Ubuntu 24.04部署k8s单master集群吐血整理版
[!NOTE]
本文主要介绍docker案例,因为containerd我真的pull不来镜像啊!科学上网+阿里云镜像加速都不行,弄不懂了老师们,有大佬知道怎么处理麻烦一定告诉我
[TOC]
一些准备工作 准备三台机器,1台matser+2台node
名称(随意咯)
IP
k8s-master
192.168.1.210
k8s-node1
192.168.1.212
k8s-node2
192.168.1.213
ubuntu基础配置 配置主机名 三台主机分别配置对应主机名(其实可以安装系统的时候直接改了,更快一点)
sudo hostnamectl set-hostname "k8s-master" sudo hostnamectl set-hostname "k8s-node1" sudo hostnamectl set-hostname "k8s-node2"
修改hosts cat >> /etc/hosts << EOF 192.168.31.224 k8s-master 192.168.31.225 k8s-node1 192.168.31.226 k8s-node2 EOF
同步时间 timedatectl set-timezone Asia/Shanghai sudo apt install -y ntpsec-ntpdate ntpdate ntp.aliyun.com
配置内核 # 配置内核参数 cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF # 添加模块 modprobe overlay modprobe br_netfilter # 配置文件永久生效 cat << EOF | tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF # 应用配置 sudo sysctl --system
禁用交换分区 Kubernetes要求禁用交换分区:
sudo swapoff -asudo vim /etc/fstab
在/etc/fstab文件中注释掉包含swap的行:
# /swap.img none swap sw 0 0
安装ipvs apt install -y ipset ipvsadm # 配置模块 cat << EOF | tee /etc/modules-load.d/ipvs.conf ip_vs ip_vs_rr ip_VS_wrr ip_vs_sh nf_conntrack EOF # 编辑脚本自动加载 cat << EOF | tee ipvs.sh #!/bin/sh modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack EOF # 执行脚本 sh ipvs.sh
安装docker #创建一个脚本文件 sudo vim docker.sh #给执行权限 sudo chmod +x docker.sh
脚本内容 #!/bin/bash set -e # 安装必要的软件包 sudo apt update sudo apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg # 添加Docker GPG密钥(使用阿里云镜像) curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg # 添加Docker APT仓库 echo \ "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \ https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \ | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null # 更新APT包索引 sudo apt update # 安装Docker CE sudo apt install -y docker-ce docker-ce-cli containerd.io # 启动Docker并设置开机自启 sudo systemctl start docker sudo systemctl enable docker # 将当前用户添加到docker组 sudo usermod -aG docker "$USER" # 配置Docker镜像加速(以阿里云为例) sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json > /dev/null <<-'EOF' { "registry-mirrors": ["https://registry.cn-hangzhou.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2" } EOF # 重启Docker服务 sudo systemctl daemon-reload sudo systemctl restart docker # 验证Docker安装 docker --version echo "Docker 安装完成,当前用户已添加至 docker 组,需注销或重启以生效。"
添加docker镜像加速 sudo vim /etc/docker/daemon.json { "registry-mirrors": [ "https://docker.1ms.run", "https://doublezonline.cloud", "https://dislabaiot.xyz", "https://docker.fxxk.dedyn.io", "https://dockerpull.org", "https://docker.unsee.tech", "https://hub.rat.dev", "https://docker.1panel.live", "https://docker.nastool.de", "https://docker.zhai.cm", "https://docker.5z5f.com", "https://a.ussh.net", "https://docker.udayun.com", "https://hub.geekery.cn" ]
[!NOTE]
加速镜像这部分自己搜索一下最新的比较好,可能会失效
安装cri-docker 下载cri-docker GitHub地址:https://github.com/Mirantis/cri-dockerd/releases
直接下好用工具放进去比较快,直接用机器下太慢了
配置cri-docker 安装 解压完了后把cri-dockerd放到/usr/local/bin或者/usr/bin,建议前者,后者有更新的话会被覆盖掉
mv cri-dockerd /usr/local/bin
配置
写一个启动脚本
sudo vim /etc/systemd/system/cri-docker.service
[Unit] Description=CRI Interface for Docker Application Container Engine Documentation=https://docs.mirantis.com After=network-online.target firewalld.service docker.service Wants=network-online.target Requires=cri-docker.socket [Service] Type=notify ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10 --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --cri-dockerd-root-directory=/var/lib/dockershim --docker-endpoint=unix:///var/run/docker.sock --cri-dockerd-root-directory=/var/lib/docker ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always StartLimitBurst=3 StartLimitInterval=60s LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity Delegate=yes KillMode=process [Install] WantedBy=multi-user.target
这里我安装的是k8s 1.33.1,对应pause是3.10,装别的版本需要修改一下。
Kubernetes 版本
推荐 pause 镜像版本(pause tag)
v1.33.x
pause:3.10
v1.32.x
pause:3.10
v1.31.x
pause:3.9
v1.30.x
pause:3.9
v1.29.x
pause:3.9
v1.28.x
pause:3.9
v1.27.x
pause:3.8
v1.26.x
pause:3.8
v1.25.x
pause:3.8
v1.24.x
pause:3.7
写一个监听文件
sudo vim /etc/systemd/system/cri-docker.socket
[Unit] Description=CRI Docker Socket for the API PartOf=cri-docker.service [Socket] ListenStream=/var/run/cri-docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target
重新加载并设置开机启动
sudo systemctl daemon-reload sudo systemctl enable cri-dockerd.service sudo systemctl enable cri-dockerd.socket sudo systemctl start cri-dockerd.service sudo systemctl start cri-dockerd.socket
验证一下
sudo ss -lntp | grep dockerd
没输出就是有问题的,看一下sudo journalctl -xeu cri-docker.service是啥问题
部署k8s 安装k8s 一样写个脚本,我安装的是1.33.1,版本可以看阿里云镜像站选择自己想要的,kubernetes镜像_kubernetes下载地址_kubernetes安装教程-阿里巴巴开源镜像站
#!/bin/bash set -e echo "开始安装 Kubernetes v1.33 组件..." # 1. 安装基础依赖 echo "安装依赖..." apt-get update && apt-get install -y apt-transport-https curl # 2. 添加 Kubernetes GPG 密钥(阿里云镜像) echo "添加 Kubernetes v1.33 官方密钥..." mkdir -p /etc/apt/keyrings curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.33/deb/Release.key | \ gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg # 3. 添加 Kubernetes APT 源(阿里云镜像) echo "添加 Kubernetes v1.33 仓库源..." echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.33/deb/ /" | \ tee /etc/apt/sources.list.d/kubernetes.list # 4. 安装组件 echo "更新并安装 kubelet/kubeadm/kubectl..." apt-get update apt-get install -y kubelet=1.33.* kubeadm=1.33.* kubectl=1.33.* # 5. 锁定版本 echo "锁定 Kubernetes v1.33 版本..." apt-mark hold kubelet kubeadm kubectl # 6. 验证安装 echo "安装完成!版本信息:" kubelet --version | awk '{print "Kubelet: " $2}' kubeadm version -o short | awk '{print "Kubeadm: " $1}' kubectl version --client -o yaml | grep gitVersion | awk '{print "Kubectl: " $2}'
配置cgroup管理 sudo sudo vim /etc/default/kubelet KUBELET_EXTRA_ARGS="--cgroup-driver=systemd" systemctl enable kubelet
初始化集群 在master节点运行,根据自己的ip地址规划来,一般就是把master改成自己的就行了
sudo kubeadm init --kubernetes-version=1.33.1 --control-plane-endpoint=k8s-master --apiserver-advertise-address=10.0.10.210 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --image-repository=registry.aliyuncs.com/google_containers --cri-socket=unix:///var/run/cri-dockerd.sock --upload-certs --v=9
初始化后输出successfully就成功了,然后把第一个框里的内容输入到master节点,第二个框里的内容去除--control-plane 和 --certificate-key 参数后输入node节点,记得加sudo。
安装网络插件 在master上安装calico网络插件,官网文档 。
# 下载Calico清单文件,没有加速挺慢的,可以用别的方式下载后执行 kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.30.0/manifests/tigera-operator.yaml # 成功会输出 namespace/tigera-operator created serviceaccount/tigera-operator created clusterrole.rbac.authorization.k8s.io/tigera-operator-secrets created clusterrole.rbac.authorization.k8s.io/tigera-operator created clusterrolebinding.rbac.authorization.k8s.io/tigera-operator created rolebinding.rbac.authorization.k8s.io/tigera-operator-secrets created deployment.apps/tigera-operator created # 下载Calico文件,不要根据官网直接安装 wget https://raw.githubusercontent.com/projectcalico/calico/v3.30.0/manifests/custom-resources.yaml # 修改其中cidr,具体参数就是初始话master时候配置的地址池 spec: # Configures Calico networking. calicoNetwork: ipPools: - name: default-ipv4-ippool blockSize: 26 cidr: 10.244.0.0/16 encapsulation: VXLANCrossSubnet natOutgoing: Enabled nodeSelector: all() # 修改完后安装 kubectl create -f custom-resources.yam # 验证Calico Pod是否正常运行 kubectl get pod -n calico-system # 查看系统Pod状态,正常应为ready kubectl get pods -n kube-system
安装包管理器helm(可选) 官网脚本安装 curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
一般国内估计够呛,可以直接去releases页面 下载最新版
直接下载 # 解压并安装 tar -zxvf helm-${VERSION}-linux-amd64.tar.gz sudo mv linux-amd64/helm /usr/local/bin/helm # 验证一下 helm version
