修改软件源为阿里云
sudo sed -i 's/archive.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list.d/ubuntu.sources
sudo sed -i 's/security.ubuntu.com/mirrors.aliyun.com/g' /etc/apt/sources.list.d/ubuntu.sources
sudo apt update
安装 Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# 配置镜像源
sudo vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.1ms.run", "https://docker.xuanyuan.me"]
}
sudo systemctl restart docker
sudo systemctl enable docker
安装 K8s
# 加载内核模块(overlay,br_netfilter),不加载会导致 Pod 通信失败,一直处于 NotReady 状态
sudo modprobe overlay
sudo modprobe br_netfilter
# 确保在重启后也能自动加载
echo 'overlay' | sudo tee -a /etc/modules-load.d/k8s.conf
echo 'br_netfilter' | sudo tee -a /etc/modules-load.d/k8s.conf
# 应用网络参数(如果你之前配置过 sysctl,这一步会确保它生效)
sudo sysctl --system
# 验证内核模块是否加载
lsmod | grep br_netfilter
# 安装 conntrack(k8s底层需要,不安装会导致 kubeadm init 失败)
sudo apt install -y conntrack
# 创建配置文件
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
# 修改配置
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
# 修改配置(镜像加速)
#sandbox = 'registry.k8s.io/pause:3.10.1' => sandbox = 'registry.aliyuncs.com/google_containers/pause:3.10.1'
#config_path = '' => config_path = '/etc/containerd/certs.d'
sudo mkdir -p /etc/containerd/certs.d/docker.io /etc/containerd/certs.d/registry.k8s.io
sudo vi /etc/containerd/certs.d/docker.io/hosts.toml
# Docker Hub 官方地址
server = "https://registry-1.docker.io"
# 加速节点 1
[host."https://docker.1ms.run"]
capabilities = ["pull", "resolve"]
skip_verify = true
# 加速节点 2 (备选)
[host."https://docker.xuanyuan.me"]
capabilities = ["pull", "resolve"]
skip_verify = true
sudo vi /etc/containerd/certs.d/registry.k8s.io/hosts.toml
# K8s 官方源地址
server = "https://registry.k8s.io"
# 阿里云加速节点
[host."https://registry.aliyuncs.com/google_containers"]
capabilities = ["pull", "resolve"]
skip_verify = true
# 重启
sudo systemctl restart containerd
sudo systemctl enable containerd
# 配置软件源
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt update
# 安装
sudo apt install -y kubeadm kubectl kubelet
sudo systemctl restart kubelet
sudo systemctl enable kubelet
# 主节点初始化
sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --image-repository=registry.aliyuncs.com/google_containers
# kubectl(非 root 用户时需要配置通行证)
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get nodes
# 主节点安装网络插件(插件的选择和 --pod-network-cidr 参数有关系,不安装 Pod 之间无法通信,节点状态会一直是 NotReady)
kubectl apply -f https://gh-proxy.org/https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
# 创建 token
kubeadm token create --print-join-command
# 如果节点状态一直是 NotReady,检查 Flannel Pod 是否调度到了该节点,在主节点执行
kubectl get pods -n kube-flannel -o wide