install k8s 1.28.2

--- title: install k8s 1.28.2 tags: [學習筆記] --- # install k8s 1.28.2 ###### tags: `學習筆記` OS: ubuntu 22.04 ## update package ```shell= $ sudo apt update ``` ## install containerd kube>=1.24, 不支援docker 1. install its dependencies ```shell= $ sudo apt install -y curl gnupg2 software-properties-common apt-transport-https ca-certificates ``` 2. add apt repository ```shell= $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg $ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list $ sudo apt update $ sudo apt install -y containerd.io=1.6.28-1 or $ sudo apt install -y docker.io ``` 3. set config file ```shell= $ sudo mkdir -p /etc/containerd/certs.d $ sudo containerd config default | sudo tee /etc/containerd/config.toml $ sudo sed -i 's/ SystemdCgroup = false/ SystemdCgroup = true/' /etc/containerd/config.toml $ sudo sed -i 's/config_path = ""/config_path = "\/etc\/containerd\/certs.d\/"/' /etc/containerd/config.toml $ sudo systemctl restart containerd.service $ sudo systemctl enable containerd ``` 4. (additional) use crictl operation ```shell= $ VERSION="v1.26.0" # check latest version in /releases page $ curl -L https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-${VERSION}-linux-amd64.tar.gz --output crictl-${VERSION}-linux-amd64.tar.gz $ sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin $ rm -f crictl-$VERSION-linux-amd64.tar.gz $ sudo nano /etc/crictl.yaml # copy followings: runtime-endpoint: unix:///var/run/containerd/containerd.sock image-endpoint: unix:///var/run/containerd/containerd.sock timeout: 10 debug: true $ sudo crictl images ``` 5. (additional) use nerdctl operation ```shell= $ mkdir -p nerdctl $ cd nerdctl $ wget https://github.com/containerd/nerdctl/releases/download/v1.7.3/nerdctl-1.7.3-linux-amd64.tar.gz $ tar -xf nerdctl-1.7.3-linux-amd64.tar.gz $ sudo cp nerdctl /usr/local/bin/ $ sudo nerdctl ns ls $ sudo nerdctl -n k8s.io images ``` ## Add apt repository for Kubernetes 1. add apt repository ```shell= curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo apt-get update ``` ## Install Kubernetes components ```shell= $ sudo apt install kubeadm=1.29.2-1.1 kubelet=1.29.2-1.1 kubectl=1.29.2-1.1 ``` ## Disable swap ```shell= $ sudo swapoff -a $ sudo sed -i '/ swap / s/^$.*$$/#\1/g' /etc/fstab ``` ## Set hostname ```shell= $ sudo hostnamectl set-hostname kubernetes-master $ exec bash ``` ## Set up the IPV4 bridge on all nodes ```shell= $ cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF $ sudo modprobe overlay $ sudo modprobe br_netfilter ## sysctl params required by setup, params persist across reboots $ cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF # Apply sysctl params without reboot $ sudo sysctl --system ``` ## Initialize Kubernetes cluster with Kubeadm command ```shell= $ sudo kubeadm config images pull $ sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.0.111 --apiserver-bind-port 8000 ``` ![](https://i.imgur.com/yYURo1p.png) ## Current user access to the Kubernetes cluster ```shell= $ mkdir -p $HOME/.kube $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config $ sudo chown $(id -u):$(id -g) $HOME/.kube/config ``` ## additional：add worker node into cluster ```shell= $ kubeadm join <ip>:<portNumber> --token <token> ``` ## Install Flannel for the Pod Network (On Master Node) We need to install the pod network before the cluster can come up ```shell= $ kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml ``` ## check node status: Ready ```shell= $ kubectl get node $ kubectl get pods --all-namespaces ``` ## if need to deploy pods on master node ```shell= $ kubectl taint nodes kubernetes-master node-role.kubernetes.io/control-plane- ``` ## set the range of NodePort ```shell= $ sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml ## insert - --service-node-port-range=0-36000 - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA ## behind - --service-cluster-ip-range=10.96.0.0/12 $ sudo systemctl daemon-reload $ sudo systemctl restart kubelet.service ``` ## install helm ```shell= $ curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null $ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list $ sudo apt-get update $ sudo apt-get install helm=3.14.2-1 ```