Ubuntu22.04单节点部署k8s(无需外网)
无外网梯子要求
0 准备工作
0.1 工具安装
安装docker
- 阿里云主机:
## 参考https://help.aliyun.com/zh/ecs/user-guide/install-and-use-docker#8dca4cfa3dn0e
#更新包管理工具
sudo apt-get update
#添加Docker软件包源
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
sudo curl -fsSL http://mirrors.cloud.aliyuncs.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository -y "deb [arch=$(dpkg --print-architecture)] http://mirrors.cloud.aliyuncs.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
#安装Docker社区版本,容器运行时containerd.io,以及Docker构建和Compose插件
sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
#启动Docker
sudo systemctl start docker
#设置Docker守护进程在系统启动时自动启动
sudo systemctl enable docker
- 非阿里云主机
# ---------非阿里云---------------
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
sudo curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository -y "deb [arch=$(dpkg --print-architecture)] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
#安装Docker社区版本,容器运行时containerd.io,以及Docker构建和Compose插件
sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
#启动Docker
sudo systemctl start docker
#设置Docker守护进程在系统启动时自动启动
sudo systemctl enable docker
安装docker 加速(有)
通过kspeeder来做加速,
# 参考 https://github.com/kspeeder/docker_kspeeder
docker pull docker.m.daocloud.io/linkease/kspeeder:latest
docker tag docker.m.daocloud.io/linkease/kspeeder:latest linkease/kspeeder:latestmkdir -p kspeeder
cd kspeeder
tee docker-compose.yaml <<EOF
services:kspeeder:image: linkease/kspeeder:latestcontainer_name: kspeederports:- "5443:5443"- "5003:5003"volumes:- ./kspeeder-data:/kspeeder-data- ./kspeeder-config:/kspeeder-configrestart: unless-stopped
EOFdocker compose up -dsudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<EOF
{"registry-mirrors": ["https://registry.linkease.net:5443"]
}
EOFsudo systemctl daemon-reload
sudo systemctl restart docker
安装kubelet kubeadm kubectl
sudo apt-get update && sudo apt-get install -y ca-certificates curl software-properties-common apt-transport-https curl
curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -sudo tee /etc/apt/sources.list.d/kubernetes.list <<EOF
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOFsudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl #阻止自动更新
0.2 单机配置
sudo su -
# 关闭Swap
swapoff -a
sed -i '/ swap / s/^/#/' /etc/fstab# 关闭防火墙
systemctl stop firewalld
systemctl disable firewalld# 禁用SELinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config# 加载必要的内核模块
sudo modprobe overlay
sudo modprobe br_netfilter# 设置内核参数
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF# 应用配置
sudo sysctl --system# 设置主机名
sudo hostnamectl set-hostname master# 查看本机ip
# ip route get 1.1.1.1 | awk '{print $7}'
export MYIP=$(ip route get 1.1.1.1 | awk '{print $7}')# 编辑 /etc/hosts ip换成本地ip
echo "$MYIP master" | sudo tee -a /etc/hosts # 配置免密
ssh-keygen
ssh-copy-id root@$MYIP #ip换成本地ip
1 安装配置
1.1 配置containerd
# 先创建containerd目录
mkdir -p /etc/containerd#生成config.toml文件
containerd config default | sudo tee /etc/containerd/config.toml编辑修改containerd配置
# 命令行修改
sed -i 's/pause:3\.8/pause:3\.9/g' /etc/containerd/config.toml
sed -i 's/SystemdCgroup\ =\ false/SystemdCgroup\ =\ true/g' /etc/containerd/config.toml
sed -i '/\[plugins\."io\.containerd\.grpc\.v1\.cri"\.registry\]/,/\[/{s#config_path *= *".*"#config_path = "/etc/containerd/certs.d"#}' /etc/containerd/config.toml# 或者使用以下修改,二选一:
vim /etc/containerd/config.toml
#完成以下修改
[plugins."io.containerd.grpc.v1.cri"]
..................................
# 搜索sandbox_image,把原来的k8s.gcr.io/pause:3.6改为"registry.aliyuncs.com/google_containers/pause:3.9"
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
..........................
SystemdCgroup = true #搜索SystemdCgroup,把这个false改为true # 搜索config_path,配置镜像加速地址(这是一个目录下面创建)
[plugins."io.containerd.grpc.v1.cri".registry]config_path = "/etc/containerd/certs.d"
创建加速内容
mkdir /etc/containerd/certs.d/docker.io -pv
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://b9pmyelo.mirror.aliyuncs.com"]capabilities = ["pull", "resolve"]
EOF
加载containerd的内核模块并重启containerd
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter# 重启containerd
systemctl restart containerd
systemctl status containerd
确认containerd的状态
crictl image ls
情况一:在用户态状态下 permission denied报错
~$ crictl image ls
FATA[0000] validate service connection: validate CRI v1 image API for endpoint "unix:///run/containerd/containerd.sock": rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied"
修改:
# 查看权限
~$ ls -l /run/containerd/containerd.sock
srw-rw---- 1 root root 0 11月 4 16:37 /run/containerd/containerd.sock# 修改
sudo chmod 666 /run/containerd/containerd.sock
情况二:crictl 中socker问题
error: desc = \"transport: Error while dialing dial unix /var/run/dockershim.sock: connect: no such file or directory\"" filter="&ContainerFilter{Id:,State:nil,PodSandboxId:,LabelSelector:map[string]string{},}"
FATA[0000] listing containers: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial unix /var/run/dockershim.sock: connect: no such file or directory"
解决:
cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 5
debug: false
EOFsystemctl restart containerd
systemctl status containerd
1.2 创建并配置kubeadm-config.yaml
cd
sudo kubeadm config print init-defaults > kubeadm-config.yaml
vi kubeadm-config.yaml# 完成以下四处修改
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:- system:bootstrappers:kubeadm:default-node-tokentoken: abcdef.0123456789abcdefttl: 24h0m0susages:- signing- authentication
kind: InitConfiguration
localAPIEndpoint:advertiseAddress: 192.168.1.73 # 修改成本地内网ipbindPort: 6443
nodeRegistration:criSocket: /var/run/dockershim.sock imagePullPolicy: IfNotPresentname: master # 修改成自定义的名称taints: null
---
apiServer:timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:local:dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers # 使用阿里源
kind: ClusterConfiguration
kubernetesVersion: 1.22.0
networking:dnsDomain: cluster.localserviceSubnet: 10.244.0.0/16 # 修改成10.244.0.0/16
scheduler: {}
2 安装k8s
2.1 初始化k8s
运行kubeadm-config.yaml配置文件
sudo kubeadm init --config kubeadm-config.yaml --v=5# 看到Your Kubernetes control-plane has initialized successfully!说明配置成功# 并执行成功后的提示命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
可能遇到的问题:
修改后重新初始化,需要先重置
kubeadm reset --force
rm -rf $HOME/.kube
1、拉取Initial timeout of 40s passed.(大概率会遇到)
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s# 定位方法
#===================
# 查看 kubelet 服务状态
systemctl status kubelet# 查看 kubelet 详细日志
journalctl -xeu kubelet -f#是否存在类似以下内容:
Nov 03 18:25:00 master kubelet[13305]: E1103 18:25:00.696979 13305 kuberuntime_manager.go:1166] "CreatePodSandbox for pod failed" err="rpc error: code = Unknown desc = failed to get sandbox image \"registry.k8>解决方案:
# 重新打标签
sudo ctr -n k8s.io images tag registry.aliyuncs.com/google_containers/pause:3.9 registry.k8s.io/pause:3.9# 重置安装内容
sudo kubeadm reset --force
rm $HOME/.kube -rf
2、 container runtime is not running
I1104 14:54:42.227457 15347 checks.go:243] validating the existence and emptiness of directory /var/lib/etcd
[preflight] Some fatal errors occurred:[ERROR CRI]: container runtime is not running: output: time="2025-11-04T14:54:42+08:00" level=fatal msg="validate service connection: CRI v1 runtime API is not implemented for endpoint \"unix:///var/run/containerd/containerd.sock\": rpc error: code = Unimplemented desc = unknown service runtime.v1.RuntimeService"
, error: exit status 1
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...配置container中有内核步骤没有执行,重新执行后解决
3 、
此时通过 kubectl get pod -A查看pod 状态,可以看到dns是有问题的,通过运行kubectl get node会发现master处于NotReady状态,这时需要安装 网络组件calico.
2.2 配置网络组件 calico
如果有梯子可以跳过以下步骤:
sudo docker pull calico/cni:v3.25.0
sudo docker pull calico/kube-controllers:v3.25.0
sudo docker pull calico/node:v3.25.0# 导出所有docker镜像
sudo docker save -o calico.tar calico/cni:v3.25.0 calico/kube-controllers:v3.25.0 calico/node:v3.25.0# 导入到k8s的cri空间
sudo ctr -n k8s.io images import calico.tar
安装组件:
通过kubectl get pod -A查看calico的状态,如果一直处于拉镜像状态,则通过以下方式解决,注意calico.yaml中的版本
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml
3 安装成功
查看状态
kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-658d97c59c-gk66h 1/1 Running 0 18s
kube-system calico-node-xqh69 0/1 Running 0 18s
kube-system coredns-66f779496c-hg59b 1/1 Running 0 3m25s
kube-system coredns-66f779496c-j7hp2 1/1 Running 0 3m25s
kube-system etcd-master 1/1 Running 1 3m30s
kube-system kube-apiserver-master 1/1 Running 1 3m30s
kube-system kube-controller-manager-master 1/1 Running 1 3m30s
kube-system kube-proxy-dtf2j 1/1 Running 0 3m26s
kube-system kube-scheduler-master 1/1 Running 1 3m30s