debian 12安装kubernetes
# 环境准备
在开始之前,确保所有节点的容器运行时、网络转发和 Swap 状态已配置妥当。
# 修改主机名
hostnamectl set-hostname k8s-master01
1
# 配置 hosts
cat >> /etc/hosts <<EOF
192.168.171.134 k8s-master001
192.168.171.135 k8s-node01
192.168.171.137 k8s-node02
EOF
1
2
3
4
5
2
3
4
5
# 关闭 Swap
Kubernetes 要求关闭 Swap 以保证性能稳定性。
Bash
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
1
2
2
# 转发 IPv4 并让 iptables 看到桥接流量
Bash
cat <<EOF | tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
# 设置所需的 sysctl 参数
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用参数
sysctl --system
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 切换aliyun源
# 1、debian源
vim /etc/apt/sources.list
deb http://mirrors.aliyun.com/debian/ bookworm main contrib non-free non-free-firmware
deb-src http://mirrors.aliyun.com/debian/ bookworm main contrib non-free non-free-firmware
deb http://mirrors.aliyun.com/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src http://mirrors.aliyun.com/debian-security bookworm-security main contrib non-free non-free-firmware
deb http://mirrors.aliyun.com/debian/ bookworm-updates main contrib non-free non-free-firmware
deb-src http://mirrors.aliyun.com/debian/ bookworm-updates main contrib non-free non-free-firmware
deb http://mirrors.aliyun.com/debian/ bookworm-backports main contrib non-free non-free-firmware
deb-src http://mirrors.aliyun.com/debian/ bookworm-backports main contrib non-free non-free-firmware
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
# 2、kubernetes源
apt install -y apt-transport-https ca-certificates curl
apt update
apt install -y gnupg
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg \
| gpg --dearmor -o /etc/apt/keyrings/kubernetes-aliyun.gpg
#添加阿里云源
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb [signed-by=/etc/apt/keyrings/kubernetes-aliyun.gpg] https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main
EOF
apt update
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
# 安装containerd
K8s 1.24+ 已移除 Docker,建议直接 containerd
apt install -y containerd
1
生成默认配置:
containerd config default > /etc/containerd/config.toml
1
修改为 systemd cgroup(非常关键):
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
1
重启:
systemctl restart containerd
systemctl enable containerd
1
2
2
# 配置aliyun源
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml > /dev/null
#配置镜像加速
#找到[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
#添加
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry.aliyuncs.com"]
# 找到 sandbox_image 这一行,将镜像修改为阿里云的代理
sudo sed -i 's|sandbox_image = ".*"|sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"|' /etc/containerd/config.toml
# 开启 SystemdCgroup
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
sudo systemctl restart containerd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
2
3
4
5
6
7
8
9
10
11
12
13
14
# 安装kubernetes组件
apt install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
1
2
2
# 初始化master节点
kubeadm init \
--apiserver-advertise-address=192.168.171.134 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.28.2 \
--pod-network-cidr=10.244.0.0/16
#如果失败请重置初始化
kubeadm reset -f
1
2
3
4
5
6
7
2
3
4
5
6
7
# 配置kubelet
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
1
2
3
2
3
# 安装网络插件
github地址:https://github.com/projectcalico/calico
下载Calico配置文件
wget https://docs.projectcalico.org/manifests/calico.yaml
这里我用的是提前准备好的配置文件
还记得初始化k8s集群时填的这个地址不?
--pod-network-cidr=10.244.0.0/16
安装网络插件calico的时候,配置成这个地址才行
vim calico.yaml
---------------
注意看2个地方的配置
搜索查看文件:
:/CALICO_IPV4POOL_CIDR
修改要求: 你在 kubeadm init 时指定的 --pod-network-cidr 必须与 Calico 配置文件中的 CALICO_IPV4POOL_CIDR 保持一致。
操作建议: 如果你初始化时用的是 10.244.0.0/16,则必须修改 Calico 的 YAML 文件。
:/image 修改镜像地址
-------------------
#修改文件中镜像地址为可以拉取镜像的地址
sed -i s#docker.io/calico/cni:v3.25.0#docker.cnb.cool/zzppjj/docker-images/cni:v3.25.0#g calico.yaml
sed -i s#docker.io/calico/node:v3.25.0#docker.cnb.cool/zzppjj/docker-images/node:v3.25.0#g calico.yaml
sed -i s#docker.io/calico/kube-controllers:v3.25.0#docker.cnb.cool/zzppjj/docker-images/kube-controllers:v3.25.0#g calico.yaml
部署calico网络
calico.yaml
kubectl apply -f calico.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# NODE节点加入集群
使用 kubeadm init 输出的 join 命令,例如:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.171.134:6443 --token m24khv.15zeze63mg55i53g \
--discovery-token-ca-cert-hash sha256:64f79c451a1f195781b0f2417824b11f908241703f2aa33fc5e9488163cec21d
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# 验证集群
kubectl get nodes
1
# 常见问题
上次更新: 2026/04/29, 17:14:21
|