把主机清单写到/etc/hosts中 ``` cat > /etc/hosts < /etc/sysctl.d/k8s.conf <> /etc/modules && modprobe br_netfilter sysctl -p /etc/sysctl.d/k8s.conf ``` 关闭swap和防火墙 ``` swapoff -a # 临时 sed -ri 's/.*swap.*/#&/' /etc/fstab systemctl stop ufw systemctl disable ufw ``` 安装ipvs ``` apt install ipset ipvsadm net-tools -y modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack lsmod | grep -e ip_vs -e nf_conntrack ``` 安装containerd（来源于docker官网） ``` apt-get install ca-certificates curl gnupg -y install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo \ "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y apt install containerd.io -y systemctl start containerd systemctl enable containerd ``` 配置containerd ``` mkdir -p /etc/containerd containerd config default > /etc/containerd/config.toml ``` 配置Systemd以及配置镜像加速 ``` 修改pause镜像路径（原镜像拉不下来) 替换 k8s.gcr.io/pause:x.x 为 registry.aliyuncs.com/google_containers/pause:x.x(x.x保持不变) 启用SystemdCgroup 修改SystemdCgroup=true [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://hub-mirror.c.163.com"] ``` 添加k8s软件仓库 ``` wget -qO - https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add - echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" >>/etc/apt/sources.list.d/kubernetes.list apt update -y ``` 安装相关组件 ``` apt install kubelet=1.28.0-00 kubeadm=1.28.0-00 kubectl=1.28.0-00 -y ``` 初始化K8S集群 ``` source <(kubeadm completion bash) kubeadm init --kubernetes-version=v1.28.0 --apiserver-advertise-address=192.168.30.6 --control-plane-endpoint=192.168.30.200 --image-repository=registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 ``` 回显 ``` mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of control-plane nodes by copying certificate authorities and service account keys on each node and then running the following as root: kubeadm join 192.168.30.200:6443 --token f0gexj.iytj5hqfc5s1116l \ --discovery-token-ca-cert-hash sha256:1465370d2d4b57183d4b6a58845c17cbebb879c9f331fb0434f6cab6e4c2808f \ --control-plane Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.30.200:6443 --token ydz0cs.j19rp8pnn8704daa \ --discovery-token-ca-cert-hash sha256:d71f8f976a0e75c023ab811b95037ab41d061375a0f4e7a4eb2ba346eac77509 ``` k8s-master-2/3先关闭lo:0，向1注册 ``` ifconfig lo:0 down scp /etc/kubernetes/admin.conf root@k8s-master-3:/etc/kubernetes scp /etc/kubernetes/pki/{ca.*,sa.*,front-proxy-ca.*} root@k8s-master-3:/etc/kubernetes/pki scp /etc/kubernetes/pki/etcd/ca.* root@k8s-master-3:/etc/kubernetes/pki/etcd scp /etc/kubernetes/admin.conf root@k8s-master-2:/etc/kubernetes scp /etc/kubernetes/pki/{ca.*,sa.*,front-proxy-ca.*} root@k8s-master-2:/etc/kubernetes/pki scp /etc/kubernetes/pki/etcd/ca.* root@k8s-master-2:/etc/kubernetes/pki/etcd kubeadm join 192.168.30.200:6443 --token z4k9ta.eddqrseu4jjd7iwz \ --discovery-token-ca-cert-hash sha256:26457fb6f8da7ebc8875ae39042e2494f1be5349dbaf38afcce3c013020fc594 \ --control-plane ``` node节点直接执行下面的就行 ``` kubeadm join 192.168.30.200:6443 --token z4k9ta.eddqrseu4jjd7iwz \ --discovery-token-ca-cert-hash sha256:26457fb6f8da7ebc8875ae39042e2494f1be5349dbaf38afcce3c013020fc594 ```