部署k8s集群

节点规划：

master	10.1.1.101/24	8c8g
node1	10.1.1.102/24	2c4g
node2	10.1.1.103/24	2c4g
gw: 10.1.1.2
dns: 223.5.5.5

禁用swap分区、修改hosts、启用 br_netfilterip_forward

cat <<EOF >/etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF

modprobe br_netfilter
sysctl --system

安装容器运行时containerd

#Step 1: Installing containerd
wget https://github.com/containerd/containerd/releases/download/v2.2.0/containerd-2.2.0-linux-amd64.tar.gz
tar Cxzf /usr/local containerd-2.2.0-linux-amd64.tar.gz

cat >> /usr/lib/systemd/system/containerd.service <<EOF
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target dbus.service

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now containerd

#Step 2: Installing runc
wget https://github.com/opencontainers/runc/releases/download/v1.4.0-rc.3/runc.amd64
install -m 755 runc.amd64 /usr/local/sbin/runc

#Step 3: Installing CNI plugins
wget https://github.com/containernetworking/plugins/releases/download/v1.8.0/cni-plugins-linux-amd64-v1.8.0.tgz
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.8.0.tgz

生成 containerd 默认配置文件

containerd config default > /etc/containerd/config.toml
#添加以下参数
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  ...
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    SystemdCgroup = true

#修改沙盒镜像
[plugins."io.containerd.grpc.v1.cri"]
  sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10"

#增加镜像源
    [plugins.'io.containerd.cri.v1.images'.registry]
      config_path = '/etc/containerd/certs.d:/etc/docker/certs.d'
      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors] #主要在这下面配置镜像加速服务

       [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
        endpoint=[ "registry.cn-hangzhou.aliyuncs.com/google_containers", "https://k8s.m.daocloud.io", "https://docker.mirrors.ustc.edu.cn","https://hub-mirror.c.163.com"]



mkdir -p /etc/containerd/certs.d/_default
cat >> /etc/containerd/certs.d/_default/hosts.toml <<EOF
[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]
EOF

安装 kubeadm、kubelet 和 kubectl

apt-get install apt-transport-https ca-certificates curl gpg -y
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl

systemctl enable --now kubelet


kubeadm config images pull --kubernetes-version 1.32.10 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers

kubeadm init \
  --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers \
  --kubernetes-version=v1.32.10 \
  --apiserver-advertise-address 10.1.1.101 \
  --pod-network-cidr 10.244.0.0/16 \
  --service-cidr 10.96.0.0/12
  
  

kubectl命令补全

echo "source <(kubectl completion bash)" >> ~/.bashrc
source ~/.bashrc