如何在 Kubernetes 1.18.2 上使用 kubeadm 和 kubelet 设置 cri-o?

如何在 Kubernetes 1.18.2 上使用 kubeadm 和 kubelet 设置 cri-o?

我对 Kubernetes 还比较陌生,虽然我能够使用默认套接字(/var/run/dockershim.sock)启动主节点(加入工作节点/主节点),但我还是想使用 cri-o 套接字(unix:///var/run/crio/crio.sock)。

我一直在阅读我能找到的所有文档,但似乎没有一个对我有用。

我在 Centos7 上运行 Kubernetes。

CRI-O:

# crio version
Version:       1.18.2
GitCommit:     754d46b53595cf2db74d2a73a685d573910b814e
GitTreeState:  clean
BuildDate:     2020-06-25T09:23:58Z
GoVersion:     go1.13.6
Compiler:      gc
Platform:      linux/amd64
Linkmode:      dynamic

码头工人:

# docker version
Client: Docker Engine - Community
 Version:           19.03.12
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        48a66213fe
 Built:             Mon Jun 22 15:46:54 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.12
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       48a66213fe
  Built:            Mon Jun 22 15:45:28 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

我遵循官方文档容器运行时但我在 GitHub 中也发现了一个 repo,它描述了一些不同的配置CRI-O(GitHub)

我尝试从源代码安装 cri-o,也尝试从 rpm 安装。两次结果都一样:

Jun 25 13:31:19 hostname kubelet[23665]: I0625 13:31:19.700722   23665 server.go:417] Version: v1.18.2
Jun 25 13:31:19 hostname kubelet[23665]: I0625 13:31:19.701175   23665 plugins.go:100] No cloud provider specified.
Jun 25 13:31:19 hostname kubelet[23665]: I0625 13:31:19.701208   23665 server.go:837] Client rotation is on, will bootstrap in background
Jun 25 13:31:19 hostname kubelet[23665]: F0625 13:31:19.701323   23665 server.go:274] failed to run Kubelet: unable to load bootstrap kubeconfig: stat /etc/kubernetes/bootstrap-kubelet.conf: no such file or directory
Jun 25 13:31:19 hostname systemd[1]: kubelet.service: main process exited, code=exited, status=255/n/a
Jun 25 13:31:19 hostname systemd[1]: Unit kubelet.service entered failed state.
Jun 25 13:31:19 hostname systemd[1]: kubelet.service failed.

如果我没记错的话,据我所知,这个文件/etc/kubernetes/bootstrap-kubelet.conf是在 kubeadm 启动时自动生成的。

我已应用的配置。

10-kubeadm.conf:

# cat /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generate at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably,
# the user should use the .NodeRegistration.KubeletExtraArgs object in the configuration files instead.
# KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

01-日志级别.conf:

# cat /etc/crio/crio.conf.d/01-log-level.conf
[crio.runtime]
log_level = "info"

01-cgroup-manager.conf:

# cat /etc/crio/crio.conf.d/01-cgroup-manager.conf
[crio.runtime]
cgroup_manager = "systemd"

kubelet:

# cat /etc/default/kubelet
KUBELET_EXTRA_ARGS=--feature-gates="AllAlpha=false,RunAsGroup=true" --container-runtime=remote --cgroup-driver=systemd --container-runtime-endpoint='unix:///var/run/crio/crio.sock' --runtime-request-timeout=5m

我可以从我的 repo 中提取图像,从而验证 cri-o 套接字是否正常工作:

# kubeadm config images pull --image-repository=my.private.repo --kubernetes-version=v1.18.2 --cri-socket unix:///var/run/crio/crio.sock
W0625 13:53:17.554897   29936 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[config/images] Pulled my.private.repo/kube-apiserver:v1.18.2
[config/images] Pulled my.private.repo/kube-controller-manager:v1.18.2
[config/images] Pulled my.private.repo/kube-scheduler:v1.18.2
[config/images] Pulled my.private.repo/kube-proxy:v1.18.2
[config/images] Pulled my.private.repo/pause:3.2
[config/images] Pulled my.private.repo/etcd:3.4.3-0
[config/images] Pulled my.private.repo/coredns:1.6.7

我花了 3 天时间,但还是没能搞清楚。有经验的人能提供更多信息吗?

更新:添加初始化命令:

kubeadm init \
        --upload-certs \
        --cri-socket=unix:///var/run/crio/crio.sock \ # /var/run/dockershim.sock 
        --node-name=master-prime \
        --image-repository=my.private.repo \
        --pod-network-cidr=10.96.0.0/16 \
        --kubernetes-version=v1.18.2 \
        --control-plane-endpoint=IP:PORT \
        --apiserver-cert-extra-sans=IP \
        --apiserver-advertise-address=IP

答案1

我提出这个问题已经有一段时间了,但我从来没有回答过。我完全忘记了。

我的问题是我在离线集群上启动集群。

我设法解决了这个问题,CRI-O 团队要求我记录下来以防其他人尝试做同样的事情。

完整的配置和步骤可以在官方GitHub页面找到:在离线网络中运行 kubeadm

希望这在未来能够帮助到其他人。

相关内容