笔者部署了很多次k8s,每次部署时需要找到之前收藏的文档进行部署,属实麻烦。且很多情况下一些由于一些版本问题可能会出现一些错误,又得重新搭建一个。另外,有一些yaml文件里面的镜像下载起来也比较麻烦(比如calico)。为此,我做了一个一键部署脚本,可在5分钟内搭建起来k8s。
此处主要放上一些主要的模块。项目放在github仓库内,几个数据包放在百度网盘。希望对正在搭建k8s的你有帮助!
下面只是部署过程中使用的脚本,具体脚本可在GitHub仓库:github.com/zhx-laoya/k… 中查看。
另外,里面用到的几个离线包我放在:通过网盘分享的文件:k8s_package 链接: pan.baidu.com/s/10hK_fNns… 提取码: j1fg
1.docker以及docker-compose
- docker 安装命令
apt install net-tools for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done sudo mkdir -p /etc/apt/sources.list.d # Add Docker's official GPG key: sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings #sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \ $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update # 如果不加版本会拉取到29的版本,将镜像导入到containerd时会有bug,而且docker pull的速度很慢 sudo apt-get install docker-ce=5:28.0.1-1~ubuntu.22.04~jammy docker-ce-cli=5:28.0.1-1~ubuntu.22.04~jammy containerd.io docker-buildx-plugin docker-compose-plugin docker -v # 配置加速源 sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": [ "https://docker.1ms.run", "https://docker-0.unsee.tech", "https://docker.m.daocloud.io" ] } EOF # 重载地址&重启docker&查看状态&查看配置的加速地址是否成功 sudo systemctl daemon-reload #重要 sudo systemctl restart docker systemctl status docker docker info
2.k8s环境搭建
先找到所有主机的ip,修改主机名字hostnamectl set-hostname master
#修改hosts绑定内网IP和主机
cat >>/etc/hosts<<EOF
{master_ip} master
{node1_ip} node1
EOF
cat >>/etc/hosts<<EOF
10.60.186.33 master
10.60.59.130 node1
EOF
2.1 master节点脚本
# 1. 在线安装基础软件包
apt update -y
apt install -y gcc gcc+ make apt-transport-https ca-certificates curl gnupg-agent gnupg lsb-release make software-properties-common net-tools git curl ntpdate
# 2. 关闭swap和关闭防火墙
sed -i '/swap/d' /etc/fstab
sudo swapoff -a
systemctl stop swap.target
systemctl disable swap.target
systemctl stop ufw
systemctl disable ufw
# 3. 优化内核参数
cat >>/etc/sysctl.d/k8s.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
#使上述配置生效
sysctl --system
# 4. 开启内核转发
echo "1" > /proc/sys/net/ipv4/ip_forward
# 5. 加载内核模块
tee /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF
modprobe br_netfilter
modprobe overlay
lsmod | grep -iE 'br_netfilter|overlay'
# 6. 修改时区同步时间
timedatectl set-timezone Asia/Shanghai
ntpdate time.windows.com
# 7. 部署cri-containerd容器
# https://github.com/containerd/containerd/releases/download/v1.7.27/cri-containerd-1.7.27-linux-amd64.tar.gz
# 本地下载后上传到服务器上,使用离线部署
tar -zxvf cri-containerd-1.7.27-linux-amd64.tar.gz -C /
mkdir -p /etc/containerd
containerd config default >/etc/containerd/config.toml
# 修改containerd配置的config.toml文件
sed -i 's|^\s*root\s*=.*|root = "/data/containerd"|' /etc/containerd/config.toml
sed -i 's|^\s*SystemdCgroup\s*=.*|SystemdCgroup = true|' /etc/containerd/config.toml
sed -i 's|^\s*sandbox_image\s*=.*|sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9"|' /etc/containerd/config.toml
# 加载开机启动和启动containerd并查看状态
systemctl daemon-reload
systemctl enable --now containerd
systemctl restart containerd
systemctl status containerd
# 查看containerd的配置
containerd config dump
# 使用crictl管理镜像
cat >/etc/crictl.yaml<<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF
# 8. 部署k8s
apt-get update && apt-get install -y apt-transport-https
curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/Release.key |
gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/ /" |
tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet kubeadm kubectl
#设置开机启动
systemctl enable kubelet
# 禁止kubelet和kubectl更新
apt-mark hold kubelet kubectl
# 创建修改k8s初始化配置
kubeadm config print init-defaults > /etc/kubernetes/default.yaml
sed -i "s/1.2.3.4/0.0.0.0/" /etc/kubernetes/default.yaml
sed -i "s#registry.k8s.io#registry.cn-hangzhou.aliyuncs.com/google_containers#" /etc/kubernetes/default.yaml
sed -i '/10.96.0.0\/12/a\ podSubnet: 10.244.0.0\/16' /etc/kubernetes/default.yaml
sed -i "s/name: node/name: $HOSTNAME/g" /etc/kubernetes/default.yaml
kubeadm init --config=/etc/kubernetes/default.yaml
# 创9. 建k8s管理配置文件
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
2.2 worker节点
# 1. 在线安装基础软件包
apt update -y
apt install -y gcc gcc+ make apt-transport-https ca-certificates curl gnupg-agent gnupg lsb-release make software-properties-common net-tools git curl ntpdate
# 2. 关闭swap和关闭防火墙
sed -i '/swap/d' /etc/fstab
sudo swapoff -a
systemctl stop swap.target
systemctl disable swap.target
systemctl stop ufw
systemctl disable ufw
# 3. 优化内核参数
cat >>/etc/sysctl.d/k8s.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness = 0
EOF
#使上述配置生效
sysctl --system
# 4. 开启内核转发
echo "1" > /proc/sys/net/ipv4/ip_forward
# 5. 加载内核模块
tee /etc/modules-load.d/containerd.conf <<EOF
overlay
br_netfilter
EOF
modprobe br_netfilter
modprobe overlay
lsmod | grep -iE 'br_netfilter|overlay'
# 6. 修改时区同步时间
timedatectl set-timezone Asia/Shanghai
ntpdate time.windows.com
# 7. 部署cri-containerd容器
# https://github.com/containerd/containerd/releases/download/v1.7.27/cri-containerd-1.7.27-linux-amd64.tar.gz
# 本地下载后上传到服务器上,使用离线部署
tar -zxvf cri-containerd-1.7.27-linux-amd64.tar.gz -C /
mkdir -p /etc/containerd
containerd config default >/etc/containerd/config.toml
# 修改containerd配置的config.toml文件
sed -i 's|^\s*root\s*=.*|root = "/data/containerd"|' /etc/containerd/config.toml
sed -i 's|^\s*SystemdCgroup\s*=.*|SystemdCgroup = true|' /etc/containerd/config.toml
sed -i 's|^\s*sandbox_image\s*=.*|sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9"|' /etc/containerd/config.toml
# 加载开机启动和启动containerd并查看状态
systemctl daemon-reload
systemctl enable --now containerd
systemctl restart containerd
systemctl status containerd
# 查看containerd的配置
containerd config dump
# 使用crictl管理镜像
cat >/etc/crictl.yaml<<EOF
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
EOF
# 8. 部署k8s
apt-get update && apt-get install -y apt-transport-https
curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/Release.key |
gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/ /" |
tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet kubeadm kubectl
#设置开机启动
systemctl enable kubelet
# 禁止kubelet和kubectl更新
apt-mark hold kubelet kubectl
# 9. 加入master节点(使用master端生成的命令)
sudo kubeadm join 192.168.31.200:6443 --token mjy0xx.95lsse7r7fw5sb00
--discovery-token-ca-cert-hash sha256:73b92db9baf19a3e14d679e6d44b5c7a804902d6ffa3d170858d2ccfd5e0c93f
2.3 配置网络
master节点以及node节点都已经配置好环境,但还需要配置一个集群网络,使用calico
拉取网络插件配置yaml
curl -O https://docs.tigera.io/archive/v3.25/manifests/calico.yaml
需要进去改一个配置,将这个CALICO_IPV4POOL_CIDR改为这个字段
把镜像改为国内镜像
[root@kht151 kht]# cat calico.yaml |grep 'image:'
image: docker.io/calico/cni:v3.23.3
image: docker.io/calico/cni:v3.23.3
image: docker.io/calico/node:v3.23.3
image: docker.io/calico/node:v3.23.3
image: docker.io/calico/kube-controllers:v3.23.3
[root@kht151 kht]# sed -i 's#docker.io/##g' calico.yaml
[root@kht151 kht]# cat calico.yaml |grep 'image:'
image: calico/cni:v3.23.3
image: calico/cni:v3.23.3
image: calico/node:v3.23.3
image: calico/node:v3.23.3
image: calico/kube-controllers:v3.23.3
[root@kht151 kht]#
使用docker手动拉取这三个calico镜像
然后使用docker save将这三个镜像转为tar文件
接着再ctr -n k8s.io images import xxx.tar将这三个镜像导入到containerd(注意这一步是所有节点都要导入镜像)
然后kubectl apply -f calico.yaml即可
使用一个一键运行脚本完成这个工作即可,只要提前把这三个镜像拉取下来。
