K8s - openeuler2203SP1安装 K8s + flannel-海口c网

K8s - openeuler2203SP1安装 K8s + flannel

article/2025/7/20 18:10:51

环境说明

[root@master-1 ~]# uname -a
Linux master-1 5.10.0-136.12.0.86.oe2203sp1.x86_64 #1 SMP Tue Dec 27 17:50:15 CST 2022 x86_64 x86_64 x86_64 GNU/Linux

安装过程

1、安装 containerd

下载 tar 包

# 确保没有使用官方仓库的containerd
[root@localhost ~]# yum remove containerd -y
[root@localhost ~]# wget https://github.com/containerd/containerd/releases/download/v1.7.16/containerd-1.7.16-linux-amd64.tar.gz
[root@localhost ~]# tar -zxvf containerd-1.7.16-linux-amd64.tar.gz 
[root@localhost ~]# mv bin/* /usr/local/bin/

编写 service 文件

[root@localhost ~]# vi /usr/lib/systemd/system/containerd.service[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerdType=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999[Install]
WantedBy=multi-user.target

修改配置文件

[root@localhost ~]# mkdir /etc/containerd/
[root@localhost ~]# containerd config default > /etc/containerd/config.toml 
# 将cgroup打开
[root@localhost ~]# vi /etc/containerd/config.toml
# 找到这一行配置，将false改为true
139 SystemdCgroup = true
# 修改sandbox镜像地址
67 sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"

启动服务

[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable --now containerd

2、安装 cni 插件

[root@localhost ~]# wget https://github.com/containernetworking/plugins/releases/download/v1.4.1/cni-plugins-linux-amd64-v1.4.1.tgz
[root@localhost ~]# mkdir -p /opt/cni/bin
[root@localhost ~]# tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.4.1.tgz

3、主机配置

[root@localhost ~]# hostnamectl set-hostname master-1
[root@localhost ~]# echo "127.0.0.1 master-1" >> /etc/hosts
[root@localhost ~]# echo "::1 master-1" >>/etc/hosts[root@master-1 ~]# modprobe bridge
[root@master-1 ~]# modprobe br_netfilter
[root@master-1 ~]# vi /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
[root@master-1 ~]# sysctl -p[root@master-1 ~]# setenforce 0
[root@master-1 ~]# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
[root@master-1 ~]# systemctl disable --now firewalld[root@master-1 ~]# swapoff -a

在这里插入图片描述

4、搭建 K8s

配置 yum 源

[root@master-1 ~]# sed -i "s/openEuler-22.03-LTS-SP1/openEuler-23.03/g" /etc/yum.repos.d/openEuler.repo

yum 安装

[root@master-1 ~]# yum install kubernet* cri-tools  -y
[root@master-1 ~]# systemctl enable kubelet

cri 配置

[root@master-1 ~]# crictl config --set runtime-endpoint=unix:///run/containerd/containerd.sock --set image-endpoint=unix:///run/containerd/containerd.sock

查看版本并初始化

[root@master-1 ~]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.0", GitCommit:"4ce5a8954017644c5420bae81d72b09b735c21f0", GitTreeState:"archive", BuildDate:"2023-03-28T11:09:13Z", GoVersion:"go1.19.4", Compiler:"gc", Platform:"linux/amd64"}[root@master-1 ~]# kubeadm init --kubernetes-version=v1.24.0 --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers

按照提示信息操作

To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:export KUBECONFIG=/etc/kubernetes/admin.conf

查看节点状态

[root@master-1 ~]# kubectl get nodes
NAME       STATUS     ROLES           AGE   VERSION
master-1   NotReady   control-plane   14m   v1.24.0

5、网络插件安装

下载 flannel yml

[root@master-1 ~]# wget https://github.com/flannel-io/flannel/releases/download/v0.26.2/kube-flannel.yml

通过离线下载网站获取镜像

https://pull.7ii.win/

导入 k8s.io 命名空间，需要通过 docker 进行转换

[root@master-1 ~]# docker load < flannel-flannel-v0.26.2-amd64.tar
[root@master-1 ~]# docker load < flannel-flannel-cni-plugin-v1.6.0-flannel1-amd64.tar[root@master-1 ~]# docker save -o flannel-flannel-cni-plugin-v1.6.0-flannel1-amd64.tar flannel/flannel-cni-plugin:v1.6.0-flannel1
[root@master-1 ~]# docker save -o flannel-flannel-v0.26.2-amd64.tar flannel/flannel:v0.26.2[root@master-1 ~]# ctr -n k8s.io images import flannel-flannel-v0.26.2-amd64.tar
[root@master-1 ~]# ctr -n k8s.io images import flannel-flannel-cni-plugin-v1.6.0-flannel1-amd64.tar

调整 yml 镜像拉取策略，在 image 下增加 imagePullPolicy: Never

应用 yml

[root@master-1 ~]# kubectl apply -f kube-flannel.yml

yml 参考

apiVersion: v1
kind: Namespace
metadata:labels:k8s-app: flannelpod-security.kubernetes.io/enforce: privilegedname: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:labels:k8s-app: flannelname: flannelnamespace: kube-flannel
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:labels:k8s-app: flannelname: flannel
rules:
- apiGroups:- ""resources:- podsverbs:- get
- apiGroups:- ""resources:- nodesverbs:- get- list- watch
- apiGroups:- ""resources:- nodes/statusverbs:- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:labels:k8s-app: flannelname: flannel
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: flannel
subjects:
- kind: ServiceAccountname: flannelnamespace: kube-flannel
---
apiVersion: v1
data:cni-conf.json: |{"name": "cbr0","cniVersion": "0.3.1","plugins": [{"type": "flannel","delegate": {"hairpinMode": true,"isDefaultGateway": true}},{"type": "portmap","capabilities": {"portMappings": true}}]}net-conf.json: |{"Network": "10.244.0.0/16","EnableNFTables": false,"Backend": {"Type": "vxlan"}}
kind: ConfigMap
metadata:labels:app: flannelk8s-app: flanneltier: nodename: kube-flannel-cfgnamespace: kube-flannel
---
apiVersion: apps/v1
kind: DaemonSet
metadata:labels:app: flannelk8s-app: flanneltier: nodename: kube-flannel-dsnamespace: kube-flannel
spec:selector:matchLabels:app: flannelk8s-app: flanneltemplate:metadata:labels:app: flannelk8s-app: flanneltier: nodespec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/osoperator: Invalues:- linuxcontainers:- args:- --ip-masq- --kube-subnet-mgrcommand:- /opt/bin/flanneldenv:- name: POD_NAMEvalueFrom:fieldRef:fieldPath: metadata.name- name: POD_NAMESPACEvalueFrom:fieldRef:fieldPath: metadata.namespace- name: EVENT_QUEUE_DEPTHvalue: "5000"image: docker.io/flannel/flannel:v0.26.2imagePullPolicy: Nevername: kube-flannelresources:requests:cpu: 100mmemory: 50MisecurityContext:capabilities:add:- NET_ADMIN- NET_RAWprivileged: falsevolumeMounts:- mountPath: /run/flannelname: run- mountPath: /etc/kube-flannel/name: flannel-cfg- mountPath: /run/xtables.lockname: xtables-lockhostNetwork: trueinitContainers:- args:- -f- /flannel- /opt/cni/bin/flannelcommand:- cpimage: docker.io/flannel/flannel-cni-plugin:v1.6.0-flannel1imagePullPolicy: Nevername: install-cni-pluginvolumeMounts:- mountPath: /opt/cni/binname: cni-plugin- args:- -f- /etc/kube-flannel/cni-conf.json- /etc/cni/net.d/10-flannel.conflistcommand:- cpimage: docker.io/flannel/flannel:v0.26.2imagePullPolicy: Nevername: install-cnivolumeMounts:- mountPath: /etc/cni/net.dname: cni- mountPath: /etc/kube-flannel/name: flannel-cfgpriorityClassName: system-node-criticalserviceAccountName: flanneltolerations:- effect: NoScheduleoperator: Existsvolumes:- hostPath:path: /run/flannelname: run- hostPath:path: /opt/cni/binname: cni-plugin- hostPath:path: /etc/cni/net.dname: cni- configMap:name: kube-flannel-cfgname: flannel-cfg- hostPath:path: /run/xtables.locktype: FileOrCreatename: xtables-lock

6、安装结果

[root@master-1 ~]# kubectl get nodes
NAME       STATUS   ROLES           AGE     VERSION
master-1   Ready    control-plane   7m38s   v1.24.0
[root@master-1 ~]#
[root@master-1 ~]#
[root@master-1 ~]# kubectl get pods -A
NAMESPACE      NAME                               READY   STATUS    RESTARTS   AGE
kube-flannel   kube-flannel-ds-rtwp4              1/1     Running   0          98s
kube-system    coredns-74586cf9b6-cdr5n           1/1     Running   0          7m22s
kube-system    coredns-74586cf9b6-hhn72           1/1     Running   0          7m22s
kube-system    etcd-master-1                      1/1     Running   0          7m36s
kube-system    kube-apiserver-master-1            1/1     Running   0          7m36s
kube-system    kube-controller-manager-master-1   1/1     Running   0          7m36s
kube-system    kube-proxy-27tnv                   1/1     Running   0          7m22s
kube-system    kube-scheduler-master-1            1/1     Running   0          7m36s