在每一台 node 上設定

關閉 swap

swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

關閉 SELinux

sudo setenforce 0 && sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

安裝 CRI (以 containerd 1.6.19 為例)

https://github.com/containerd/containerd/blob/main/docs/getting-started.md

下載 .tar.gz 檔案

curl -OL https://github.com/containerd/containerd/releases/download/v1.6.19/containerd-1.6.19-linux-amd64.tar.gz

解壓縮

tar Cxzvf /usr/local containerd-1.6.19-linux-amd64.tar.gz

設定 cgroup driver 為 systemd

https://kubernetes.io/docs/setup/production-environment/container-runtimes/

生產 config 檔案

mkdir /etc/containerd && containerd config default > /etc/containerd/config.toml

為了使用 Systemd 作為 cgroup driver, 需要修改 config 檔案 /etc/containerd/config.toml, 將 SystemdCgroup 改為 true

Why kubernetes choose systemd not cgroupfs? https://www.sobyte.net/post/2022-07/k8s-cgroupfs-or-syste/

vi /etc/containerd/config.toml

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    BinaryName = ""
    CriuImagePath = ""
    CriuPath = ""
    CriuWorkPath = ""
    IoGid = 0
    IoUid = 0
    NoNewKeyring = false
    NoPivotRoot = false
    Root = ""
    ShimCgroup = ""
    SystemdCgroup = true

下載 service 檔案

由於 containerd 預設的 config path 是 /etc/containerd/config.toml , 所以不需要改 service 檔案, 可以透過 containerd --help 得知。

curl -o /usr/lib/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/containerd/main/containerd.service

開機啟動 containerd

systemctl daemon-reload && systemctl enable --now containerd

安裝 runc (以 v1.1.4 為例)

下載 runc.amd64

curl -OL https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64

安裝 runc

install -m 755 runc.amd64 /usr/local/sbin/runc

安裝 CNI Plugin

下載壓縮檔

curl -OL https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz

解壓縮檔案

mkdir -p /opt/cni/bin && tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.2.0.tgz

載入 Kubernetes 所需的 modules

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay && sudo modprobe br_netfilter

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

sudo sysctl --system

啟動 containerd

systemctl restart containerd

安裝ipvsadm

dnf -y install ipvsadm

安裝 kubelet kubeadm kubectl

新增 repo 位置

cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF

安裝工具並啟動 kubelet

安裝 iproute-tc 是因為使用 kubeadm join node 時會發生 tc not found 問題: link

如果您需要安裝指定版本，以 v1.26.3 為例，可以將 kubelet kubeadm kubectl 改為 kubelet-1.26.3 kubeadm-1.26.3 kubectl-1.26.3

sudo yum install -y kubelet kubeadm kubectl iproute-tc --disableexcludes=kubernetes && sudo systemctl enable --now kubelet

Previous事前準備 Preparation Next在 master node 上設定

Last updated 1 year ago