ubuntu系统搭建

ubuntu-22.04.5-desktop-amd64.iso映像文件--->实际却是20.4focal版本。

【安装过程没有特别指出的默认回车下一步】

【用户和密码设置】

【网络连接】

【在vmware上安装的话，网络配置如下】【在vm里配置选择nat或者桥接即可】

【国内源配置】，这里的源是20.04版，内核为5.14，22版本以上为5.15内核

vi /etc/apt/source.list

----

deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse

# deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse

# deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse

deb https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse

deb-src https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse

deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu focal stable

# deb-src [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu focal stable

apt update

apt install -y openssh-server

apt-get install -y vim tree wget bash-completion bash-completion-extras lrzsz net-tools sysstat iotop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect epel-release

【关闭swap】

swapoff -a

sed -i 's/.*swap.*/#&/g' /etc/fstab

【安装ssh服务】

passwd root 给root设置密码

apt-get install -y openssh_server

vi /etc/ssh/sshd_config

#新增

PermitRootLogin yes

PasswordAuthentication yes

Port 22

systemctl restart ssh

【时间同步】

如果是上海市区，默认为北京时间

【xshell连接】

root/1

【iptables桥接流量】

cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
ip_vs
ip_vs_wrr
ip_vs_sh
ip_vs_rr
EOF

sudo modprobe overlay

sudo modprobe br_netfilter

cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf

net.bridge.bridge-nf-call-iptables  = 1

net.bridge.bridge-nf-call-ip6tables = 1

net.ipv4.ip_forward = 1

EOF

sudo sysctl --system

【安装docker  】

#依赖

sudo apt install -y apt-transport-https ca-certificates curl software-properties-common gnupg lsb-release

curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

#如果/etc/apt/source.list文件中已有，就不要再配置docker源了。

sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

sudo apt-get update #更新

mkdir -p /data/docker  #这个目录最好是单独的分区，且容量大，可做rsync远程同步存储到nfs

chmod 755 -R /data/docker

sudo apt-get install docker-ce -y #直接安装是28版本

【docker/daemon.json】

vim /etc/docker/daemon.json

{"exec-opts": ["native.cgroupdriver=systemd"],"registry-mirrors": ["https://docker.1panel.live","https://docker.1panel.dev","https://docker.fxxk.dedyn.io","https://docker.zhai.cm","https://docker.5z5f.com","https://a.ussh.net","https://docker.m.daocloud.io","https://docker.aityp.com","https://docker.m.daocloud.io","https://docker.imgdb.de","https://docker-0.unsee.tech","https://docker.hlmirror.com","https://cjie.eu.org","https://docker.mirrors.ustc.edu.cn"],"storage-driver": "overlay2","log-driver": "json-file","log-level": "warn","log-opts": {"max-size": "100m","max-file": "10"},"default-shm-size": "128M","max-concurrent-downloads": 10,"max-concurrent-uploads": 10,"debug": false,"experimental": true,"features": {"buildkit": true},"data-root": "/data/docker","insecure-registries": ["https://registry.npm.taobao.org"]}

systemctl daemon-reload && systemctl restart docker

【cri-dockerd配置兼容性】

rz cri-dockerd-0.3.16.amd64.tgz

pwd

/home

tar -xf cri-dockerd-0.3.16.amd64.tgz

cp -rf cri-dockerd/cri-dockerd /usr/local/bin/

# 配置启动文件

cat > /etc/systemd/system/cri-docker.service <<-"EOF"
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket
[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --container-runtime-endpoint fd:// --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF

# 配置 socket 文件

cat > /etc/systemd/system/cri-docker.socket <<-EOF
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service
[Socket]
ListenStream=%t/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF

systemctl daemon-reload && systemctl enable cri-docker --now cri-docker && systemctl status cri-docker

【安装k8s】

apt-get install curl

sudo mkdir -p /etc/apt/keyrings

curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes.gpgecho "deb [signed-by=/etc/apt/keyrings/kubernetes.gpg] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

等于：加k8s源+gpg文件

cat /etc/apt/sources.list.d/kubernetes.list
deb [signed-by=/etc/apt/keyrings/kubernetes.gpg] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main

apt update

apt-get install kubeadm kubectl kubelet -y

systemctl enable --now kubelet

#先手动拉取镜像

sudo kubeadm config images pull \--image-repository=registry.aliyuncs.com/google_containers \--cri-socket=unix:///run/cri-dockerd.sock \--kubernetes-version=v1.28.2

#检查cri-dockerd.sock文件路径，和初始化中cri-socket路径一致

ls -l /run/cri-dockerd.sock  #在run目录下的unix:///run/cri-dockerd.sock

#再初始化

sudo kubeadm init --image-repository registry.aliyuncs.com/google_containers --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16 --ignore-preflight-errors=all --cri-socket=unix:///run/cri-dockerd.sock

#粘贴到master节点上

  mkdir -p $HOME/.kube

  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

  sudo chown $(id -u):$(id -g) $HOME/.kube/config

#token

kubeadm join 10.0.0.120:6443 --token 0qgk0z.5hncmkz990wf216w \

--discovery-token-ca-cert-hash sha256:dc989d9d4cc708b8e494392f9b0a79986a3c73dd2f7cead0f73ce3be84613c03

【calico安装】

#先下载镜像，防止因为镜像问题起不来

docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/cni:v3.26.1

docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.26.1

docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.26.1

#再执行yaml文件

kubectl apply -f calico1.yaml

【node节点】

#安装kubelet，kubectl，kubeadm，docker，cri-dockerd，基础工具vim..,hostname，host解析

kubeadm token create --print-join-command#在主节点上重新获取koken

#以yaml文件方式加入集群

vim /etc/kubeadm-config.yaml

vim /etc/kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
discovery:bootstrapToken:token: ts5evm.alms2g3g12lhun2u #master节点的tokencaCertHashes:- "sha256:ad5892b72fce0643d55e6dc1277ae8011b2be85ed491c862f873f6a3fb028dfa"  #master的sha256apiServerEndpoint: "10.10.10.159:6443" #主节点ip
nodeRegistration:criSocket: unix:///run/cri-dockerd.sock  # 根据CRI路径修改，这边文章是在这里。

#加入master所在集群：kubeadm join 10.10.10.159:6443 --config /etc/kubeadm-config.yaml

【master验证是否加入】

kubectl get nodes #查看节点

kubectl get pods #查看calico-node容器，等一会。