2025年containerd,K8S安装部署
·
一、准备工作
基础系统要求
三台虚拟机(建议配置):
角色 CPU 内存 磁盘 说明
master 控制节点 2核 ≥2G ≥20G 控制平面
worker 节点 1 2核 ≥2G ≥20G 运行业务 Pod
worker 节点 2 2核 ≥2G ≥20G 可选,用于高可用或多节点实验
1.主机名配置
# 设置主机名
hostnamectl set-hostname k8s-master # 其他两台改成 node1/node2
# 编辑 hosts
vim /etc/hosts
192.168.44.10 k8s-master
192.168.44.20 k8s-node1
192.168.44.30 k8s-node2
2.禁用 swap、 时间同步、防火墙与内核配置
一键禁用 swap、 时间同步、防火墙与内核配置脚本:
#!/bin/bash
# ==========================================================
# Kubernetes 节点初始化脚本 (Ubuntu 20.04/22.04)
# 包含:关闭 swap、时间同步、内核与防火墙配置
# 作者:ChatGPT GPT-5
# ==========================================================
set -e
echo "=== Step 1: 关闭 Swap ==="
sudo swapoff -a
sudo sed -i '/ swap / s/^/#/' /etc/fstab
echo "Swap 已关闭并禁用。"
echo "=== Step 2: 安装并启动 Chrony 时间同步 ==="
sudo apt update -y
sudo apt install -y chrony
sudo systemctl enable --now chronyd || sudo systemctl enable --now chrony
sudo timedatectl set-timezone Asia/Shanghai
sudo systemctl restart chronyd || sudo systemctl restart chrony
sudo chronyc sources || chronyc tracking
echo "时间同步已配置完成。"
echo "=== Step 3: 关闭防火墙 (实验环境建议关闭) ==="
sudo systemctl stop ufw || true
sudo systemctl disable ufw || true
echo "防火墙已关闭。"
echo "=== Step 4: 加载 K8s 所需内核模块 ==="
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
echo "=== Step 5: 设置内核参数 (iptables / 转发) ==="
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sudo sysctl --system
echo "=== Step 6: 验证关键参数 ==="
lsmod | grep br_netfilter || echo "⚠️ 内核模块未加载"
sudo sysctl net.bridge.bridge-nf-call-iptables
sudo sysctl net.ipv4.ip_forward
echo "=== 所有初始化步骤完成 ✅ ==="
3.安装 containerd
注意如果containerd版本太新,初始化主节点会报错
一键安装脚本脚本:
#!/bin/bash
# ==========================================================
# 卸载旧版 containerd 并安装 containerd 1.6.x
# 兼容 Kubernetes v1.31
# 适用于 Ubuntu 20.04 / 22.04
# ==========================================================
set -e
CONTAINERD_VERSION="1.6.28-1" # 指定 containerd 1.6.x 版本
echo "=== Step 0: 添加 Docker 官方 apt 仓库 ==="
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update -y
echo "=== Step 1: 卸载旧版 containerd ==="
sudo systemctl stop containerd || true
sudo apt remove -y containerd containerd.io
sudo rm -rf /var/lib/containerd
echo "=== Step 2: 安装依赖 ==="
sudo apt install -y apt-transport-https ca-certificates curl gnupg lsb-release software-properties-common
echo "=== Step 3: 安装 containerd ${CONTAINERD_VERSION} ==="
sudo apt install -y containerd.io=${CONTAINERD_VERSION}
echo "=== Step 4: 配置 containerd ==="
sudo mkdir -p /etc/containerd
sudo containerd config default | sudo tee /etc/containerd/config.toml > /dev/null
# 修改 cgroup 为 systemd(K8s 要求)
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
echo "=== Step 5: 启动并设置开机自启 ==="
sudo systemctl restart containerd
sudo systemctl enable containerd
echo "=== Step 6: 验证状态 ==="
containerd --version
systemctl status containerd --no-pager
echo "=== containerd 1.6.x 安装完成 ✅ ==="
二、K8s集群安装
1、安装 Kubernetes 组件
在 所有节点(master + 两个 worker) 都要执行:
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl gpg
# 添加官方 K8s 源
sudo mkdir -p /etc/apt/keyrings
# 下载并 dearmor 公钥
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | \
sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
# 确认权限
sudo chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg
# 写入源配置(覆盖已有的)
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] \
https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /" | \
sudo tee /etc/apt/sources.list.d/kubernetes.list
# 给 sources 文件合适权限
sudo chmod 644 /etc/apt/sources.list.d/kubernetes.list
# 更新
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
1.1初始化主节点前准备(清理残留 + 启动 containerd + 拉国内镜像)
一键清理残留 + 启动 containerd + 拉国内镜像脚本:
#!/bin/bash
# ===============================================
# 清理残留 + 拉国内镜像
# 适用于 kubeadm v1.31.x + containerd + systemd cgroup
# ===============================================
set -e
IMAGE_REPO="registry.aliyuncs.com/google_containers"
echo "=== Step 1: 清理旧的 Kubernetes 配置 ==="
sudo kubeadm reset -f
sudo rm -rf /etc/kubernetes/manifests /etc/kubernetes/pki /etc/kubernetes/*.conf
sudo rm -rf /var/lib/etcd
sudo rm -rf /var/lib/kubelet/*
echo "=== Step 2: 确保 containerd 启动并可用 ==="
sudo systemctl enable --now containerd
sudo systemctl restart kubelet
echo "=== Step 3: 拉取国内镜像 ==="
sudo kubeadm config images pull --image-repository $IMAGE_REPO
echo "=== 脚本执行完成 ✅ ==="
2.初始化主节点
sudo kubeadm init \
--apiserver-advertise-address=192.168.44.10 \
--pod-network-cidr=10.244.0.0/16
主节点成功初始化会有如下显示:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.10.11:6443 --token <TOKEN> \
--discovery-token-ca-cert-hash sha256:<HASH>
3.配置 kubectl(仅主节点)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
验证:
kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master NotReady control-plane 8m59s v1.31.13
此时 master 显示 NotReady(因为还没装网络插件)
4.master节点安装 Pod 网络插件(Flannel)
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
查看 Flannel Pod 是否运行
kubectl get pods -n kube-flannel
#等待网络插件启动完毕status显示为running
NAME READY STATUS RESTARTS AGE
kube-flannel-ds-xxxxx 1/1 Running 0 1m
kubectl get nodes
#这时在验证master节点status是否ready
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 15m v1.31.13
master节点status是ready时表示主节点已经成功部署
5.让 Worker 节点加入集群
在两台 worker 节点上执行join命令来加入集群
master节点生成的join命令类似:
kubeadm join 192.168.44.10:6443 --token r2gbcc.tyrxef86oj3j4646 --discovery-token-ca-cert-hash sha256:8b0ab88ad7c46b14acb5e984a8fd05eeb21a2736e7a6b254b24482620efa6f9d
如果忘记可以在master节点上重新生成join命令
kubeadm token create --print-join-command
6.验证集群状态
kubectl get nodes
如果结果类似:
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 19h v1.31.13
k8s-node1 Ready <none> 29m v1.31.13
k8s-node2 Ready <none> 15m v1.31.13
就代表三节点的 K8s 集群部署成功了
PS:如果node节点status长时间显示not ready可以尝试在node节点上重启kubelet
systemctl restart kubelet
更多推荐

所有评论(0)