Ubuntu部署单机基于containerd的k8s

  1. 环境准备

更新系统

sudo apt update
sudo apt upgrade -y

关闭交换空间

sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

2.安装必要的依赖包

sudo apt install -y apt-transport-https ca-certificates curl software-properties-common

换源

sudo cp -a /etc/apt/sources.list /etc/apt/sources.list.bak
sudo sed -i "s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list
sudo sed -i "s@http://.*security.ubuntu.com@http://repo.huaweicloud.com@g" /etc/apt/sources.list

3.安装容器运行时(Containerd)
使用阿里云的 Docker 镜像源。

添加阿里云的 GPG 密钥

curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

添加阿里云的 APT 源

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

更新 APT 缓存

sudo apt update

安装 Containerd

sudo apt install -y containerd.io

生成默认配置文件

sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml

启用Cgroup用于限制进程的资源使用量,如CPU、内存资源

sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml

替换文件中pause镜像的下载地址为阿里云仓库

sed -i 's#sandbox_image = "registry.k8s.io/pause:3.6"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"#' /etc/containerd/config.toml

为Containerd配置镜像加速器,在文件中找到[plugins."io.containerd.grpc.v1.cri".registry.mirrors],在下方添加镜像加速器

...

  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
       endpoint = ["https://abde64ba3c6d4242b9d12854789018c6.mirror.swr.myhuaweicloud.com"]

sudo sed -i 's|registry.k8s.io|registry.aliyuncs.com/google_containers|g' /etc/containerd/config.toml

重启 Containerd 服务

sudo systemctl restart containerd

4.配置内核参数

sudo modprobe br_netfilter
echo '1' | sudo tee /proc/sys/net/bridge/bridge-nf-call-iptables

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

sudo sysctl --system
  1. 安装 Kubernetes 组件

使用阿里云的 Kubernetes 镜像源。

添加阿里云的 Kubernetes APT 源

curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

更新 APT 缓存

sudo apt update

安装 Kubernetes 组件

sudo apt install -y kubelet kubeadm kubectl

锁定版本,防止自动更新

sudo apt-mark hold kubelet kubeadm kubectl

集群初始化
在master01节点查看集群所需镜像文件
kubeadm config images list

...以下是集群初始化所需的集群组件镜像

v1.27.1; falling back to: stable-1.23
k8s.gcr.io/kube-apiserver:v1.23.17
k8s.gcr.io/kube-controller-manager:v1.23.17
k8s.gcr.io/kube-scheduler:v1.23.17
k8s.gcr.io/kube-proxy:v1.23.17
k8s.gcr.io/pause:3.6
k8s.gcr.io/etcd:3.5.1-0
k8s.gcr.io/coredns/coredns:v1.8.6

在master01节点生成初始化集群的配置文件

kubeadm config print init-defaults > kubeadm-config.yaml

配置文件需要修改如下内容

管理节点的IP地址

advertiseAddress: 192.168.0.50

本机注册到集群后的节点名称

name: master01

集群镜像下载地址,修改为阿里云

imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers

通过配置文件初始化集群

kubeadm init --config kubeadm-config.yaml

根据集群初始化后的提示,执行如下命令

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

根据提示将node节点加入集群,加入成功后在master节点验证

kubectl get nodes

NAME STATUS ROLES AGE VERSION
master01 NotReady control-plane,master 3m31s v1.23.0
node01 NotReady 12s v1.23.0
node02 NotReady 89s v1.23.0

部署集群网络Calico
master01节点下载Calico文件
·```
wget https://raw.githubusercontent.com/projectcalico/calico/v3.24.1/manifests/calico.yaml


创建calico网络

kubectl apply -f calico.yaml


查看Calico Pod状态是否为Running
kubectl get pod -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-66966888c4-whdkj   1/1     Running   0          101s
calico-node-f4ghp                          1/1     Running   0          101s
calico-node-sj88q                          1/1     Running   0          101s
calico-node-vnj7f                          1/1     Running   0          101s
calico-node-vwnw4                          1/1     Running   0          101s

验证集群节点状态
在master01节点查看集群信息
kubectl get nodes

NAME       STATUS   ROLES                  AGE   VERSION
master01   Ready    control-plane,master   25m   v1.23.0
node01     Ready    <none>   							 25m   v1.23.0
node02     Ready    <none>   							 24m   v1.23.0

![image](https://img2024.cnblogs.com/blog/3457858/202509/3457858-20250905113516141-189735025.png)

你的控制平面节点(master01)有一个NoSchedule污点,这会阻止普通 Pod 调度到该节点。要允许 Pod 在单节点环境中调度到控制平面节点,可以执行以下命令移除该污点:

kubectl taint nodes master01 node-role.kubernetes.io/control-plane:NoSchedule-



Kubectl命令补全

echo "source <(kubectl completion bash)" >> ~/.bashrc source ~/.bashrc

posted @ 2025-09-05 11:36  还得多长时间·  阅读(37)  评论(0)    收藏  举报
//雪花飘落效果