0x0. 环境准备
本文服务器的公网IP:192.168.56.101
- OS version: Ubuntu 22
- CPU Architecture: x86_64
- K8s version: v1.29
0x1. 安装依赖
1
2
3
4
5
6
7
| apt install -y \
curl \
wget \
systemd \
lrzsz \
bash-completion \
gpg
|
0x2. 安装前准备
开启必要的端口
开启端口或直接关闭防火墙
同步服务器时间
1
2
3
| sudo timedatectl set-timezone Asia/Shanghai && sudo timedatectl set-local-rtc 0
sudo systemctl restart rsyslog
sudo systemctl restart crond
|
修改主机名
方便通过主机名访问对于的服务器
1
2
3
4
5
|
sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node1
sudo hostnamectl set-hostname k8s-node2
|
修改hosts
1
2
3
4
5
| cat >/etc/hosts <<EOF
192.168.56.101 k8s-master
192.168.56.102 k8s-node1
192.168.56.103 k8s-node2
EOF
|
关闭selinux
1
| setenforce 0 && sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
|
关闭swap分区或者禁用swap文件
1
| swapoff -a && sed -ri 's/.*swap.*/#&/' /etc/fstab
|
0x3. 容器运行时
https://v1-29.docs.kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/
转发IPv4并让iptables看到桥接流量
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
lsmod | grep br_netfilter
lsmod | grep overlay
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
|
安装容器运行时
https://docs.docker.com/engine/install/ubuntu/
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install containerd.io
|
1
2
3
4
5
| sudo mkdir -p /etc/containerd
sudo containerd config default >/etc/containerd/config.toml
sudo sed -i "s#SystemdCgroup = false#SystemdCgroup = true#g" /etc/containerd/config.toml
sudo systemctl daemon-reload
sudo systemctl enable containerd && sudo systemctl restart containerd
|
0x4. 安装k8s
1
2
3
4
5
6
7
8
9
10
| apt update
apt install -y apt-transport-https ca-certificates curl gpg
sudo mkdir -p -m 755 /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt update
apt install -y kubelet-$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable-1.29.txt) \
kubeadm-$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable-1.29.txt) \
kubectl-$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable-1.29.txt)
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| cat >/etc/default/kubelet <<EOF
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"
EOF
crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock
crictl config image-endpoint unix:///var/run/containerd/containerd.sock
sed -i '/KUBELET_KUBEADM_ARGS/s/"$/ --container-runtime=remote --container-runtime-endpoint=unix:\/\/\/run\/containerd\/containerd.sock"/' /var/lib/kubelet/kubeadm-flags.env
systemctl enable --now kubelet
systemctl status kubelet
journalctl -xe
|
0x5. 运行k8s
https://v1-29.docs.kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
https://kubernetes.io/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/
1
2
3
4
5
6
7
| mkdir -p /k8sdata/log/
kubeadm init \
--apiserver-advertise-address=192.168.56.101 \
--kubernetes-version=v1.29.8 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--cri-socket=unix:///var/run/containerd/containerd.sock | tee /k8sdata/log/kubeadm-init.log
|
1
2
3
| mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
|
提示:
- 如果是搭建的服务器是主节点,则服务器至少2核2G,如果没有达到该配置但是仍想安装,则可以在
kubeadm init
命令行中使用–ignore-preflight-errors=CpuNum即可忽略报错。
- 如果初始化失败,通过
kubeadm reset进行重设
0x6. 安装网络系统
1
2
3
| mkdir -p /k8sdata/network/
wget --no-check-certificate -O /k8sdata/network/flannelkube-flannel.yml https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl create -f /k8sdata/network/flannelkube-flannel.yml
|
1
2
3
| mkdir -p /k8sdata/network/
wget --no-check-certificate -O /k8sdata/network/calico.yml https://docs.projectcalico.org/manifests/calico.yaml
kubectl create -f /k8sdata/network/calico.yml
|
0x7. k8s命令行补全
1
2
3
4
5
| ! grep -q kubectl "$HOME/.bashrc" && echo "source /usr/share/bash-completion/bash_completion" >>"$HOME/.bashrc"
! grep -q kubectl "$HOME/.bashrc" && echo "source <(kubectl completion bash)" >>"$HOME/.bashrc"
! grep -q kubeadm "$HOME/.bashrc" && echo "source <(kubeadm completion bash)" >>"$HOME/.bashrc"
! grep -q crictl "$HOME/.bashrc" && echo "source <(crictl completion bash)" >>"$HOME/.bashrc"
source "$HOME/.bashrc"
|
0x8. k8s常用命令
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
kubectl get nodes -o wide
watch kubectl get nodes -o wide
kubectl get pods --all-namespaces -o wide
kubeadm config images list
kubeadm token create --print-join-command
kubectl describe node k8s-master
kubectl describe pod kube-flannel-ds-hs8bq --namespace=kube-flannel
|