nv-k8s

！以下为安装步骤

# 配置 预期 ip
# nmtui 

readonly nodecicd_ip="192.168.14.13"
readonly nodecicd_k8s_ip="192.168.14.23"
readonly cluster_float_ip="192.168.14.100"


# 定义安装目录 与 私有 镜像源
readonly install_dir='/home/install_k8s'
mkdir -p ${install_dir}
cd ${install_dir}

# 配置 主机名
# cluster.svc 用于 后续扩容的 浮动 ip， 一般 是 100
hostnamectl hostname nodecicd

cat >  /etc/hosts << EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
${nodecicd_ip}  nodecicd
${nodecicd_k8s_ip}  nodecicd
${cluster_float_ip}  cluster.svc
EOF

# 暂时 关闭 交换分区
swapoff -a

# 检查 交换 分区 是不是 0 0
# 开机 自动 关闭 交换分区
# 注释掉 swap 挂载行
vi /etc/fstab
# /dev/mapper/openeuler-swap none                    swap    defaults        0 0

mount -a

# 组件集群 需要 网卡 mac 与 节点 uuid 的不同
# https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#check-required-ports
ip link

#  link/ether 52:54:00:f3:e5:0c brd ff:ff:ff:ff:ff:ff
cat /sys/class/dmi/id/product_uuid

# #  更换 本地 镜像源
# #  需要 用 nginx 搭建 本地的 镜像源
# cat > /etc/yum.repos.d/openEuler.repo << "EOF"
# [openEuler]
# name=openEuler
# baseurl=http://10.11.78.21/openEuler-22.03-LTS-SP3/x86_64/
# enabled=1
# gpgcheck=1
# gpgkey=http://10.11.78.21/openEuler-22.03-LTS-SP3/x86_64/RPM-GPG-KEY-openEuler
# EOF

yum makecache

# 关闭防火墙
systemctl disable --now firewalld

# 检查 端口 占用 保证端口空闲
# 确保 端口 未被 其他软件占用
# https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#check-required-ports
yum install nc -y

nc 127.0.0.1 6443 -v
# Ncat: Connection refused.

# disable SELINUX
sed -i 's/^SELINUX.*/SELINUX=disabled/g' /etc/selinux/config
setenforce 0

# 确保 内核 加载 网桥 模块
echo "bridge" |  tee /etc/modules-load.d/bridge.conf
echo "br_netfilter" |  tee /etc/modules-load.d/br_netfilter.conf

chmod 755  /etc/modules-load.d/bridge.conf
chmod 755  /etc/modules-load.d/br_netfilter.conf

modprobe bridge
modprobe br_netfilter


lsmod | grep br_netfilter
# br_netfilter           32768  0
# bridge                270336  1 br_netfilter

# 配置 sysctl
# 注意：需要更换下列net.ipv4.conf.enp1s0.rp_filter=0中的网卡
cat >  /etc/sysctl.conf << "EOF"
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
kernel.sysrq=0
net.ipv4.ip_forward=0
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.secure_redirects=0
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.tcp_syncookies=1
kernel.dmesg_restrict=1
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.default.accept_redirects=0

# 

# add by io.plus lmk
#         [ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
# [ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-ip6tables]: /proc/sys/net/bridge/bridge-nf-call-ip6tables does not exist
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1

# ip6
net.ipv6.conf.all.forwarding=1
net.bridge.bridge-nf-call-ip6tables=1

# fs inode
fs.inotify.max_user_watches = 524288
fs.inotify.max_user_instances = 512

#  many interface of linux node for spical vlan can connect config
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.lo.rp_filter=0
net.ipv4.conf.enp1s0.rp_filter=0
EOF

sysctl -p

# 
yum install tar -y

# install containerd
# https://github.com/containerd/containerd/blob/main/docs/getting-started.md
    cd ${install_dir}

    f1='containerd-1.7.14-linux-amd64.tar.gz'
    wget ${ioplus_repo}/k8s_deps/${f1}  -O ${f1}

    tar Cxzvf /usr/local ${f1}
    # bin/
    # bin/containerd-shim
    # bin/ctr
    # bin/containerd-shim-runc-v1
    # bin/containerd
    # bin/containerd-stress
    # bin/containerd-shim-runc-v2

    which containerd
    # /usr/local/bin/containerd
    \rm ${f1}

# install runc
    f1='runc.amd64'
    wget  ${ioplus_repo}/k8s_deps/${f1} -O ${f1}

    install -m 755 runc.amd64 /usr/local/sbin/runc

    which runc
    # /usr/local/sbin/runc
    \rm ${f1}


# install cni plugins
    cd ${install_dir}
    f1='cni-plugins-linux-amd64-v1.4.1.tgz'
    wget ${ioplus_repo}/k8s_deps/${f1}  -O ${f1}
    mkdir -p /opt/cni/bin
    tar Cxzvf /opt/cni/bin ${f1}
    chown -R root:root /opt/cni
    \rm ${f1}

# config containerd
    f1='/etc/containerd/config.toml'
    mkdir -p /etc/containerd/
    wget  ${ioplus_repo}/k8s_deps/${f1} -O  ${f1}

# containerd service
# If you intend to start containerd via systemd, you should also download the containerd.service unit file from https://raw.githubusercontent.com/containerd/containerd/main/containerd.service into /usr/local/lib/systemd/system/containerd.service, and run the following commands:
    f1='containerd.service'
    mkdir -p  /usr/local/lib/systemd/system/
    wget   ${ioplus_repo}/k8s_deps/${f1} \
        -O /usr/local/lib/systemd/system/${f1}

# start containerd
systemctl daemon-reload
systemctl enable --now containerd
systemctl status containerd

#    Active: active (running)



# load  k8s and ctr images

ctr -n k8s.io i ls
# WARN[0000] DEPRECATION: The `mirrors` property of `[plugins."io.containerd.grpc.v1.cri".registry]` is deprecated since containerd v1.5 and will be removed in containerd v2.0. Use `config_path` instead.
# WARN[0000] DEPRECATION: The `configs` property of `[plugins."io.containerd.grpc.v1.cri".registry]` is deprecated since containerd v1.5 and will be removed in containerd v2.0. Use `config_path` instead.
# REF TYPE DIGEST SIZE PLATFORMS LABELS

cd ${install_dir}
f1='k8s_1_29_1_cilium_1_15_3_images.tar'
wget wget   ${ioplus_repo}/k8s_deps/${f1} \
    -O ${f1}

ctr -n k8s.io image import ${f1}

ctr -n k8s.io i ls  -q
# quay.io/cilium/cilium@sha256:da74ab61d1bc665c1c088dff41d5be388d252ca5800f30c7d88844e6b5e440b0
# quay.io/cilium/operator-generic@sha256:c97f23161906b82f5c81a2d825b0646a5aa1dfb4adf1d49cbb87815079e69d61
# registry.k8s.io/coredns/coredns:v1.11.1
# registry.k8s.io/coredns/coredns@sha256:1eeb4c7316bacb1d4c8ead65571cd92dd21e27359f0d4917f1a5822a73b75db1
# registry.k8s.io/etcd:3.5.10-0
# registry.k8s.io/etcd@sha256:22f892d7672adc0b9c86df67792afdb8b2dc08880f49f669eaaa59c47d7908c2
# registry.k8s.io/kube-apiserver:v1.29.1
# registry.k8s.io/kube-apiserver@sha256:7c292d7c489fc352716e18fc0b98fca84d21ebab8c6b02cad3058c068aa728b3
# registry.k8s.io/kube-controller-manager:v1.29.1
# registry.k8s.io/kube-controller-manager@sha256:a535267c7f89f6ed93e3b2e7fa39f1a87e1738fd3dd6de454c6979b638709c96
# registry.k8s.io/kube-proxy:v1.29.1
# registry.k8s.io/kube-proxy@sha256:70ca1eed9fdf506dcf64cfe0f0750773aadcb4733a9a37ead40524ed34c9278f
# registry.k8s.io/kube-scheduler:v1.29.1
# registry.k8s.io/kube-scheduler@sha256:a4afe5bf0eefa56aebe9b754cdcce26c88bebfa89cb12ca73808ba1d701189d7
# registry.k8s.io/pause:3.9
# registry.k8s.io/pause@sha256:7031c1b283388d2c2e09b57badb803c05ebed362dc88d84b480cc47f72a21097

# load ctr images end

# install crictl
# https://github.com/containerd/containerd/blob/main/docs/getting-started.md#interacting-with-containerd-via-cli
f1='crictl-v1.28.0-linux-amd64.tar.gz'
wget  ${ioplus_repo}/k8s_deps/${f1} -O  ${f1}

tar zxvf ${f1} -C /usr/local/bin
which crictl
# /usr/local/bin/crictl
rm -f ${f1}
# install crictl end

# install kubelet kubeadm
cd ${install_dir}
for up_file in 'kubeadm' 'kubectl' \
    'kubelet' 'kubelet.service' \
    '10-kubeadm.conf'
do
wget  ${ioplus_repo}/k8s_deps/${up_file} -O ${up_file}
done

ARCH="amd64"
INSTALL_DIR="/usr/local/bin"
echo -e 'kubeadm\nkubelet' | xargs -I{} install -m 755 ./{}  $INSTALL_DIR/{}

cat kubelet.service | sed "s:/usr/bin:${INSTALL_DIR}:g" | sudo tee /etc/systemd/system/kubelet.service
sudo mkdir -p /etc/systemd/system/kubelet.service.d
cat 10-kubeadm.conf | sed "s:/usr/bin:${INSTALL_DIR}:g" | sudo tee /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

# config kubelet swap on
cat > /etc/sysconfig/kubelet <<"EOF"
Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"
EOF
# config kubelet swap on end

systemctl daemon-reload
systemctl enable --now kubelet

# kubelet 默认状态 是错误的，必须 kubeadm init 后 才会 正常运行
systemctl status kubelet

# install kubelet kubeadm end



# prepare kubeadm-init

cd ${install_dir}

kubeadm config print init-defaults > kubeadm-init.yaml

sed -i 's/\(kubernetesVersion: \).*/\1 1.29.1/g' kubeadm-init.yaml

sed -i 's/\(advertiseAddress: \).*/\1 '${cluster_float_ip}'/g' kubeadm-init.yaml
sed -i 's/\( name: \).*//g' kubeadm-init.yaml

sed -i 's#\(serviceSubnet: \).*#\1 10.96.0.0/16,2001:db8:42:1::/112\n  podSubnet: 10.244.0.0/16,2001:db8:42:0::/56#g' kubeadm-init.yaml

echo 'controlPlaneEndpoint: cluster.svc' >> kubeadm-init.yaml

# prepare kubeadm-init end

# check img
kubeadm config images list   --config=kubeadm-init.yaml
# registry.k8s.io/kube-apiserver:v1.29.1
# registry.k8s.io/kube-controller-manager:v1.29.1
# registry.k8s.io/kube-scheduler:v1.29.1
# registry.k8s.io/kube-proxy:v1.29.1
# registry.k8s.io/coredns/coredns:v1.11.1
# registry.k8s.io/pause:3.9
# registry.k8s.io/etcd:3.5.10-0


# install init deps
# [WARNING FileExisting-socat]: socat not found in system path
# [WARNING FileExisting-tc]: tc not found in system path
yum install conntrack-tools bash-completion \
    ipvsadm  socat net-tools iproute-tc -y

# init

# 万一 出现错误 重新 安装前， 请 清空环境
# kubeadm reset   -f

# rm -rf /etc/kubernetes/manifests
# rm -rf  /etc/kubernetes
# rm -rf  /etc/kubelet
# rm -rf  /var/lib/kublet
# rm -rf  /var/lib/etcd

kubeadm init --config=kubeadm-init.yaml --upload-certs
# 安装成功
    # To start using your cluster, you need to run the following as a regular user:

    #   mkdir -p $HOME/.kube
    #   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    #   sudo chown $(id -u):$(id -g) $HOME/.kube/config

    # Alternatively, if you are the root user, you can run:

    #   export KUBECONFIG=/etc/kubernetes/admin.conf

    # You should now deploy a pod network to the cluster.
    # Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
    #   https://kubernetes.io/docs/concepts/cluster-administration/addons/

    # You can now join any number of the control-plane node running the following command on each as root:

    #   kubeadm join cluster.svc:6443 --token abcdef.0123456789abcdef \
    #         --discovery-token-ca-cert-hash sha256:9e11960959ce96973b32a2005114d5656bcace2d90fb2de80ecc26ac432a29a0 \
    #         --control-plane --certificate-key 08f0fa1639410b8b47b70d293694e9a9d9c8184a4bb4cfe407a30f5b321e54ac

    # Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
    # As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
    # "kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

    # Then you can join any number of worker nodes by running the following on each as root:

    # kubeadm join cluster.svc:6443 --token abcdef.0123456789abcdef \
    #         --discovery-token-ca-cert-hash sha256:9e11960959ce96973b32a2005114d5656bcace2d90fb2de80ecc26ac432a29a0





install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl

echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> ~/.bashrc
source ~/.bashrc

kubectl version

echo 'source <(kubectl completion bash)' >>~/.bashrc

echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -o default -F __start_kubectl k' >>~/.bashrc

source ~/.bashrc

k get pod -A
# coredns 处于 Pending 是正常的，安装 网络 组件后 才会running
# 
# NAMESPACE     NAME                             READY   STATUS    RESTARTS   AGE
# kube-system   coredns-76f75df574-hbqms         0/1     Pending   0          93s
# kube-system   coredns-76f75df574-l2mbs         0/1     Pending   0          93s
# kube-system   etcd-node03                      1/1     Running   1          108s
# kube-system   kube-apiserver-node03            1/1     Running   1          110s
# kube-system   kube-controller-manager-node03   1/1     Running   1          108s
# kube-system   kube-proxy-85pgx                 1/1     Running   0          93s
# kube-system   kube-scheduler-node03            1/1     Running   1          109s

# init net plugin cilium

f1='cilium-linux-amd64-0.16.4.tar.gz'
wget  ${ioplus_repo}/k8s_deps/${f1} -O  ${f1}
tar xzvfC ${f1} /usr/local/bin

cilium version --client
# cilium-cli: v0.16.4 compiled with go1.22.1 on linux/amd64
# cilium image (default): v1.15.3
# cilium image (stable): v1.15.6

# consider offlin install
cilium install --version 1.15.3
# ℹ️  Using Cilium version 1.15.3
# 🔮 Auto-detected cluster name: kubernetes
# 🔮 Auto-detected kube-proxy has been installed

cilium config set ipam kubernetes

cilium config set enable-ipv4 true
cilium config  set cluster-pool-ipv4-cidr 10.96.0.0/16

cilium config  set enable-ipv6 false

cilium status --wait

k get pod -A
# NAMESPACE     NAME                               READY   STATUS    RESTARTS   AGE
# kube-system   cilium-k6bgw                       1/1     Running   0          27s
# kube-system   cilium-operator-58684c48c9-8khnh   1/1     Running   0          3m48s
# kube-system   coredns-76f75df574-hbqms           1/1     Running   0          8m41s
# kube-system   coredns-76f75df574-l2mbs           1/1     Running   0          8m41s
# kube-system   etcd-node03                        1/1     Running   1          8m56s
# kube-system   kube-apiserver-node03              1/1     Running   1          8m58s
# kube-system   kube-controller-manager-node03     1/1     Running   1          8m56s
# kube-system   kube-proxy-85pgx                   1/1     Running   0          8m41s
# kube-system   kube-scheduler-node03              1/1     Running   1          8m57s


# 删除 调度 节点 污点
#   Warning  FailedScheduling  97s   default-scheduler  0/1 nodes are available: 1 node(s) had untolerated taint {node-role.kubernetes.io/control-plane: }. preemption: 0/1 nodes are available: 1 Preemption is not helpful for scheduling.
kubectl taint node node03 node-role.kubernetes.io/control-plane:NoSchedule-

# 测试 nginx port 
# crictl pull cr.io.plus:80/cicd/nginx:1.25.4

cat > nginx-test.yml << "EOF"
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: cr.io.plus:80/cicd/nginx:1.25.4
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  type: NodePort
  ports:
  - name: http
    port: 8080
    targetPort: 80
    nodePort: 30088
  selector:
    app: nginx
EOF

k apply -f  nginx-test.yml 


curl http://${cluster_float_ip}:30088/
# <title>Welcome to nginx!</title>

# 本地浏览器 访问
echo http://${cluster_float_ip}:30088/

修改containerd镜像地址

参考：containerd配置国内镜像源及使用私有镜像仓库_containerd 国内源-CSDN博客

[plugins."io.containerd.grpc.v1.cri".registry]
   [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
       [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          		endpoint = ["https://registry-1.docker.io"] //到此为配置文件默认生成，之后为需要添加的内容
       [plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.66.4"]
         		endpoint = ["https://192.168.66.4:443"]
   [plugins."io.containerd.grpc.v1.cri".registry.configs]
   		 [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.66.4".tls]
          		insecure_skip_verify = true
       	 [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.66.4".auth]
          		username = "admin"
          		password = "Harbor12345"

修改[plugins.”io.containerd.grpc.v1.cri”.registry]段，在子段[plugins.”io.containerd.grpc.v1.cri”.registry.mirrors]和[plugins.”io.containerd.grpc.v1.cri”.registry.configs]中添加配置即可。

修改完成之后重启服务

systemctl daemon-reload
systemctl restart containerd
systemctl status containerd