Ubuntu24.04安装k8s_kubernetes 阿里云仓库-优快云博客

本文链接：https://blog.youkuaiyun.com/omaidb/article/details/122063654

本文介绍如何在Ubuntu18.04上安装并配置Kubernetes集群，包括安装Docker、添加kubeadm源、安装kubectl、初始化Kubernetes集群、使用Rancher进行高级配置及通过kubectl进行集群管理。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Ubuntu24.04安装k8s

Ubuntu24.04安装docker

也适用于Ubuntu18.04到Ubuntu22.04

安装docker基础步骤:
https://blog.youkuaiyun.com/omaidb/article/details/122062219

# 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/aliyun-docker.gpg

# 写入docker源
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

# 刷新源
sudo apt update

# 安装docker
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

参考: https://mp.weixin.qq.com/s/2LWWHkQk61UmvZvI3zVuUg

永久禁用swap

# 永久禁用swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab

echo '禁用swap'

开启内核配置

# 开启配置内核参数
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

# 加载br_netfilter网桥过滤模块
sudo modprobe overlay
sudo modprobe br_netfilter

echo '加载加载br_netfilter网桥过滤模块'

cat <<EOF >/etc/sysctl.d/k8s.conf
# 在ip6tables链中过滤IPv6包
net.bridge.bridge-nf-call-ip6tables = 1
# 是否在iptables链中过滤IPv4包
net.bridge.bridge-nf-call-iptables = 1
# 开启ipv4转发功能
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_recycle=0
# 禁用用swap
vm.swappiness = 0 
# 不检查物理内存是否够用
vm.overcommit_memory=1
# 开启OOM
vm.panic_on_oom=0
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=1048576
fs.file-max=52706963
fs.nr_open=52706963
# 禁用ipv6
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
# 加大允许开启的线程数量
vm.max_map_count=262144
# 同一用户同时可以添加的watch数目
fs.inotify.max_user_watches = 524288
# 防止容器数量增加导致fs.inotify.max_user_instances超过限制
fs.inotify.max_user_instances = 1024
EOF

# 使sysctl生效
sysctl --system

配置ipvs

参考: https://www.jianshu.com/p/cd7f18aacece

# 安装ipvs
apt install ipset ipvsadm -y

# 临时加入ipvs的模块
for i in $(ls /lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i; done

# 将需要启用的模块名写入 /etc/modules 系统启动时会自动加载
ls /lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*" >> /etc/modules

## 查看对应模块是否加载
lsmod | grep -e ip_vs -e nf_conntrack_ipv4

安装依赖包

# 刷新源
sudo apt update

# 安装依赖包
sudo apt install -y \
    ca-certificates \
    curl \
    gnupg \
    lsb-release \
    apt-transport-https

安装k8s相关组件

添加kubeadm源

# 添加key
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -

# 添加国内源
echo "deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

# 安装依赖包
sudo apt update

安装kubectl

# 刷新源
sudo apt update

# 不指定版本则安装最新版
sudo apt install -y kubelet kubeadm kubectl

# 锁定版本
sudo apt-mark hold kubelet kubeadm kubectl

初始化k8s

参考: https://blog.youkuaiyun.com/omaidb/article/details/121549382

使用rancher构建k8s

参考 https://www.rancher.cn/quick-start/
在这里插入图片描述
rancher服务的docker-conpose.yaml配置如下:

services:
  rancher:
    image: rancher/rancher:stable
    container_name: rancher
    privileged: true
    restart: always
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
      - "6443:6443"
    volumes:
      - rancher_data:/var/lib/rancher
      # - /<CERT_DIRECTORY>/<FULL_CHAIN.pem>:/etc/rancher/ssl/cert.pem
      # - /<CERT_DIRECTORY>/<PRIVATE_KEY.pem>:/etc/rancher/ssl/key.pem
      # - /<CERT_DIRECTORY>/<CA_CERTS.pem>:/etc/rancher/ssl/cacerts.pem

    # command: [--acme-domain <YOUR.DNS.NAME> --additional-flag value]
volumes:
  rancher_data:
    external: false

保存,启动rancher服务

# 启动服务
docker compose up -d

查看初次的登陆密码

# 查看初次的登陆密码
docker logs rancher | grep "Password"

使用kubectl管理

# 将kubeconfig文件拷贝到本机
docker cp rancher:/etc/rancher/k3s/k3s.yaml /root/.kube/config

# 使用kubectl管理k8s
kubectl get nodes -A

解决docker无法拉取k8s.gcr.io镜像问题

使用ansible-plybook安装taojan
https://blog.youkuaiyun.com/omaidb/article/details/120028228

---
- name: 安装trojan
  hosts: all
  tasks:
    - name: 创建/opt/trojan目录
      file:
        path: /opt/trojan
        state: directory

    - name: copy trojan 主程序
      copy:
        src: /opt/trojan/trojan
        dest: /opt/trojan/trojan
        mode: '0755'

    - name: copy trojan config
      copy:
        src: /opt/trojan/config.json
        dest: /opt/trojan/config.json
   
- name: install pkg
  hosts: all
  tasks:
    - name: install proxychains
      apt:
        name: proxychains
        state: latest

    - name: edit config
      lineinfile:
        path: /etc/proxychains.conf
        regexp: 'socks4 	127.0.0.1 9050'
        line: 'socks5 127.0.0.1 1080'

    - name: copy sup trojan config
      copy:
        src: /etc/supervisor/conf.d/trojan.conf
        dest: /etc/supervisor/conf.d/trojan.conf

    - name: install supervisor
      apt:
        name: supervisor

    - name: enable supervisor service
      service:
        name: supervisor
        enabled: yes
        state: started

    - name: 重启 supctl
      shell: supervisorctl reload && supervisorctl update
    
    - name: 创建目录
      file:
        path: /etc/systemd/system/docker.service.d
        state: directory
    
    - name: 配置docker代理
      copy:
        src: /etc/systemd/system/docker.service.d/proxy.conf
        dest: /etc/systemd/system/docker.service.d/proxy.conf
    - name: 重载服务
      shell: systemctl daemon-reload
    - name: 重启docker服务
      service:
        name: docker
        state: restarted