云原生Kubernetes: 云主机摆设K8S 1.30版本 单Master架构

泉缘泉  金牌会员 | 2024-7-30 03:11:51 | 显示全部楼层 | 阅读模式
打印 上一主题 下一主题
楼主

主题 549|帖子 549|积分 1657

目录
一、实验
1.情况
2.Termius毗连云主机
3.网络连通性与安全机制
4.云主机摆设docker
5.云主机配置linux内核路由转发与网桥过滤
6.云主机摆设cri-dockerd
7.云主机摆设kubelet,kubeadm,kubectl
8.kubernetes集群初始化
9.容器网络(CNI)摆设
10.证书管理
二、标题
1.云主机如何摆设阿里云CLI
2.ECS实例如何内网通信
3. cri-dockerd 安装失败
4.kubelet kubeadm kubectl 安装报错
5.K8S 初始化报错


一、实验

1.情况

(1)主机
表1 云主机

主机系统架构版本IP备注
masterCentOS Stream9K8S master节点1.30.1
172.17.59.254(私有)

8.219.188.219(公)

nodeCentOS Stream9K8S node节点1.30.1
172.17.1.22(私有)

8.219.58.157(公)


(2)查看轻量应用服务器
阿里云查看



2.Termius毗连云主机

(1)毗连
master

node

(2) 查看系统
  1. cat /etc/os-release
复制代码
master

node


3.网络连通性与安全机制

(1)查阅
  1. https://www.alibabacloud.com/help/zh/simple-application-server/product-overview/regions-and-network-connectivity#:~:text=%E5%86%85%E7%BD%91%20%E5%90%8C%E4%B8%80%E8%B4%A6%E5%8F%B7%E5%90%8C%E4%B8%80%E5%9C%B0%E5%9F%9F%E4%B8%8B%EF%BC%8C%E5%A4%9A%E5%8F%B0%E8%BD%BB%E9%87%8F%E5%BA%94%E7%94%A8%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E5%AE%9E%E4%BE%8B%E9%BB%98%E8%AE%A4%E5%A4%84%E4%BA%8E%E5%90%8C%E4%B8%80%E4%B8%AAVPC%E5%86%85%E7%BD%91%E7%8E%AF%E5%A2%83%EF%BC%8C%E5%A4%9A%E5%AE%9E%E4%BE%8B%E9%97%B4%E7%9A%84%E4%BA%92%E8%81%94%E4%BA%92%E9%80%9A%E5%8F%AF%E4%BB%A5%E9%80%9A%E8%BF%87%E5%86%85%E7%BD%91%E5%AE%9E%E7%8E%B0%EF%BC%8C%E4%BD%86%E4%B8%8E%E5%85%B6%E4%BB%96%E4%BA%A7%E5%93%81%E7%9A%84%E5%86%85%E7%BD%91%E9%BB%98%E8%AE%A4%E4%BA%92%E4%B8%8D%E7%9B%B8%E9%80%9A%E3%80%82,%E4%B8%8D%E5%90%8C%E5%9C%B0%E5%9F%9F%E5%86%85%E7%9A%84%E8%BD%BB%E9%87%8F%E5%BA%94%E7%94%A8%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%86%85%E7%BD%91%E4%B9%9F%E4%B8%8D%E4%BA%92%E9%80%9A%E3%80%82%20%E5%A6%82%E6%9E%9C%E9%9C%80%E8%A6%81%E8%BD%BB%E9%87%8F%E5%BA%94%E7%94%A8%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%B8%8E%E4%BA%91%E6%9C%8D%E5%8A%A1%E5%99%A8ECS%E3%80%81%E4%BA%91%E6%95%B0%E6%8D%AE%E5%BA%93%E7%AD%89%E5%85%B6%E4%BB%96%E5%A4%84%E4%BA%8E%E4%B8%93%E6%9C%89%E7%BD%91%E7%BB%9CVPC%E4%B8%AD%E7%9A%84%E9%98%BF%E9%87%8C%E4%BA%91%E4%BA%A7%E5%93%81%E5%86%85%E7%BD%91%E4%BA%92%E9%80%9A%EF%BC%8C%E6%82%A8%E5%8F%AF%E4%BB%A5%E9%80%9A%E8%BF%87%E8%AE%BE%E7%BD%AE%E5%86%85%E7%BD%91%E4%BA%92%E9%80%9A%E5%AE%9E%E7%8E%B0%E4%BA%92%E8%81%94%E4%BA%92%E9%80%9A%E3%80%82
复制代码


(2)ping测试
master 毗连 node
  1. ping 172.17.59.254
复制代码


(3) 关闭防火墙
  1. systemctl stop firewalld.service
  2. systemctl disable firewalld.service
复制代码
master

node

(4) 关闭互换分区
  1. sudo swapoff -a
  2. free -h
复制代码
master


node

(5) 关闭安全机制
  1. vim  /etc/selinux/config
  2. SELINUX=disabled
复制代码
master


node


4.云主机摆设docker

(1) master摆设docker
获取官方源
  1. wget -P /etc/yum.repos.d/ https://download.docker.com/linux/centos/docker-ce.repo
复制代码


安装
  1. yum install -y docker-ce
复制代码

配置国内镜像仓库
  1. vim /etc/docker/daemon.json
复制代码
XXXXXXXX为个人的阿里云镜像加速
  1. {
  2. "exec-opts": ["native.cgroupdriver=systemd"],
  3. "registry-mirrors": ["https://XXXXXXXX.mirror.aliyuncs.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"]
  4. }
复制代码

启动docker
  1. systemctl start docker
复制代码

查看
  1. docker info
复制代码



(2)node摆设docker
 获取官方源
  1. wget -P /etc/yum.repos.d/ https://download.docker.com/linux/centos/docker-ce.repo
复制代码

安装
  1. yum install -y docker-ce
复制代码


配置国内镜像仓库
  1. vim /etc/docker/daemon.json
复制代码

XXXXXXXX为个人的阿里云镜像加速
  1. {
  2. "exec-opts": ["native.cgroupdriver=systemd"],
  3. "registry-mirrors": ["https://XXXXXXXX.mirror.aliyuncs.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"]
  4. }
复制代码


启动docker
  1. systemctl start docker
复制代码



 

查看
  1. docker info
复制代码


5.云主机配置linux内核路由转发与网桥过滤

(1)修改配置文件并加载
master
  1. vim /etc/sysctl.d/k8s.conf
复制代码


  1. #加载
  2. modprobe  br_netfilter
  3. #查看
  4. lsmod |grep  br_netfilter
  5. #配置加载
  6. sysctl -p
复制代码

node
  1. vim /etc/sysctl.d/k8s.conf
复制代码


  1. #加载
  2. modprobe  br_netfilter
  3. #查看
  4. lsmod |grep  br_netfilter
  5. #配置加载
  6. sysctl -p
复制代码


(2)安装配置ipset,ipvsadm
  1. yum install ipset ipvsadm
复制代码
master

node

6.云主机摆设cri-dockerd

(1)查阅
  1. https://github.com/Mirantis/cri-dockerd/releases
复制代码
最新版为v0.3.14

(2)下载
  1. wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.14/cri-dockerd-0.3.14-3.el8.x86_64.rpm
复制代码
master

node

(3)依赖情况安装
master
  1. #下载依赖环境
  2. wget http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/libcgroup-0.41-19.el8.x86_64.rpm
  4. #安装
  5. rpm  -ivh  libcgroup-0.41-19.el8.x86_64.rpm
复制代码


node


(4)摆设cri-dockerd
master
  1. rpm  -ivh  cri-dockerd-0.3.14-3.el8.x86_64.rpm
复制代码


(5) 启动
  1. systemctl daemon-reload
  2. systemctl enable cri-docker
  3. systemctl start cri-docker
  4. systemctl status cri-docker
复制代码
master

node


7.云主机摆设kubelet,kubeadm,kubectl

(1) 查阅
  1. https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/?spm=a2c6h.25603864.0.0.2d32281ci7ZyIM
复制代码


(2)创建源文件
  1. vim /etc/yum.repos.d/kubernetes.repo
  3. #成阿里云的源
  4. [kubernetes]
  5. name=Kubernetes
  6. baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/
  7. enabled=1
  8. gpgcheck=1
  9. gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/rpm/repodata/repomd.xml.key
复制代码
master


node



(3)更新源
  1. yum clean all && yum makecache
复制代码
master

node


(3)安装
  1. yum install kubelet kubeadm kubectl
复制代码
master



node

(4)查看版本
  1. kubectl version
  2. kubeadm version
  3. kubelet --version
复制代码
master

node

(5)修改配置文件
  1. vim /etc/sysconfig/kubelet
  3. #修改
  4. KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
复制代码
master


node

(6)启动
  1. systemctl enable kubelet
  2. systemctl start kubelet
复制代码
master

node

(5)master下载K8S依赖的镜像
  1. #阿里云下载
  2. docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.30.1
  3. docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.30.1
  4. docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.30.1
  5. docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.30.1
  6. docker pull registry.aliyuncs.com/google_containers/coredns:v1.11.1
  7. docker pull registry.aliyuncs.com/google_containers/pause:3.9
  8. docker pull registry.aliyuncs.com/google_containers/etcd:3.5.12-0
复制代码

(5) 查看镜像
master
  1. [root@iZt4nczjliu7lp3kun6m9jZ ~]# docker images
  2. REPOSITORY                                                        TAG        IMAGE ID       CREATED         SIZE
  3. registry.aliyuncs.com/google_containers/kube-apiserver            v1.30.1    91be94080317   12 days ago     117MB
  4. registry.aliyuncs.com/google_containers/kube-scheduler            v1.30.1    a52dc94f0a91   12 days ago     62MB
  5. registry.aliyuncs.com/google_containers/kube-controller-manager   v1.30.1    25a1387cdab8   12 days ago     111MB
  6. registry.aliyuncs.com/google_containers/kube-proxy                v1.30.1    747097150317   12 days ago     84.7MB
  7. registry.aliyuncs.com/google_containers/etcd                      3.5.12-0   3861cfcd7c04   3 months ago    149MB
  8. registry.aliyuncs.com/google_containers/coredns                   v1.11.1    cbb01a7bd410   9 months ago    59.8MB
  9. registry.aliyuncs.com/google_containers/pause                     3.9        e6f181688397   19 months ago   744kB
复制代码

(7)master镜像重新打标签
  1. #配置默认tag
  2. docker tag 91be94080317 registry.k8s.io/kube-apiserver:v1.30.1
  3. docker tag cbb01a7bd410 registry.k8s.io/coredns/coredns:v1.11.1
  4. docker tag e6f181688397  registry.k8s.io/pause:3.9
  5. docker tag 3861cfcd7c04  registry.k8s.io/etcd:3.5.12-0
  6. docker tag 747097150317  registry.k8s.io/kube-proxy:v1.30.1
  7. docker tag 25a1387cdab8  registry.k8s.io/kube-controller-manager:v1.30.1
  8. docker tag a52dc94f0a91  registry.k8s.io/kube-scheduler:v1.30.1
复制代码

(8) master再次查看镜像
  1. docker images
复制代码


8.kubernetes集群初始化

(1) 安装iproute
  1. yum install iproute-tc
复制代码

(2)master初始化 (如报错可以参考后续的标题集)
  1. kubeadm init --kubernetes-version=v1.30.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=172.17.59.254  --cri-socket unix:///var/run/cri-dockerd.sock --ignore-preflight-errors=Mem
复制代码

完成初始化纪录如下:
  1. [root@iZt4nczjliu7lp3kun6m9jZ ~]# kubeadm init --kubernetes-version=v1.30.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=172.17.59.254  --cri-socket unix:///var/run/cri-dockerd.sock --ignore-preflight-errors=Mem
  3. [init] Using Kubernetes version: v1.30.1[preflight] Running pre-flight checks        [WARNING Mem]: the system RAM (1689 MB) is less than the minimum 1700 MB[preflight] Pulling images required for setting up a Kubernetes cluster[preflight] This might take a minute or two, depending on the speed of your internet connection[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'[certs] Using certificateDir folder "/etc/kubernetes/pki"[certs] Generating "ca" certificate and key[certs] Generating "apiserver" certificate and key[certs] apiserver serving cert is signed for DNS names [izt4nczjliu7lp3kun6m9jz kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 172.17.59.254][certs] Generating "apiserver-kubelet-client" certificate and key[certs] Generating "front-proxy-ca" certificate and key[certs] Generating "front-proxy-client" certificate and key[certs] Generating "etcd/ca" certificate and key[certs] Generating "etcd/server" certificate and key[certs] etcd/server serving cert is signed for DNS names [izt4nczjliu7lp3kun6m9jz localhost] and IPs [172.17.59.254 127.0.0.1 ::1][certs] Generating "etcd/peer" certificate and key[certs] etcd/peer serving cert is signed for DNS names [izt4nczjliu7lp3kun6m9jz localhost] and IPs [172.17.59.254 127.0.0.1 ::1][certs] Generating "etcd/healthcheck-client" certificate and key[certs] Generating "apiserver-etcd-client" certificate and key[certs] Generating "sa" key and public key[kubeconfig] Using kubeconfig folder "/etc/kubernetes"[kubeconfig] Writing "admin.conf" kubeconfig file[kubeconfig] Writing "super-admin.conf" kubeconfig file[kubeconfig] Writing "kubelet.conf" kubeconfig file[kubeconfig] Writing "controller-manager.conf" kubeconfig file[kubeconfig] Writing "scheduler.conf" kubeconfig file[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"[control-plane] Using manifest folder "/etc/kubernetes/manifests"[control-plane] Creating static Pod manifest for "kube-apiserver"[control-plane] Creating static Pod manifest for "kube-controller-manager"[control-plane] Creating static Pod manifest for "kube-scheduler"[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"[kubelet-start] Starting the kubelet[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests"[kubelet-check] Waiting for a healthy kubelet. This can take up to 4m0s[kubelet-check] The kubelet is healthy after 503.8172ms[api-check] Waiting for a healthy API server. This can take up to 4m0s[api-check] The API server is healthy after 8.001714086s[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster[upload-certs] Skipping phase. Please see --upload-certs[mark-control-plane] Marking the node izt4nczjliu7lp3kun6m9jz as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers][mark-control-plane] Marking the node izt4nczjliu7lp3kun6m9jz as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule][bootstrap-token] Using token: m926rd.ejaz92v7hhmgt7p0[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key[addons] Applied essential addon: CoreDNS[addons] Applied essential addon: kube-proxyYour Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:  mkdir -p $HOME/.kube  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config  sudo chown $(id -u):$(id -g) $HOME/.kube/configAlternatively, if you are the root user, you can run:  export KUBECONFIG=/etc/kubernetes/admin.confYou should now deploy a pod network to the cluster.Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:  https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 172.17.59.254:6443 --token m926rd.ejaz92v7hhmgt7p0 \        --discovery-token-ca-cert-hash sha256:e108c1809c7e4e0316ff25407d06fed0f60241dc3767524672977d9042312c92
复制代码
(3)创建配置目录
  1. mkdir -p $HOME/.kube
  2. sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  3. sudo chown $(id -u):$(id -g) $HOME/.kube/config
复制代码

(4)天生token
  1. #默认初始化生成token有效期是24小时,所以用自己的生成不过期的token,node节点加入需要用到
  2. kubeadm token create --ttl 0  --print-join-command
复制代码

(5) node节点参加
  1. 1)添加节点需要指定cri-dockerd接口–cri-socket ,这里是使用cri-dockerd
  2. kubeadm join 172.17.59.254:6443 --token 9jvebb.vtuw3utmxfkhrpwf --discovery-token-ca-cert-hash sha256:e108c1809c7e4e0316ff25407d06fed0f60241dc3767524672977d9042312c92 --cri-socket=unix:///var/run/cri-dockerd.sock
  4. 2)如果是containerd则使用–cri-socket unix:///run/containerd/containerd.sock
复制代码

(6)K8S master节点查看集群
  1. 1)查看node
  2. kubectl get node
  4. 2)查看node详细信息
  5. kubectl get node -o wide
复制代码
状态为NotReady,由于网络插件没有安装。



9.容器网络(CNI)摆设

(1)下载Calico配置文件
  1. https://github.com/projectcalico/calico/blob/v3.27.3/manifests/calico.yaml
复制代码

(2)修改里面界说Pod网络(CALICO_IPV4POOL_CIDR)
  1. vim calico.yaml
复制代码


①  修改前:

②修改后:
与前面kubeadm init的 --pod-network-cidr指定的一样


(3)摆设
  1. kubectl apply -f calico.yaml
复制代码

(4)查看
  1. kubectl get pods -n kube-system
复制代码

(5) 查看pod(状态已变动为Ready)
  1. kubectl get node
复制代码


10.证书管理

(1)查看
  1. openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text | grep Not
复制代码

  1. kubeadm certs check-expiration
复制代码

(2)查阅工具
  1. https://github.com/yuyicai/update-kube-cert
复制代码
(3)下载
  1. wget https://github.com/yuyicai/update-kube-cert/archive/refs/tags/v1.1.0.tar.gz
复制代码

(4) 解压
  1. tar zxvf v1.1.0.tar.gz
复制代码

(5)执行(延伸证书利用时间)
  1. cd update-kube-cert-1.1.0/
  2. ./update-kubeadm-cert.sh all
复制代码

(6)再次查看
  1. openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text | grep Not
复制代码


  1. kubeadm certs check-expiration
复制代码

(7)最后查看pod
  1. kubectl get pod -o wide
复制代码

(8)查看内存利用情况
master

node


二、标题

1.云主机如何摆设阿里云CLI

(1)查阅
  1. https://help.aliyun.com/zh/cli/install-cli-on-linux?spm=0.0.0.i2#task-592837
复制代码
最新版为v3.0.207

下载
  1. 1)官网
  2. https://aliyuncli.alicdn.com/aliyun-cli-linux-latest-amd64.tgz
  4. 2) GitHub
  5. https://github.com/aliyun/aliyun-cli/releases
复制代码
(2)master摆设阿里云CLI
创建目录
  1. mkdir -p $HOME/aliyun
  2. cd  $HOME/aliyun
复制代码

下载
  1. wget https://github.com/aliyun/aliyun-cli/releases/download/v3.0.207/aliyun-cli-linux-3.0.207-amd64.tgz
复制代码

解压
  1. tar xzvf aliyun-cli-linux-3.0.207-amd64.tgz
复制代码

将aliyun程序复制到/usr/local/bin目录中
  1. sudo cp aliyun /usr/local/bin
复制代码

(3)node摆设阿里云CLI
 创建目录
  1. mkdir -p $HOME/aliyun
  2. cd  $HOME/aliyun
复制代码


下载
  1. wget https://github.com/aliyun/aliyun-cli/releases/download/v3.0.207/aliyun-cli-linux-3.0.207-amd64.tgz
复制代码


解压
  1. tar xzvf aliyun-cli-linux-3.0.207-amd64.tgz
复制代码


将aliyun程序复制到/usr/local/bin目录中
  1. sudo cp aliyun /usr/local/bin
复制代码




2.ECS实例如何内网通信

(1)查阅
  1. https://help.aliyun.com/zh/ecs/authorize-internal-network-communication-between-ecs-instances-in-different-accounts-by-using-the-api
复制代码
(2)策略
通过CLI调用API增参加方向安全组规则实实际例内网通信。

3. cri-dockerd 安装失败

(1)报错

(2)缘故原由分析
缺少依赖。
(3)解决方法
查阅
  1. https://centos.pkgs.org/8-stream/centos-baseos-x86_64/libcgroup-0.41-19.el8.x86_64.rpm.html
复制代码

下载依赖
  1. wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.14/cri-dockerd-0.3.14-3.el8.x86_64.rpm
复制代码


安装依赖
  1. rpm  -ivh  libcgroup-0.41-19.el8.x86_64.rpm
复制代码

成功安装cri-dockerd:


4.kubelet kubeadm kubectl 安装报错

(1) 报错

(2)缘故原由分析
repo源中的 gpgkey地址错误。
(3)解决方法
修改配置文件

更新源
  1. yum clean all && yum makecache
复制代码

成功:


5.K8S 初始化报错

(1)报错

(2)缘故原由分析
cpu cgroups由于某些缘故原由被禁用了,需要手动启用它。
(3)解决方法
  1. 1)修改 GRUB 配置
  2. 如果发现 CPU cgroups 没有启用,你可以通过编辑 GRUB 的启动参数来启用它。执行以下命令来编辑 GRUB 配置文件:
  3. sudo vim /etc/default/grub
  5. 在文件中找到 GRUB_CMDLINE_LINUX 这一行,确保包含以下参数:
  6. cgroup_enable=cpu
  8. 2)更新
  9. sudo grub2-mkconfig -o /boot/grub2/grub.cfg
  11. 3)重启
  12. reboot
复制代码

停止中:

运行

继承报错

卸载cri-docker
  1. rpm -qa | grep -i cri-docker
  2. rpm -e cri-dockerd-0.3.14-3.el8.x86_64
复制代码

下载并重新安装(master与node节点都要操作)
  1. 1)下载安装最新版的cri-dockerd
  2. wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.14/cri-dockerd-0.3.14.amd64.tgz
  3. tar xf cri-dockerd-0.3.14.amd64.tgz
  4. mv cri-dockerd/cri-dockerd  /usr/bin/
  5. rm -rf  cri-dockerd  cri-dockerd-0.3.8.amd64.tgz
  7. 2)配置启动项
  8. cat > /etc/systemd/system/cri-docker.service<<EOF
  9. [Unit]
  10. Description=CRI Interface for Docker Application Container Engine
  11. Documentation=https://docs.mirantis.com
  12. After=network-online.target firewalld.service docker.service
  13. Wants=network-online.target
  14. Requires=cri-docker.socket
  15. [Service]
  16. Type=notify
  17. # ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://
  18. # 指定用作 Pod 的基础容器的容器镜像(“pause 镜像”)
  19. ExecStart=/usr/bin/cri-dockerd --pod-infra-container-image=registry.k8s.io/pause:3.9 --container-runtime-endpoint fd://
  20. ExecReload=/bin/kill -s HUP $MAINPID
  21. TimeoutSec=0
  22. RestartSec=2
  23. Restart=always
  24. StartLimitBurst=3
  25. StartLimitInterval=60s
  26. LimitNOFILE=infinity
  27. LimitNPROC=infinity
  28. LimitCORE=infinity
  29. TasksMax=infinity
  30. Delegate=yes
  31. KillMode=process
  32. [Install]
  33. WantedBy=multi-user.target
  34. EOF
  36. cat > /etc/systemd/system/cri-docker.socket <<EOF
  37. [Unit]
  38. Description=CRI Docker Socket for the API
  39. PartOf=cri-docker.service
  40. [Socket]
  41. ListenStream=%t/cri-dockerd.sock
  42. SocketMode=0660
  43. SocketUser=root
  44. SocketGroup=docker
  45. [Install]
  46. WantedBy=sockets.target
  47. EOF
  49. 3)重新加载并设置自启动
  50. systemctl daemon-reload
  51. systemctl enable cri-docker && systemctl start cri-docker && systemctl status cri-docker
复制代码

目前另有1个报错

忽略Mem
  1. kubeadm init --kubernetes-version=v1.30.1 --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=172.17.59.254  --cri-socket unix:///var/run/cri-dockerd.sock --ignore-preflight-errors=Mem
复制代码

成功:


免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
回复

使用道具 举报

0 个回复

倒序浏览
返回列表

快速回复

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 or 立即注册

本版积分规则

泉缘泉

金牌会员
这个人很懒什么都没写!

楼主热帖

标签云

挺好的 服务器
微信订阅号
微信服务号
微信客服
小程序
H5
关于我们 商务合作 网站地图
©Copyright 2022-2024 杭州祥升科技有限公司 版权所有 浙ICP备20004199号
快速回复 返回顶部 返回列表