说明
仓库地址 当前操作命令都编辑成脚本在 install.sh 中,如有需要可以直接使用install.sh进行处理, images文件夹下的容器内容太大不能上传,可本地下载后导入, 具体操作请查看 启动k8s 部分, 将导出的容器存放到 images 文件夹下, 执行脚本时所需要用到的文件及文件夹有(images, system, install.sh), 其他文件夹按需上传
安装前操作
因为很多命令需要root权限,需要切换到 root 用户进行操作, sudo su -
关闭swap, 防火墙, 设置iptables, 同步时区
sh
swapoff -a
# 检查是否存在已注释的swap条目
# -i.bak.$(date +%s) 直接编辑文件并在操作前基于当前时间戳(秒数)创建一个备份
# /swap/s/^/#/ 查找到所有包含swap的行,并在开头添加 #
grep '^#.*swap' /etc/fstab > /dev/null || sed -i.bak.$(date +%s) '/swap/s/^/#/' /etc/fstab
# 关闭防火墙
systemctl stop ufw && systemctl disable ufw
# 配置iptables
# 显示加载 br_netfilter
modprobe br_netfilter
cat <<EOF | tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
# 启动ipv6
# net.ipv4.ip_forward ipv4数据包转发
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system
# 设置时区为上海并同步时区,因为虚拟机快照还原时时间和现在时间不同步
# 使用apt update 时会有docker安装包查询失败
timedatectl set-timezone Asia/Shanghai
systemctl restart systemd-timedated
systemctl restart systemd-timesyncd
date更新 安装包
shell
apt update
apt install -y apt-transport-https ca-certificates curl gpg gnupg
# 创建公钥存放路径
mkdir -p -m 755 /etc/apt/keyrings
# 如果有安装docker, 需要先将docker进行卸载
apt remove docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc
# 卸载Docker Engine、CLI、containerd 和 Docker Compose
apt purge docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras
# 删除所有镜像、容器和卷
rm -rf /var/lib/docker
rm -rf /var/lib/containerd
# 删除源列表和密钥环
rm /etc/apt/sources.list.d/docker.list
rm /etc/apt/keyrings/docker.asc
# 删除docker服务
rm -rf /etc/systemd/system/docker.service
rm -rf /etc/systemd/system/docker.service.d
# 配置 docker 和 k8s 安装源
# 配置docker阿里云镜像源信息
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
#chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
# 配置k8s阿里云镜像源信息
# 添加阿里云源 请查看 https://developer.aliyun.com/mirror/kubernetes/?spm=a2c6h.25603864.0.0.71132529Js0emC 新版配置方法
curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.32/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list
apt update
echo "安装docker"
apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# 添加 crictl 配置文件,后续crictl使用docker的容器进行管理
cat <<EOF | tee /etc/crictl.yaml
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: false
EOF
# 安装k8s
apt install -y kubectl kubeadm kubelet
# 锁定版本,避免意外升级
apt-mark hold kubelet kubeadm kubectl启动k8s
因为docker代理被关闭,下载容器需要很长时间,可以提前下载后上传导入
shell
# 查看启动需要的容器
kubeadm config images list
#下载需要用到的docker包
docker pull registry.aliyuncs.com/google_containers/coredns:v1.11.3
docker pull registry.aliyuncs.com/google_containers/etcd:3.5.16-0
docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.32.0
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.32.0
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.32.0
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.32.0
docker pull registry.aliyuncs.com/google_containers/pause:3.10
# 下载网络插件
docker pull ghcr.io/flannel-io/flannel-cni-plugin:v1.6.2-flannel1
docker pull ghcr.io/flannel-io/flannel:v0.26.4
# 导出容器
docker save -o coredns_v1.11.3.tar registry.aliyuncs.com/google_containers/coredns:v1.11.3
docker save -o etcd_3.5.16-0.tar registry.aliyuncs.com/google_containers/etcd:3.5.16-0
docker save -o kube-apiserver_v1.32.0.tar registry.aliyuncs.com/google_containers/kube-apiserver:v1.32.0
docker save -o kube-controller-manager_v1.32.0.tar registry.aliyuncs.com/google_containers/kube-controller-manager:v1.32.0
docker save -o kube-proxy_v1.32.0.tar registry.aliyuncs.com/google_containers/kube-proxy:v1.32.0
docker save -o kube-scheduler_v1.32.0.tar registry.aliyuncs.com/google_containers/kube-scheduler:v1.32.0
docker save -o pause_3.10.tar registry.aliyuncs.com/google_containers/pause:3.10
docker save -o flannel-cni-plugin_v1.6.2-flannel1.tar ghcr.io/flannel-io/flannel-cni-plugin:v1.6.2-flannel1
docker save -o flannel_v0.26.4.tar ghcr.io/flannel-io/flannel:v0.26.4
# 本地上传到服务器
scp -r coredns_v1.11.3.tar [email protected]:/home/master/k8s-init/images
# 导入到ctr
ctr -n=k8s.io i import /home/master/k8s-init/images/coredns_v1.11.3.tar
ctr -n=k8s.io i import /home/master/k8s-init/images/etcd_3.5.16-0.tar
ctr -n=k8s.io i import /home/master/k8s-init/images/kube-apiserver_v1.32.0.tar
ctr -n=k8s.io i import /home/master/k8s-init/images/kube-controller-manager_v1.32.0.tar
ctr -n=k8s.io i import /home/master/k8s-init/images/kube-proxy_v1.32.0.tar
ctr -n=k8s.io i import /home/master/k8s-init/images/kube-scheduler_v1.32.0.tar
ctr -n=k8s.io i import /home/master/k8s-init/images/pause_3.10.tar
ctr -n=k8s.io i import /home/master/k8s-init/images/flannel-cni-plugin_v1.6.2-flannel1.tar
ctr -n=k8s.io i import /home/master/k8s-init/images/flannel_v0.26.4.tar使用命令启动时,会提示容器要使用systemd做驱动的错误,命令中没有直接修改驱动的情况,所以此处使用yaml进行创建
yaml
apiServer: {}
apiVersion: kubeadm.k8s.io/v1beta4
clusterName: k8s-init
kind: ClusterConfiguration # 集群级别配置
kubernetesVersion: 1.32.0 # 使用的版本
imageRepository: registry.aliyuncs.com/google_containers
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16 # 确保与您选择的CNI插件兼容
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration # 配置 kubelet
cgroupDriver: systemd # 设置cgroup driver为systemd
serializeImagePulls: false
evictionHard: # kubelet 在资源不足时驱逐 pod 的硬性阈值
memory.available: "100Mi"
nodefs.available: "10%"
nodefs.inodesFree: "5%"
---
apiVersion: kubeadm.k8s.io/v1beta4
kind: InitConfiguration # 初始化配置
nodeRegistration:
criSocket: "unix:///var/run/containerd/containerd.sock" # 根据使用的容器运行时调整路径
name: "master" # 将主机名称设置为 master, 如果不设置,会通过hostname进行获取
shell
# 启动主节点
kubeadm init --config kubeadm-init.yaml
# kubectl 是使用 ~/.kube/config 来确定如何连接集群的,
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf安装网络插件, 从节点接入时通信
yaml
# 安装Flannel网络插件, 使用文件为 https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml 配置信息
# 使用此配置文件时, 需要修改net-conf.json配置和kubeadm-init.yaml中的 podSubnet 配置相同
# 安装网络插件
kubectl apply -f kube-flannel.yaml