Kubernetes安装与配置:Containerd与Docker双版本详解
categories: - Kubernetes安装部署 tags: - Kubernetes - 安装 - Containerd - Docker - kubeadm - 集群部署
Kubernetes安装与配置:Containerd与Docker双版本详解
前言
本章将详细介绍如何在Linux服务器上安装和配置Kubernetes集群。我们将分别介绍两种主流的容器运行时安装方式: 1. Containerd(Kubernetes官方推荐) 2. Docker(使用cri-dockerd适配器)
系统要求
硬件要求
| 角色 | CPU | 内存 | 磁盘 | 数量 |
|---|---|---|---|---|
| Master | ≥2核 | ≥2GB | ≥30GB SSD | 1-3 |
| Worker | ≥1核 | ≥1GB | ≥20GB SSD | N |
操作系统要求
- Ubuntu:20.04/22.04 LTS
- CentOS:7/8/9
- Rocky Linux:8/9
- Debian:10/11/12
网络要求
- 所有节点网络互通
- 开放端口:
- Master:6443, 2379-2380, 10250-10252 - Worker:10250, 30000-32767
环境准备(所有节点执行)
1. 设置主机名
# Master节点
hostnamectl set-hostname k8s-master
# Worker节点
hostnamectl set-hostname k8s-worker1
hostnamectl set-hostname k8s-worker2
# 添加hosts解析
cat >> /etc/hosts << EOF
192.168.1.10 k8s-master
192.168.1.11 k8s-worker1
192.168.1.12 k8s-worker2
EOF
2. 禁用Swap分区
# 临时禁用
swapoff -a
# 永久禁用
sed -i '/swap/d' /etc/fstab
3. 加载内核模块
# 加载必要模块
cat > /etc/modules-load.d/k8s.conf << EOF
overlay
br_netfilter
EOF
# 立即加载
modprobe overlay
modprobe br_netfilter
4. 配置sysctl
# 配置网络参数
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
# 立即生效
sysctl --system
5. 安装基础工具
# Ubuntu/Debian
apt-get update
apt-get install -y curl gnupg lsb-release ca-certificates
# CentOS/Rocky
yum install -y curl gnupg ca-certificates
方法一:使用Containerd(推荐)
Containerd是Kubernetes 1.24+官方默认的容器运行时,性能更好、占用资源更少。
1. 安装Containerd
# 安装containerd
apt-get install -y containerd.io
# 或者下载最新版本
wget https://github.com/containerd/containerd/releases/download/v1.7.13/containerd-1.7.13-linux-amd64.tar.gz
tar xzf containerd-1.7.13-linux-amd64.tar.gz
cp bin/* /usr/local/bin/
2. 配置Containerd
# 生成默认配置文件
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
# 修改配置文件
cat > /etc/containerd/config.toml << 'EOF'
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.k8s.io/pause:3.9"
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "runc"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins."io.containerd.runtime.v1.linux"]
runtime = "runc"
runtime_root = "/run/containerd/runc"
[plugins."io.containerd.snapshotter.v1.overlayfs"]
snapshotter = "overlayfs"
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://mirror.registry.workers.dev"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
endpoint = ["https://registry.k8s.io"]
EOF
3. 配置Systemd服务
# 创建containerd服务文件
cat > /etc/systemd/system/containerd.service << 'EOF'
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target
[Service]
Type=notify
ExecStart=/usr/local/bin/containerd
ExecReload=/bin/kill -s HUP $MAINPID
Restart=always
RestartSec=5
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
[Install]
WantedBy=multi-user.target
EOF
# 启动服务
systemctl daemon-reload
systemctl enable containerd
systemctl start containerd
systemctl status containerd
4. 安装crictl(Kubernetes容器运行时CLI)
# 下载crictl
VERSION="v1.28.0"
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/${VERSION}/crictl-${VERSION}-linux-amd64.tar.gz
tar xzf crictl-${VERSION}-linux-amd64.tar.gz
mv crictl /usr/local/bin/
# 配置crictl
cat > /etc/crictl.yaml << EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF
# 测试连接
ctrctl images list
方法二:使用Docker(cri-dockerd)
1. 安装Docker
# Ubuntu/Debian
apt-get install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io
# 启动Docker
systemctl enable docker
systemctl start docker
systemctl status docker
# 添加当前用户到docker组
usermod -aG docker $USER
2. 安装cri-dockerd
cri-dockerd是Docker到CRI(容器运行时接口)的适配器。
# 下载cri-dockerd
VERSION="0.3.4"
wget https://github.com/Mirantis/cri-dockerd/releases/download/v${VERSION}/cri-dockerd-${VERSION}.linux-amd64.tar.gz
tar xzf cri-dockerd-${VERSION}.linux-amd64.tar.gz
mv cri-dockerd /usr/local/bin/
mv dockerd /usr/local/bin/
# 创建配置文件
mkdir -p /etc/cri-dockerd
cat > /etc/cri-dockerd/config.toml << EOF
[plugins]
[plugins."io.containerd.runtime.v1.linux"]
runtime_path = "/usr/local/bin/runc"
[plugins."io.containerd.runtime.v2.linux"]
runtime = "runc"
runtime_root = "/run/containerd/runc"
options = {
SystemdCgroup = true
}
[plugins."io.containerd.runtime.v2.linux".options]
BinaryName = "/usr/local/bin/runc"
EOF
3. 配置cri-dockerd服务
# 创建systemd服务
cat > /etc/systemd/system/cri-dockerd.service << 'EOF'
[Unit]
Description=CRI Dockerd for Kubernetes
Documentation=https://github.com/Mirantis/cri-dockerd
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint unix:///var/run/docker.sock --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin
ExecReload=/bin/kill -s HUP $MAINPID
Restart=always
RestartSec=5
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
[Install]
WantedBy=multi-user.target
EOF
# 启动服务
systemctl daemon-reload
systemctl enable cri-dockerd
systemctl start cri-dockerd
systemctl status cri-dockerd
安装Kubernetes组件
1. 添加Kubernetes仓库
# 添加Google仓库密钥
curl -fsSL https://pkgs.k8s.io/bin/apt/DIRVERCIEW.asc | gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
# 添加仓库(Ubuntu/Debian)
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://pkgs.k8s.io/bin/apt/debian $(lsb_release -sc) kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list
# 添加仓库(CentOS/RHEL)
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/bin/rpm/RPM-GPG-KEY-kubernetes
EOF
2. 安装Kubeadm、Kubelet和Kubectl
# 安装指定版本(推荐1.28)
apt-get update
apt-get install -y kubelet=1.28.4-00 kubeadm=1.28.4-00 kubectl=1.28.4-00
# 锁定版本防止自动升级
apt-mark hold kubelet kubeadm kubectl
# 开机启动
systemctl enable kubelet
systemctl start kubelet
# 验证安装
kubelet --version
kubeadm version
kubectl version --client
初始化Master节点
1. 使用Containerd时初始化
# 初始化集群(Containerd)
kubeadm init \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--cri-socket=unix:///run/containerd/containerd.sock \
--image-repository=registry.k8s.io \
--kubernetes-version=v1.28.4 \
--control-plane-endpoint=k8s-master:6443
2. 使用Docker时初始化
# 初始化集群(Docker + cri-dockerd)
kubeadm init \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--cri-socket=unix:///var/run/cri-dockerd.sock \
--image-repository=registry.k8s.io \
--kubernetes-version=v1.28.4 \
--control-plane-endpoint=k8s-master:6443
3. 初始化成功输出
初始化成功后,会显示类似以下内容:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a Pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join k8s-master:6443 --token abcdef.xxxxxxxxxxxx \
--discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxx
4. 配置kubectl
# 普通用户配置
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
# 验证配置
kubectl get nodes
kubectl get pods -A
安装网络插件
安装Calico
# 下载Calico清单
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
# 验证安装
kubectl get pods -n kube-system
kubectl get nodes
安装Flannel(备选)
# 安装Flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
添加Worker节点
在每个Worker节点上执行:
# 使用初始化时生成的token
kubeadm join k8s-master:6443 \
--token abcdef.xxxxxxxxxxxx \
--discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxx
# 如果token过期,重新生成
kubeadm token create --print-join-command
常用配置和优化
1. 配置kubectl自动补全
# Bash
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
# Zsh
source <(kubectl completion zsh)
echo "source <(kubectl completion zsh)" >> ~/.zshrc
2. 创建kubectl别名
# 添加到~/.bashrc
alias k='kubectl'
alias kg='kubectl get'
alias kd='kubectl describe'
alias kdel='kubectl delete'
complete -F __start_kubectl k
3. 配置Kubernetes Dashboard
# 安装Dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
# 创建管理员用户
cat > admin-user.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
kubectl apply -f admin-user.yaml
# 获取token
kubectl -n kubernetes-dashboard create token admin-user
故障排查
常见问题
# 查看kubelet日志
journalctl -u kubelet -f
# 查看节点状态
kubectl describe node
# 查看Pod日志
kubectl logs -n kube-system
# 检查容器运行时
crictl info
docker info
# 重启kubelet
systemctl restart kubelet
# 重置集群(重新安装时使用)
kubeadm reset -f
rm -rf /etc/kubernetes/pods
rm -rf $HOME/.kube
总结
本章我们学习了两种Kubernetes集群安装方式: 1. Containerd - Kubernetes官方推荐,性能更好 2. Docker + cri-dockerd - 兼容旧有Docker工作流
关键配置点:
- 禁用Swap
- 配置sysctl参数
- 正确配置容器运行时
- 初始化时指定正确的CRI socket
下一章我们将学习Kubernetes核心概念和资源对象。
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
