{"id":270,"date":"2023-10-17T09:11:26","date_gmt":"2023-10-17T01:11:26","guid":{"rendered":"https:\/\/www.wkv.cc\/?p=270"},"modified":"2023-10-17T09:11:28","modified_gmt":"2023-10-17T01:11:28","slug":"kubernetes-%e7%ac%94%e8%ae%b0","status":"publish","type":"post","link":"https:\/\/www.wkv.cc\/index.php\/2023\/10\/17\/kubernetes-%e7%ac%94%e8%ae%b0\/","title":{"rendered":"Kubernetes \u7b14\u8bb0"},"content":{"rendered":"\n

See:\u00a0https:\/\/kubernetes.io\/zh-cn\/docs\/setup\/production-environment\/container-runtimes\/#containerd<\/a><\/p>\n\n\n\n

cat <<EOF | sudo tee \/etc\/modules-load.d\/k8s.conf\r\noverlay\r\nbr_netfilter\r\nEOF\r\n\u200b\r\nsudo modprobe overlay\r\nsudo modprobe br_netfilter\r\n\u200b\r\n# \u8bbe\u7f6e\u6240\u9700\u7684 sysctl \u53c2\u6570\uff0c\u53c2\u6570\u5728\u91cd\u65b0\u542f\u52a8\u540e\u4fdd\u6301\u4e0d\u53d8\r\ncat <<EOF | sudo tee \/etc\/sysctl.d\/k8s.conf\r\nnet.core.somaxconn = 32768\r\nnet.bridge.bridge-nf-call-iptables  = 1\r\nnet.bridge.bridge-nf-call-ip6tables = 1\r\nnet.bridge.bridge-nf-call-arptables = 1\r\nnet.ipv4.ip_forward                 = 1\r\nnet.ipv4.tcp_syncookies = 0\r\nnet.ipv4.conf.all.rp_filter = 1\r\nnet.ipv4.neigh.default.gc_thresh1 = 80000\r\nnet.ipv4.neigh.default.gc_thresh2 = 90000\r\nnet.ipv4.neigh.default.gc_thresh3 = 100000\r\nnet.bridge.bridge-nf-call-ip6tables = 1\r\nnet.ipv6.conf.all.disable_ipv6 = 0\r\nnet.ipv6.conf.default.disable_ipv6 = 0\r\nnet.ipv6.conf.lo.disable_ipv6 = 0\r\nnet.ipv6.conf.all.forwarding = 1\r\nfs.inotify.max_user_watches=2099999999\r\nfs.inotify.max_user_instances=2099999999\r\nfs.inotify.max_queued_events=2099999999\r\nfs.file-max = 1000000\r\nvm.swappiness = 0\r\nEOF\r\n\u200b\r\n# \u5e94\u7528 sysctl \u53c2\u6570\u800c\u4e0d\u91cd\u65b0\u542f\u52a8\r\nsudo sysctl --system<\/code><\/pre>\n\n\n\n
sudo sed -i.bak 's\/^deb http:\\\/\\\/deb\\.debian\\.org\\\/debian\\\/\/deb https:\\\/\\\/mirrors\\.tuna\\.tsinghua\\.edu\\.cn\\\/debian\\\/\/g' \/etc\/apt\/sources.list\r\nsudo sed -i.bak 's\/^deb http:\\\/\\\/security\\.debian\\.org\\\/debian-security\\\/\/deb https:\\\/\\\/mirrors\\.tuna\\.tsinghua\\.edu\\.cn\\\/debian-security\\\/\/g' \/etc\/apt\/sources.list\r\n\u200b\r\napt update\r\napt install gnupg2 git -y\r\n\u200b\r\ncurl http:\/\/mirrors.ustc.edu.cn\/docker-ce\/linux\/debian\/gpg | apt-key add -\r\n\u200b\r\necho \"deb [arch=amd64] https:\/\/mirrors.ustc.edu.cn\/docker-ce\/linux\/debian bullseye stable\" >> \/etc\/apt\/sources.list\r\n\u200b\r\napt-get update\r\n\u200b\r\napt-get install -y apt-transport-https containerd.io\r\ncurl https:\/\/mirrors.aliyun.com\/kubernetes\/apt\/doc\/apt-key.gpg | apt-key add - \r\ncat <<EOF >\/etc\/apt\/sources.list.d\/kubernetes.list\r\ndeb https:\/\/mirrors.aliyun.com\/kubernetes\/apt\/ kubernetes-xenial main\r\nEOF\r\napt-get update\r\napt-get install -y kubelet kubeadm kubectl ipvsadm<\/code><\/pre>\n\n\n\n
# install helm\r\ncurl https:\/\/raw.githubusercontent.com\/helm\/helm\/main\/scripts\/get-helm-3 | bash<\/code><\/pre>\n\n\n\n
kubeadm init --image-repository registry.aliyuncs.com\/google_containers --kubernetes-version 1.27.2  --pod-network-cidr=10.244.0.0\/16 --v=5<\/code><\/pre>\n\n\n\n
\u955c\u50cf\u6e90<\/strong><\/p>\n\n\n\n
[plugins.\"io.containerd.grpc.v1.cri\".registry]\r\n      [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors]\r\n        [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"docker.io\"]\r\n          endpoint = [\"https:\/\/jvyajhe1.mirror.aliyuncs.com\"]\r\n        [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"k8s.gcr.io\"]\r\n          endpoint = [\"registry.aliyuncs.com\/google_containers\"]<\/code><\/pre>\n\n\n\n
Flannel<\/strong><\/h2>\n\n\n\n
kubectl apply -f https:\/\/github.sakurapuare.com\/flannel-io\/flannel\/releases\/latest\/download\/kube-flannel.yml<\/code><\/pre>\n\n\n\n
CNI<\/strong><\/h2>\n\n\n\n
# cni\r\nmkdir -p \/opt\/cni\/bin\r\ncurl -O -L https:\/\/files-1302216700.cos.ap-shanghai.myqcloud.com\/cni-plugins-linux-amd64-v1.2.0.tgz\r\ntar -C \/opt\/cni\/bin -xzf cni-plugins-linux-amd64-v1.2.0.tgz<\/code><\/pre>\n\n\n\n
# \u5220\u9664 K8s\r\necho y | kubeadm reset\r\nipvsadm --clear\r\nrm -rf $HOME\/.kube\/config\r\nrm -rf \/etc\/cni\/net.d<\/code><\/pre>\n\n\n\n
\u751f\u6210\u65b0\u7684 join token<\/strong><\/h2>\n\n\n\n
kubeadm token create --print-join-command<\/code><\/pre>\n\n\n\n
\u6dfb\u52a0\u53e6\u4e00\u4e2a control-plane<\/strong><\/h2>\n\n\n\n
 kubectl -n kube-system edit cm kubeadm-config\r\n ```\r\nkind: ClusterConfiguration\r\nkubernetesVersion: v1.18.0\r\ncontrolPlaneEndpoint: 172.16.64.2:6443\r\n```\r\n \r\n kubeadm init phase upload-certs --upload-certs\r\n \r\n kubeadm join 192.168.81.150:6443 --token cekl5n.i1vs4q36a4fb2ysj --discovery-token-ca-cert-hash sha256:8fadcd4b3ef9c885522bf941c650ea8ae19d7a326b98699b68876057b3d701eb  --control-plane --v=5 --certificate-key \u83b7\u53d6\u7684 Cert key<\/code><\/pre>\n\n\n\n
\u5b89\u88c5 Krew<\/strong><\/h2>\n\n\n\n
apt install git -y\r\n\r\n(\r\n  set -x; cd \"$(mktemp -d)\" &&\r\n  OS=\"$(uname | tr '[:upper:]' '[:lower:]')\" &&\r\n  ARCH=\"$(uname -m | sed -e 's\/x86_64\/amd64\/' -e 's\/\\(arm\\)\\(64\\)\\?.*\/\\1\\2\/' -e 's\/aarch64$\/arm64\/')\" &&\r\n  KREW=\"krew-${OS}_${ARCH}\" &&\r\n  curl -fsSLO \"https:\/\/github.sakurapuare.com\/kubernetes-sigs\/krew\/releases\/latest\/download\/${KREW}.tar.gz\" &&\r\n  tar zxvf \"${KREW}.tar.gz\" &&\r\n  .\/\"${KREW}\" install krew\r\n  \r\n  echo 'export PATH=\"${PATH}:${HOME}\/.krew\/bin\"' >> ~\/.bashrc\r\n  source ~\/.bashrc\r\n)<\/code><\/pre>\n\n\n\n
Ceph \u51c6\u5907<\/strong><\/h2>\n\n\n\n
modprobe rbd\r\n\r\necho rbd >> \/etc\/modules-load.d\/ceph.conf\r\napt install lvm2 -y<\/code><\/pre>\n\n\n\n
bash \u8865\u5168<\/strong><\/h2>\n\n\n\n
echo 'source <(kubectl completion bash)' >>~\/.bashrc\r\nsource  <(kubectl completion bash)<\/code><\/pre>\n\n\n\n
containerd config.toml<\/strong><\/h2>\n\n\n\n
wget -O \/etc\/containerd\/config.toml https:\/\/ivampiresp.com\/files\/containerd.toml\r\n\r\nversion = 2\r\nroot = \"\/var\/lib\/containerd\"\r\nstate = \"\/run\/containerd\"\r\nplugin_dir = \"\"\r\ndisabled_plugins = []\r\nrequired_plugins = []\r\noom_score = 0\r\n\r\n[grpc]\r\n  address = \"\/run\/containerd\/containerd.sock\"\r\n  tcp_address = \"\"\r\n  tcp_tls_cert = \"\"\r\n  tcp_tls_key = \"\"\r\n  uid = 0\r\n  gid = 0\r\n  max_recv_message_size = 16777216\r\n  max_send_message_size = 16777216\r\n\r\n[ttrpc]\r\n  address = \"\"\r\n  uid = 0\r\n  gid = 0\r\n\r\n[debug]\r\n  address = \"\"\r\n  uid = 0\r\n  gid = 0\r\n  level = \"\"\r\n\r\n[metrics]\r\n  address = \"\"\r\n  grpc_histogram = false\r\n\r\n[cgroup]\r\n  path = \"\"\r\n\r\n[timeouts]\r\n  \"io.containerd.timeout.shim.cleanup\" = \"5s\"\r\n  \"io.containerd.timeout.shim.load\" = \"5s\"\r\n  \"io.containerd.timeout.shim.shutdown\" = \"3s\"\r\n  \"io.containerd.timeout.task.state\" = \"2s\"\r\n\r\n[plugins]\r\n  [plugins.\"io.containerd.gc.v1.scheduler\"]\r\n    pause_threshold = 0.02\r\n    deletion_threshold = 0\r\n    mutation_threshold = 100\r\n    schedule_delay = \"0s\"\r\n    startup_delay = \"100ms\"\r\n  [plugins.\"io.containerd.grpc.v1.cri\"]\r\n    disable_tcp_service = true\r\n    stream_server_address = \"127.0.0.1\"\r\n    stream_server_port = \"0\"\r\n    stream_idle_timeout = \"4h0m0s\"\r\n    enable_selinux = false\r\n    selinux_category_range = 1024\r\n    sandbox_image = \"registry.aliyuncs.com\/google_containers\/pause:3.2\"\r\n    stats_collect_period = 10\r\n    systemd_cgroup = false\r\n    enable_tls_streaming = false\r\n    max_container_log_line_size = 16384\r\n    disable_cgroup = false\r\n    disable_apparmor = false\r\n    restrict_oom_score_adj = false\r\n    max_concurrent_downloads = 3\r\n    disable_proc_mount = false\r\n    unset_seccomp_profile = \"\"\r\n    tolerate_missing_hugetlb_controller = true\r\n    disable_hugetlb_controller = true\r\n    ignore_image_defined_volumes = false\r\n    [plugins.\"io.containerd.grpc.v1.cri\".containerd]\r\n      snapshotter = \"overlayfs\"\r\n      default_runtime_name = \"runc\"\r\n      no_pivot = false\r\n      disable_snapshot_annotations = true\r\n      discard_unpacked_layers = false\r\n      [plugins.\"io.containerd.grpc.v1.cri\".containerd.default_runtime]\r\n        runtime_type = \"\"\r\n        runtime_engine = \"\"\r\n        runtime_root = \"\"\r\n        privileged_without_host_devices = false\r\n        base_runtime_spec = \"\"\r\n      [plugins.\"io.containerd.grpc.v1.cri\".containerd.untrusted_workload_runtime]\r\n        runtime_type = \"\"\r\n        runtime_engine = \"\"\r\n        runtime_root = \"\"\r\n        privileged_without_host_devices = false\r\n        base_runtime_spec = \"\"\r\n      [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes]\r\n        [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\r\n          runtime_type = \"io.containerd.runc.v2\"\r\n          runtime_engine = \"\"\r\n          runtime_root = \"\"\r\n          privileged_without_host_devices = false\r\n          base_runtime_spec = \"\"\r\n          [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\r\n                SystemdCgroup = true\r\n    [plugins.\"io.containerd.grpc.v1.cri\".cni]\r\n      bin_dir = \"\/opt\/cni\/bin\"\r\n      conf_dir = \"\/etc\/cni\/net.d\"\r\n      max_conf_num = 1\r\n      conf_template = \"\"\r\n    [plugins.\"io.containerd.grpc.v1.cri\".registry]\r\n      [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors]\r\n        [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"docker.io\"]\r\n          endpoint = [\"https:\/\/jvyajhe1.mirror.aliyuncs.com\"]\r\n        [plugins.\"io.containerd.grpc.v1.cri\".registry.mirrors.\"k8s.gcr.io\"]\r\n          endpoint = [\"registry.aliyuncs.com\/google_containers\"]\r\n    [plugins.\"io.containerd.grpc.v1.cri\".image_decryption]\r\n      key_model = \"\"\r\n    [plugins.\"io.containerd.grpc.v1.cri\".x509_key_pair_streaming]\r\n      tls_cert_file = \"\"\r\n      tls_key_file = \"\"\r\n  [plugins.\"io.containerd.internal.v1.opt\"]\r\n    path = \"\/opt\/containerd\"\r\n  [plugins.\"io.containerd.internal.v1.restart\"]\r\n    interval = \"10s\"\r\n  [plugins.\"io.containerd.metadata.v1.bolt\"]\r\n    content_sharing_policy = \"shared\"\r\n  [plugins.\"io.containerd.monitor.v1.cgroups\"]\r\n    no_prometheus = false\r\n  [plugins.\"io.containerd.runtime.v1.linux\"]\r\n    shim = \"containerd-shim\"\r\n    runtime = \"runc\"\r\n    runtime_root = \"\"\r\n    no_shim = false\r\n    shim_debug = false\r\n  [plugins.\"io.containerd.runtime.v2.task\"]\r\n    platforms = [\"linux\/amd64\"]\r\n  [plugins.\"io.containerd.service.v1.diff-service\"]\r\n    default = [\"walking\"]\r\n  [plugins.\"io.containerd.snapshotter.v1.devmapper\"]\r\n    root_path = \"\"\r\n    pool_name = \"\"\r\n    base_image_size = \"\"\r\n    async_remove = false<\/code><\/pre>\n\n\n\n
karmada<\/strong><\/h2>\n\n\n\n
vim \/lib\/systemd\/system\/containerd.service\r\nEnvironment=\"HTTP_PROXY=http:\/\/192.168.81.105:7890\/\"\r\nEnvironment=\"HTTPS_PROXY=http:\/\/192.168.81.105:7890\/\"\r\nEnvironment=\"NO_PROXY=10.0.0.0\/16,127.0.0.1,192.168.0.0\/16,localhost\"\r\n\r\nsystemctl daemon-reload\r\nsystemctl restart containerd\r\n\r\n# image\r\nexport http_proxy=http:\/\/192.168.81.105:7890 &&  export https_proxy=http:\/\/192.168.81.105:7890\r\n\r\nctr image pull registry.k8s.io\/kube-apiserver:v1.25.4\r\nctr image pull registry.k8s.io\/etcd:3.5.3-0\r\nctr image pull docker.io\/karmada\/karmada-aggregated-apiserver:v1.6.0\r\nctr image pull registry.k8s.io\/kube-controller-manager:v1.25.4\r\nctr image pull docker.io\/karmada\/karmada-controller-manager:v1.6.0\r\nctr image pull docker.io\/karmada\/karmada-scheduler:v1.6.0\r\n\r\n\r\n\r\n# discovery token ca hash\r\nkubectl karmada register 192.168.81.150:32443 --token disern.ywtrps34now4gpmr --discovery-token-ca-cert-hash sha256:8fadcd4b3ef9c885522bf941c650ea8ae19d7a326b98699b68876057b3d701eb\r\n\r\n\r\n# uninstall & clean\r\n rm -rf \/etc\/karmada\/\r\n rm -rf \/var\/lib\/karmada-etcd<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
See:\u00a0https:\/\/kubernetes.io\/zh-cn\/docs\/setup\/production- […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[6],"class_list":["post-270","post","type-post","status-publish","format-standard","hentry","category-biancheng","tag-linux"],"_links":{"self":[{"href":"https:\/\/www.wkv.cc\/index.php\/wp-json\/wp\/v2\/posts\/270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wkv.cc\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wkv.cc\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wkv.cc\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wkv.cc\/index.php\/wp-json\/wp\/v2\/comments?post=270"}],"version-history":[{"count":1,"href":"https:\/\/www.wkv.cc\/index.php\/wp-json\/wp\/v2\/posts\/270\/revisions"}],"predecessor-version":[{"id":271,"href":"https:\/\/www.wkv.cc\/index.php\/wp-json\/wp\/v2\/posts\/270\/revisions\/271"}],"wp:attachment":[{"href":"https:\/\/www.wkv.cc\/index.php\/wp-json\/wp\/v2\/media?parent=270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wkv.cc\/index.php\/wp-json\/wp\/v2\/categories?post=270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wkv.cc\/index.php\/wp-json\/wp\/v2\/tags?post=270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}