头像
小白丶
-- : -- : --

🚀 Kubernetes 集群搭建超详细教程 | v1.33.1 + Rocky Linux 9.5 + containerd

最后更新于:

本文章的教程是基于Rocky Linux 9.5 + containerd搭建Kubernetes 集群,如有问题欢迎留言。(本文下载镜像的地址皆是默认官方源地址,需要配合科学上网,国内网络的话建议修改为国内阿里云相关源)

项目详细信息
K8s 版本1.33.1
操作系统Rocky Linux 9.5
Master 主机名k8s-master01
Worker 主机名-01k8s-node01
Worker 主机名-02k8s-node02
containerd 版本v2.1.3

🧠 一、准备 DNS 解析

📌 这一步需要在所有机器上完成!

1cat >> /etc/hosts <<EOF
2192.168.100.10 k8s-master01
3192.168.100.11 k8s-node01
4192.168.100.12 k8s-node02
5EOF

🧰 1.1 下载并安装 nerdctl 工具

💡 nerdctl 是个非常好用的容器 CLI 工具,底层使用 containerd,命令和 Docker 几乎一样!

下载地址:https://github.com/containerd/nerdctl

1wget https://github.com/containerd/nerdctl/releases/download/v2.1.3/nerdctl-full-2.1.3-linux-amd64.tar.gz
2tar Cxzvvf /usr/local nerdctl-full-2.1.3-linux-amd64.tar.gz

🔍 1.2 查看 containerd 安装版本

1containerd -v

示例输出:

1containerd github.com/containerd/containerd/v2 v2.1.3 c787fb98...

🛠️ 1.3 修改 containerd 配置

1mkdir /etc/containerd
2containerd config default > /etc/containerd/config.toml

修改 pause 镜像为国内源(⚠️ 可选项)

1sed -i "s|sandbox = 'registry.k8s.io/pause:3.10'|sandbox = 'registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10'|" /etc/containerd/config.toml

配置 registry 目录路径:

1sed -i '/^\s*\[plugins.'"'"'io.containerd.cri.v1.images'"'"'.registry\]/{n;s|^\(\s*\)config_path = .*$|\1config_path = '"'"'/etc/containerd/certs.d'"'"'|}' /etc/containerd/config.toml

若需镜像加速:

1mkdir -p /etc/containerd/certs.d/docker.io
2cat > /etc/containerd/certs.d/docker.io/hosts.toml <<-'EOF'
3server = "https://registry.myk8s.cn"
4[host."https://registry.myk8s.cn"]
5  capabilities = ["pull", "resolve", "push"]
6EOF

启动服务:

1systemctl daemon-reload
2systemctl enable --now containerd
3systemctl enable --now buildkit

⌨️ 1.4 nerdctl 命令补全

1nerdctl completion bash > /etc/bash_completion.d/nerdctl
2source /etc/bash_completion.d/nerdctl

🧪 二、测试运行第一个容器

1nerdctl run -d -p 8000:80 --name container1 registry.myk8s.cn/library/nginx
2nerdctl ps

🛠️ 三、部署 Kubernetes 准备工作(所有节点)

📛 3.1 关闭 swap

1swapoff -a
2sed -i 's/.*swap.*/#&/' /etc/fstab

🌉 3.2 开启桥接网络转发

 1cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
 2br_netfilter
 3EOF
 4modprobe br_netfilter
 5
 6cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
 7net.bridge.bridge-nf-call-ip6tables = 1
 8net.bridge.bridge-nf-call-iptables = 1
 9net.ipv4.ip_forward = 1
10EOF
11
12sysctl --system

🧬 3.3 安装 kubeadm、kubelet、kubectl

 1cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
 2[kubernetes]
 3name=Kubernetes
 4baseurl=https://mirrors.nju.edu.cn/kubernetes/core%3A/stable%3A/v1.33/rpm/
 5enabled=1
 6gpgcheck=1
 7gpgkey=https://mirrors.nju.edu.cn/kubernetes/core%3A/stable%3A/v1.33/rpm/repodata/repomd.xml.key
 8exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
 9EOF
10
11yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
12systemctl enable --now kubelet

🔁 3.4 开启命令自动补全

1kubectl completion bash > /etc/bash_completion.d/kubectl
2kubeadm completion bash > /etc/bash_completion.d/kubeadm
3source /etc/bash_completion.d/kubectl
4source /etc/bash_completion.d/kubeadm

🔗 3.5 集成 containerd 到 crictl

1cat > /etc/crictl.yaml <<-'EOF'
2runtime-endpoint: unix:///run/containerd/containerd.sock
3image-endpoint: unix:///run/containerd/containerd.sock
4timeout: 10
5debug: false
6EOF
7
8crictl images

补全命令:

1crictl completion bash > /etc/bash_completion.d/crictl
2source /etc/bash_completion.d/crictl

🔥 建议关闭防火墙(调试阶段)

1systemctl stop firewalld
2systemctl disable firewalld

🚧 四、初始化集群(仅在 Master 上)

✏️ 4.1 生成 kubeadm.yaml 配置

1kubeadm config print init-defaults > kubeadm.yaml
2sed -i 's/.*advert.*/  advertiseAddress: 192.168.100.10/g' kubeadm.yaml
3sed -i 's/.*name.*/  name: k8s-master01/g' kubeadm.yaml
4sed -i "/^\\s*networking:/a\\  podSubnet: 172.16.0.0/16" kubeadm.yaml

📦 4.2 拉取 Kubernetes 镜像

1kubeadm config images pull --config kubeadm.yaml

🚀 4.3 初始化集群

1kubeadm init --config kubeadm.yaml

保存输出的 join 命令!✅

配置 kubectl 权限:

1mkdir -p $HOME/.kube
2cp /etc/kubernetes/admin.conf $HOME/.kube/config
3chown $(id -u):$(id -g) $HOME/.kube/config

🌐 五、部署 Calico 网络插件

1kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/refs/tags/v3.30.0/manifests/tigera-operator.yaml
2
3wget https://raw.githubusercontent.com/projectcalico/calico/refs/tags/v3.30.0/manifests/custom-resources.yaml
4vim custom-resources.yaml

修改:

1cidr: 172.16.0.0/16

应用:

1kubectl apply -f custom-resources.yaml

查看组件:

1kubectl get pods -A

🧩 六、Worker 节点加入集群

🔁 6.1 重新获取 join 命令(在 master 上)

1kubeadm token create --print-join-command

🧷 6.2 在 Worker 节点执行 join 命令

1kubeadm join 192.168.100.10:6443 --token xxxxxx.xxxxxx \
2--discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxx \
3--cri-socket=unix:///run/containerd/containerd.sock

🏷️ 6.3 给节点打标签(master 上执行)

1kubectl label nodes k8s-node01 node-role.kubernetes.io/worker=
2kubectl label nodes k8s-node02 node-role.kubernetes.io/worker=

✅ 七、确认集群运行状态

1kubectl get nodes
2kubectl get pod -A

确认所有组件都处于 Running 状态🎉


以上就是 Rocky Linux 9.5 + Kubernetes 1.33.1 + containerd 的集群搭建全过程,若你跟着一步一步做下来,恭喜你!你现在已经拥有一个高性能、高可用的 K8s 集群啦!🔥🚀

最新文章