關閉 swap
swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
關閉 SELinux
sudo setenforce 0 && sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
安裝 CRI (以 containerd 1.6.19 為例)
https://github.com/containerd/containerd/blob/main/docs/getting-started.md
下載 .tar.gz 檔案
curl -OL https://github.com/containerd/containerd/releases/download/v1.6.19/containerd-1.6.19-linux-amd64.tar.gz
解壓縮
tar Cxzvf /usr/local containerd-1.6.19-linux-amd64.tar.gz
設定 cgroup driver 為 systemd
https://kubernetes.io/docs/setup/production-environment/container-runtimes/
生產 config 檔案
mkdir /etc/containerd && containerd config default > /etc/containerd/config.toml
為了使用 Systemd 作為 cgroup driver, 需要修改 config 檔案 /etc/containerd/config.toml, 將 SystemdCgroup 改為 true
Why kubernetes choose systemd not cgroupfs? https://www.sobyte.net/post/2022-07/k8s-cgroupfs-or-syste/
vi /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = true
下載 service 檔案
由於 containerd 預設的 config path 是 /etc/containerd/config.toml , 所以不需要改 service 檔案, 可以透過 containerd --help 得知。
curl -o /usr/lib/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
開機啟動 containerd
systemctl daemon-reload && systemctl enable --now containerd
安裝 runc (以 v1.1.4 為例)
下載 runc.amd64
curl -OL https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64
安裝 runc
install -m 755 runc.amd64 /usr/local/sbin/runc
安裝 CNI Plugin
下載壓縮檔
curl -OL https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-amd64-v1.2.0.tgz
解壓縮檔案
mkdir -p /opt/cni/bin && tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.2.0.tgz
載入 Kubernetes 所需的 modules
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay && sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
啟動 containerd
systemctl restart containerd
安裝ipvsadm
dnf -y install ipvsadm
安裝 kubelet kubeadm kubectl
新增 repo 位置
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
安裝工具並啟動 kubelet
安裝 iproute-tc 是因為使用 kubeadm join node 時會發生 tc not found 問題: link
如果您需要安裝指定版本,以 v1.26.3 為例,可以將 kubelet kubeadm kubectl 改為 kubelet-1.26.3 kubeadm-1.26.3 kubectl-1.26.3
sudo yum install -y kubelet kubeadm kubectl iproute-tc --disableexcludes=kubernetes && sudo systemctl enable --now kubelet
Last updated