# install-k8s **Repository Path**: Sunjie2021/install-k8s ## Basic Information - **Project Name**: install-k8s - **Description**: No description available - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 1 - **Forks**: 1 - **Created**: 2024-05-08 - **Last Updated**: 2025-12-11 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # 安装K8s ## 配置 #### 1.Ubuntu ```shell #开启内核转发 cat <> /etc/modules-load.d/ipvs.conf <> /etc/sysconfig/modules/br_netfilter.modules <> /etc/sysconfig/modules/overlay.modules < /etc/sysconfig/modules/ipvs.modules <> /etc/rc.sysinit <> /etc/security/limits.conf < /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 user.max_user_namesapces = 28633 vm.swappiness = 0 EOF #加载参数 sysctl -p /etc/sysctl.d/k8s.conf ``` ### 系统配置 #### 1.Ubuntu ```shell # 对于 Ubuntu apt update && apt upgrade -y && apt install -y wget psmisc vim net-tools nfs-kernel-server telnet lvm2 git tar curl ipvsadm ipset sysstat conntrack -y ``` #### 2.Linux ```shell # 对于 CentOS 7 yum update -y && yum -y install wget psmisc vim net-tools nfs-utils telnet yum-utils device-mapper-persistent-data lvm2 git tar curl # 对于 CentOS 8 yum update -y && yum -y install wget psmisc vim net-tools nfs-utils telnet yum-utils device-mapper-persistent-data lvm2 git network-scripts tar curl ``` ## 安装容器组件 ### 安装Docker(可选) #### 1.Linux ```shell # 添加源 yum install yum-utils -y yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # 安装 yum install docker-ce -y ``` #### 2.Ubuntu ```shell # 添加源 curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" # 安装 apt install docker-ce -y ``` #### 3.配置文件修改 ```shell cat > /etc/docker/daemon.json < /usr/lib/systemd/system/cri-docker.service < /usr/lib/systemd/system/cri-docker.socket < /etc/containerd/config.toml sed -i "s#SystemdCgroup\ \=\ false#SystemdCgroup\ \=\ true#g" /etc/containerd/config.toml sed -i "s#registry.k8s.io#registry.aliyuncs.com/google_containers#g" /etc/containerd/config.toml sed -i "s#config_path\ \=\ \"\"#config_path\ \=\ \"/etc/containerd/certs.d\"#g" /etc/containerd/config.toml # 验证 cat /etc/containerd/config.toml | grep certs.d cat /etc/containerd/config.toml | grep SystemdCgroup cat /etc/containerd/config.toml | grep sandbox_image # 修改crictl配置 cat > /etc/crictl.yaml < /etc/crictl.yaml < /etc/containerd/certs.d/docker.io/hosts.toml << EOF server = "https://docker.io" [host."https://vh3bm52y.mirror.aliyuncs.com"] capabilities = ["pull", "resolve"] EOF # 重启 systemctl daemon-reload systemctl restart containerd systemctl enable containerd ``` ## 安装K8s组件 ### 安装kubectl,kubeadm,kubelet #### 1.Liunx ```shell # 添加镜像源 cat > /etc/yum.repos.d/kubernetes.repo </etc/apt/sources.list.d/kubernetes.list deb http://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main EOF # 运行一次 apt-get update # 出现报错，将key加入信任：B53DC80D13EDEF05 W: GPG error: http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05 # 添加信任 apt-key adv --recv-keys --keyserver keyserver.ubuntu.com B53DC80D13EDEF05 # 再次执行 apt-get update apt install kubelet kubeadm kubectl -y apt install kubelet=1.16.15-00 kubeadm=1.16.15-00 kubectl=1.16.15-00 -y ``` #### 3.通用配置 ```shell # 初始化kubeadm文件，只在master节点做 kubeadm config print init-defaults > kubeadm.yaml # 修改配置 advertiseAddress（masterip） nodeRegistration.name改成hostname（master） criSocket: unix:///var/run/containerd/containerd.sock imageRepository: registry.aliyuncs.com/google_containers networking.serviceSubnet： networking.podSubnet：#指定pod的ip段 #追加 --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd ``` ##### kubeadm.conf模板 ```conf apiVersion: kubeadm.k8s.io/v1beta3 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 172.168.10.100 bindPort: 6443 nodeRegistration: criSocket: unix:///var/run/containerd/containerd.sock #criSocket: unix:///var/run/cri-dockerd.sock imagePullPolicy: IfNotPresent name: master1 taints: null --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta3 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: {} etcd: local: dataDir: /var/lib/etcd imageRepository: registry.aliyuncs.com/google_containers kind: ClusterConfiguration kubernetesVersion: 1.28.0 networking: dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12 podSubnet: 10.223.0.0/12 scheduler: {} --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd ``` #### 4.初始化节点 ```shell # master初始化节点 kubeadm init --config=kubeadm.yaml --ignore-preflight-errors=SystemVerification # 加入配置 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config # 加入node节点 # 命令可通过 kubeadm token create --print-join-command # 在node上输入 kubeadm join 172.168.10.100:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:ed12de1515708b45edb9bc60599878f7c9aa46ee60d9b758807204617e36e732 ``` #### 5.为节点打上rules ```shell # 添加rules kubectl label nodes node1 node-role.kubernetes.io/worker= # 删除rules kubectl label nodes node1 node-role.kubernetes.io/worker=""- ``` ### 安装calico 站点 https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart ```shell # 下载 curl https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/calico.yaml -O # 安装 kubectl apply -f calico.yaml ```