mobile wallpaper 1mobile wallpaper 2mobile wallpaper 3mobile wallpaper 4mobile wallpaper 5mobile wallpaper 6
Profile Image of the Author
Dorimu
统计加载中...
公告
Dorimu的站点正在建设中,欢迎参观~
标签
94 字
1 分钟
部署k8s
2025-07-26
运维
Kubernetes
/
k8s
/
Docker
/
容器
统计加载中...

部署k8s#

前言#

上网环境真坑。

步骤#

准备#

# 时区
sudo timedatectl set-timezone Asia/Shanghai
sudo ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime


# 配置内核模块
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF


sudo modprobe overlay
sudo modprobe br_netfilter


# 设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF


# 应用 sysctl 参数而不重新启动
sudo sysctl --system

配置容器运行时#

  • 安装 containerd
sudo apt-get update && sudo apt-get install -y containerd
  • 配置 containerd
sudo mkdir -p /etc/containerd
sudo containerd config default | sudo tee /etc/containerd/config.toml
  • 修改为 SystemdCgroup
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
cat /etc/containerd/config.toml | grep SystemdCgroup
  • 配置 containerd 服务
sudo systemctl enable containerd
sudo systemctl restart containerd
sudo systemctl status containerd
  • containerd 配置镜像加速
nano /etc/containerd/config.toml


# 查找并修改 config_path
# [plugins."io.containerd.cri.v1.images".registry]
# config_path = "/etc/containerd/certs.d"


mkdir -p /etc/containerd/certs.d/docker.io
mkdir -p /etc/containerd/certs.d/registry.k8s.io


cat > /etc/containerd/certs.d/docker.io/hosts.toml <<EOF
server = "https://docker.io"


[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]
[host."https://dockerproxy.com/"]
  capabilities = ["pull", "resolve"]
EOF


cat > /etc/containerd/certs.d/registry.k8s.io/hosts.toml <<EOF
server = "https://registry.k8s.io"


[host."https://k8s.m.daocloud.io"]
  capabilities = ["pull", "resolve"]
EOF


systemctl restart containerd.service

安装 kubelet/kubeadm/kubectl#

sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl gpg


sudo mkdir -p -m 755 /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg


echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list


sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

修改 machine-id#

nano /etc/machine-id

启动 control-plane#

sudo kubeadm init --control-plane-endpoint=10.15.2.70 --node-name=k8s-control-plane --pod-network-cidr=10.244.0.0/16 --kubernetes-version=v1.33.3 --image-repository=registry.aliyuncs.com/google_containers --upload-certs -v=5


mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config


kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

安装 helm#

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

安装 Kubernetes Dashboard kite#

kubectl apply -f https://raw.githubusercontent.com/zxh326/kite/refs/heads/main/deploy/install.yaml

安装 ingress-nginx#

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
kubectl create namespace ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --set controller.publishService.enabled=true


kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"NodePort"}}'
  • 代理 kite
echo "admin:$(openssl passwd -apr1 admin)" > auth
kubectl create secret generic basic-auth --from-file=auth -n kube-system
ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kite-ingress
  namespace: kube-system
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-secret: basic-auth
    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
spec:
  ingressClassName: nginx
  rules:
  - host: console.private.dorimu.cn
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kite
            port:
              number: 80

手抖可用#

  • 排查问题
crictl ps -a
journalctl -u containerd -n 50 --no-pager
journalctl -u kubelet -n 100 --no-pager
  • 清除配置
sudo kubeadm reset -f
sudo rm -rf /etc/kubernetes/ /var/lib/kubelet/ /var/lib/etcd/
  • 打印加入参数
sudo kubeadm token create --print-join-command
  • 添加备用控制平面
kubeadm token create --print-join-command
kubeadm init phase upload-certs --upload-certs


#拼接
kubeadm join <LB_IP:6443> \
  --token
<TOKEN> \
  --discovery-token-ca-cert-hash sha256:
<HASH> \
  --control-plane \
  --certificate-key
<CERTIFICATE_KEY>
分享

如果这篇文章对你有帮助,欢迎分享给更多人!

部署k8s
https://blog.dorimu.cn/posts/install-k8s/
作者
Dorimu
发布于
2025-07-26
许可协议
CC BY-NC-SA 4.0

部分信息可能已经过时

H3C F1020 添加HTTPS证书
PVE8更换国内源
蜀ICP备2024081619号
© 2026 Dorimu. All Rights Reserved. / RSS / Atom / Sitemap
Powered by Astro & Mizuki  Version 8.2
封面
Sample Song
Sample Artist
封面
Sample Song
Sample Artist
0:00 / 0:00