部署k8s1.28系列参考

部署containerd + K8s 1.28系列

1.系统更新与依赖安装

1
2
apt update && apt upgrade -y
apt install -y apt-transport-https ca-certificates curl gnupg lsb-release net-tools

2.关闭swap

1
2
3
4
5
6
7
[root@master231 ~]# swapoff -a
[root@master231 ~]# sed -i '/swap/s/^/#/' /etc/fstab
[root@master231 ~]# free -h
               total        used        free      shared  buff/cache   available
Mem:           5.4Gi       387Mi       1.3Gi       1.0Mi       3.7Gi       4.7Gi
Swap:             0B          0B          0B

3.加载内核模块+配置网络

1
2
3
4
5
6
7
8
9
10
11
12
#加载内核overlay
modprobe overlay
#加载内核模块br_netfilter
modprobe br_netfilter
#写入k8s必须的3个内核参数  #网桥流量走 iptables 规则。IPv6 网桥流量也走防火墙规则,IP 转发。开启让 Pod 之间、Pod 和外网能通信
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF
#让参数生效
sysctl --system

4.安装containerd

1
2
3
4
5
6
7
[root@master231 ~]# install -m 0755 -d /etc/apt/keyrings
[root@master231 ~]# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
#添加 Docker源
[root@master231 ~]# echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list
#更新源并安装 containerd
apt update
apt install -y containerd.io

5.配置 containerd

1
2
3
4
5
6
7
8
9
# 生成默认配置
containerd config default > /etc/containerd/config.toml
# 修改 Cgroup 驱动为 systemd(与 K8s 兼容)
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
# 重启并设置自启
systemctl restart containerd
systemctl enable containerd
# 验证状态
systemctl status containerd --no-pager

6.添加k8s阿里云源

1
2
curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | gpg --dearmor -o /etc/apt/keyrings/k8s-key.gpg
echo "deb [signed-by=/etc/apt/keyrings/k8s-key.gpg] https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/k8s.list

7.安装 kubeadm/kubelet/kubectl

1
2
3
4
5
6
7
apt update
# 安装指定版本(1.28.2,可按需调整)
apt install -y kubelet=1.28.2-00 kubeadm=1.28.2-00 kubectl=1.28.2-00
# 锁定版本(防止自动更新)
apt-mark hold kubelet kubeadm kubectl
# 验证版本
kubeadm version

8.master初始化集群

1
2
3
4
5
kubeadm init \
  --apiserver-advertise-address=<Master节点IP> \  # 替换为 Master 实际IP
  --image-repository registry.aliyuncs.com/google_containers \  # 阿里云镜像源
  --service-cidr=10.96.0.0/12 \  # Service 网段(固定推荐值)
  --pod-network-cidr=192.168.0.0/16  # Pod 网段(适配 Calico)

9.配置kubectl客户端

1
2
3
4
5
mkdir -p $HOME/.kube
cp /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
# 验证配置
kubectl get nodes  # 此时 Master 节点状态为 NotReady(未装网络插件)

10.复制最后输出的 kubeadm join 命令

11.worker加入集群

1
粘贴你的join命令

12.安装网络插件calico

1
2
3
4
# 部署 Calico(适配 192.168.0.0/16 网段)
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.28.3/manifests/calico.yaml
# 等待 2-3 分钟,验证网络插件状态
kubectl get pods -n kube-system -l k8s-app=calico-node

13.查看结果

1
2
3
4
5
[root@master231 ~]# kubectl get node
NAME        STATUS   ROLES           AGE   VERSION
master231   Ready    control-plane   22m   v1.28.15
worker232   Ready    <none>          21m   v1.28.15
worker233   Ready    <none>          21m   v1.28.15

14.查看K8s 核心组件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
[root@master231 ~]# kubectl get pods -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-85bc9f8447-bcp5d   1/1     Running   0          14m
calico-node-jk964                          1/1     Running   0          14m
calico-node-kqhww                          1/1     Running   0          82s
calico-node-pg269                          1/1     Running   0          14m
coredns-66f779496c-dzhwt                   1/1     Running   0          21m
coredns-66f779496c-f8z4t                   1/1     Running   0          21m
etcd-master231                             1/1     Running   0          21m
kube-apiserver-master231                   1/1     Running   0          21m
kube-controller-manager-master231          1/1     Running   0          21m
kube-proxy-4l42q                           1/1     Running   0          19m
kube-proxy-lt5p8                           1/1     Running   0          82s
kube-proxy-r4qwn                           1/1     Running   0          21m
kube-scheduler-master231                   1/1     Running   0          21m
[root@master231 ~]# kubectl get pods -A --field-selector=spec.nodeName=master231
NAMESPACE     NAME                                       READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-85bc9f8447-bcp5d   1/1     Running   0          14m
kube-system   calico-node-jk964                          1/1     Running   0          14m
kube-system   coredns-66f779496c-dzhwt                   1/1     Running   0          21m
kube-system   coredns-66f779496c-f8z4t                   1/1     Running   0          21m
kube-system   etcd-master231                             1/1     Running   0          21m
kube-system   kube-apiserver-master231                   1/1     Running   0          21m
kube-system   kube-controller-manager-master231          1/1     Running   0          21m
kube-system   kube-proxy-r4qwn                           1/1     Running   0          21m
kube-system   kube-scheduler-master231                   1/1     Running   0          21m
[root@master231 ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE   ERROR
scheduler            Healthy   ok        
controller-manager   Healthy   ok        
etcd-0               Healthy   ok  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@master231 ~]# netstat -tnulp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 10.0.0.231:2379         0.0.0.0:*               LISTEN      53248/etcd          
tcp        0      0 10.0.0.231:2380         0.0.0.0:*               LISTEN      53248/etcd          
tcp        0      0 127.0.0.1:35383         0.0.0.0:*               LISTEN      51010/containerd    
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      53248/etcd          
tcp        0      0 127.0.0.1:2381          0.0.0.0:*               LISTEN      53248/etcd          
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      20517/systemd-resol 
tcp        0      0 127.0.0.1:10248         0.0.0.0:*               LISTEN      53478/kubelet       
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN      53564/kube-proxy    
tcp        0      0 127.0.0.1:10259         0.0.0.0:*               LISTEN      53411/kube-schedule 
tcp        0      0 127.0.0.1:10257         0.0.0.0:*               LISTEN      53400/kube-controll 
tcp        0      0 127.0.0.1:9099          0.0.0.0:*               LISTEN      54353/calico-node   
tcp        0      0 0.0.0.0:179             0.0.0.0:*               LISTEN      54597/bird          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      20273/sshd: /usr/sb 
tcp6       0      0 :::6443                 :::*                    LISTEN      53231/kube-apiserve 
tcp6       0      0 :::10256                :::*                    LISTEN      53564/kube-proxy    
tcp6       0      0 :::10250                :::*                    LISTEN      53478/kubelet       
tcp6       0      0 :::22                   :::*                    LISTEN      20273/sshd: /usr/sb 
udp        0      0 127.0.0.53:53           0.0.0.0:*                           20517/systemd-resol

k8s
#k8s
部署k8s1.28系列参考
http://example.com/2026/03/16/k8s部署1.28系列参考/
作者
发布于
2026年3月16日
许可协议