资源的话,可以去除污点的方式,让pod也能够部署到master上,生产环境不推荐,因为k8s的核心组件都在master上运行,如果将业务pod部署到master上,可能会导致master的资源紧张有干扰。
kubectl taint nodes --all node-role.kubernetes.io/master-
3) 好了,好了,来让我们来查看最后的部署结果吧
[root@k8s-master ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-master Ready control-plane,master 34h v1.21.2 10.0.2.93 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 cri-o://1.21.4
k8s-node1 Ready <none> 34h v1.21.2 10.0.2.94 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 cri-o://1.21.4
[root@k8s-master ~]# kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-59d64cd4d4-5llk7 1/1 Running 0 34h 10.85.0.2 k8s-master <none> <none>
coredns-59d64cd4d4-5vmk6 1/1 Running 0 34h 10.85.0.3 k8s-master <none> <none>
etcd-k8s-master 1/1 Running 0 34h 10.0.2.93 k8s-master <none> <none>
kube-apiserver-k8s-master 1/1 Running 0 34h 10.0.2.93 k8s-master <none> <none>
kube-controller-manager-k8s-master 1/1 Running 0 34h 10.0.2.93 k8s-master <none> <none>
kube-flannel-ds-f7k6k 1/1 Running 0 34h 10.0.2.94 k8s-node1 <none> <none>
kube-flannel-ds-pqwsg 1/1 Running 0 34h 10.0.2.93 k8s-master <none> <none>
kube-proxy-6jz7q 1/1 Running 0 34h 10.0.2.94 k8s-node1 <none> <none>
kube-proxy-j6hhl 1/1 Running 0 34h 10.0.2.93 k8s-master <none> <none>
kube-scheduler-k8s-master 1/1 Running 0 34h 10.0.2.93 k8s-master <none> <none>
[root@k8s-master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql-4pgv4 1/1 Running 0 4h51m 10.85.0.8 k8s-master <none> <none>
mysql-jptwn 1/1 Running 0 4h51m 10.85.0.9 k8s-master <none> <none>
myweb1-ddttd 1/1 Running 0 4h50m 10.85.1.4 k8s-node1 <none> <none>
myweb1-ngk9r 1/1 Running 0 4h50m 10.85.1.5 k8s-node1 <none> <none>
[root@k8s-master ~]# kubectl get svc -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 34h <none>
mysql NodePort 10.107.163.221 <none> 3306:30060/TCP 4h45m app=mysql-crio
myweb NodePort 10.100.252.36 <none> 8080:30001/TCP 4h45m app=myweb-crio
[root@k8s-master ~]# kubectl get svc -o wide -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 34h k8s-app=kube-dns