kubeadm部署k8s v1.24.3

环境说明
CentOS Linux release 7.9.2009 (Core)
节点初始化

# 配置流量转发
sudo modprobe br_netfilter
# 验证
lsmod | grep br_netfilter

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

# 设置所需的 sysctl 参数，参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# 应用 sysctl 参数而不重新启动
sudo sysctl --system

二进制安装containerd

# 下载 https://github.com/containerd/containerd/releases
wget https://github.com/containerd/containerd/releases/download/v1.6.8/containerd-1.6.8-linux-amd64.tar.gz
tar zxvf containerd-1.6.8-linux-amd64.tar.gz  -C /usr/local/

# 下载 containerd.service 
wget https://github.com/containerd/containerd/blob/main/containerd.service
cp containerd.service /etc/systemd/system
systemctl daemon-reload
systemctl  start containerd

# 安装 runc
wget https://github.com/opencontainers/runc/releases/download/v1.1.3/runc.amd64
install -m 755 runc.amd64 /usr/local/sbin/runc

# 安装 CNI 插件
wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
mkdir -p /opt/cni/bin
tar zxvf cni-plugins-linux-amd64-v1.1.1.tgz -C /opt/cni/bin/

配置 systemd cgroup 驱动程序

mkdir  /etc/containerd/
containerd config default > /etc/containerd/config.toml
vim /etc/containerd/config.toml 

          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
          .....
            SystemdCgroup = true

systemctl restart containerd.service & systemctl enable containerd.service

安装kubeadm

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
sudo yum install -y --nogpgcheck kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable kubelet && systemctl start kubelet

配置kubelet的cgroup驱动

cat /etc/sysconfig/kubelet 

## 在版本 1.22 中，如果用户没有在 KubeletConfiguration 中设置 cgroupDriver 字段， kubeadm init 会将它设置为默认值 systemd。

安装v1.24.3

kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.24.3 --service-cidr=10.96.0.0/16 --pod-network-cidr=192.168.0.0/16 --ignore-preflight-errors=all
......
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.16.31.39:6443 --token 4hvzvf.6evwnlg0frc940r5 \
        --discovery-token-ca-cert-hash sha256:9f043e80778b1e5362403fe71523af4748f9d5bd9594373441e103e55fe6a390 

安装网络插件

# 注意 pod 网段
kubectl create -f https://projectcalico.docs.tigera.io/manifests/tigera-operator.yaml
kubectl create -f https://projectcalico.docs.tigera.io/manifests/custom-resources.yaml

# 去掉污点
kubectl taint nodes --all node-role.kubernetes.io/master-

pod信息
image.png

问题记录

# kubeadm init时报错，查看日志提示 pull pause镜像失败
kubelet: E0816 15:33:24.334727   13116 kubelet.go:2424] "Error getting node" err="node \"izbp1axu9kvcf4qq8v6oi3z\" not found"
kubelet: E0816 15:33:24.356053   13116 eviction_manager.go:254] "Eviction manager: failed to get summary stats" err="failed to get node info: node \"izbp1axu9kvcf4qq8v6oi3z\" not found"
kubelet: E0816 15:33:34.878775   13116 kuberuntime_sandbox.go:70] "Failed to create sandbox for pod" err="rpc error: code = Unknown desc = failed to get sandbox image \"k8s.gcr.io/pause:3.6\": failed to pull image \"k8s.gcr.io/pause:3.6\": failed to pull and unpack image \"k8s.gcr.io/pause:3.6\": failed to resolve reference \"k8s.gcr.io/pause:3.6\": failed to do request: Head \"https://k8s.gcr.io/v2/pause/manifests/3.6\": dial tcp 108.177.125.82:443: i/o timeout" pod="kube-system/etcd-izbp1axu9kvcf4qq8v6oi3z"
# 修改containerd的默认配置文件
sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.7"