一、准备工作

基础系统要求

三台虚拟机(建议配置):

角色 CPU 内存 磁盘 说明
master 控制节点 2核 ≥2G ≥20G 控制平面
worker 节点 1 2核 ≥2G ≥20G 运行业务 Pod
worker 节点 2 2核 ≥2G ≥20G 可选,用于高可用或多节点实验

1.主机名配置

# 设置主机名
hostnamectl set-hostname k8s-master  # 其他两台改成 node1/node2

# 编辑 hosts
 vim /etc/hosts

192.168.44.10 k8s-master
192.168.44.20 k8s-node1
192.168.44.30 k8s-node2

2.禁用 swap、 时间同步、防火墙与内核配置

一键禁用 swap、 时间同步、防火墙与内核配置脚本:

#!/bin/bash
# ==========================================================
# Kubernetes 节点初始化脚本 (Ubuntu 20.04/22.04)
# 包含:关闭 swap、时间同步、内核与防火墙配置
# 作者:ChatGPT GPT-5
# ==========================================================

set -e

echo "=== Step 1: 关闭 Swap ==="
sudo swapoff -a
sudo sed -i '/ swap / s/^/#/' /etc/fstab
echo "Swap 已关闭并禁用。"

echo "=== Step 2: 安装并启动 Chrony 时间同步 ==="
sudo apt update -y
sudo apt install -y chrony
sudo systemctl enable --now chronyd || sudo systemctl enable --now chrony
sudo timedatectl set-timezone Asia/Shanghai
sudo systemctl restart chronyd || sudo systemctl restart chrony
sudo chronyc sources || chronyc tracking
echo "时间同步已配置完成。"

echo "=== Step 3: 关闭防火墙 (实验环境建议关闭) ==="
sudo systemctl stop ufw || true
sudo systemctl disable ufw || true
echo "防火墙已关闭。"

echo "=== Step 4: 加载 K8s 所需内核模块 ==="
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

echo "=== Step 5: 设置内核参数 (iptables / 转发) ==="
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sudo sysctl --system

echo "=== Step 6: 验证关键参数 ==="
lsmod | grep br_netfilter || echo "⚠️ 内核模块未加载"
sudo sysctl net.bridge.bridge-nf-call-iptables
sudo sysctl net.ipv4.ip_forward

echo "=== 所有初始化步骤完成 ✅ ==="

3.安装 containerd

注意如果containerd版本太新,初始化主节点会报错
一键安装脚本脚本:

#!/bin/bash
# ==========================================================
# 卸载旧版 containerd 并安装 containerd 1.6.x
# 兼容 Kubernetes v1.31
# 适用于 Ubuntu 20.04 / 22.04
# ==========================================================

set -e

CONTAINERD_VERSION="1.6.28-1"  # 指定 containerd 1.6.x 版本

echo "=== Step 0: 添加 Docker 官方 apt 仓库 ==="
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update -y


echo "=== Step 1: 卸载旧版 containerd ==="
sudo systemctl stop containerd || true
sudo apt remove -y containerd containerd.io
sudo rm -rf /var/lib/containerd

echo "=== Step 2: 安装依赖 ==="

sudo apt install -y apt-transport-https ca-certificates curl gnupg lsb-release software-properties-common



echo "=== Step 3: 安装 containerd ${CONTAINERD_VERSION} ==="
sudo apt install -y containerd.io=${CONTAINERD_VERSION}

echo "=== Step 4: 配置 containerd ==="
sudo mkdir -p /etc/containerd
sudo containerd config default | sudo tee /etc/containerd/config.toml > /dev/null

# 修改 cgroup 为 systemd(K8s 要求)
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml

echo "=== Step 5: 启动并设置开机自启 ==="
sudo systemctl restart containerd
sudo systemctl enable containerd

echo "=== Step 6: 验证状态 ==="
containerd --version
systemctl status containerd --no-pager

echo "=== containerd 1.6.x 安装完成 ✅ ==="

二、K8s集群安装

1、安装 Kubernetes 组件

在 所有节点(master + 两个 worker) 都要执行:

sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl gpg

# 添加官方 K8s 源
sudo mkdir -p /etc/apt/keyrings

# 下载并 dearmor 公钥
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | \
  sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

# 确认权限
sudo chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg

# 写入源配置(覆盖已有的)
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] \
https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /" | \
  sudo tee /etc/apt/sources.list.d/kubernetes.list

# 给 sources 文件合适权限
sudo chmod 644 /etc/apt/sources.list.d/kubernetes.list

# 更新
sudo apt-get update

sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

1.1初始化主节点前准备(清理残留 + 启动 containerd + 拉国内镜像)

一键清理残留 + 启动 containerd + 拉国内镜像脚本:

#!/bin/bash
# ===============================================
# 清理残留 + 拉国内镜像
# 适用于 kubeadm v1.31.x + containerd + systemd cgroup
# ===============================================

set -e

IMAGE_REPO="registry.aliyuncs.com/google_containers"

echo "=== Step 1: 清理旧的 Kubernetes 配置 ==="
sudo kubeadm reset -f
sudo rm -rf /etc/kubernetes/manifests /etc/kubernetes/pki /etc/kubernetes/*.conf
sudo rm -rf /var/lib/etcd
sudo rm -rf /var/lib/kubelet/*

echo "=== Step 2: 确保 containerd 启动并可用 ==="
sudo systemctl enable --now containerd
sudo systemctl restart kubelet

echo "=== Step 3: 拉取国内镜像 ==="
sudo kubeadm config images pull --image-repository $IMAGE_REPO

echo "=== 脚本执行完成 ✅ ==="

2.初始化主节点

sudo kubeadm init \
  --apiserver-advertise-address=192.168.44.10 \
  --pod-network-cidr=10.244.0.0/16

主节点成功初始化会有如下显示:

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Then you can join any number of worker nodes by running the following on each as root:
  kubeadm join 192.168.10.11:6443 --token <TOKEN> \
  --discovery-token-ca-cert-hash sha256:<HASH>

3.配置 kubectl(仅主节点)

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

验证:

kubectl get nodes

NAME         STATUS     ROLES           AGE     VERSION
k8s-master   NotReady   control-plane   8m59s   v1.31.13

此时 master 显示 NotReady(因为还没装网络插件)

4.master节点安装 Pod 网络插件(Flannel)

kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

查看 Flannel Pod 是否运行

kubectl get pods -n kube-flannel

#等待网络插件启动完毕status显示为running
NAME                        READY   STATUS    RESTARTS   AGE
kube-flannel-ds-xxxxx       1/1     Running   0          1m


kubectl get nodes

#这时在验证master节点status是否ready
NAME         STATUS   ROLES           AGE   VERSION
k8s-master   Ready    control-plane   15m   v1.31.13

master节点status是ready时表示主节点已经成功部署

5.让 Worker 节点加入集群

在两台 worker 节点上执行join命令来加入集群
master节点生成的join命令类似:

kubeadm join 192.168.44.10:6443 --token r2gbcc.tyrxef86oj3j4646 --discovery-token-ca-cert-hash sha256:8b0ab88ad7c46b14acb5e984a8fd05eeb21a2736e7a6b254b24482620efa6f9d 

如果忘记可以在master节点上重新生成join命令

kubeadm token create --print-join-command

6.验证集群状态

kubectl get nodes

如果结果类似:

NAME         STATUS   ROLES           AGE   VERSION
k8s-master   Ready    control-plane   19h   v1.31.13
k8s-node1    Ready    <none>          29m   v1.31.13
k8s-node2    Ready    <none>          15m   v1.31.13

就代表三节点的 K8s 集群部署成功了
PS:如果node节点status长时间显示not ready可以尝试在node节点上重启kubelet

systemctl restart kubelet
Logo

腾讯云面向开发者汇聚海量精品云计算使用和开发经验,营造开放的云计算技术生态圈。

更多推荐