前言：根据目前CKA考试要求配置一个基础的练习环境。

           · Ubuntu20.04

           · Kubernetes v1.29.0

           · Containerd

一、硬件配置环境

下表是按照官方文档Kubernetes集群节点最低配置要求 。电脑资源允许可以适当调高配置。

二、系统环境准备（此部分在集群所有节点操作）

1、系统基础设置

sudo systemctl status ufw #查看防火墙状态sudo systemctl stop ufw #关闭防火墙sudo systemctl disable ufw #禁止防火墙开机启动sudo swapoff -a #关闭swap分区sed -ri 's/.*swap.*/#&/' /etc/fstab #禁用swap分区hostnamectl set-hostname master #设置master主机名hostnamectl set-hostname node01 #设置node01主机名 hostnamectl set-hostname node02 #设置node02主机名sudo echo 192.168.10.60 master >> /etc/hosts #设置master的host解析sudo echo 192.168.10.61 node01 >> /etc/hosts #设置node01的host解析sudo echo 192.168.10.62 node02 >> /etc/hosts #设置node02的host解析sudo timedatectl set-timezone Asia/Shanghai #配置时区

 2、安装时间同步服务

sudo apt-get updatesudo apt-get install -y chronysudo systemctl start chronysudo systemctl status chronysudo systemctl enable chronysudo chronyc sourcestats -v

3、 允许 iptables 检查桥接流量设置

#转发IPv4并让iptables看到桥接流量cat <<EOF | sudo tee /etc/modules-load.d/k8s.confoverlaybr_netfilterEOFsudo modprobe overlaysudo modprobe br_netfilter#设置所需的sysctl参数，参数在重新启动后保持不变cat <<EOF | sudo tee /etc/sysctl.d/k8s.confnet.bridge.bridge-nf-call-iptables = 1net.bridge.bridge-nf-call-ip6tables = 1net.ipv4.ip_forward = 1EOF#应用sysctl参数而不重新启动sudo sysctl --system#检查确认br_netfilter和overlay模块被加载：lsmod | grep br_netfilterlsmod | grep overlay#检查sysctl是否成功应用：sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward

 4、安装容器运行时Containerd

# 添加Docker'官方GPG key:sudo apt-get updatesudo apt-get install ca-certificates curl gnupgsudo install -m 0755 -d /etc/apt/keyringscurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpgsudo chmod a+r /etc/apt/keyrings/docker.gpg# 添加repository到Apt源:echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/nullsudo apt-get update#安装containerdsudo apt-get install containerd.io#锁定containerd.io 版本sudo apt-mark hold containerd.io#生成containerd配置文件containerd config default > /etc/containerd/config.toml#修改/etc/containerd/config.toml#配置systemd cgroup驱动为true [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] ... [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] SystemdCgroup = true#使用阿里云沙箱（pause）镜像替换原有配置# registry.cn-shanghai.aliyuncs.com/kubesec/pause:3.9 [plugins."io.containerd.grpc.v1.cri"] sandbox_image = "registry.k8s.io/pause:3.6"sudo systemctl restart containerdsudo systemctl enable containerdsudo systemctl status containerd

5、安装 kubeadm、kubelet 和 kubectl

#更新 apt 包索引并安装使用 Kubernetes apt 仓库所需要的包：sudo apt-get updatesudo apt-get install -y apt-transport-https ca-certificates curl gpg#下载用于 Kubernetes 软件包仓库的公共签名密钥。#如果 `/etc/apt/keyrings` 目录不存在，则应在 curl 命令之前创建它。# sudo mkdir -p -m 755 /etc/apt/keyringscurl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg#添加 Kubernetes apt 仓库。 echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list#更新 apt 包索引，安装 kubelet、kubeadm 和 kubectl，并锁定其版本：sudo apt-get updateapt-cache madison kubeadmapt-get install -y kubelet=1.29.0-1.1 kubeadm=1.29.0-1.1 kubectl=1.29.0-1.1sudo apt-mark hold kubelet kubeadm kubectl

三、kubeadm创建集群 

从 v1.22 开始，在使用 kubeadm 创建集群时，如果用户没有在 KubeletConfiguration 下设置 cgroupDriver 字段，kubeadm 默认使用 systemd

1、初始化控制节点（只在master节点执行）

kubeadm init --control-plane-endpoint="master" \--kubernetes-version=v1.29.0 \--pod-network-cidr=10.244.0.0/16 \--service-cidr=10.1.0.0/12 \--token-ttl=0 \--cri-socket unix:///run/containerd/containerd.sock \--image-repository registry.aliyuncs.com/google_containers \--upload-certs

2、根据输出结果执行以下命令（只在master节点执行）

#要使非 root 用户可以运行 kubectl，请运行以下命令mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config#root 用户，则可以运行：export KUBECONFIG=/etc/kubernetes/admin.conf

3、安装Pod网络插件Flannel（只在master节点执行）

#添加raw.githubusercontent.com地址解析echo "185.199.109.133 raw.githubusercontent.com" >> /etc/hosts#下载flannel.yml文件并应用wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlkubectl apply -f kube-flannel.yml

4、安装集群资源监控服务kube-metrics-server（只在master节点执行）

wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml#将image: registry.k8s.io/metrics-server/metrics-server:v0.6.4#替换成阿里镜像源：registry.cn-hangzhou.aliyuncs.com/google_containers/metrics-server:v0.6.4mv components.yaml kube-metrics-server.yamlkubectl apply -f kube-metrics-server.yaml

 5、节点加入集群（node01和node02节点执行）

#执行控制节点输入的加入命令并加上参数--cri-socket /run/containerd/containerd.sockkubeadm join master:6443 --token 3f6ssd.cj9ktdltvhu8myex \ --discovery-token-ca-cert-hash sha256:aa4568ba9d4d77b8804f78b6f5441a2269b5363b5145efe30e5c7307ea2ec0cc \ --cri-socket /run/containerd/containerd.sock

6、查看集群节点和Pod状态

candidate@node01:~$ kubectl get nodeNAME STATUS ROLES AGE VERSIONmaster Ready control-plane 1h v1.29.0node01 Ready worker 1h v1.29.0node02 Ready worker 1h v1.29.0candidate@node01:~$ kubectl get pod --all-namespacesNAMESPACE NAME READY STATUS RESTARTS AGEkube-flannel kube-flannel-ds-2kcht 1/1 Running 0 1hkube-flannel kube-flannel-ds-gd9j4 1/1 Running 0 1h kube-flannel kube-flannel-ds-ngg46 1/1 Running 0 1hkube-system coredns-857d9ff4c9-bg6pn 1/1 Running 0 1h kube-system coredns-857d9ff4c9-rpr7b 1/1 Running 0 1h kube-system etcd-master 1/1 Running 0 1hkube-system kube-apiserver-master 1/1 Running 0 1hkube-system kube-controller-manager-master 1/1 Running 0 1hkube-system kube-proxy-5kwqj 1/1 Running 0 1hkube-system kube-proxy-7p48k 1/1 Running 0 1h kube-system kube-proxy-f4lgd 1/1 Running 0 1h kube-system kube-scheduler-master 1/1 Running 0 1hkube-system metrics-server-579956c978-wjftf 1/1 Running 0 1h