记录一下最近新遇到的arm64 EulerOS系统,安装k8s问题
基础环境
系统是EulerOS-2.0-SP10,查询到的很多文章都是可以通过yum进行安装
image.png
数据盘挂载
有数据盘的机器,可以通过fdisk -l,如当前机器有三个7T数据盘,操作如下:
- parted数据盘创建label为gpt
- fdisk数据盘创建设备
- mkfs.ext4格式化磁盘
- 挂载
防火墙
# 设置:解除防火墙限制
加载模块:
modprobe br_netfilter
持久化(解决重启后失效):
cat << EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
cat <<EOF >> /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
EOF
sysctl -p /etc/sysctl.d/k8s.conf
# 有些有防火墙需要进行关闭
ufw disable
Runtime
docker
基本走华为源,dnf也可以安装
# 这里需要换成阿里源, 换成其他源会报无法同步的错误。
yum install -y device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache
yum install -y python3-policycoreutils policycoreutils policycoreutils-python-utils selinux-policy selinux-policy-base selinux-policy-targeted
yum install -y container-selinux
# 部分Euler OS可能需要手动下载container-selinux
# wget https://mirrors.huaweicloud.com/centos-altarch/7/extras/aarch64/Packages/container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
# dnf install -y https://mirrors.huaweicloud.com/centos-altarch/8.1.1911/AppStream/armhfp/os/Packages/container-selinux-2.94-1.git1e99f1d.module_el8.1.0+132+34fc7673.noarch.rpm
# 安装docker-ce
yum install docker-ce-18.06.3.ce-3.el7
# 启动docker
systemctl enable docker && systemctl start docker
cri-docker
# https://github.com/Mirantis/cri-dockerd 可以直接去GitHub查找下载包
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.14/cri-dockerd-0.3.14.arm64.tgz
tar -zxvf cri-dockerd-0.3.14.arm64.tgz
cp cri-dockerd/cri-dockerd /usr/bin/
chmod +x /usr/bin/cri-dockerd
# 配置启动文件
cat <<"EOF" > /usr/lib/systemd/system/cri-docker.service
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/cri-dockerd --network-plugin=cni --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
# 生成socket 文件
cat <<"EOF" > /usr/lib/systemd/system/cri-docker.socket
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
# 启动CRI-DOCKER
systemctl daemon-reload
systemctl start cri-docker
systemctl enable cri-docker
systemctl is-active cri-docker
如果启动不正常,提示如下错误
image.png
添加用户组docker,groupadd docker再进行启动
k8s组件
组件安装
# yum 源,可以换成国内源,对应k8s版本可能有些会没有
cat >/etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.27/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.27/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
yum clean all && yum makecache
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes --skip-broken --nobest
如果提示错误,Problem: cannot install the best candidate for the job nothing provides socat needed by kubelet-1.27.15-150500.1.1.aarch64,
需要手动下载socat包进行安装,没有找到可用的源,下载链接如下:
https://www.rpmfind.net/linux/rpm2html/search.php?query=socat&submit=Search+...&system=&arch=aarch64
# 安装
rpm -Uvh --nodeps socat-2.0.0-0.b9.9.mga8.aarch64.rpm
# 重新执行kubelet的安装就可以了
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes --skip-broken --nobest
集群初始化
- 生成配置
# 创建配置
kubeadm config print init-defaults > kubeadm-config.yaml
- 修改配置
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: xxx # 一般为内网LB地址,代理三个master的6443端口,如果是单节点,配置节点的ip
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/cri-dockerd.sock # 不同的runtime,配置不同,一般为unix:///var/run/containerd/containerd.sock或unix:///var/run/cri-dockerd.sock
imagePullPolicy: IfNotPresent
name: devserver-test-npu-master # master-01的hostname,需要在master-01节点上映射下
taints: null
---
controlPlaneEndpoint: xxx:6443 # 必填,一般为内网LB地址,如果是单节点,配置该节点IP
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: devserver-test # 集群名称,可以自定义
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 修改成国内镜像源,一般是用阿里的
kind: ClusterConfiguration
kubernetesVersion: 1.27.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.249.0.0/16 # 子网网段,如果想不同k8s集群用不同的,修改这里即可
scheduler: {}
- 初始化
kubeadm init --config=kubeadm-config.yaml
到此就可以安装网络组件calico或flannel,添加master、node节点
node环境初始化
NPU节点需要配套安装ascend相关组件,使用ascend-docker-runtime去挂载NPU到容器内部,待定。
近期无法直接拉取docker.io的镜像,有些相关组件的启动挺麻烦的
