kubeadm部署k8s集群(1.32版本)
基于docker部署,需部署cri-dockerd
一、部署环境准备(Ubuntu2204)
| 主机IP地址 | 主机名 |
|---|---|
| 192.168.139.20 | k8s-master01 |
| 192.168.139.23 | k8s-node01 |
| 192.168.139.24 | k8s-node02 |
二、主机配置
1、主机名配置
hostnamectl set-hostname k8s-master01
hostnamectl set-hostname k8s-node01
hostnamectl set-hostname k8s-node022、主机名解析
cat >> /etc/hosts << EOF
192.168.139.20 k8s-master01.haoge.com k8s-master01 k8s-api.haoge.com k8s-api
192.168.139.23 k8s-node01.haoge.com k8s-node01
192.168.139.24 k8s-node02.haoge.com k8s-node02
EOF3、基础配置
1、关闭服务器防火墙: ufw disable
2、所有服务器做好时间同步并设置好时区:
# 时间同步
echo "*/5 * * * * ntpdate time1.aliyun.com &> /dev/null && hwclock -w" >> /var/spool/cron/crontabs/root
# 时区设置
timedatectl set-timezone Asia/Shanghai3、Ubuntu时间修改为24小时显示:
vim /etc/default/locale 新增一行内容:LC_TIME=en_DK.UTF-8 然后重启服务器
4、关闭swap分区:
vim /etc/fstab
注释掉swap开头的一行
最后执行: swapoff -a
5、配置master节点到node节点免密连接,也可不做
ssh-key-gen 一路回车即可
ssh-copy-id $IP # IP替换为具体服务器IP地址
4、配置内核转发和网桥过滤
#此步骤如果安装了docker的话不做也可,安装了docker会默认配置好
cat >> /etc/sysctl.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
modprobe br_netfilter
lsmod | grep br_netfilter
sysctl -p /etc/sysctl.conf
# 配置开机自动加载模块bridge模块,否则会有开机不自动加载导致的flanel服务启动失败问题
Failed to check br_netfilter: stat /proc/sys/net/bridge/bridge-nf-call-iptables: no such file or directory
modprobe br_netfilter
lsmod | grep br_netfilter
#配置开机自动加载模块bridge模块服务
vim /etc/systemd/system/load-bridge-module.service
[Unit]
Description=Load bridge module on startup
After=network.target
[Service]
Type=oneshot
ExecStart=/sbin/modprobe br_netfilter
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
systemctl daemon-reload && systemctl enable load-bridge-module && systemctl start load-bridge-module
systemctl status load-bridge-module5、配置docker和kubernetes镜像源
# 配置docker源,使用了清华大学的镜像源
1、首先安装依赖
apt-get update
apt-get install ca-certificates curl gnupg
2、添加公钥
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
3、更新源并查看是否有docker-ce包
apt update
apt-cache madison docker-ce
# 配置kubernetes源,使用了清华大学的镜像源
1、导入公钥
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
2、新建仓库文件/etc/apt/sources.list.d/kubernetes.list
vim /etc/apt/sources.list.d/kubernetes.list
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb/ /
3、更新源
apt update6、安装docker/kubeadm/kubelet/kubectl
apt install docker-ce kubeadm kubelet kubectl -y
# 配置kubelet忽略swap错误
vim /etc/default/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false"7、镜像下载
# 查看所需的镜像
kubeadm config images list --kubernetes-version=v1.32.5
registry.k8s.io/kube-apiserver:v1.32.5
registry.k8s.io/kube-controller-manager:v1.32.5
registry.k8s.io/kube-scheduler:v1.32.5
registry.k8s.io/kube-proxy:v1.32.5
registry.k8s.io/coredns/coredns:v1.11.3
registry.k8s.io/pause:3.10
registry.k8s.io/etcd:3.5.16-0
# 由于防火墙存在,无法直接下载,可通过代理的方式将镜像下载并将标签改掉
#master节点需要的镜像
docker pull k8s.dockerproxy.net/kube-apiserver:v1.32.5
docker tag k8s.dockerproxy.net/kube-apiserver:v1.32.5 registry.k8s.io/kube-apiserver:v1.32.5
docker rmi k8s.dockerproxy.net/kube-apiserver:v1.32.5
#master节点需要的镜像
docker pull k8s.dockerproxy.net/kube-controller-manager:v1.32.5
docker tag k8s.dockerproxy.net/kube-controller-manager:v1.32.5 registry.k8s.io/kube-controller-manager:v1.32.5
docker rmi k8s.dockerproxy.net/kube-controller-manager:v1.32.5
#master节点需要的镜像
docker pull k8s.dockerproxy.net/kube-scheduler:v1.32.5
docker tag k8s.dockerproxy.net/kube-scheduler:v1.32.5 registry.k8s.io/kube-scheduler:v1.32.5
docker rmi k8s.dockerproxy.net/kube-scheduler:v1.32.5
#master和node节点需要的镜像
docker pull k8s.dockerproxy.net/kube-proxy:v1.32.5
docker tag k8s.dockerproxy.net/kube-proxy:v1.32.5 registry.k8s.io/kube-proxy:v1.32.5
docker rmi k8s.dockerproxy.net/kube-proxy:v1.32.5
#master和node节点需要的镜像
docker pull k8s.dockerproxy.net/pause:3.10
docker tag k8s.dockerproxy.net/pause:3.10 registry.k8s.io/pause:3.10
docker rmi k8s.dockerproxy.net/pause:3.10
#master节点需要的镜像
docker pull k8s.dockerproxy.net/etcd:3.5.16-0
docker tag k8s.dockerproxy.net/etcd:3.5.16-0 registry.k8s.io/etcd:3.5.16-0
docker rmi k8s.dockerproxy.net/etcd:3.5.16-0
#master和node节点需要的镜像
docker pull k8s.dockerproxy.net/coredns/coredns:v1.11.3
docker tag k8s.dockerproxy.net/coredns/coredns:v1.11.3 registry.k8s.io/coredns/coredns:v1.11.3
docker rmi k8s.dockerproxy.net/coredns/coredns:v1.11.3
8、下载cri-dockerd并修改对应配置
# 下载cri-dockerd包,在github上,需要解决网络问题
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.17/cri-dockerd_0.3.17.3-0.ubuntu-jammy_amd64.deb
# 部署
dpkg -i cri-dockerd_0.3.17.3-0.ubuntu-jammy_amd64.deb
# 配置cri-dockerd文件
vim /lib/systemd/system/cri-docker.service
#注释原有的ExecStart一行,修改为下面的配置
#ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d
# 如果使用的是阿里云代理的Google镜像,需要配置为如下内容:
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --network-plugin=cni --cni-bin-dir=/opt/cni/bin --cni-cache-dir=/var/lib/cni/cache --cni-conf-dir=/etc/cni/net.d --pod-infra-container-image registry.aliyuncs.com/google_containers/pause:3.10
# 重启cri-docker
systemctl daemon-reload && systemctl restart cri-docker9、修改kubelet配置
# 配置kubelet,为其指定cri-docker在本地打开的Unix Sock文件路径
mkdir /etc/sysconfig
vim /etc/sysconfig/kubelet
KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint=/run/cri-dockerd.sock"10、 部署master和node节点
#1、初始化master节点
kubeadm init --control-plane-endpoint k8s-api.haoge.com --kubernetes-version=v1.32.5 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --token-ttl=0 --cri-socket unix:///run/cri-dockerd.sock --upload-certs
#2、根据输出内容执行如下命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 3、根据提示,在node节点上执行提示结果的内容,后面加上--cri-socket unix:///run/cri-dockerd.sock
kubeadm join k8s-api.haoge.com:6443 --token 38cmu9.1qexufebg38x81lf \
--discovery-token-ca-cert-hash sha256:17fc2568e66e606de403355a1657d41e45929e19ff228fdbb84a8c20d31bbc70 --cri-socket unix:///run/cri-dockerd.sock
# 4、如果需要新增master节点,执行提示里的如下内容--cri-socket unix:///run/cri-dockerd.sock
kubeadm join k8s-api.haoge.com:6443 --token 38cmu9.1qexufebg38x81lf \
--discovery-token-ca-cert-hash sha256:17fc2568e66e606de403355a1657d41e45929e19ff228fdbb84a8c20d31bbc70 \
--control-plane --certificate-key 376811df94d05ed3b9388bbbb2984028026822e7a6bd714fc5f64e83849860a4 --cri-socket unix:///run/cri-dockerd.sock
# 5、在master节点执行命令查看到所有节点都在即可
kubectl get nodes
k8s-master01 NotReady control-plane 5m52s v1.32.5
k8s-node01 NotReady <none> 46s v1.32.5
k8s-node02 NotReady <none> 38s v1.32.5
# 6、部署网络插件
kubectl apply -f https://ghfast.top/https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
# 或者将kube-flannel.yaml下载到本地后执行
wget https://ghfast.top/https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
kubectl apply -f kube-flannel.yml
# 镜像问题可以通过如下代理命令获取
docker pull ghcr.dockerproxy.net/flannel-io/flannel:v0.26.7
docker tag ghcr.dockerproxy.net/flannel-io/flannel:v0.26.7 ghcr.io/flannel-io/flannel:v0.26.7
docker rmi ghcr.dockerproxy.net/flannel-io/flannel:v0.26.7
docker pull ghcr.dockerproxy.net/flannel-io/flannel-cni-plugin:v1.6.2-flannel1
docker tag ghcr.dockerproxy.net/flannel-io/flannel-cni-plugin:v1.6.2-flannel1 ghcr.io/flannel-io/flannel-cni-plugin:v1.6.2-flannel1
docker rmi ghcr.dockerproxy.net/flannel-io/flannel-cni-plugin:v1.6.2-flannel1
11、部署完成后验证集群是否部署成功
# 查看集群是否ready
kubectl get nodes
k8s-master01 Ready control-plane 37m v1.32.5
k8s-node01 Ready <none> 32m v1.32.5
k8s-node02 Ready <none> 32m v1.32.512、kubeadm部署证书到期问题处理
# kubeadm部署的集群证书有效期为1年,到期后集群将无法使用,需要对证书进行续签操作
# 1、检查证书有效期
kubeadm certs check-expiration
# 2、重新续签证书,续签后需要重启kube-apiserver, kube-controller-manager, kube-scheduler and etcd
kubeadm certs renew all13、后续新增节点问题处理
如果部署集群的时候未指定 –token-ttl=0 ,则默认token有效期为24小时,过时即删除,就无法通过部署时候提示的kubeadm join命令加入新节点
# 检查令牌是否存在
kubeadm token list
# 1、重新生成token,如果创建永久token,可加参数: --ttl 0
kubeadm token create --print-join-command
# 2、根据生成内容到node节点进行节点加入14、node节点移除问题处理
1、排干对应要移除节点的Pod
#先禁止该节点作为调度目标
kubectl cordon k8s-node01
然后排空该节点:
kubectl drain k8s-node01 --delete-local-data --force --ignore-daemonsets
2、从控制平面删除对应节点
kubectl delete node k8s-node01
3、到要删除的节点服务器k8s-node01上清空数据
kubeadm reset -f --cri-socket unix:///run/cri-dockerd.sock
systemctl stop kubelet && systemctl stop docker
rm -rf /etc/kubernetes/ /var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni /etc/cni/* /var/lib/etcd /run/flannel/
ifconfig cni0 down
ifconfig docker0 down
ip link delete cni0
ip link delete flannel.1
systemctl start docker
iptables -F
ipvsadm -C15、部署kuboard图形页面
kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3.yaml
# 如遇问题,可到官网查看具体解决方案
https://www.kuboard.cn作者:于浩 创建时间:2025-05-28 10:27
最后编辑:于浩 更新时间:2025-06-10 18:08
最后编辑:于浩 更新时间:2025-06-10 18:08
