一、简介

在阿里云服务器上部署k8s集群，一、3台k8s服务器，1个Master节点，2个工作节点，采用Calico网络技术。二、部署nginx服务到k8s集群，并验证nginx服务运行状态。

二、前置条件

1、需要准备3台服务器

172.21.173.7 k8s-master01 CPU：4C，内存：8G

172.21.173.8 k8s-work01 CPU：2C，内存：2G

172.21.173.9 k8s-work02 CPU：2C，内存：2G

2、安装软件版本

Ubuntu版本：Linux 6.8.0-40-generic

Kubernetes版本：v1.31.1

Docker版本：v27.3.1

Containerd版本：v1.7.22

Kubeadm版本：v1.31.1

Kubectl版本：v1.31.1

Kubelet版本：v1.31.1

Calico版本：v3.28.2

3、参考Kubernetes、Docker、Calico的官方文档

https://kubernetes.io/zh-cn/docs/setup/production-environment/container-runtimes/

https://github.com/containerd/containerd/blob/main/docs/getting-started.md

https://docs.docker.com/engine/install/ubuntu/

https://kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm/

https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart

三、安装containerd（所有服务器上）

1、卸载旧的服务

for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done

2、设置docker仓库地址

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

3、安装Docker

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

systemctl enable containerd

4、配置docker镜像地址

/etc/docker/daemon.json 
{
  "registry-mirrors" : ["https://o7klhlze.mirror.aliyuncs.com"]
}

5、验证docker安装是否成功

sudo docker run hello-world

四、安装kubectl、kubeadm、kubelet（所有服务器上）

1、交换分区的配置

sudo swapoff -a

2、更新 apt 包索引并安装使用 Kubernetes apt 仓库所需要的包

sudo apt-get update# apt-transport-https 可能是一个虚拟包（dummy package）；如果是的话，你可以跳过安装这个包sudo apt-get install -y apt-transport-https ca-certificates curl gpg

3、下载用于 Kubernetes 软件包仓库的公共签名密钥。所有仓库都使用相同的签名密钥，因此你可以忽略URL中的版本

# 如果 `/etc/apt/keyrings` 目录不存在，则应在 curl 命令之前创建它，请阅读下面的注释。# sudo mkdir -p -m 755 /etc/apt/keyringscurl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

4、添加 Kubernetes apt 仓库。请注意，此仓库仅包含适用于 Kubernetes 1.31 的软件包；对于其他 Kubernetes 次要版本，则需要更改 URL 中的 Kubernetes 次要版本以匹配你所需的次要版本（你还应该检查正在阅读的安装文档是否为你计划安装的 Kubernetes 版本的文档）。

# 此操作会覆盖 /etc/apt/sources.list.d/kubernetes.list 中现存的所有配置。echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

5、更新 apt 包索引，安装 kubelet、kubeadm 和 kubectl

sudo apt-get updatesudo apt-get install -y kubelet kubeadm kubectlsudo apt-mark hold kubelet kubeadm kubectl
systemctl enable kubelet

6、检查服务状态

systemctl status kubelet
systemctl status containerd

7、配置主节点的kubeadm-config.yaml

kubeadm config print init-defaults > kubeadm-config.yaml

apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 172.21.173.7
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  imagePullSerial: true
  name: k8s-master01
  taints: null
timeouts:
  controlPlaneComponentHealthCheck: 4m0s
  discovery: 5m0s
  etcdAPICall: 2m0s
  kubeletHealthCheck: 4m0s
  kubernetesAPICall: 1m0s
  tlsBootstrap: 5m0s
  upgradeManifests: 5m0s
---
apiServer: {}
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 87600h0m0s
certificateValidityPeriod: 8760h0m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
encryptionAlgorithm: RSA-2048
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.31.1
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.244.0.0/16
proxy: {}
scheduler: {}
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd

8、配置work节点的kubeadm-config.yaml

kubeadm config print join-defaults > kubeadm-config.yaml

kubeadm-config.yaml的内容：

apiVersion: kubeadm.k8s.io/v1beta4
caCertPath: /etc/kubernetes/pki/ca.crt
discovery:
  bootstrapToken:
    apiServerEndpoint: kube-apiserver:6443
    token: abcdef.0123456789abcdef
    unsafeSkipCAVerification: true
  tlsBootstrapToken: abcdef.0123456789abcdef
kind: JoinConfiguration
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  imagePullSerial: true
  name: k8s-work02  修改work名称
  taints: null
timeouts:
  controlPlaneComponentHealthCheck: 4m0s
  discovery: 5m0s
  etcdAPICall: 2m0s
  kubeletHealthCheck: 4m0s
  kubernetesAPICall: 1m0s
  tlsBootstrap: 5m0s
  upgradeManifests: 5m0s

9、配置域名

/etc/hosts 新增配置：

172.21.173.7 k8s-master01

172.21.173.8 k8s-work01

172.21.173.9 k8s-work02

172.21.173.7 kube-apiserver

hostnamectl set-hostname k8s-work02

10、配置containerd

containerd config default > /etc/containerd/config.toml

修改配置文件：

sandbox_image = "registry.k8s.io/pause:3.8"

修改为："registry.aliyuncs.com/google_containers/pause:3.10 "

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]

BinaryName = ""

CriuImagePath = ""

CriuPath = ""

CriuWorkPath = ""

IoGid = 0

IoUid = 0

NoNewKeyring = false

NoPivotRoot = false

Root = ""

ShimCgroup = ""

SystemdCgroup = false 修改为true

重启服务：

systemctl restart containerd

11、主节点加入集群（仅主节点）

kubeadm init --config kubeadm-config.yaml --upload-certs --v=3 --ignore-preflight-errors=all

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 172.21.173.7:6443 --token abcdef.0123456789abcdef \
        --discovery-token-ca-cert-hash sha256:135c555a101094be165b82b891fa14607e339725843cfb2d36c428266566d409

12、主节点配置.kube/config

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

13、work节点加入集群（仅work节点）

kubeadm join --config kubeadm-config.yaml --ignore-preflight-errors=all

[preflight] Running pre-flight checks
        [WARNING FileExisting-socat]: socat not found in system path
        [WARNING FileAvailable--etc-kubernetes-pki-ca.crt]: /etc/kubernetes/pki/ca.crt already exists
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-check] Waiting for a healthy kubelet at http://127.0.0.1:10248/healthz. This can take up to 4m0s
[kubelet-check] The kubelet is healthy after 1.00277492s
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

14、work节点加入验证

kubectl get nodes

NAME           STATUS   ROLES           AGE   VERSION
k8s-master01   Ready    control-plane   20h   v1.31.1
k8s-work01     Ready    <none>          23h   v1.31.1
k8s-work02     Ready    <none>          45m   v1.31.1

kubectl get po -n kube-system

NAME                                   READY   STATUS    RESTARTS       AGE
coredns-855c4dd65d-rtdqw               1/1     Running   0              39h
coredns-855c4dd65d-tbbxl               1/1     Running   0              39h
etcd-k8s-master01                      1/1     Running   9 (39h ago)    34h
kube-apiserver-k8s-master01            1/1     Running   50 (39h ago)   34h
kube-controller-manager-k8s-master01   1/1     Running   16 (39h ago)   34h
kube-proxy-5hzvx                       1/1     Running   0              39h
kube-proxy-7dh52                       1/1     Running   0              14h
kube-proxy-7vt2k                       1/1     Running   1 (13h ago)    37h
kube-scheduler-k8s-master01            1/1     Running   27 (39h ago)   34h

五、安装calico（仅主节点）

1、下载operator与custom-resource

wget https://raw.githubusercontent.com/projectcalico/calico/v3.28.2/manifests/tigera-operator.yaml

wget https://raw.githubusercontent.com/projectcalico/calico/v3.28.2/manifests/custom-resources.yaml

2、配置pod网段

修改：custom-resources.yaml

apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
  name: default
spec:
  # Configures Calico networking.
  registry: m.daocloud.io   # 修改为该地址，默认为docker.io外网下载不了
  calicoNetwork:
    ipPools:
    - name: default-ipv4-ippool
      blockSize: 26
      cidr: 10.244.0.0/16    # 修改为主节点配置pod网段一样，podSubnet: 10.244.0.0/16
      encapsulation: VXLANCrossSubnet
      natOutgoing: Enabled
      nodeSelector: all()

---

# This section configures the Calico API server.
# For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.APIServer
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
  name: default
spec: {}

3、安装calico

kubectl create -f tigera-operator.yaml
kubectl create -f custom-resources.yaml

4、查看calico状态

kubectl get po -n calico-system

NAME                                       READY   STATUS    RESTARTS      AGE
calico-kube-controllers-6549cbf949-9gnhh   1/1     Running   0             22h
calico-node-g8df6                          1/1     Running   1 (13h ago)   22h
calico-node-jwdqz                          1/1     Running   0             22h
calico-node-wrkf6                          1/1     Running   0             13h
calico-typha-67659f7458-6nlmt              1/1     Running   1 (13h ago)   13h
calico-typha-67659f7458-8zgw7              1/1     Running   0             22h
csi-node-driver-6sq7m                      2/2     Running   0             13h
csi-node-driver-l57xv                      2/2     Running   2 (13h ago)   22h
csi-node-driver-r5tr8                      2/2     Running   0             22h

六、发布nginx服务到k8s集群环境验证

kubectl apply -f nginx.yaml


kubectl get po 

NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   0          15m

搭建Kubernetes v1.31.1服务器集群，采用Calico网络技术

一、简介

二、前置条件

1、需要准备3台服务器

2、安装软件版本

3、参考Kubernetes、Docker、Calico的官方文档

三、安装containerd（所有服务器上）

1、卸载旧的服务

2、设置docker仓库地址

3、安装Docker

4、配置docker镜像地址

5、验证docker安装是否成功

四、安装kubectl、kubeadm、kubelet（所有服务器上）

1、交换分区的配置

2、更新 apt 包索引并安装使用 Kubernetes apt 仓库所需要的包

3、下载用于 Kubernetes 软件包仓库的公共签名密钥。所有仓库都使用相同的签名密钥，因此你可以忽略URL中的版本

5、更新 apt 包索引，安装 kubelet、kubeadm 和 kubectl

6、检查服务状态

7、配置主节点的kubeadm-config.yaml

8、配置work节点的kubeadm-config.yaml

9、配置域名

10、配置containerd

11、主节点加入集群（仅主节点）

12、主节点配置.kube/config

13、work节点加入集群（仅work节点）

14、work节点加入验证

五、安装calico（仅主节点）

1、下载operator与custom-resource

2、配置pod网段

3、安装calico

4、查看calico状态

六、发布nginx服务到k8s集群环境验证

容器服务

热门文章

最新文章

相关电子书

搭建Kubernetes v1.31.1服务器集群，采用Calico网络技术

一、简介

二、前置条件

1、需要准备3台服务器

2、安装软件版本

3、参考Kubernetes、Docker、Calico的官方文档

三、安装containerd（所有服务器上）

1、卸载旧的服务

2、设置docker仓库地址

3、安装Docker

4、配置docker镜像地址

5、验证docker安装是否成功

四、安装kubectl、kubeadm、kubelet（所有服务器上）

1、交换分区的配置

2、 更新 apt 包索引并安装使用 Kubernetes apt 仓库所需要的包

3、下载用于 Kubernetes 软件包仓库的公共签名密钥。所有仓库都使用相同的签名密钥，因此你可以忽略URL中的版本

5、更新 apt 包索引，安装 kubelet、kubeadm 和 kubectl

6、检查服务状态

7、配置主节点的kubeadm-config.yaml

8、配置work节点的kubeadm-config.yaml

9、配置域名

10、配置containerd

11、主节点加入集群（仅主节点）

12、主节点配置.kube/config

13、work节点加入集群（仅work节点）

14、work节点加入验证

五、安装calico（仅主节点）

1、下载operator与custom-resource

2、配置pod网段

3、安装calico

4、查看calico状态

六、发布nginx服务到k8s集群环境验证

容器服务

热门文章

最新文章

相关电子书

2、更新 apt 包索引并安装使用 Kubernetes apt 仓库所需要的包