Ubuntu22.04搭建k8s

环境基础要求

1、已禁用selinux

2、关闭防火墙

3、/etc/hosts已经写好各个节点的ip与对应主机名

4、关闭swap

基础环境配置

1、master以及slave均需要(分别执行)

cat << EOF > /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter

2、内核参数配置,master以及slave均需要(分别执行)

cat << EOF > /etc/sysctl.d/99-kubernetes-cri.conf
vm.swappiness = 0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
user.max_user_namespaces=28633
EOF
sysctl -p /etc/sysctl.d/99-kubernetes-cri.conf

部署containerd

containerd每个节点都会需要安装

1、按照docker官方文档方式安装

apt-get update
apt-get install ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install containerd.io

2、修改/etc/containerd/config.toml配置文件以启用systemd作为cgroup驱动

​ (1)可以使用vim编辑时查找SystemdCgroup,将其改为true

mv /etc/containerd/config.toml /etc/containerd/config.toml.bak && containerd config default > /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  ...
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    SystemdCgroup = true

​ (2)可以使用vim编辑时查找sandbox_image,将原本的值改为registry.k8s.io/pause:3.9

[plugins."io.containerd.grpc.v1.cri"]
  sandbox_image = "registry.k8s.io/pause:3.9"

​ (3)设置containerd开机自启动并且启动它

systemctl enable containerd && systemctl restart containerd

部署k8s

master部分

1、按照官方文档方式安装kubeadm、kubectl、kubelet

apt-get update
apt-get install -y apt-transport-https ca-certificates curl gpg
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
systemctl enable --now kubelet     #这一条执行完之后kubelet会总是重启,因为它在等待kubeadm告诉它该干嘛,属于正常现象

2、生成一个用于初始化集群的配置文件

建议在用户的家目录下执行,比如root的/root

kubeadm config print init-defaults > kubeadm-init.yml

执行上述命令后会生成一个kubeadm-init.yml文件,随后vim编辑它,示例如下

apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 0s  #修改为0s来让token永不过期
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.171.131 #填写master的内网ip
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  name: master  #master节点的名字
  taints: null
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: 1.30.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.244.0.0/16  #这一行原本没有,加上去,同时记住它,等同于参数--pod-network-cidr=
scheduler: {}
#下面的东西本来没有,加上去,告诉kubeadm要用systemd作为cgroup的驱动
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
failSwapOn: false

3、拉取镜像

kubeadm config images pull --config=kubeadm-init.yml

4、初始化集群

kubeadm init --config=kubeadm-init.yml

记住最后给你显示的kubeadm join 命令,这个命令可以用于在slave加入集群

5、配置用户如何使用kubectl访问集群

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
slave部分

1、按照官方文档方式安装kubelet、kubeadm

apt-get update
apt-get install -y apt-transport-https ca-certificates curl gpg
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet kubeadm
apt-mark hold kubelet kubeadm
systemctl enable --now kubelet     #这一条执行完之后kubelet会总是重启,因为它在等待kubeadm告诉它该干嘛,属于正常现象

部署calico作为k8s的网络插件(CNI)

该部分仅master需要部署

1、下载最新版的calico.yaml

wget https://raw.githubusercontent.com/projectcalico/calico/master/manifests/calico.yaml

2、修改calico.yaml,可以用vim搜索“192”然后修改成这样

```
- name: CALICO_IPV4POOL_CIDR  #这两行原本是注释掉了,取消注释
              value: "10.244.0.0/16"  #这里配成和上面的 podSubnet: 10.244.0.0/16一样,也就是填写10.244.0.0/16
```

3、根据该配置文件部署calico

kubectl apply -f calico.yaml

该过程会要较长时间,观察一下启动情况,当都为running时即可

watch kubectl get pods -A

比如这样

NAMESPACE     NAME                                     READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-57cf4498-zzcvx   1/1     Running   0          4h14m
kube-system   calico-node-kxlb8                        1/1     Running   0          4h14m
kube-system   calico-node-m46nk                        1/1     Running   0          75m
kube-system   coredns-7db6d8ff4d-pt6bz                 1/1     Running   0          4h22m
kube-system   coredns-7db6d8ff4d-spqz4                 1/1     Running   0          4h22m
kube-system   etcd-node                                1/1     Running   0          4h22m
kube-system   kube-apiserver-node                      1/1     Running   0          4h22m
kube-system   kube-controller-manager-node             1/1     Running   0          4h22m
kube-system   kube-proxy-8v247                         1/1     Running   0          4h22m
kube-system   kube-proxy-pfhwh                         1/1     Running   0          75m
kube-system   kube-scheduler-node                      1/1     Running   0          4h22m

将slave加入到master

1、在slave用前面那个kubeadm join命令加入,比如

kubeadm join 192.168.171.131:6443 --token abcdef.0123456789abcdef   --discovery-token-ca-cert-hash sha256:2a1edb8677ec737b8f5b8ea4e14a501acc4ab27eadb39fb7229810fc675007f9

等待大概3分钟

2、在master进行观察

kubectl get nodes

3、可以看到已经加入

NAME   STATUS   ROLES           AGE     VERSION
k8s2   Ready    <none>          82m     v1.30.2
master   Ready    control-plane   4h29m   v1.30.2

结束