准备 Kubernetes 节点裸金属虚拟机
标签
开发/云原生
计算机/计算机科学/CS/虚拟化
开发/云原生/Kubernetes
开发/容器化
开发/虚拟化
开发/容器化/Docker
开发/云原生/Docker
命令行/kubectl
命令行/kubeadm
命令行/containerd
命令行/docker
软件/云原生/kubeadm
软件/云原生/kubelet
软件/云原生/kubectl
软件/云原生/containerd
软件/云原生/docker
开发/虚拟化/cgroup
命令行/systemd
命令行/journalctl
计算机/操作系统/Linux
操作系统/Linux
操作系统/Debian
操作系统/Debian/Debian-11
命令行/sysctl
计算机科学/内核/内核参数
运维/内核
命令行/apt
字数
495 字
阅读时间
3 分钟
文档兼容性
| 主体 | 版本号 | 文档地址(如果有) |
|---|---|---|
| Debian | 11 | |
| Kubernetes | 1.28 | https://v1-28.docs.kubernetes.io/ |
| Docker | 24.0.2 | https://docs.docker.com/ |
| containerd | 1.7.6 | |
| Linux kernel | 5.10.0 |
配置内核参数
shell
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOFshell
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOFshell
sudo sysctl --system配置用于下载 kubectl,kubeadm 和 kubelet 的 apt 源
shell
sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl
sudo mkdir -p /etc/apt/keyrings/
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt updateshell
sudo apt update && sudo apt install -y apt-transport-https ca-certificates curl && sudo mkdir -p /etc/apt/keyrings/ && curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg && echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list && sudo apt update安装并保持其版本号:
shell
sudo apt install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectlshell
sudo apt install -y kubelet kubeadm kubectl && sudo apt-mark hold kubelet kubeadm kubectl初始化 containerd 的配置
shell
sudo rm -rf /etc/containerd/config.toml
sudo containerd config default | sudo tee /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl restart dockershell
sudo rm -rf /etc/containerd/config.toml && sudo containerd config default | sudo tee /etc/containerd/config.toml && sudo systemctl restart containerd && sudo systemctl restart docker配置 CGroup
查看 Docker 用的 CGroup:
shell
sudo docker info | grep -i cgroupshell
$ sudo docker info | grep -i cgroup
Cgroup Driver: systemd
Cgroup Version: 2
cgroupns如果是 systemd 的话,我们需要同步配置 containerd 也是 systemd 作为 CGroup Driver[1] :
shell
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
export PAUSE_IMAGE="$(kubeadm config images list | grep pause)"
sudo sed -i 's,sandbox_image = .*,sandbox_image = '\"$PAUSE_IMAGE\"',' /etc/containerd/config.tomlshell
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml && export PAUSE_IMAGE="$(kubeadm config images list | grep pause)" && sudo sed -i 's,sandbox_image = .*,sandbox_image = '\"$PAUSE_IMAGE\"',' /etc/containerd/config.toml然后重启 docker 和 containerd 的 systemd 服务:
shell
sudo systemctl restart containerd
sudo systemctl restart dockershell
sudo systemctl restart containerd && sudo systemctl restart docker贡献者
絢香猫页面历史
对于,CGroup Driver,在 容器运行时 | Kubernetes 和 配置 cgroup 驱动 | Kubernetes 文档中有讲解到,是 CRI 的一部分。 ↩︎