第一步:系统初始化

K8s 对系统环境要求很严,必须关闭 Swap 和配置内核转发。

  1. 关闭 Swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab
  1. 配置内核转发 (让流量可以在 Pod 之间转发)
cat <<EOF | tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter

cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

sysctl --system

第二步:安装 Containerd(容器运行时)

K8s 现在标准推荐 Containerd。

  1. 安装 containerd
    apt-get update && apt-get install -y containerd

  2. 生成默认配置

mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml

  1. 开启 SystemdCgroup (K8s 1.24+ 强制要求)
    sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml

  2. 配置 Containerd 代理(根据实际情况替换)

mkdir -p /etc/systemd/system/containerd.service.d
cat <<EOF | tee /etc/systemd/system/containerd.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://192.168.1.10:7890"
Environment="HTTPS_PROXY=http://192.168.1.10:7890"
Environment="NO_PROXY=localhost,127.0.0.1,10.96.0.0/12,192.168.0.0/16,.svc,.cluster.local"
EOF
  1. 重启使其生效
systemctl daemon-reload
systemctl restart containerd

第三步:安装 Kubeadm

  1. 安装依赖
    apt-get install -y apt-transport-https ca-certificates curl gpg

  2. 下载 Google Cloud 公钥
    curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

  3. 添加官方 apt 源
    echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list

  4. 安装工具 (锁定在 1.28.2 版本)

apt-get update
apt-get install -y kubelet=1.28.2-1.1 kubeadm=1.28.2-1.1 kubectl=1.28.2-1.1
apt-mark hold kubelet kubeadm kubectl

第四步:初始化集群

  1. 获取本机 IP
    export APISERVER_IP=$(hostname -I | awk '{print $1}')

2. 初始化

kubeadm init \
  --apiserver-advertise-address=${APISERVER_IP} \
  --kubernetes-version v1.28.2 \
  --service-cidr=10.96.0.0/12 \
  --pod-network-cidr=192.168.0.0/16

第五步:收尾工作 (配置 kubectl + 网络 + 去污点)

  1. 配置 kubectl 权限
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
  1. 安装 Calico 网络
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yaml
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/custom-resources.yaml
  1. 解除单机限制 (允许 Master 跑业务 Pod)
    kubectl taint nodes --all node-role.kubernetes.io/control-plane-

验证时刻

kubectl get nodes
kubectl get pods -A

Image