Docker + Containerd + Flannel 安装部署K8S
系统环境准备
# 1. 设置主机名
hostnamectl set-hostname k8s-n1 && bash# hostnamectl set-hostname k8s-n2 && bash
# hostnamectl set-hostname k8s-n3 && bash
# 2. 删除系统自带的容器软件(可选,最小化安装的系统这一步可省略)
dnf remove podman container* -y# 3. 关闭防火墙
systemctl --now disable firewalld# 4. 关闭 Selinux
setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config && getenforce# 5. 关闭虚拟内存
swapoff -a && sed -ri 's/.*swap.*/#&/' /etc/fstab && free -m# 6. 设置地址解析
cat << 'EOF' >> /etc/hosts
192.168.110.144 k8s-n1
192.168.110.145 k8s-n2
192.168.110.146 k8s-n3
EOF# 7. 加载桥接过滤内核模块
modprobe br_netfilter
modprobe overlay# 永久生效(重启后仍自动加载)
tee /etc/modules-load.d/k8s.conf <<EOF
br_netfilter
overlay
EOF# 8. 设置所需的 sysctl 参数,参数在重新启动后保持不变
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
EOF# 应用 sysctl 参数而不重新启动
sudo sysctl --system# 使用以下命令验证 `net.ipv4.ip_forward` 是否设置为 1
sysctl net.ipv4.ip_forward
安装Docker
安装 docker-ce 时会自动安装 containerd.io 、Runc 和 docker-compose 等软件依赖
curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo && dnf install docker-ce -y && docker -v && systemctl enable --now docker
安装 cri-dockerd(用于适配 K8S )
cri-dockerd 仓库地址
libcgroup 仓库地址
libcgroup 的 rpm 包下载地址:cri-dockerd 依赖 libcgroup,Rocky Linux 系统默认源不提供软件包安装,需要单独下载
wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.18/cri-dockerd-0.3.18-3.fc36.x86_64.rpm https://pkgs.sysadmins.ws/el9/base/x86_64/libcgroup-3.0-1.el9.0.1.x86_64.rpm && dnf install libcgroup-3.0-1.el9.0.1.x86_64.rpm cri-dockerd-0.3.18-3.fc36.x86_64.rpm -y && systemctl --now enable cri-docker.service
Docker 配置修改
如果当前网络能够访问 k8s (registry.k8s.io)和 Docker Hub(registry-1.docker.io)的镜像仓库这一步可以跳过
Pause 镜像≈ Pod 的“隐形操作系统内核”,用来管理 Pod 的 Namespace 和生命周期。(每个 Pod 的容器列表中会有一个隐藏的
pause容器,通常不直接显示在kubectl get pods输出中)
# 1. 修改容器运行时(如 containerd、Docker)配置,使用可访问的镜像源。调整 Kubernetes 拉取 pause 镜像的专用参数,只有一个——pause(infra)镜像
sudo sed -i 's|^ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://|ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.10|' /usr/lib/systemd/system/cri-docker.service# 2. 创建目录
sudo mkdir -p /etc/docker# 3. 写入配置文件(使用国内源)
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://docker.1panel.live/","https://docker.1ms.run","https://docker.xuanyuan.me","https://lispy.org","https://docker.xiaogenban1993.com","https://docker-0.unsee.tech","https://666860.xyz","https://hub.rat.dev","https://docker.m.daocloud.io","https://dockerproxy.net","https://demo.52013120.xyz","https://proxy.vvvv.ee","https://registry.cyou","https://dockerpull.org","http://cjie.eu.org","https://dockerhub.icu","https://hub.rat.dev","http://docker.wanpeng.top","https://doublezonline.cloud","https://atomhub.openatom.cn","https://docker.fxxk.dedyn.io"]
}
EOF# 4. 重启 docker 服务
systemctl daemon-reload && sudo systemctl restart docker
部署 k8s
添加仓库源
# 此操作会覆盖 /etc/yum.repos.d/kubernetes.repo 中现存的所有配置
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.33/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF
安装 kubelet、kubeadm 和 kubectl
disableexcludes=kubernetes` 就是告诉 dnf:“别管 kubernetes 仓库里的 exclude 规则,我就是要装!”(如果存在这样的 exclude 规则,默认会阻止系统默认更新或安装这些包)
dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes && systemctl enable --now kubelet
初始化集群
默认 criSocket: unix:///var/run/containerd/containerd.sock,直接使用的是containerd.sock,如果是用 docker 则修改为: --cri-socket=unix:///var/run/cri-dockerd.sock
默认 apiserver-advertise-address:非多网卡的情况下可以不指定IP地址,会自动选择默认的网络接口的 IP 地址作为 API 服务器的通告地址
service-cidr:可以通过
kubeadm config print init-defaults | grep serviceSubnet命令查看默认为 10.96.0.0/12 网段pod-network-cidr:参数用于指定 Pod 网络的 IP 地址范围(CIDR)。如不指定该参数,kubeadm 则不会自动分配 Pod 网络 CIDR,而是由后续安装的 CNI(Container Network Interface)插件决定默认值。安装 CNI 插件(如 Calico、Flannel、WeaveNet 等)时,插件会使用自己的默认 CIDR:
- Calico:默认 `192.168.0.0/16
- Flannel:默认 10.244.0.0/16
- WeaveNet:默认 10.32.0.0/12–image-repository:用于指定拉取Kubernetes 官方组件镜像(如 kube-apiserver、kube-controller-manager、kube-proxy 等),可通过
kubeadm config print init-defaults | grep imageRepository查看默认拉取镜像的地址为:registry.k8s.io
kubeadm init --apiserver-advertise-address=192.168.110.144 --image-repository registry.aliyuncs.com/google_containers --cri-socket=unix:///var/run/cri-dockerd.sock
复制 admin.conf 到 $HOME/.kube/config
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
worker 节点加入集群
kubeadm join 192.168.110.144:6443 --token 4y2hkh.79cm5x0suufkp43v \--discovery-token-ca-cert-hash sha256:32cc83b7f2a270fad6db95e15139db41ab20d9b44818279c2b79458c589c1eee \--cri-socket=unix:///var/run/cri-dockerd.sock
安装 calico 网络插件
wget https://docs.projectcalico.org/manifests/calico.yaml && kubectl apply -f calico.yaml
验证安装
[root@k8s-n1 ~]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-7498b9bb4c-s9r6n 1/1 Running 0 136m
kube-system calico-node-65l2j 1/1 Running 0 136m
kube-system calico-node-jxxnf 1/1 Running 0 136m
kube-system calico-node-m8f9p 1/1 Running 0 136m
kube-system coredns-757cc6c8f8-bqztg 1/1 Running 0 151m
kube-system coredns-757cc6c8f8-d4r4x 1/1 Running 0 151m
kube-system etcd-k8s-n1 1/1 Running 1 (137m ago) 151m
kube-system kube-apiserver-k8s-n1 1/1 Running 1 (137m ago) 151m
kube-system kube-controller-manager-k8s-n1 1/1 Running 1 (138m ago) 151m
kube-system kube-proxy-c67s9 1/1 Running 1 (136m ago) 145m
kube-system kube-proxy-ck2fc 1/1 Running 1 (138m ago) 151m
kube-system kube-proxy-qlzqs 1/1 Running 1 (136m ago) 145m
kube-system kube-scheduler-k8s-n1 1/1 Running 1 (138m ago) 151m[root@k8s-n1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-n1 Ready control-plane 151m v1.33.3
k8s-n2 Ready <none> 145m v1.33.3
k8s-n3 Ready <none> 145m v1.33.3[root@k8s-n1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.aliyuncs.com/google_containers/kube-apiserver v1.33.3 a92b4b92a991 2 weeks ago 102MB
registry.aliyuncs.com/google_containers/kube-controller-manager v1.33.3 bf97fadcef43 2 weeks ago 94.6MB
registry.aliyuncs.com/google_containers/kube-scheduler v1.33.3 41376797d512 2 weeks ago 73.4MB
registry.aliyuncs.com/google_containers/kube-proxy v1.33.3 af855adae796 2 weeks ago 97.9MB
registry.aliyuncs.com/google_containers/etcd 3.5.21-0 499038711c08 4 months ago 153MB
registry.aliyuncs.com/google_containers/coredns v1.12.0 1cf5f116067c 8 months ago 70.1MB
registry.aliyuncs.com/google_containers/pause 3.10 873ed7510279 14 months ago 736kB
calico/kube-controllers v3.25.0 5e785d005ccc 2 years ago 71.6MB
calico/cni v3.25.0 d70a5947d57e 2 years ago 198MB
calico/node v3.25.0 08616d26b8e7 2 years ago 245MB[root@k8s-n1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d12b62b15869 calico/kube-controllers "/usr/bin/kube-contr…" 3 hours ago Up 3 hours k8s_calico-kube-controllers_calico-kube-controllers-7498b9bb4c-s9r6n_kube-system_f44345be-9733-4533-8a5c-bfc412558411_0
558ea4826f18 1cf5f116067c "/coredns -conf /etc…" 3 hours ago Up 3 hours k8s_coredns_coredns-757cc6c8f8-d4r4x_kube-system_e45c0ce6-f00e-46b1-b934-04735f3594ce_0
a398f003d09b 1cf5f116067c "/coredns -conf /etc…" 3 hours ago Up 3 hours k8s_coredns_coredns-757cc6c8f8-bqztg_kube-system_c3147e5a-55d6-405a-a155-4ace28874e63_0
b2cbf6d8d63a registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_coredns-757cc6c8f8-bqztg_kube-system_c3147e5a-55d6-405a-a155-4ace28874e63_2
d7e53937b112 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_coredns-757cc6c8f8-d4r4x_kube-system_e45c0ce6-f00e-46b1-b934-04735f3594ce_2
d121eafeac5f registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_calico-kube-controllers-7498b9bb4c-s9r6n_kube-system_f44345be-9733-4533-8a5c-bfc412558411_3
9e0493628085 08616d26b8e7 "start_runit" 3 hours ago Up 3 hours k8s_calico-node_calico-node-65l2j_kube-system_ea3ebed7-986b-47b3-9e50-7a2b11e6adfe_0
1da1ced65603 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_calico-node-65l2j_kube-system_ea3ebed7-986b-47b3-9e50-7a2b11e6adfe_0
9b52c1709536 41376797d512 "kube-scheduler --au…" 3 hours ago Up 3 hours k8s_kube-scheduler_kube-scheduler-k8s-n1_kube-system_8002c56a1a9e4cbda46304d0353a1cf0_1
0fe4352fd8ef 499038711c08 "etcd --advertise-cl…" 3 hours ago Up 3 hours k8s_etcd_etcd-k8s-n1_kube-system_86e38a1b0b52714d200360b69ca8a141_1
df71f0502ff8 a92b4b92a991 "kube-apiserver --ad…" 3 hours ago Up 3 hours k8s_kube-apiserver_kube-apiserver-k8s-n1_kube-system_ac629295faa78072f27d01c8b7ec40cd_1
868191fec8c9 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_etcd-k8s-n1_kube-system_86e38a1b0b52714d200360b69ca8a141_1
425ccbc47628 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_kube-apiserver-k8s-n1_kube-system_ac629295faa78072f27d01c8b7ec40cd_1
f1c3160f39c4 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_kube-scheduler-k8s-n1_kube-system_8002c56a1a9e4cbda46304d0353a1cf0_1
9f67b206adf2 af855adae796 "/usr/local/bin/kube…" 3 hours ago Up 3 hours k8s_kube-proxy_kube-proxy-ck2fc_kube-system_f387171a-8cde-44c9-8472-10fb901c775c_1
669d57eb7739 bf97fadcef43 "kube-controller-man…" 3 hours ago Up 3 hours k8s_kube-controller-manager_kube-controller-manager-k8s-n1_kube-system_4fe303f337b51aa756c9e5b7c9d1a43b_1
6799ce918856 registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_kube-proxy-ck2fc_kube-system_f387171a-8cde-44c9-8472-10fb901c775c_1
6b53a72e664f registry.aliyuncs.com/google_containers/pause:3.10 "/pause" 3 hours ago Up 3 hours k8s_POD_kube-controller-manager-k8s-n1_kube-system_4fe303f337b51aa756c9e5b7c9d1a43b_1
)
:表结构与元数据查询——快速掌握数据库“DNA”)
)
