一、环境准备1.1 虚拟机配置表格节点 IP 配置k8s-master1 192.168.245.8 1C4Gk8s-worker1 192.168.245.9 1C2Gk8s-worker2 192.168.245.10 1C2G1.2 安装 Anolis OS 8.10下载AnolisOS-8.10-x86_64-minimal.isoVMware 选择CentOS 8 64位安装时选择 ANCK 内核不要选 RHCK二、基础配置所有节点执行2.1 修改主机名和 hostsbash# 根据节点修改# 所有节点执行cat /etc/hosts EOF192.168.245.8 k8s-master1192.168.245.9 k8s-worker1192.168.245.10 k8s-worker2EOF2.2 切换到 cgroup v2必须bashgrubby --update-kernelDEFAULT --argssystemd.unified_cgroup_hierarchy1grub2-mkconfig -o /boot/grub2/grub.cfgreboot重启后验证bashstat -fc %T /sys/fs/cgroup# 输出: cgroup2fs三、环境初始化脚本所有节点执行保存为 init-env.shbash#!/bin/bashset -eecho [1/6] 禁用 SWAPsed -i /swap/d /etc/fstabswapoff -a || trueecho [2/6] 配置 SELinuxif getenforce 2/dev/null | grep -q Enforcing; thensetenforce 0fised -i s/^SELINUXenforcing/SELINUXpermissive/ /etc/selinux/configsed -i s/^SELINUXdisabled/SELINUXpermissive/ /etc/selinux/configecho [3/6] 停止防火墙systemctl stop firewalld || truesystemctl disable firewalld || trueecho [4/6] 加载内核模块cat /etc/modules-load.d/k8s.conf EOFoverlaybr_netfilterEOFmodprobe overlaymodprobe br_netfilterecho [5/6] 配置内核参数cat /etc/sysctl.d/k8s.conf EOFnet.bridge.bridge-nf-call-ip6tables 1net.bridge.bridge-nf-call-iptables 1net.ipv4.ip_forward 1EOFsysctl --systemecho [6/6] 安装 Containerd阿里云源cat /etc/yum.repos.d/docker-ce.repo EOF[docker-ce-stable]nameDocker CE Stable - $basearchbaseurlhttps://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stableenabled1gpgcheck1gpgkeyhttps://mirrors.aliyun.com/docker-ce/linux/centos/gpgEOFdnf install -y -q containerd.io# 配置 containerd关键sandbox_image 指向阿里云containerd config default /etc/containerd/config.tomlsed -i s/SystemdCgroup false/SystemdCgroup true/ /etc/containerd/config.tomlsed -i s|sandbox_image registry.k8s.io/pause:.*|sandbox_image registry.aliyuncs.com/google_containers/pause:3.6| /etc/containerd/config.tomlsystemctl restart containerdsystemctl enable containerdecho 环境初始化完成执行bashchmod x init-env.shbash init-env.sh四、Master 节点部署4.1 安装 K8s 组件bashcat /etc/yum.repos.d/kubernetes.repo EOF[kubernetes]nameKubernetesbaseurlhttps://pkgs.k8s.io/core:/stable:/v1.35/rpm/enabled1gpgcheck1gpgkeyhttps://pkgs.k8s.io/core:/stable:/v1.35/rpm/repodata/repomd.xml.keyexcludekubelet kubeadm kubectl cri-tools kubernetes-cniEOFdnf install -y kubelet kubeadm kubectl --disableexcludeskubernetessystemctl enable kubelet4.2 初始化集群阿里云镜像bashkubeadm init \--pod-network-cidr10.244.0.0/16 \--cri-socket unix:///run/containerd/containerd.sock \--image-repositoryregistry.aliyuncs.com/google_containers4.3 配置 kubectlbashmkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/configecho export KUBECONFIG/etc/kubernetes/admin.conf ~/.bashrc4.4 安装 Flannel 网络bash# 下载 Flannel YAMLDaoCloud 代理curl -L -o kube-flannel.yml https://m.daocloud.io/github.com/flannel-io/flannel/raw/master/Documentation/kube-flannel.yml# 安装kubectl apply -f kube-flannel.yml4.5 获取 Worker 加入命令bashkubeadm token create --print-join-command复制输出等下在 Worker 上执行。五、Worker 节点部署5.1 安装 K8s 组件不需要 kubectlbash# 使用同样的仓库cat /etc/yum.repos.d/kubernetes.repo EOF[kubernetes]nameKubernetesbaseurlhttps://pkgs.k8s.io/core:/stable:/v1.35/rpm/enabled1gpgcheck1gpgkeyhttps://pkgs.k8s.io/core:/stable:/v1.35/rpm/repodata/repomd.xml.keyexcludekubelet kubeadm kubectl cri-tools kubernetes-cniEOFdnf install -y kubelet kubeadm --disableexcludeskubernetessystemctl enable kubelet5.2 预拉取 Worker 所需镜像bash# Flannel 镜像ctr -n k8s.io images pull m.daocloud.io/ghcr.io/flannel-io/flannel:v0.28.4ctr -n k8s.io images pull m.daocloud.io/ghcr.io/flannel-io/flannel-cni-plugin:v1.9.1-flannel1ctr -n k8s.io images tag m.daocloud.io/ghcr.io/flannel-io/flannel:v0.28.4 ghcr.io/flannel-io/flannel:v0.28.4ctr -n k8s.io images tag m.daocloud.io/ghcr.io/flannel-io/flannel-cni-plugin:v1.9.1-flannel1 ghcr.io/flannel-io/flannel-cni-plugin:v1.9.1-flannel1# kube-proxy 镜像ctr -n k8s.io images pull registry.aliyuncs.com/google_containers/kube-proxy:v1.35.5ctr -n k8s.io images tag registry.aliyuncs.com/google_containers/kube-proxy:v1.35.5 registry.k8s.io/kube-proxy:v1.35.55.3 加入集群bash# 执行 Master 上复制的命令kubeadm join 192.168.245.8:6443 --token xxx \--discovery-token-ca-cert-hash sha256:xxx \--cri-socket unix:///run/containerd/containerd.sock六、验证集群在 Master 上执行bash# 查看节点kubectl get nodes# 查看所有系统 Podkubectl get pods -n kube-systemkubectl get pods -n kube-flannel# 部署测试应用kubectl create deployment nginx --imagenginx --replicas3kubectl get pods -o wide七、可选SSH 免密配置多节点管理在 Master 上执行bashssh-keygen -t rsa -b 4096 -N for host in k8s-worker1 k8s-worker2; dossh-copy-id root${host}done
K8s 1.35 + Anolis OS 8.10 三节点集群部署文档
一、环境准备1.1 虚拟机配置表格节点 IP 配置k8s-master1 192.168.245.8 1C4Gk8s-worker1 192.168.245.9 1C2Gk8s-worker2 192.168.245.10 1C2G1.2 安装 Anolis OS 8.10下载AnolisOS-8.10-x86_64-minimal.isoVMware 选择CentOS 8 64位安装时选择 ANCK 内核不要选 RHCK二、基础配置所有节点执行2.1 修改主机名和 hostsbash# 根据节点修改# 所有节点执行cat /etc/hosts EOF192.168.245.8 k8s-master1192.168.245.9 k8s-worker1192.168.245.10 k8s-worker2EOF2.2 切换到 cgroup v2必须bashgrubby --update-kernelDEFAULT --argssystemd.unified_cgroup_hierarchy1grub2-mkconfig -o /boot/grub2/grub.cfgreboot重启后验证bashstat -fc %T /sys/fs/cgroup# 输出: cgroup2fs三、环境初始化脚本所有节点执行保存为 init-env.shbash#!/bin/bashset -eecho [1/6] 禁用 SWAPsed -i /swap/d /etc/fstabswapoff -a || trueecho [2/6] 配置 SELinuxif getenforce 2/dev/null | grep -q Enforcing; thensetenforce 0fised -i s/^SELINUXenforcing/SELINUXpermissive/ /etc/selinux/configsed -i s/^SELINUXdisabled/SELINUXpermissive/ /etc/selinux/configecho [3/6] 停止防火墙systemctl stop firewalld || truesystemctl disable firewalld || trueecho [4/6] 加载内核模块cat /etc/modules-load.d/k8s.conf EOFoverlaybr_netfilterEOFmodprobe overlaymodprobe br_netfilterecho [5/6] 配置内核参数cat /etc/sysctl.d/k8s.conf EOFnet.bridge.bridge-nf-call-ip6tables 1net.bridge.bridge-nf-call-iptables 1net.ipv4.ip_forward 1EOFsysctl --systemecho [6/6] 安装 Containerd阿里云源cat /etc/yum.repos.d/docker-ce.repo EOF[docker-ce-stable]nameDocker CE Stable - $basearchbaseurlhttps://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stableenabled1gpgcheck1gpgkeyhttps://mirrors.aliyun.com/docker-ce/linux/centos/gpgEOFdnf install -y -q containerd.io# 配置 containerd关键sandbox_image 指向阿里云containerd config default /etc/containerd/config.tomlsed -i s/SystemdCgroup false/SystemdCgroup true/ /etc/containerd/config.tomlsed -i s|sandbox_image registry.k8s.io/pause:.*|sandbox_image registry.aliyuncs.com/google_containers/pause:3.6| /etc/containerd/config.tomlsystemctl restart containerdsystemctl enable containerdecho 环境初始化完成执行bashchmod x init-env.shbash init-env.sh四、Master 节点部署4.1 安装 K8s 组件bashcat /etc/yum.repos.d/kubernetes.repo EOF[kubernetes]nameKubernetesbaseurlhttps://pkgs.k8s.io/core:/stable:/v1.35/rpm/enabled1gpgcheck1gpgkeyhttps://pkgs.k8s.io/core:/stable:/v1.35/rpm/repodata/repomd.xml.keyexcludekubelet kubeadm kubectl cri-tools kubernetes-cniEOFdnf install -y kubelet kubeadm kubectl --disableexcludeskubernetessystemctl enable kubelet4.2 初始化集群阿里云镜像bashkubeadm init \--pod-network-cidr10.244.0.0/16 \--cri-socket unix:///run/containerd/containerd.sock \--image-repositoryregistry.aliyuncs.com/google_containers4.3 配置 kubectlbashmkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/configecho export KUBECONFIG/etc/kubernetes/admin.conf ~/.bashrc4.4 安装 Flannel 网络bash# 下载 Flannel YAMLDaoCloud 代理curl -L -o kube-flannel.yml https://m.daocloud.io/github.com/flannel-io/flannel/raw/master/Documentation/kube-flannel.yml# 安装kubectl apply -f kube-flannel.yml4.5 获取 Worker 加入命令bashkubeadm token create --print-join-command复制输出等下在 Worker 上执行。五、Worker 节点部署5.1 安装 K8s 组件不需要 kubectlbash# 使用同样的仓库cat /etc/yum.repos.d/kubernetes.repo EOF[kubernetes]nameKubernetesbaseurlhttps://pkgs.k8s.io/core:/stable:/v1.35/rpm/enabled1gpgcheck1gpgkeyhttps://pkgs.k8s.io/core:/stable:/v1.35/rpm/repodata/repomd.xml.keyexcludekubelet kubeadm kubectl cri-tools kubernetes-cniEOFdnf install -y kubelet kubeadm --disableexcludeskubernetessystemctl enable kubelet5.2 预拉取 Worker 所需镜像bash# Flannel 镜像ctr -n k8s.io images pull m.daocloud.io/ghcr.io/flannel-io/flannel:v0.28.4ctr -n k8s.io images pull m.daocloud.io/ghcr.io/flannel-io/flannel-cni-plugin:v1.9.1-flannel1ctr -n k8s.io images tag m.daocloud.io/ghcr.io/flannel-io/flannel:v0.28.4 ghcr.io/flannel-io/flannel:v0.28.4ctr -n k8s.io images tag m.daocloud.io/ghcr.io/flannel-io/flannel-cni-plugin:v1.9.1-flannel1 ghcr.io/flannel-io/flannel-cni-plugin:v1.9.1-flannel1# kube-proxy 镜像ctr -n k8s.io images pull registry.aliyuncs.com/google_containers/kube-proxy:v1.35.5ctr -n k8s.io images tag registry.aliyuncs.com/google_containers/kube-proxy:v1.35.5 registry.k8s.io/kube-proxy:v1.35.55.3 加入集群bash# 执行 Master 上复制的命令kubeadm join 192.168.245.8:6443 --token xxx \--discovery-token-ca-cert-hash sha256:xxx \--cri-socket unix:///run/containerd/containerd.sock六、验证集群在 Master 上执行bash# 查看节点kubectl get nodes# 查看所有系统 Podkubectl get pods -n kube-systemkubectl get pods -n kube-flannel# 部署测试应用kubectl create deployment nginx --imagenginx --replicas3kubectl get pods -o wide七、可选SSH 免密配置多节点管理在 Master 上执行bashssh-keygen -t rsa -b 4096 -N for host in k8s-worker1 k8s-worker2; dossh-copy-id root${host}done
