ubuntu系统安装k8s1.28精简步骤

一、规划

#ubuntu20.04.3镜像下载地址
链接：https://pan.baidu.com/s/13p7bV8bR9ZVm4FIkNuWgzg?pwd=468w
提取码：468w

---

二、环境准备

2.1 配置apt仓库

配置系统基本软件仓库

#阿里云镜像官网
https://developer.aliyun.com/mirror/#修改sources.list配置基本源
#备份默认源文件
mv /etc/apt/sources.list /etc/apt/sources.list.bak#配置基本源
vim /etc/apt/sources.list
deb https://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiversedeb https://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiversedeb https://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse# deb https://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
# deb-src https://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiversedeb https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse

配置k8s软件仓库

#配置k8s源
cat <<EOF>/etc/apt/sources.list.d/kubernetes.list
deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main
EOF#更新软件源
apt-get update#报错，这个软件源获取更新时，APT无法验证软件源的签名，因为缺少对应的公钥。
W: GPG error: https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/deb  InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 234654DA9A296436
E: The repository 'https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/deb  InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.#解决
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com NO_PUBKEY
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 234654DA9A296436#重新刷新源
apt-get update

安装常用软件包

apt-get install -y ntpdate openssh-server resolvconf vim-gtk nfs-common apt-transport-https software-properties-common curl ca-certificates wget lrzsz selinux-utils#包解释
ntpdate    #ntpdate命令包
openssh-server    #sshd
resolvconf    #本机dns
vim-gtk    #vim软件包
nfs-common #nfs服务器
apt-transport-https #使apt支持ssl,支持访问https的软件仓库
software-properties-common #提供了一个公共的软件源配置工具。这个工具的主要作用包括添加、删除和管理软件源。
curl #curl命令包
ca-certificates #curl的依赖包
wget    #wget命令包
lrzsz #xshell上传下载包
selinux-utils 	#selinux管理包

---

2.2 修改静态ip、ntp时间同步、主机名、hosts文件、主机免密

#修改静态ip地址
自行规划配置#配置时间同步
ntpdate cn.pool.ntp.org#配置定时任务自动同步时间
crontab -e
* */1 * * * /usr/sbin/ntpdate   cn.pool.ntp.org
#配置定时任务自启动
systemctl restart cron && systemctl enable --now cron#配置主机名
hostnamectl set-hostname k8s-master-1 && bash
hostnamectl set-hostname k8s-node-1 && bash
hostnamectl set-hostname k8s-node-2 && bash    #配置/etc/hosts文件
10.0.0.10 k8s-master-1
10.0.0.11 k8s-node-1
10.0.0.12 k8s-node-2#免密配置，生成密钥
ssh-keygen
#发送密钥至对应服务器，node也需要同样操作
ssh-copy-id k8s-master-1
ssh-copy-id k8s-node-1
ssh-copy-id k8s-node-2

---

2.3 内核配置

#开启包转发
modprobe br_netfilter#编写内核文件
cat > /etc/sysctl.d/k8s.conf<<EOF
net.bridge.bridge-nf-call-ip6tables= 1
net.bridge.bridge-nf-call-iptables= 1
net.ipv4.ip_forward = 1
EOF#执行内核配置文件
sysctl -p /etc/sysctl.d/k8s.conf

---

2.4 关闭防火墙、selinux、swap

#关闭防火墙
systemctl stop ufw; systemctl disable ufw#查看selinux，结果为Disabled就是关闭.ubuntu的selinux默认关闭
getenforce#关闭swap
swapoff -a
#永久关闭swap
vim /etc/fstab
#/swapfile none swap  sw   0    0

---

2.5 安装软件

安装docker

apt-get install -y docker.io #测试是否正常安装
docker -v#配置docker驱动
cat >> /etc/docker/daemon.json <<-EOF
{
"registry-mirrors": ["http://74f21445.m.daocloud.io","https://registry.docker-cn.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"], "insecure-registries": ["kubernetes-register.openlab.cn"],"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF#启动docker并配置自启动
systemctl daemon-reload && systemctl restart docker
systemctl enable --now docker

安装containerd

apt-get install -y containerd#测试是否安装完成
containerd -v#生成containerd的配置文件。config.toml 文件是 Containerd 的配置文件。
containerd config default > /etc/containerd/config.toml
#若没有containerd入，就先创建
mkdir /etc/containerd
vim /etc/containerd/config.toml修改1：修改cgroup为systemd
SystemdCgroup = false 修改为
SystemdCgroup = true修改2：修改沙箱为阿里云的镜像源
原内容sandbox_image = "registry.k8s.io/pause:3.6"
修改为sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"修改3：修改插件为国内镜像源
在plugins."io.containerd.grpc.v1.cri".registry.mirrors下边添加如下内容：
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]endpoint = ["https://ustc-edu-cn.mirror.aliyuncs.com","https://hub-mirror.c.163.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]endpoint = ["registry.aliyuncs.com/google_containers"]#重启containerd，并配置自启动
systemctl daemon-reload && systemctl restart containerd
systemctl enable --now containerd

安装k8s软件包

apt-get install -y kubelet=1.28.2-00 kubeadm=1.28.2-00 kubectl=1.28.2-00#阻止软件自动更新
apt-mark hold kubelet kubeadm kubectl

---

三、安装配置k8s

3.1 master下载安装所需镜像

#查看镜像
kubeadm config images list --image-repository=registry.aliyuncs.com/google_containers#下载镜像
kubeadm config images pull --image-repository=registry.aliyuncs.com/google_containers

---

3.2 部署 master

sudo kubeadm init \--apiserver-advertise-address 10.0.0.10 \--image-repository registry.aliyuncs.com/google_containers \--kubernetes-version v1.28.2 \--service-cidr 10.0.96.0/12 \--pod-network-cidr 10.1.0.0/16 \--ignore-preflight-errors=SystemVerification#k8s的配置文件在这个目录
/etc/kubernetes/manifests
-rw------- 1 root root 2411 4月   1 10:46 etcd.yaml
-rw------- 1 root root 4041 4月   1 10:46 kube-apiserver.yaml
-rw------- 1 root root 3565 4月   1 10:46 kube-controller-manager.yaml
-rw------- 1 root root 1487 4月   1 10:46 kube-scheduler.yaml

#继续执行生成的命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config#查看是否安装完成
kubectl get nodes#查看资源状态
kubectl describe node |grep -E '((Name|Roles):\s{6,})|(\s+(memory|cpu)\s+[0-9]+\w{0,2}.+%\))'

3.2 node服务器加入节点

node节点需要先执行第二部分的环境准备

#在master生成node的加入命令
kubeadm token create --print-join-command#加上这个参数
--ignore-preflight-errors=SystemVerification#在node节点执行
kubeadm join 10.0.0.10:6443 --token oo7kvj.li0zp7bqw6v24qmz --discovery-token-ca-cert-hash sha256:76b2f717f7e1303e41acc1c73c36722739a281b324cb941f941064bf6e7af7e1 --ignore-preflight-errors=SystemVerification

四、配置网络插件Calico

4.1 下载calico.yaml文件

#官网链接
https://www.tigera.io/project-calico#github链接
https://github.com/projectcalico/calico#下载calico配置文件
wget https://docs.tigera.io/archive/v3.25/manifests/calico.yaml

---

4.2 修改calico配置文件

vim calico.yaml修改1：将默认pod网络修改为pod网络
- name: CALICO_IPV4POOL_CIDRvalue: "192.168.0.0/16"修改后的配置
- name: CALICO_IPV4POOL_CIDRvalue: "10.1.0.0/16"修改2：找到CLUSTER_TYPE那行，在后面添加两行，ens33处填写主机的网卡名称
- name: IP_AUTODETECTION_METHODvalue: "interface=ens33"

---

4.3 安装calico

kubectl apply -f calico.yaml#资源状态一直有问题，查看发现calico pod状态一直为Init:ImagePullBackOff
kubectl get pod -A #查看calico.yaml文件查看镜像，然后使用docker pull完save下来
docker pull docker.io/calico/cni:v3.25.0
docker pull docker.io/calico/kube-controllers:v3.25.0
docker pull docker.io/calico/node:v3.25.0#保存镜像
docker save calico/kube-controllers calico/kube-controllers calico/cni calico/node -o calico.war#上传到服务器后，载入镜像     
docker load -i calico.war
ctr -n k8s.io image import calico.war#删除calico再次执行
kubectl delete -f calico.yaml
kubectl apply -f calico.yaml#检查是否正常，calico pod状态为Running就可以了
kubectl get pod -A 

---