基于 debian 12 利用 kubeadm 部署 k8s 1.29 版本
預先準備
-
準備三臺
debian 12的虛擬機,配置如下:Hostname IP 配置 k8s-master1 192.168.31.60 4vCPU、8GiB 內存、50GiB 硬盤 k8s-worker1 192.168.31.61 4vCPU、8GiB 內存、50GiB 硬盤 k8s-worker2 192.168.31.62 4vCPU、8GiB 內存、50GiB 硬盤 -
開放
root賬戶允許其遠程ssh登錄-
打開
/etc/ssh/sshd_config文件,并找到以下行:#PermitRootLogin prohibit-password -
將
no修改為yes,以允許 root 用戶遠程登錄。修改后的行應該如下所示:PermitRootLogin yes -
保存修改后,關閉編輯器,并重新啟動 SSH 服務以應用更改:
sudo systemctl restart ssh
-
-
執行如下指令安裝必備軟件
apt-get install -y vim curl sudo net-tools telnet chrony ipvsadm -
關閉三臺機器的 swap
swapoff -a sed -i 's/.*swap.*/#&/' /etc/fstab -
關閉防火墻
iptables -F systemctl stop iptables nftables systemctl disable iptables nftables -
三臺主機之間設置免密登錄
-
先在三臺主機上執行
ssh-keygen指令,然后一直回車直至結束 -
再在三臺虛擬機上
/etc/hosts文件末尾加入如下三行解析192.168.31.60 k8s-master1 192.168.31.61 k8s-worker1 192.168.31.62 k8s-worker2 -
最后在三臺主機上分別執行如下指令
ssh-copy-id k8s-master1 ssh-copy-id k8s-worker1 ssh-copy-id k8s-worker2 -
-
修改三臺主機內核參數,分別在三臺機器上執行如下指令
# 加載 br_netfilter 模塊 modprobe br_netfilter# 創建配置文件 cat > /etc/sysctl.d/k8s.conf <<EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF# 修改內核配置 sysctl -p /etc/sysctl.d/k8s.conf -
三臺主機安裝 docker 、containerd 和 crictl
# 刪除殘留包,防止安裝沖突 for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done# 安裝前更新相關配置 # Add Docker's official GPG key: sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc# Add the repository to Apt sources: echo \"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update# 安裝容器相關軟件 sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin# 安裝crictl VERSION="v1.29.0" wget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin rm -f crictl-$VERSION-linux-amd64.tar.gz -
修改 containerd 相關配置
-
執行
containerd config default > /etc/containerd/config.toml,打開/etc/containerd/config.toml,把SystemdCgroup = false修改成SystemdCgroup = true,最后執行systemctl enable containerd --now && systemctl restart containerd -
生成
/etc/crictl.yaml配置文件如下cat > /etc/crictl.yaml <<EOF runtime-endpoint: unix:///run/containerd/containerd.sock image-endpoint: unix:///run/containerd/containerd.sock timeout: 10 debug: false EOF
-
-
三臺主機配置時間同步服務器,執行如下指令
echo 'server ntp.aliyun.com iburst' > /etc/chrony/sources.d/local-ntp-server.source chronyc reload sources# 查看時鐘狀態 chronyc tracking
安裝 kubeadm, kubelet 和 kubectl
sudo apt-get update
# apt-transport-https may be a dummy package; if so, you can skip that package
sudo apt-get install -y apt-transport-https ca-certificates curl gpg# If the directory `/etc/apt/keyrings` does not exist, it should be created before the curl command, read the note below.
# sudo mkdir -p -m 755 /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg# This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.listsudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectlsudo systemctl enable --now kubelet
kubeadm 初始化集群
-
三臺虛擬機設置
crictl的運行環境為containerdcrictl config runtime-endpoint unix:///run/containerd/containerd.sock -
kubeadm生成初始化配置文件并進行修改-
生成配置文件
kubeadm.yamlkubeadm config print init-defaults > kubeadm.yaml -
修改
advertiseAddress為主節點 IP,并將控制節點主機名name修改為k8s-master1 -
新增
podSubnet字段kind: ClusterConfiguration kubernetesVersion: 1.29.0 networking:dnsDomain: cluster.localpodSubnet: 10.244.0.0/16 #指定pod網段, 需要新增加這個serviceSubnet: 10.96.0.0/12 scheduler: {} -
新增
kubeproxy和kubelet配置,---不能省略--- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd
-
-
執行初始化
kubeadm init --config=kubeadm.yaml -
授權
kubectl指令,使其可以管理集群mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config# 將訪問權限拷貝到工作節點 scp -r /root/.kube k8s-worker1:/root scp -r /root/.kube k8s-worker2:/root -
測試
kubectl指令kubectl get nodes -
如果出現錯誤,請執行如下指令重置,并排查錯誤
kubeadm reset -
將
k8s-worker1和k8s-worker2加入集群# 生成加入指令 kubeadm token create --print-join-command# 執行指令加入集群 kubeadm join 192.168.31.60:6443 --token k1biqb.7vbcgtguh54ju81c --discovery-token-ca-cert-hash sha256:82b02d429821cc106a540a9507d1066a3fe8103d7b79a6581adfdd405744079d -
安裝
calico打通集群網絡-
下載
v3.27配置模板,在https://github.com/projectcalico/calico/tree/release-v3.27/manifests下載tigera-operator.yaml和custom-resources.yaml兩個配置文件 -
執行
kubectl create -f tigera-operator.yaml安裝calico相關鏡像和基礎配置 -
修改
custom-resources.yaml配置文件,將cidr修改為10.244.0.0/16并新增nodeAddressAutodetectionV4字段# This section includes base Calico installation configuration. # For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.Installation apiVersion: operator.tigera.io/v1 kind: Installation metadata:name: default spec:# Configures Calico networking.calicoNetwork:# Note: The ipPools section cannot be modified post-install.ipPools:- blockSize: 26 # 填寫自己 pod 的 IP 信息cidr: 10.244.0.0/16encapsulation: VXLANCrossSubnetnatOutgoing: EnablednodeSelector: all() # 綁定自己的網卡信息,默認綁定第一個網卡nodeAddressAutodetectionV4:interface: ens* ---# This section configures the Calico API server. # For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.APIServer apiVersion: operator.tigera.io/v1 kind: APIServer metadata:name: default spec: {} -
執行
watch kubectl get pods -n calico-system等待網絡構建完成 -
執行
kubectl get nodes確認網絡打通
-
)
)
![[matlab]yalmip國內源yalmip下載地址所有版本匯總](http://pic.xiahunao.cn/[matlab]yalmip國內源yalmip下載地址所有版本匯總)
)
:在項目中使用)
