This article is shared from the Huawei Cloud Community " OpenEuler Deploys Kubernetes 1.29.4 Version Cluster " by Jiang Wanzhengchouyu.
1. Kubernetes cluster node preparation
1.1 Host operating system description
Serial number operating system and version remarks
1 CentOS7u9 or OpenEuler2203
1.2 Host hardware configuration description
Requirements CPU memory hard disk role host name
value 8C 8G 1024GB master k8s-master01
value 8C 16G 1024GB worker (node) k8s-worker01
value 8C 16G 1024GB worker (node) k8s-worker02
1.3 Host configuration
1.3.1 Host name configuration
Since three hosts are used to complete the kubernetes cluster deployment this time, one of them is the master node, named k8s-master01; two of them are worker nodes, named: k8s-worker01 and k8s-worker02.
# master node hostnamectl set-hostname k8s-master01 #worker01node hostnamectl set-hostname k8s-worker01 #worker02node hostnamectl set-hostname k8s-worker02
1.3.2 IP address, name resolution and mutual trust
#IP configuration will not be explained here. #The following is the name resolution configuration [root@k8s-master01 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.11 k8s-master01 192.168.0.12 k8s-worker01 192.168.0.13 k8s-worker02 #Host mutual trust configuration [root@k8s-master01 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:Rr6W4rdnY350fzMeszeWFR/jUJt0VOZ3yZECp5VJJQA root@k8s-master01 The key's randomart image is: +---[RSA 3072]----+ | E.o+=++*| | ++o*+| | . . +oB| | O . *o| | S o =| | . O . ..o| | . + . . +o| | . o. = . *B| | ...*.or yes*| +----[SHA256]-----+ [root@k8s-master01 ~]# for i in {11..13};do ssh-copy-id 192.168.0.${i};done /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established. ED25519 key fingerprint is SHA256:s2R582xDIla4wyNozHa/HEmRR7LOU4WAciEcAw57U/Q. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Authorized users only. All activities may be monitored and reported. [email protected]'s password: Number of key(s) added: 1
1.3.4 Firewall configuration
All hosts require operation.
Turn off existing firewall firewalld
# systemctl disable firewalld # systemctl stop firewalld
or
systemctl disable --now firewalld
View firewalld status
# firewall-cmd --state not running
Reference running command:
[root@k8s-master01 ~]# for i in {11..13};do ssh 192.168.0.${i} 'systemctl disable --now firewalld' ;done Authorized users only. All activities may be monitored and reported. Authorized users only. All activities may be monitored and reported. Authorized users only. All activities may be monitored and reported. [root@k8s-master01 ~]# for i in {11..13};do ssh 192.168.0.${i} 'firewall-cmd --state' ;done Authorized users only. All activities may be monitored and reported. not running Authorized users only. All activities may be monitored and reported. not running Authorized users only. All activities may be monitored and reported. not running
1.3.5 SELINUX configuration
All hosts require operation. Modifying the SELinux configuration requires restarting the operating system.
# sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# sestatus
Reference running command:
[root@k8s-master01 ~]# for i in {11..13};do ssh 192.168.0.${i} 'sed -ri 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config' ;done Authorized users only. All activities may be monitored and reported. Authorized users only. All activities may be monitored and reported. Authorized users only. All activities may be monitored and reported. [root@k8s-master01 ~]# for i in {11..13};do ssh 192.168.0.${i} 'sestatus' ;done Authorized users only. All activities may be monitored and reported. SELinux status: disabled Authorized users only. All activities may be monitored and reported. SELinux status: disabled Authorized users only. All activities may be monitored and reported. SELinux status: disabled
1.3.6 Time synchronization configuration
All hosts require operation. The minimal installation system requires the installation of ntpdate software.
# crontab -l 0 */1 * * * /usr/sbin/ntpdate time1.aliyun.com for i in {11..13};do ssh 192.168.0.${i} ' echo '0 */1 * * * /usr/sbin/ntpdate time1.aliyun.com' >> /etc/crontab' ;done #Set Shanghai time zone, East Eighth District timedatectl set-timezone Asia/Shanghai for i in {11..13};do ssh 192.168.0.${i} ' timedatectl set-timezone Asia/Shanghai' ;done
1.3.7 Upgrade operating system kernel
The centos system needs to upgrade content. Specifically, Baidu and OpenEuler2203 do not need to upgrade.
1.3.8 Configure kernel routing forwarding and bridge filtering
All hosts require operation.
Add bridge filtering and kernel forwarding configuration files
sed -i 's/net.ipv4.ip_forward=0/net.ipv4.ip_forward=1/g' /etc/sysctl.conf # cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 vm.swappiness = 0 EOF #Configure and load the br_netfilter module cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF #Load br_netfilter overlay module modprobe br_netfilter modprobe overlay #Check whether it is loaded # lsmod | grep br_netfilter br_netfilter 22256 0 bridge 151336 1 br_netfilter # Make it effective sysctl --system # Use the default configuration file to take effect sysctl -p # Use the newly added configuration file to take effect sysctl -p /etc/sysctl.d/k8s.conf
1.3.9 Install ipset and ipvsadm
All hosts require operation.
Install ipset and ipvsadm # yum -y install ipset ipvsadm Configure the ipvsadm module loading method Add modules that need to be loaded # cat > /etc/sysconfig/modules/ipvs.modules <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack EOF Authorize, run, check if loaded chmod 755 /etc/sysconfig/modules/ipvs.module && /etc/sysconfig/modules/ipvs.module Check whether the corresponding module is loaded successfully # lsmod | grep -e ip_vs -e nf_conntrack_ipv4
1.3.10 Close SWAP partition
After the modification is completed, the operating system needs to be restarted. If it does not restart, it can be temporarily shut down. The command is swapoff -a.
Close the swap partition permanently and need to restart the operating system
# cat /etc/fstab ...... # /dev/mapper/centos-swap swap swap defaults 0 0 Add # at the beginning of the previous line
2. Containerd container environment installation
2.1 Install containerd environment package
All hosts require operation.
#Packed files for i in {11..13};do ssh 192.168.0.${i} ' wget https://blog-source-mkt.oss-cn-chengdu.aliyuncs.com/resources/k8s/kubeadm%20init/k8s1.29.tar.gz'; done # Unzip containerd and install it for i in {11..13};do ssh 192.168.0.${i} ' tar -zxvf /root/k8s1.29.tar.gz'; done for i in {11..13};do ssh 192.168.0.${i} ' tar -zxvf /root/workdir/containerd-1.7.11-linux-amd64.tar.gz && mv /root/bin/* /usr/local/bin/ && rm -rf /root/bin'; done # Create a service, all hosts must operate cat << EOF > /usr/lib/systemd/system/containerd.service [Unit] Description=containerd container runtime Documentation=https://containerd.io After=network.target local-fs.target [Service] ExecStartPre=-/sbin/modprobe overlay ExecStart=/usr/local/bin/containerd Type=notify Delegate=yes KillMode=process Restart=always RestartSec=5 # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not supports it. # Only systemd 226 and above support this version. TasksMax=infinity OOMScoreAdjust=-999 [Install] WantedBy=multi-user.target EOF # Start container service for i in {11..13};do ssh 192.168.0.${i} 'systemctl daemon-reload && systemctl enable --now containerd '; done # Install runc for i in {11..13};do ssh 192.168.0.${i} 'install -m 755 /root/workdir/runc.amd64 /usr/local/sbin/runc '; done #Install cni plug-in for i in {11..13};do ssh 192.168.0.${i} 'mkdir -p /opt/cni/bin && tar -xzvf /root/workdir/cni-plugins-linux-amd64-v1.4.0.tgz -C /opt/cni/bin/ '; done # Generate container configuration file and modify it for i in {11..13};do ssh 192.168.0.${i} 'mkdir -p /etc/containerd && containerd config default | sudo tee /etc/containerd/config.toml '; done # Modify the sandbox image, all hosts must operate sed -i 's#sandbox_image = "registry.k8s.io/pause:.*"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"#' /etc/containerd/config.toml #Restart containerd systemctl restart containerd
2.2 Install k8s on the master host
# Configure k8s v2.19 source, all nodes must be installed cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/rpm/ enabled=1 gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.29/rpm/repodata/repomd.xml.key EOF #Install k8s tools, all nodes must be installed yum clean all && yum makecache yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes # Configure kubelet In order to achieve consistency between the cgroupdriver used by docker and the cgroup used by kubelet, it is recommended to modify the following file contents. All nodes need to be installed # vim /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--cgroup-driver=systemd" Or the following command echo 'KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"' > /etc/sysconfig/kubelet systemctl enable kubelet #Note, do not start kubelet, kubeadm will start automatically. If it is started, the installation will report an error. # Install the k8s command and execute it on the master node. There is only the 1.29.4 version image here. kubeadm init --apiserver-advertise-address=192.168.0.11 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.29.4 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.224.0.0/16 #Finally execute the following command mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config export KUBECONFIG=/etc/kubernetes/admin.conf
2.3 Install calico network plug-in
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml #Finally check the status of nodes and pod branches kubectl get nodes kubectl get pods -A
Click to follow and learn about Huawei Cloud’s new technologies as soon as possible~
Linus took it upon himself to prevent kernel developers from replacing tabs with spaces. His father is one of the few leaders who can write code, his second son is the director of the open source technology department, and his youngest son is an open source core contributor. Robin Li: Natural language will become a new universal programming language. The open source model will fall further and further behind Huawei: It will take 1 year to fully migrate 5,000 commonly used mobile applications to Hongmeng. Java is the language most prone to third-party vulnerabilities. Rich text editor Quill 2.0 has been released with features, reliability and developers. The experience has been greatly improved, Ma Huateng and Zhou Hongyi shake hands to "eliminate grudges" Meta Llama 3 is officially released. Although the open source of Laoxiangji is not the code, the reasons behind it are very heart-warming. Google announced a large-scale restructuring