关闭交换内存
- 编辑
/etc/fstab
文件,注释掉#/swap.img none swap sw 0 0
该行 - 重启生效
reboot
关闭防火墙
ufw disable
时间同步
timedatectl set-timezone "Asia/Shanghai"
sudo apt install ntpdate
sudo ntpdate -u ntp.aliyun.com
date
加载内核模块
sudo tee /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
设置Kubernetes内核参数
sudo tee /etc/sysctl.d/kubernetes.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
使内核参数生效
sudo sysctl --system
安装 Containerd Runtime
sudo apt install -y curl gnupg2 software-properties-common apt-transport-https ca-certificates
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/docker.gpg
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
sudo apt install -y containerd.io
containerd config default | sudo tee /etc/containerd/config.toml >/dev/null 2>&1
sudo sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl enable containerd
更换k8s源
curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/kubernetes-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/etc/apt/trusted.gpg.d/kubernetes-archive-keyring.gpg] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt update
安装Kubectl, Kubeadm and Kubelet
sudo apt update
sudo apt install -y kubeadm=1.26.9-00 kubelet=1.26.9-00 kubectl=1.26.9-00
sudo apt-mark hold kubelet kubeadm kubectl
生成init文件
kubeadm config print init-defaults > kubeadm-init.yaml
修改init文件
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.1.179
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: {nodeName}
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.26.9
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
Kubernetes 控制平面节点初始化
kubeadm init --config=kubeadm-init.yaml
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
vim /root/.bashrc
export KUBECONFIG=/etc/kubernetes/admin.conf
source /root/.bashrc
- 若初始化失败则给container添加代理
- 重新初始化需要执行
kubeadm reset
命令
给Container添加代理
mkdir /etc/systemd/system/containerd.service.d
vim /etc/systemd/system/containerd.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://127.0.0.1:7890"
Environment="HTTPS_PROXY=http://127.0.0.1:7890"
Environment="NO_PROXY=localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local,.ewhisper.cn"
systemctl daemon-reload
systemctl restart containerd.service
安装Calico网络插件
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml
kubectl get pods -n kube-system
查看POD状态
kubectl get pods -A
Master容忍调度(可选,仅用于单台机器测试)
kubectl taint nodes {nodeName} node-role.kubernetes.io/control-plane:NoSchedule-
测试集群
kubectl create deployment nginx-app --image=nginx --replicas=2
![image.png](https://i-blog.csdnimg.cn/blog_migrate/4ef34bfe8d5d01c1a188537aa09a185a.png)