Oracle Linux 9 上基于 CRI-O 安装 Kubernetes 1.27 集群
- 1. 禁用 swap
- 2. 禁用防火墙
- 3. 将 SELinux 设置为 permissive 模式
- 4. 安装cri-o
- 5. 安装kubelet kubeadm kubectl
- 6. 更新模块设置
- 7. 初始化Kubernetes集群
- 8. 配置集群访问
- 9. 安装网络插件
- 10. 验证集群
1. 禁用 swap
sudo swapoff -a
2. 禁用防火墙
sudo systemctl stop firewalld
sudo systemctl disable firewalld
3. 将 SELinux 设置为 permissive 模式
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
4. 安装cri-o
卸载 podman、runc 等容器运行时
sudo dnf remove -y podman runc cri-o docker-ce libcgroup cri-dockerd
安装cri-o
sudo dnf install -y conmon containers-common
sudo rpm -ivh https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.26:/1.26.2/Fedora_37/x86_64/cri-o-1.26.2-2.1.fc37.x86_64.rpm
编辑 crio,添加最后两个值,
sudo vi /etc/crio/crio.conf
--- add
[crio.runtime]
conmon_cgroup = "pod"
cgroup_manager = "systemd"
---
重启 crio,
sudo systemctl daemon-reload
sudo systemctl enable --now crio
sudo systemctl status crio
5. 安装kubelet kubeadm kubectl
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
sudo dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
sudo systemctl enable --now kubelet
6. 更新模块设置
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
ip_tables
iptable_filter
EOF
对模块使用 modprobe,
sudo modprobe overlay
sudo modprobe br_netfilter
sudo modprobe ip_tables
sudo modprobe iptable_filter
为 k8s.conf 设置 sysctl.d,
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
应用 sysctl 参数,无需重启,
sysctl --system
7. 初始化Kubernetes集群
sudo su -
export PUBLIC_IP=YOUR_PUBLIC_IP
export HOST=`hostname`
cat <<EOF > kubeadm-config.yaml
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd
---
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: $PUBLIC_IP
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/crio/crio.sock
imagePullPolicy: IfNotPresent
name: $HOST
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.27.1
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
EOF
使用 kubeadm 初始化 kubernetes 集群,
kubeadm init --config kubeadm-config.yaml
8. 配置集群访问
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl > /dev/null
echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -o default -F __start_kubectl k' >>~/.bashrc
移除 taint,
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
9. 安装网络插件
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
10. 验证集群
kubectl get nodes
kubectl get pods -A
完结!
![Oracle:ORA-00600[4137]问题分析](https://img-blog.csdnimg.cn/img_convert/9e319bc2566bca134eac67b32ed5bb5b.png)