概览:
cri-o
Kubernetes的轻量级容器运行时
安装cri-o
添加镜像源
/etc/yum.repo.d/cri-o.repo
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
| [devel_kubic_libcontainers_stable] name=Stable Releases of Upstream github.com/containers packages (CentOS_7) type=rpm-md baseurl=https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/ gpgcheck=1 gpgkey=https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_7/repodata/repomd.xml.key enabled=1
[devel_kubic_libcontainers_stable_cri-o_1.24] name=devel:kubic:libcontainers:stable:cri-o:1.24 (CentOS_7) type=rpm-md baseurl=https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.24/CentOS_7/ gpgcheck=1 gpgkey=https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.24/CentOS_7/repodata/repomd.xml.key enabled=1
|
开始安装
安装kubernetes
优化
关闭SELinux
1 2 3
| # Set SELinux in permissive mode (effectively disabling it) setenforce 0 sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
|
内核模块
1 2 3 4 5 6 7
| cat <<EOF | tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF
modprobe overlay modprobe br_netfilter
|
内核优化
1 2 3 4 5 6 7 8 9 10
| # sysctl params required by setup, params persist across reboots cat <<EOF | tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 net.ipv4.conf.all.rp_filter = 0 EOF
# Apply sysctl params without reboot sysctl --system
|
开始安装
添加镜像源
1 2 3 4 5 6 7 8 9
| cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch enabled=1 gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOF
|
安装并启动
1 2 3 4 5 6
| yum install kubelet-1.24.7 kubeadm-1.24.7 kubectl-1.24.7 --disableexcludes=kubernetes
sysctl -p /etc/sysctl.d/k8s.conf
systemctl enable --now crio systemctl enable --now kubelet
|
启动k8s
初始化k8s
--skip-phases=addon/kube-proxy
,这个根据自己的要求来。我是因为使用cilium替代了k8s的kube-proxy。
1
| kubeadm init --kubernetes-version=v1.24.7 --pod-network-cidr=$CIDR --cri-socket=unix:///var/run/crio/crio.sock --skip-phases=addon/kube-proxy
|
下载cilium
1 2 3 4 5 6 7
| CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/master/stable.txt) CLI_ARCH=amd64 if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum} sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
|
安装cni网络
1
| cilium install --helm-set tunnel=disabled --helm-set bpf.masquerade=true --helm-set bpf.clockProbe=true --helm-set bpf.waitForMount=true --helm-set bpf.preallocateMaps=true --helm-set bpf.tproxy=true --helm-set bpf.hostRouting=false --helm-set autoDirectNodeRoutes=true --helm-set localRedirectPolicy=true --helm-set enableCiliumEndpointSlice=true --helm-set enableK8sEventHandover=true --helm-set enableK8sEndpointSlice=true --helm-set wellKnownIdentities.enabled=true --helm-set sockops.enabled=true --helm-set bandwidthManager=true --helm-set hubble.enabled=false --helm-set installNoConntrackIptablesRules=true --helm-set egressGateway.enabled=true --helm-set endpointRoutes.enabled=false --helm-set kubeProxyReplacement=strict --helm-set loadBalancer.mode=dsr --helm-set nodePort.mode=dsr --helm-set nodePort.directRoutingDevice=eth0 --helm-set devices=eth0 --helm-set k8sServiceHost=10.0.0.3 --helm-set k8sServicePort=6443 --helm-set ipv4NativeRoutingCIDR=172.26.131.117/32
|
结束
检查