Установка Kubernetes Cluster debian 11
|
Name |
Version |
|
proxmox |
7 |
|
Debian Bullseye |
11.7.0 |
|
Kernel |
6.1.15-1 |
|
Docker-CE |
23.0.5 |
|
K8s |
1.27.1 |
|
Cilium |
1.13.1 |
|
cri-dockerd |
0.3.1 |
Конфигурация следующая
|
Role |
FQDN |
IP |
OS |
Kernel |
RAM |
CPU |
|
Master |
k8smaster1.smolpharm.com |
10.10.50.200 |
Debian 11.7 |
6.1.0-0 |
4G |
4 |
|
Worker |
k8sworker1.smolpharm.com |
10.10.50.201 |
Debian 11.7 |
6.1.0-0 |
4G |
4 |
|
Worker |
k8sworker2.smolpharm.com |
10.10.50.202 |
Debian 11.7 |
6.1.0-0 |
4G |
4 |
Качаем нет инсталл debian 11, ставим минимальный набор пакетов а именно ssh сервер и статический IP при установки, данное действие выполняем на всех мастер и воркер нодах
su - root
apt install -y sudo
echo "pavel ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/pavel
/etc/hosts
cat >> /etc/hosts << "EOF"
10.10.50.200 k8smaster1.smolpharm.com
10.10.50.201 k8sworker1.smolpharm.com
10.10.50.202 k8sworker2.smolpharm.com
EOF
Установим Linux kernel 6.x on Debian 11
echo "deb http://deb.debian.org/debian bullseye-backports main" | sudo tee -a /etc/apt/sources.list
sudo apt update
sudo apt -t bullseye-backports upgrade
перезагрузимся
sudo init 6
проверяем какие ядра у нас стоят и удаляем лишнее(старые)
dpkg --list | grep linux-image
sudo apt-get --purge remove linux-image-5.10.0-20-amd64 linux-image-5.10.0-21-amd64
sudo update-grub2
Генерируем ssh ключи
ssh-keygen -q -t ecdsa -N '' -f ~/.ssh/id_ecdsa <<<y >/dev/null 2>&1
и распространяем на все сервера
sh-copy-id -i ~/.ssh/id_ecdsa.pub 10.10.50.200
sh-copy-id -i ~/.ssh/id_ecdsa.pub 10.10.50.201
sh-copy-id -i ~/.ssh/id_ecdsa.pub 10.10.50.202
отключаем раздел подкачки
sudo swapoff -a
sudo sed -i '/swap/ s/./# &/' /etc/fstab
по вкусу
cat > ~/.vimrc << "EOF"
:set nocompatible
:set backspace=indent,eol,start
EOF
Для терминала в
~/.bashrc
NORMAL="\[\e[0m\]"
RED="\[\e[1;31m\]"
GREEN="\[\e[1;32m\]"
if [[ $EUID = 0 ]]; then
PS1="$RED\u [ $NORMAL\w$RED ]# $NORMAL"
else
PS1="$GREEN\u [ $NORMAL\w$GREEN ]\$ $NORMAL"
fi
unset RED GREEN NORMAL
Далее ставим docker-ce
sudo apt install -y apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl is-active docker
sudo usermod -aG docker ${USER}
newgrp docker
docker version
docker compose version
проверяем что все запущено
sudo systemctl status docker.service
sudo systemctl status docker.socket
sudo systemctl status containerd.service
dpkg -L docker-ce-cli | grep completion
Установка cri-dockerd
VER=$(curl -s https://api.github.com/repos/Mirantis/cri-dockerd/releases/latest|grep tag_name | cut -d '"' -f 4|sed 's/v//g')
echo $VER
wget https://github.com/Mirantis/cri-dockerd/releases/download/v${VER}/cri-dockerd-${VER}.amd64.tgz
tar xvf cri-dockerd-${VER}.amd64.tgz
sudo mv cri-dockerd/cri-dockerd /usr/local/bin/
cri-dockerd --version
sudo chown root:root /usr/local/bin/cri-dockerd
wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service
wget https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket
sudo mv cri-docker.socket cri-docker.service /etc/systemd/system/
sudo sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service
sudo systemctl daemon-reload
sudo systemctl enable cri-docker.service
sudo systemctl enable --now cri-docker.socket
sudo systemctl status cri-docker.service
sudo systemctl status cri-docker.socket
rm -rf cri-dockerd cri-dockerd-${VER}.amd64.tgz
Теперь ставим kubernetes ставим на мастер и воркеры
sudo apt install -y apt-transport-https ca-certificates curl
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update -y
sudo apt install kubectl kubeadm kubelet kubernetes-cni
sudo apt-mark hold kubelet kubeadm kubectl
kubectl version --output=yaml
kubeadm version --output=yaml
kubectl version --output=yaml
sudo kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl > /dev/null
source ~/.bashrc
Теперь шаги только на мастере
sudo kubeadm init --cri-socket unix:///var/run/cri-dockerd.sock
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8smaster1 NotReady control-plane 4m v1.27.1
kubectl get nodes
E0505 09:34:01.117879 1899475 memcache.go:265] couldn't get current server API group list: Get http://localhost:8080/api?timeout=32s: dial tcp [::1]:8080: connect: connection refused
Добавляем на воркеры
sudo kubeadm join 10.10.50.201:6443 --token yb1fqq.as5uf76jzsi8ulhf \
--cri-socket unix:///var/run/cri-dockerd.sock \
--discovery-token-ca-cert-hash sha256:5b11f6adfcdceb74d3ca2f40a9f3e5086d7898759e5b1ce66a2d7d79b4bef576
sudo kubeadm join 10.10.50.202:6443 --token yb1fqq.as5uf76jzsi8ulhf \
--cri-socket unix:///var/run/cri-dockerd.sock \
--discovery-token-ca-cert-hash sha256:5b11f6adfcdceb74d3ca2f40a9f3e5086d7898759e5b1ce66a2d7d79b4bef576
kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8smaster1 Ready control-plane 28m v1.27.1
k8sworker1 Ready <none> 85s v1.27.1
k8sworker2 Ready <none> 66s v1.27.1
kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8smaster1 Ready control-plane 77m v1.27.4 10.10.50.200 <none> Debian GNU/Linux 11 (bullseye) 6.1.0-0.deb11.7-amd64 docker://24.0.5
k8sworker1 Ready <none> 74m v1.27.4 10.10.50.201 <none> Debian GNU/Linux 11 (bullseye) 6.1.0-0.deb11.7-amd64 docker://24.0.5
k8sworker2 Ready <none> 73m v1.27.4 10.10.50.202 <none> Debian GNU/Linux 11 (bullseye) 6.1.0-0.deb11.7-amd64 docker://24.0.5
Ставим Cilium
wget https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
cilium install
cilium status
kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8smaster1 Ready control-plane 78m v1.27.4
k8sworker1 Ready <none> 75m v1.27.4
k8sworker2 Ready <none> 74m v1.27.4
kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system cilium-4sfz7 1/1 Running 0 64m
kube-system cilium-9txhq 1/1 Running 0 64m
kube-system cilium-krjrw 1/1 Running 0 64m
kube-system cilium-operator-76c55fc6b6-zrlbr 1/1 Running 0 64m
kube-system coredns-5d78c9869d-d62hg 1/1 Running 0 78m
kube-system coredns-5d78c9869d-gvvzr 1/1 Running 0 78m
kube-system etcd-k8smaster1 1/1 Running 0 78m
kube-system kube-apiserver-k8smaster1 1/1 Running 0 78m
kube-system kube-controller-manager-k8smaster1 1/1 Running 0 78m
kube-system kube-proxy-jkctl 1/1 Running 0 75m
kube-system kube-proxy-sf5cg 1/1 Running 0 75m
kube-system kube-proxy-v482d 1/1 Running 0 78m
kube-system kube-scheduler-k8smaster1 1/1 Running 0 78m
rm -f cilium-linux-amd64.tar.gz
sudo systemctl status kubelet.service
kubectl version --output=yaml
Все, на этом все.
