{"id":1059,"date":"2024-11-26T15:13:14","date_gmt":"2024-11-26T07:13:14","guid":{"rendered":"http:\/\/www.huerpu.cc:7000\/?p=1059"},"modified":"2024-11-26T15:13:14","modified_gmt":"2024-11-26T07:13:14","slug":"ubuntu24-04%e5%ae%89%e8%a3%85kubernetes1-30-0kubernetes1-30-0%e9%ab%98%e5%8f%af%e7%94%a8%e9%9b%86%e7%be%a4","status":"publish","type":"post","link":"http:\/\/www.huerpu.cc:7000\/?p=1059","title":{"rendered":"ubuntu24.04\u5b89\u88c5Kubernetes1.30.0(kubernetes1.30.0)\u9ad8\u53ef\u7528\u96c6\u7fa4"},"content":{"rendered":"

ubuntu24.04\u5b89\u88c5Kubernetes1.30.0(kubernetes1.30.0)\u9ad8\u53ef\u7528\u96c6\u7fa4<\/h1>\n

\u4e00\u3001\u603b\u4f53\u6982\u89c8<\/h2>\n

\u76ee\u524d\u6700\u65b0\u7248\u7684K8S<\/code>\u7248\u672c\u5e94\u8be5\u662f1.31.0<\/code>\uff0c\u6211\u4eec\u5b89\u88c5\u7684\u662f\u7b2c\u4e8c\u65b0\u7684\u7248\u672c1.30.0<\/code>\uff0c\u56e0\u4e3a\u6709\u5927\u795eXiaoHH Superme<\/a>\u6307\u8def\uff0c\u6240\u4ee5\u57fa\u672c\u4e0a\u6ca1\u8e29\u5751\uff0c\u5f88\u987a\u5229\u5c31\u642d\u5efa\u5b8c\u6210\u4e86\u3002\u6240\u6709\u7684\u673a\u5668\u90fd\u91c7\u7528\u7684\u6700\u65b0\u7248Ubuntu-Server-24.04<\/code>\u957f\u671f\u652f\u6301\u7248\uff0cUbuntu-Server<\/code>\u673a\u5668\u51c6\u5907\u5c31\u7eea\uff0c\u5b89\u88c5\u4e86\u5fc5\u8981\u7684vim<\/code>\u3001ssh<\/code>\u7b49\uff0c\u5e76\u5f00\u542f\u4e86ssh<\/code>\u81ea\u542f\u52a8\u7b49\u6700\u57fa\u7840\u7684\u64cd\u4f5c\uff0c\u5e76\u4e14\u6bcf\u53f0\u673a\u5668\u90fd\u8fdb\u884c\u4e86\u56fa\u5b9aIP<\/code>\u7684\u8bbe\u7f6e\u3002\u5982\u679c\u6709\u9700\u8981\u8bf7\u53c2\u8003\u8fd9\u91cc<\/a>\u3002\u673a\u5668\u90fd\u662f\u8dd1\u5728PVE<\/code>\u865a\u62df\u4e3b\u673a\u4e0a\uff0c\u7a33\u7684\u4e00\u903c\u3002<\/p>\n

\"Screenshot<\/p>\n

3\u53f0master<\/code>\u4e3b\u8282\u70b9(4C8G)\u30013\u53f0(4C8G)worker node<\/code>\u30012\u53f0LoadBalancer<\/code>(4C8G)\uff0c\u5bf9\u5e94\u7684 IP\u5982\u4e0b\uff1a<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
hostname<\/th>\nIP<\/th>\nfunction<\/th>\nVersion<\/th>\n<\/tr>\n<\/thead>\n
hep-kubernetes-master-prd-01<\/td>\n192.168.31.41<\/td>\nControl plane<\/td>\nUbuntu-Server-24.04<\/td>\n<\/tr>\n
hep-kubernetes-master-prd-02<\/td>\n192.168.31.42<\/td>\nControl plane<\/td>\nUbuntu-Server-24.04<\/td>\n<\/tr>\n
hep-kubernetes-master-prd-03<\/td>\n192.168.31.43<\/td>\nControl plane<\/td>\nUbuntu-Server-24.04<\/td>\n<\/tr>\n
hep-kubernetes-apiserver-lb-prd-01<\/td>\n192.168.31.44<\/td>\nLoadBalancer<\/td>\nUbuntu-Server-24.04<\/td>\n<\/tr>\n
hep-kubernetes-apiserver-lb-prd-02<\/td>\n192.168.31.45<\/td>\nLoadBalancer<\/td>\nUbuntu-Server-24.04<\/td>\n<\/tr>\n
hep-kubernetes-worker-prd-01<\/td>\n192.168.31.46<\/td>\nworker node<\/td>\nUbuntu-Server-24.04<\/td>\n<\/tr>\n
hep-kubernetes-worker-prd-02<\/td>\n192.168.31.47<\/td>\nworker node<\/td>\nUbuntu-Server-24.04<\/td>\n<\/tr>\n
hep-kubernetes-worker-prd-03<\/td>\n192.168.31.48<\/td>\nworker node<\/td>\nUbuntu-Server-24.04<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u89d2\u8272\u5206\u914d\uff1a<\/p>\n

    \n
  • \n

    hep-kubernetes-apiserver-lb-prd-01<\/code>\u548chep-kubernetes-apiserver-lb-prd-02<\/code>\u5b89\u88c5keepalived<\/code>\u548chaproxy<\/code>\uff0c\u505a\u4e3b\u8282\u70b9apiserver<\/code>\u7684\u8d1f\u8f7d\u5747\u8861\u5668<\/p>\n<\/li>\n

  • \n

    hep-kubernetes-master-prd-01<\/code>\u3001hep-kubernetes-master-prd-02<\/code>\u3001hep-kubernetes-master-prd-03<\/code>\u4e3a\u4e09\u53f0master<\/code>\u8282\u70b9<\/p>\n<\/li>\n

  • \n

    hep-kubernetes-worker-prd-01<\/code>\u3001hep-kubernetes-worker-prd-02<\/code>\u3001hep-kubernetes-worker-prd-03<\/code>\u4e3a\u4e09\u53f0worker<\/code>\u8282\u70b9\u3002<\/p>\n<\/li>\n<\/ul>\n

    \u5728\u5b89\u88c5\u90e8\u7f72Kubernetes<\/code>\u7684\u65f6\u5019\uff0c\u7531\u4e8e\u673a\u5668\u6bd4\u8f83\u591a\uff0c\u7f51\u4e0a\u7684\u5927\u4f6c\u4eec\u5199\u7684\u6587\u7ae0\u5f88\u591a\u65f6\u5019\u90fd\u4e0d\u77e5\u9053\u8be5\u5728\u54ea\u53f0\u673a\u5668\u4e0a\u64cd\u4f5c\uff0c\u8ba9\u5c0f\u767d\u4eec\u4e0d\u77e5\u6240\u63aa\uff0c\u6240\u4ee5\u6211\u4eec\u5199\u7684\u8fd9\u4e2a\u6559\u7a0b\u90fd\u662f\u57fa\u4e8e\u673a\u5668\u7684\uff0c\u6bcf\u53f0\u673a\u5668\u4e0a\u8be5\u64cd\u4f5c\u5565\uff0c\u5168\u90e8\u5217\u4e3e\u51fa\u6765\u4e86\u3002\u5f53\u7136\u5982\u679c\u4f60\u89c9\u5f97\u7e41\u7410\uff0c\u7279\u522b\u662f\u5728PVE<\/code>\u8fd9\u6837\u7684\u865a\u62df\u5316\u7ba1\u7406\u8f6f\u4ef6\u4e2d\uff0c\u53ef\u4ee5\u5728\u4e00\u53f0\u673a\u5668\u4e0a\u64cd\u4f5c\u5b8c\u6210\uff0c\u7136\u540e\u590d\u5236\u865a\u62df\u673a\u5373\u53ef\uff0c\u8fd9\u6837\u5c31\u65b9\u4fbf\u4e86\u592a\u591a\u3002<\/p>\n

    \u4e8c\u3001\u914d\u7f6e\u5bb9\u5668\u8fd0\u884c\u65f6<\/h2>\n

    \u9009\u7528\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\u662fcontainerd<\/code>\uff0c\u7248\u672c\u53f7\u4e3a 1.7.20<\/code>\uff0c\u53ef\u4f7f\u7528\u5982\u4e0b\u547d\u4ee4\u8fdb\u884c\u4e0b\u8f7d\uff0c\u6216\u8005\u76f4\u63a5\u8bbf\u95eehttps:\/\/github.com\/containerd\/containerd\/releases\/download\/v1.7.20\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz<\/code>\u3002<\/p>\n

    curl -LO https:\/\/github.com\/containerd\/containerd\/releases\/download\/v1.7.20\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz<\/code><\/pre>\n
    2.1 hep-kubernetes-master-prd-01\u914d\u7f6econtainerd<\/h3>\n
    #\u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-kubernetes-master-prd-01\n#\u4fee\u6539hosts\u6587\u4ef6\uff0c\u628ak8s\u6240\u6709\u673a\u5668\u4e3b\u673a\u540d\u90fd\u586b\u4e0a\u53bb\uff0c\u8fd9\u6837\u96c6\u7fa4\u5185\u5c31\u53ef\u4ee5\u6839\u636e\u4e3b\u673a\u540d\u5339\u914d\u5230\u5bf9\u5e94\u7684IP\u5730\u5740\uff0c\u4ece\u800c\u8fdb\u884c\u901a\u4fe1\u4e86\nvim \/etc\/hosts\n#\u589e\u52a0\u5982\u4e0b\u5185\u5bb9\n192.168.31.41 hep-kubernetes-master-prd-01\n192.168.31.42 hep-kubernetes-master-prd-02\n192.168.31.43 hep-kubernetes-master-prd-03\n192.168.31.44 hep-kubernetes-apiserver-lb-prd-01\n192.168.31.45 hep-kubernetes-apiserver-lb-prd-02\n192.168.31.46 hep-kubernetes-worker-prd-01\n192.168.31.47 hep-kubernetes-worker-prd-02\n192.168.31.48 hep-kubernetes-worker-prd-03\n\n#\u8bbe\u7f6e\u4e3a\u4e2d\u56fd\u4e0a\u6d77\u65f6\u533a\ntimedatectl set-timezone Asia\/Shanghai\n\n#\u65f6\u95f4\u540c\u6b65\u5de5\u5177\napt install -y ntpdate\n#\u8fdb\u884c\u65f6\u95f4\u540c\u6b65\nntpdate ntp.aliyun.com\n\n#\u4fee\u6539\/etc\/fstab\u6587\u4ef6\u6ce8\u91ca\u6389\u5e26\/swap.img\u7684\u8fd9\u4e00\u884c\nvim \/etc\/fstab\n\n# \u8bbe\u7f6e\u6240\u9700\u7684 sysctl \u53c2\u6570\uff0c\u53c2\u6570\u5728\u91cd\u65b0\u542f\u52a8\u540e\u4fdd\u6301\u4e0d\u53d8\ncat <<EOF | sudo tee \/etc\/sysctl.d\/k8s.conf\nnet.ipv4.ip_forward = 1\nEOF\n\n# \u5e94\u7528 sysctl \u53c2\u6570\u800c\u4e0d\u91cd\u65b0\u542f\u52a8\nsysctl --system\n\n#\u9a8c\u8bc1 net.ipv4.ip_forward \u662f\u5426\u8bbe\u7f6e\u4e3a 1\nsysctl net.ipv4.ip_forward\n\n#\u9009\u7528\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\u662fcontainerd\uff0c\u7248\u672c\u53f7\u4e3a 1.7.20\uff0c\u53ef\u76f4\u63a5\u6267\u884c\u4e0b\u9762\u8fd9\u884c\u547d\u4ee4\u4e0b\u8f7d\u6b64\u5b89\u88c5\u5305\ncurl -LO https:\/\/github.com\/containerd\/containerd\/releases\/download\/v1.7.20\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz\n\n#\u6211\u8fd9\u91cc\u662f\u4f7f\u7528\u7684webmin\u8fdc\u7a0b\u767b\u5f55\u5230\u5bb6\u91cc\u7684\u673a\u5668\uff0c\u4ece\u8fd9\u53f0\u673a\u5668\u62f7\u8d1dcontainerd\u5230\u5f53\u524d\u673a\u5668\nscp root@192.168.31.2:\/usr\/software\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz \/usr\/software\/\n\n#\u538b\u7f29\u5305\u89e3\u538b\u5230\u6839\u76ee\u5f55\ntar -zxvf cri-containerd-cni-1.7.20-linux-amd64.tar.gz -C \/\n\n#\u67e5\u770b\u7248\u672c\u53f7\ncontainerd --version\n\n#\u56e0\u4e3a\u5b89\u88c5\u540e\u9ed8\u8ba4\u662f\u4e0d\u81ea\u5e26\u914d\u7f6e\u6587\u4ef6\u7684\uff0c\u6240\u4ee5\u9700\u8981\u521b\u5efa\u76ee\u5f55\u5e76\u751f\u6210\u914d\u7f6e\u6587\u4ef6\nmkdir \/etc\/containerd\n\n#\u6267\u884c\u8fd9\u884c\u547d\u4ee4\u751f\u6210\u914d\u7f6e\u6587\u4ef6\ncontainerd config default | sudo tee \/etc\/containerd\/config.toml\n\nvim \/etc\/containerd\/config.toml\n#\u56e0\u4e3a\u9ed8\u8ba4\u7684pause\u955c\u50cf\u662f\u5728\u8c37\u6b4c\u4e0a\u62c9\u53d6\u7684\uff0c\u56fd\u5185\u62c9\u53d6\u4e0d\u4e0b\u6765\uff0c\u6240\u4ee5\u9700\u8981\u4fee\u6539 \/etc\/containerd\/config.toml \u914d\u7f6e\u6587\u4ef6\uff0c\u5c06pause\u955c\u50cf\u6539\u4e3a registry.aliyuncs.com\/google_containers\/pause:3.9\nsandbox_image = "registry.aliyuncs.com\/google_containers\/pause:3.9"\n\n#\u641c\u7d22plugins."io.containerd.grpc.v1.cri".registry.mirrors\uff0c\u589e\u52a0\u51e0\u4e2adocker\u4ed3\u5e93\n[plugins."io.containerd.grpc.v1.cri".registry.mirrors]\n  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.m.daocloud.io"]\n        endpoint = ["https:\/\/docker.m.daocloud.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/noohub.ru"]\n        endpoint = ["https:\/\/noohub.ru"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/huecker.io"]\n        endpoint = ["https:\/\/huecker.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/dockerhub.timeweb.cloud"]\n        endpoint = ["https:\/\/dockerhub.timeweb.cloud"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.rainbond.cc"]\n       endpoint = ["https:\/\/docker.rainbond.cc"]\n\n#\u7136\u540e\u9700\u8981\u5f00\u542fcgroup\uff0c\u7528\u4e8e\u9650\u5236\u5206\u914d\u7ed9\u8fdb\u7a0b\u7684\u8d44\u6e90\u3002\u5c06SystemdCgroup\u8bbe\u7f6e\u4e3atrue\nSystemdCgroup = true\n\n#\u542f\u52a8containerd\uff0c\u5e76\u8bbe\u7f6e\u4e3a\u5f00\u673a\u81ea\u542f\u52a8\nsystemctl start containerd\nsystemctl enable --now containerd\n\n#\u5f00\u653e\u7aef\u53e3\uff0c\u8fd9\u662f\u767e\u5ea6\u51fa\u7684K8S\u96c6\u7fa4\u9700\u8981\u901a\u4fe1\u7684\u7aef\u53e3\u53f7\nufw allow 6443\nufw allow 10248\nufw allow 10259\nufw allow 10257\nufw allow 10250\nufw allow 10251\nufw allow 10252\nufw allow 10259\nufw allow 10257\nufw allow 10255\nufw allow 10256\nufw allow 2375\nufw allow 8472\nufw allow 4789\nufw allow 9099\nufw allow 9796\nufw allow 2379\nufw allow 2380\nufw allow 80\nufw allow 443\nufw allow 9443\n\n#\u5f00\u673a\u81ea\u542f\u52a8\nufw enable\n\n#\u5f53\u7136\u4f60\u4e5f\u53ef\u4ee5\u65e0\u8111\u64cd\u4f5c\u5173\u95ed\u9632\u706b\u5899\uff0c\u4f46\u751f\u4ea7\u73af\u5883\u4e0d\u5efa\u8bae\uff0c\u5982\u679c\u4f60\u53ea\u662f\u672c\u5730\u8dd1\u8dd1\u73a9\u73a9\nufw disable<\/code><\/pre>\n
    2.2 hep-kubernetes-master-prd-02\u914d\u7f6econtainerd<\/h3>\n
    #\u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-kubernetes-master-prd-02\n#\u4fee\u6539hosts\u6587\u4ef6\uff0c\u628ak8s\u6240\u6709\u673a\u5668\u4e3b\u673a\u540d\u90fd\u586b\u4e0a\u53bb\uff0c\u8fd9\u6837\u96c6\u7fa4\u5185\u5c31\u53ef\u4ee5\u6839\u636e\u4e3b\u673a\u540d\u5339\u914d\u5230\u5bf9\u5e94\u7684IP\u5730\u5740\uff0c\u4ece\u800c\u8fdb\u884c\u901a\u4fe1\u4e86\nvim \/etc\/hosts\n#\u589e\u52a0\u5982\u4e0b\u5185\u5bb9\n192.168.31.41 hep-kubernetes-master-prd-01\n192.168.31.42 hep-kubernetes-master-prd-02\n192.168.31.43 hep-kubernetes-master-prd-03\n192.168.31.44 hep-kubernetes-apiserver-lb-prd-01\n192.168.31.45 hep-kubernetes-apiserver-lb-prd-02\n192.168.31.46 hep-kubernetes-worker-prd-01\n192.168.31.47 hep-kubernetes-worker-prd-02\n192.168.31.48 hep-kubernetes-worker-prd-03\n\n#\u8bbe\u7f6e\u4e3a\u4e2d\u56fd\u4e0a\u6d77\u65f6\u533a\ntimedatectl set-timezone Asia\/Shanghai\n\n#\u65f6\u95f4\u540c\u6b65\u5de5\u5177\napt install -y ntpdate\n#\u8fdb\u884c\u65f6\u95f4\u540c\u6b65\nntpdate ntp.aliyun.com\n\n#\u4fee\u6539\/etc\/fstab\u6587\u4ef6\u6ce8\u91ca\u6389\u5e26\/swap.img\u7684\u8fd9\u4e00\u884c\nvim \/etc\/fstab\n\n# \u8bbe\u7f6e\u6240\u9700\u7684 sysctl \u53c2\u6570\uff0c\u53c2\u6570\u5728\u91cd\u65b0\u542f\u52a8\u540e\u4fdd\u6301\u4e0d\u53d8\ncat <<EOF | sudo tee \/etc\/sysctl.d\/k8s.conf\nnet.ipv4.ip_forward = 1\nEOF\n\n# \u5e94\u7528 sysctl \u53c2\u6570\u800c\u4e0d\u91cd\u65b0\u542f\u52a8\nsysctl --system\n\n#\u9a8c\u8bc1 net.ipv4.ip_forward \u662f\u5426\u8bbe\u7f6e\u4e3a 1\nsysctl net.ipv4.ip_forward\n\n#\u9009\u7528\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\u662fcontainerd\uff0c\u7248\u672c\u53f7\u4e3a 1.7.20\uff0c\u53ef\u76f4\u63a5\u6267\u884c\u4e0b\u9762\u8fd9\u884c\u547d\u4ee4\u4e0b\u8f7d\u6b64\u5b89\u88c5\u5305\ncurl -LO https:\/\/github.com\/containerd\/containerd\/releases\/download\/v1.7.20\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz\n\n#\u6211\u8fd9\u91cc\u662f\u4f7f\u7528\u7684webmin\u8fdc\u7a0b\u767b\u5f55\u5230\u5bb6\u91cc\u7684\u673a\u5668\uff0c\u4ece\u8fd9\u53f0\u673a\u5668\u62f7\u8d1dcontainerd\u5230\u5f53\u524d\u673a\u5668\nscp root@192.168.31.2:\/usr\/software\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz \/usr\/software\/\n\n#\u538b\u7f29\u5305\u89e3\u538b\u5230\u6839\u76ee\u5f55\ntar -zxvf cri-containerd-cni-1.7.20-linux-amd64.tar.gz -C \/\n\n#\u67e5\u770b\u7248\u672c\u53f7\ncontainerd --version\n\n#\u56e0\u4e3a\u5b89\u88c5\u540e\u9ed8\u8ba4\u662f\u4e0d\u81ea\u5e26\u914d\u7f6e\u6587\u4ef6\u7684\uff0c\u6240\u4ee5\u9700\u8981\u521b\u5efa\u76ee\u5f55\u5e76\u751f\u6210\u914d\u7f6e\u6587\u4ef6\nmkdir \/etc\/containerd\n\n#\u6267\u884c\u8fd9\u884c\u547d\u4ee4\u751f\u6210\u914d\u7f6e\u6587\u4ef6\ncontainerd config default | sudo tee \/etc\/containerd\/config.toml\n\nvim \/etc\/containerd\/config.toml\n#\u56e0\u4e3a\u9ed8\u8ba4\u7684pause\u955c\u50cf\u662f\u5728\u8c37\u6b4c\u4e0a\u62c9\u53d6\u7684\uff0c\u56fd\u5185\u62c9\u53d6\u4e0d\u4e0b\u6765\uff0c\u6240\u4ee5\u9700\u8981\u4fee\u6539 \/etc\/containerd\/config.toml \u914d\u7f6e\u6587\u4ef6\uff0c\u5c06pause\u955c\u50cf\u6539\u4e3a registry.aliyuncs.com\/google_containers\/pause:3.9\nsandbox_image = "registry.aliyuncs.com\/google_containers\/pause:3.9"\n#\u641c\u7d22plugins."io.containerd.grpc.v1.cri".registry.mirrors\uff0c\u589e\u52a0\u51e0\u4e2adocker\u4ed3\u5e93\n[plugins."io.containerd.grpc.v1.cri".registry.mirrors]\n  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.m.daocloud.io"]\n        endpoint = ["https:\/\/docker.m.daocloud.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/noohub.ru"]\n        endpoint = ["https:\/\/noohub.ru"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/huecker.io"]\n        endpoint = ["https:\/\/huecker.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/dockerhub.timeweb.cloud"]\n        endpoint = ["https:\/\/dockerhub.timeweb.cloud"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.rainbond.cc"]\n       endpoint = ["https:\/\/docker.rainbond.cc"]\n\n#\u7136\u540e\u9700\u8981\u5f00\u542fcgroup\uff0c\u7528\u4e8e\u9650\u5236\u5206\u914d\u7ed9\u8fdb\u7a0b\u7684\u8d44\u6e90\u3002\u5c06SystemdCgroup\u8bbe\u7f6e\u4e3atrue\nSystemdCgroup = true\n\n#\u542f\u52a8containerd\uff0c\u5e76\u8bbe\u7f6e\u4e3a\u5f00\u673a\u81ea\u542f\u52a8\nsystemctl start containerd\nsystemctl enable --now containerd\n\n#\u5f00\u653e\u7aef\u53e3\uff0c\u8fd9\u662f\u767e\u5ea6\u51fa\u7684K8S\u96c6\u7fa4\u9700\u8981\u901a\u4fe1\u7684\u7aef\u53e3\u53f7\nufw allow 6443\nufw allow 10248\nufw allow 10259\nufw allow 10257\nufw allow 10250\nufw allow 10251\nufw allow 10252\nufw allow 10259\nufw allow 10257\nufw allow 10255\nufw allow 10256\nufw allow 2375\nufw allow 8472\nufw allow 4789\nufw allow 9099\nufw allow 9796\nufw allow 2379\nufw allow 2380\nufw allow 80\nufw allow 443\nufw allow 9443\n\n#\u5f00\u673a\u81ea\u542f\u52a8\nufw enable\n\n#\u5f53\u7136\u4f60\u4e5f\u53ef\u4ee5\u65e0\u8111\u64cd\u4f5c\u5173\u95ed\u9632\u706b\u5899\uff0c\u4f46\u751f\u4ea7\u73af\u5883\u4e0d\u5efa\u8bae\uff0c\u5982\u679c\u4f60\u53ea\u662f\u672c\u5730\u8dd1\u8dd1\u73a9\u73a9\nufw disable<\/code><\/pre>\n
    2.3 hep-kubernetes-master-prd-03\u914d\u7f6econtainerd<\/h3>\n
    #\u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-kubernetes-master-prd-03\n#\u4fee\u6539hosts\u6587\u4ef6\uff0c\u628ak8s\u6240\u6709\u673a\u5668\u4e3b\u673a\u540d\u90fd\u586b\u4e0a\u53bb\uff0c\u8fd9\u6837\u96c6\u7fa4\u5185\u5c31\u53ef\u4ee5\u6839\u636e\u4e3b\u673a\u540d\u5339\u914d\u5230\u5bf9\u5e94\u7684IP\u5730\u5740\uff0c\u4ece\u800c\u8fdb\u884c\u901a\u4fe1\u4e86\nvim \/etc\/hosts\n#\u589e\u52a0\u5982\u4e0b\u5185\u5bb9\n192.168.31.41 hep-kubernetes-master-prd-01\n192.168.31.42 hep-kubernetes-master-prd-02\n192.168.31.43 hep-kubernetes-master-prd-03\n192.168.31.44 hep-kubernetes-apiserver-lb-prd-01\n192.168.31.45 hep-kubernetes-apiserver-lb-prd-02\n192.168.31.46 hep-kubernetes-worker-prd-01\n192.168.31.47 hep-kubernetes-worker-prd-02\n192.168.31.48 hep-kubernetes-worker-prd-03\n\n#\u8bbe\u7f6e\u4e3a\u4e2d\u56fd\u4e0a\u6d77\u65f6\u533a\ntimedatectl set-timezone Asia\/Shanghai\n\n#\u65f6\u95f4\u540c\u6b65\u5de5\u5177\napt install -y ntpdate\n#\u8fdb\u884c\u65f6\u95f4\u540c\u6b65\nntpdate ntp.aliyun.com\n\n#\u4fee\u6539\/etc\/fstab\u6587\u4ef6\u6ce8\u91ca\u6389\u5e26\/swap.img\u7684\u8fd9\u4e00\u884c\nvim \/etc\/fstab\n\n# \u8bbe\u7f6e\u6240\u9700\u7684 sysctl \u53c2\u6570\uff0c\u53c2\u6570\u5728\u91cd\u65b0\u542f\u52a8\u540e\u4fdd\u6301\u4e0d\u53d8\ncat <<EOF | sudo tee \/etc\/sysctl.d\/k8s.conf\nnet.ipv4.ip_forward = 1\nEOF\n\n# \u5e94\u7528 sysctl \u53c2\u6570\u800c\u4e0d\u91cd\u65b0\u542f\u52a8\nsysctl --system\n\n#\u9a8c\u8bc1 net.ipv4.ip_forward \u662f\u5426\u8bbe\u7f6e\u4e3a 1\nsysctl net.ipv4.ip_forward\n\n#\u9009\u7528\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\u662fcontainerd\uff0c\u7248\u672c\u53f7\u4e3a 1.7.20\uff0c\u53ef\u76f4\u63a5\u6267\u884c\u4e0b\u9762\u8fd9\u884c\u547d\u4ee4\u4e0b\u8f7d\u6b64\u5b89\u88c5\u5305\ncurl -LO https:\/\/github.com\/containerd\/containerd\/releases\/download\/v1.7.20\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz\n\n#\u6211\u8fd9\u91cc\u662f\u4f7f\u7528\u7684webmin\u8fdc\u7a0b\u767b\u5f55\u5230\u5bb6\u91cc\u7684\u673a\u5668\uff0c\u4ece\u8fd9\u53f0\u673a\u5668\u62f7\u8d1dcontainerd\u5230\u5f53\u524d\u673a\u5668\nscp root@192.168.31.2:\/usr\/software\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz \/usr\/software\/\n\n#\u538b\u7f29\u5305\u89e3\u538b\u5230\u6839\u76ee\u5f55\ntar -zxvf cri-containerd-cni-1.7.20-linux-amd64.tar.gz -C \/\n\n#\u67e5\u770b\u7248\u672c\u53f7\ncontainerd --version\n\n#\u56e0\u4e3a\u5b89\u88c5\u540e\u9ed8\u8ba4\u662f\u4e0d\u81ea\u5e26\u914d\u7f6e\u6587\u4ef6\u7684\uff0c\u6240\u4ee5\u9700\u8981\u521b\u5efa\u76ee\u5f55\u5e76\u751f\u6210\u914d\u7f6e\u6587\u4ef6\nmkdir \/etc\/containerd\n\n#\u6267\u884c\u8fd9\u884c\u547d\u4ee4\u751f\u6210\u914d\u7f6e\u6587\u4ef6\ncontainerd config default | sudo tee \/etc\/containerd\/config.toml\n\nvim \/etc\/containerd\/config.toml\n#\u56e0\u4e3a\u9ed8\u8ba4\u7684pause\u955c\u50cf\u662f\u5728\u8c37\u6b4c\u4e0a\u62c9\u53d6\u7684\uff0c\u56fd\u5185\u62c9\u53d6\u4e0d\u4e0b\u6765\uff0c\u6240\u4ee5\u9700\u8981\u4fee\u6539 \/etc\/containerd\/config.toml \u914d\u7f6e\u6587\u4ef6\uff0c\u5c06pause\u955c\u50cf\u6539\u4e3a registry.aliyuncs.com\/google_containers\/pause:3.9\nsandbox_image = "registry.aliyuncs.com\/google_containers\/pause:3.9"\n#\u641c\u7d22plugins."io.containerd.grpc.v1.cri".registry.mirrors\uff0c\u589e\u52a0\u51e0\u4e2adocker\u4ed3\u5e93\n[plugins."io.containerd.grpc.v1.cri".registry.mirrors]\n  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.m.daocloud.io"]\n        endpoint = ["https:\/\/docker.m.daocloud.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/noohub.ru"]\n        endpoint = ["https:\/\/noohub.ru"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/huecker.io"]\n        endpoint = ["https:\/\/huecker.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/dockerhub.timeweb.cloud"]\n        endpoint = ["https:\/\/dockerhub.timeweb.cloud"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.rainbond.cc"]\n       endpoint = ["https:\/\/docker.rainbond.cc"]\n\n#\u7136\u540e\u9700\u8981\u5f00\u542fcgroup\uff0c\u7528\u4e8e\u9650\u5236\u5206\u914d\u7ed9\u8fdb\u7a0b\u7684\u8d44\u6e90\u3002\u5c06SystemdCgroup\u8bbe\u7f6e\u4e3atrue\nSystemdCgroup = true\n\n#\u542f\u52a8containerd\uff0c\u5e76\u8bbe\u7f6e\u4e3a\u5f00\u673a\u81ea\u542f\u52a8\nsystemctl start containerd\nsystemctl enable --now containerd\n\n#\u5f00\u653e\u7aef\u53e3\uff0c\u8fd9\u662f\u767e\u5ea6\u51fa\u7684K8S\u96c6\u7fa4\u9700\u8981\u901a\u4fe1\u7684\u7aef\u53e3\u53f7\nufw allow 6443\nufw allow 10248\nufw allow 10259\nufw allow 10257\nufw allow 10250\nufw allow 10251\nufw allow 10252\nufw allow 10259\nufw allow 10257\nufw allow 10255\nufw allow 10256\nufw allow 2375\nufw allow 8472\nufw allow 4789\nufw allow 9099\nufw allow 9796\nufw allow 2379\nufw allow 2380\nufw allow 80\nufw allow 443\nufw allow 9443\n\n#\u5f00\u673a\u81ea\u542f\u52a8\nufw enable\n\n#\u5f53\u7136\u4f60\u4e5f\u53ef\u4ee5\u65e0\u8111\u64cd\u4f5c\u5173\u95ed\u9632\u706b\u5899\uff0c\u4f46\u751f\u4ea7\u73af\u5883\u4e0d\u5efa\u8bae\uff0c\u5982\u679c\u4f60\u53ea\u662f\u672c\u5730\u8dd1\u8dd1\u73a9\u73a9\nufw disable<\/code><\/pre>\n
    \u4e09\u3001\u5b89\u88c5keepalived\u548chaproxy<\/h2>\n
    3.1 hep-kubernetes-apiserver-lb-prd-01<\/h3>\n
    hep-kubernetes-apiserver-lb-prd-01<\/code>\u548chep-kubernetes-apiserver-lb-prd-02<\/code>\u673a\u5668\u4e0a\u6267\u884c<\/p>\n
    #\u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-kubernetes-apiserver-lb-prd-01\n#\u4fee\u6539hosts\u6587\u4ef6\uff0c\u628ak8s\u6240\u6709\u673a\u5668\u4e3b\u673a\u540d\u90fd\u586b\u4e0a\u53bb\uff0c\u8fd9\u6837\u96c6\u7fa4\u5185\u5c31\u53ef\u4ee5\u6839\u636e\u4e3b\u673a\u540d\u5339\u914d\u5230\u5bf9\u5e94\u7684IP\u5730\u5740\uff0c\u4ece\u800c\u8fdb\u884c\u901a\u4fe1\u4e86\nvim \/etc\/hosts\n#\u589e\u52a0\u5982\u4e0b\u5185\u5bb9\n192.168.31.41 hep-kubernetes-master-prd-01\n192.168.31.42 hep-kubernetes-master-prd-02\n192.168.31.43 hep-kubernetes-master-prd-03\n192.168.31.44 hep-kubernetes-apiserver-lb-prd-01\n192.168.31.45 hep-kubernetes-apiserver-lb-prd-02\n192.168.31.46 hep-kubernetes-worker-prd-01\n192.168.31.47 hep-kubernetes-worker-prd-02\n192.168.31.48 hep-kubernetes-worker-prd-03\n\n#\u66f4\u65b0\napt update\napt upgrade \n\n#\u5b89\u88c5keepalived\u548chaproxy\napt install -y keepalived haproxy\n\n#\u4fee\u6539keepalived\u914d\u7f6e\u6587\u4ef6\/etc\/keepalived\/keepalived.conf\nvim \/etc\/keepalived\/keepalived.conf\n#\u5176\u5185\u5bb9\u4fee\u6539\u5982\u4e0b\n! \/etc\/keepalived\/keepalived.conf\n! Configuration File for keepalived\nglobal_defs {\n    router_id LVS_DEVEL\n}\nvrrp_script check_apiserver {\n  script "\/etc\/keepalived\/check_apiserver.sh"\n  interval 3\n  weight -2\n  fall 10\n  rise 2\n}\n\nvrrp_instance VI_1 {\n    state MASTER\n    interface ens18\n    virtual_router_id 51\n    priority 101\n    authentication {\n        auth_type PASS\n        auth_pass XiaoHH\n    }\n    virtual_ipaddress {\n        192.168.31.49\n    }\n    track_script {\n        check_apiserver\n    }\n}<\/code><\/pre>\n
    tips<\/code>\uff1a<\/p>\n
      \n
    • state<\/code>: \u72b6\u6001\uff0c\u4e3b\u8282\u70b9\u4e3aMASTER<\/code>\uff0c\u4ece\u8282\u70b9\u4e3aBACKUP<\/code><\/li>\n
    • interface<\/code>\uff1a\u7269\u7406\u7f51\u53e3\u540d\u79f0\uff0c\u53ef\u6267\u884c ip a<\/code>\u547d\u4ee4\u83b7\u5f97\u4f60\u81ea\u5df1\u7684<\/li>\n
    • priority<\/code>\uff1a\u4f18\u5148\u7ea7\uff0c\u4e3b\u8282\u70b9\u4e3a101<\/code>\uff0c\u4ece\u8282\u70b9\u4e3a100<\/code><\/li>\n
    • virtual_ipaddress<\/code>\uff1a\u865a\u62dfIP\u5730\u5740\uff0c\u6211\u7684\u4e3a192.168.31.49<\/code>\uff0cK8S<\/code>\u96c6\u7fa4\u673a\u5668\u7684IP<\/code>\u662f\u4ece192.168.31.41<\/code>\u5230192.168.31.48<\/code>\uff0c192.168.31.49<\/code>\u8fd9\u4e2aIP<\/code>\u662f\u6ca1\u6709\u88ab\u5360\u7528\u7684<\/li>\n<\/ul>\n
      #keepalived\u8fd8\u9700\u8981\u4e00\u4e2a\u5065\u5eb7\u68c0\u67e5\u811a\u672c\uff0c\u811a\u672c\u5730\u5740\u4e3a\/etc\/keepalived\/check_apiserver.sh\uff0c\u6ce8\u610f\u8fd9\u91cc\u89c4\u5212\u7684\u8d1f\u8f7d\u5747\u8861\u7aef\u53e3\u4e3a6443\uff0c\u5982\u679c\u4e0d\u540c\u6ce8\u610f\u4fee\u6539\u4e3a\u4f60\u81ea\u5df1\u7684\u3002\u5185\u5bb9\u4e3a(\u4e3b\u4ece\u8282\u70b9\u5185\u5bb9\u4e00\u6837)\nvim \/etc\/keepalived\/check_apiserver.sh\n\n#!\/bin\/sh\nerrorExit() {\n    echo "*** $*" 1>&2\n    exit 1\n}\ncurl -sfk --max-time 2 https:\/\/localhost:6443\/healthz -o \/dev\/null || errorExit "Error GET https:\/\/localhost:6443\/healthz"<\/code><\/pre>\n
      #\u5c06\u8fd9\u4e2a\u6587\u4ef6\u6dfb\u52a0\u6267\u884c\u6743\u9650\nchmod +x \/etc\/keepalived\/check_apiserver.sh\n\n#\u4fee\u6539haproxy\u914d\u7f6e\u6587\u4ef6\nvim \/etc\/haproxy\/haproxy.cfg\n#\u5176\u5185\u5bb9\u589e\u52a0frontend apiserver\u548cbackend apiserverbackend\u4e24\u90e8\u5206\nglobal\n        log \/dev\/log    local0\n        log \/dev\/log    local1 notice\n        chroot \/var\/lib\/haproxy\n        stats socket \/run\/haproxy\/admin.sock mode 660 level admin\n        stats timeout 30s\n        user haproxy\n        group haproxy\n        daemon\n\n        # Default SSL material locations\n        ca-base \/etc\/ssl\/certs\n        crt-base \/etc\/ssl\/private\n\n        # See: https:\/\/ssl-config.mozilla.org\/#server=haproxy&server-version=2.0.3&config=intermediate\n        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384\n        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256\n        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets\n\ndefaults\n        log     global\n        mode    http\n        option  httplog\n        option  dontlognull\n        timeout connect 5000\n        timeout client  50000\n        timeout server  50000\n        errorfile 400 \/etc\/haproxy\/errors\/400.http\n        errorfile 403 \/etc\/haproxy\/errors\/403.http\n        errorfile 408 \/etc\/haproxy\/errors\/408.http\n        errorfile 500 \/etc\/haproxy\/errors\/500.http\n        errorfile 502 \/etc\/haproxy\/errors\/502.http\n        errorfile 503 \/etc\/haproxy\/errors\/503.http\n        errorfile 504 \/etc\/haproxy\/errors\/504.http\n\n#---------------------------------------------------------------------\n# apiserver frontend which proxys to the control plane nodes\n#---------------------------------------------------------------------\nfrontend apiserver\n    # \u8d1f\u8f7d\u5747\u8861\u7aef\u53e3\n    bind *:6443\n    mode tcp\n    option tcplog\n    default_backend apiserverbackend\n\n#---------------------------------------------------------------------\n# round robin balancing for apiserver\n#---------------------------------------------------------------------\nbackend apiserverbackend\n    option httpchk\n\n    http-check connect ssl\n    http-check send meth GET uri \/healthz\n    http-check expect status 200\n\n    mode tcp\n    balance     roundrobin\n\n    # \u4e3b\u8282\u70b9\u5217\u8868\uff0c\u6ce8\u610fIP\u5730\u5740\u4fee\u6539\u4e3a\u4f60\u81ea\u5df1\u7684\n    server hep-kubernetes-master-prd-01 192.168.31.41:6443 check verify none\n    server hep-kubernetes-master-prd-02 192.168.31.42:6443 check verify none\n    server hep-kubernetes-master-prd-03 192.168.31.43:6443 check verify none\n\n#\u542f\u52a8keepalived\u548chaproxy\uff0c\u5e76\u5f00\u673a\u81ea\u542f\u52a8\nsystemctl enable --now keepalived\nsystemctl enable --now haproxy\n\n#\u67e5\u770b\u72b6\u6001\nsystemctl status keepalived\n\n#\u5f00\u653e\u7aef\u53e3\uff0c\u8fd9\u662f\u767e\u5ea6\u51fa\u7684K8S\u96c6\u7fa4\u9700\u8981\u901a\u4fe1\u7684\u7aef\u53e3\u53f7\nufw allow 6443\nufw allow 10248\nufw allow 10259\nufw allow 10257\nufw allow 10250\nufw allow 10251\nufw allow 10252\nufw allow 10259\nufw allow 10257\nufw allow 10255\nufw allow 10256\nufw allow 2375\nufw allow 8472\nufw allow 4789\nufw allow 9099\nufw allow 9796\nufw allow 2379\nufw allow 2380\nufw allow 80\nufw allow 443\nufw allow 9443\n\n#\u5f00\u673a\u81ea\u542f\u52a8\nufw enable\n\n#\u5f53\u7136\u4f60\u4e5f\u53ef\u4ee5\u65e0\u8111\u64cd\u4f5c\u5173\u95ed\u9632\u706b\u5899\uff0c\u4f46\u751f\u4ea7\u73af\u5883\u4e0d\u5efa\u8bae\uff0c\u5982\u679c\u4f60\u53ea\u662f\u672c\u5730\u8dd1\u8dd1\u73a9\u73a9\nufw disable<\/code><\/pre>\n
      3.2 hep-kubernetes-apiserver-lb-prd-02<\/h3>\n
      #\u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-kubernetes-apiserver-lb-prd-02\n#\u4fee\u6539hosts\u6587\u4ef6\uff0c\u628ak8s\u6240\u6709\u673a\u5668\u4e3b\u673a\u540d\u90fd\u586b\u4e0a\u53bb\uff0c\u8fd9\u6837\u96c6\u7fa4\u5185\u5c31\u53ef\u4ee5\u6839\u636e\u4e3b\u673a\u540d\u5339\u914d\u5230\u5bf9\u5e94\u7684IP\u5730\u5740\uff0c\u4ece\u800c\u8fdb\u884c\u901a\u4fe1\u4e86\nvim \/etc\/hosts\n#\u589e\u52a0\u5982\u4e0b\u5185\u5bb9\n192.168.31.41 hep-kubernetes-master-prd-01\n192.168.31.42 hep-kubernetes-master-prd-02\n192.168.31.43 hep-kubernetes-master-prd-03\n192.168.31.44 hep-kubernetes-apiserver-lb-prd-01\n192.168.31.45 hep-kubernetes-apiserver-lb-prd-02\n192.168.31.46 hep-kubernetes-worker-prd-01\n192.168.31.47 hep-kubernetes-worker-prd-02\n192.168.31.48 hep-kubernetes-worker-prd-03\n\n#\u66f4\u65b0\napt update\napt upgrade \n\n#\u5b89\u88c5keepalived\u548chaproxy\napt install -y keepalived haproxy\n\n#\u4fee\u6539keepalived\u914d\u7f6e\u6587\u4ef6\/etc\/keepalived\/keepalived.conf\nvim \/etc\/keepalived\/keepalived.conf\n#\u5176\u5185\u5bb9\u4fee\u6539\u5982\u4e0b\n! \/etc\/keepalived\/keepalived.conf\n! Configuration File for keepalived\nglobal_defs {\n    router_id LVS_DEVEL\n}\nvrrp_script check_apiserver {\n  script "\/etc\/keepalived\/check_apiserver.sh"\n  interval 3\n  weight -2\n  fall 10\n  rise 2\n}\n\nvrrp_instance VI_1 {\n    state BACKUP\n    interface ens18\n    virtual_router_id 51\n    priority 100\n    authentication {\n        auth_type PASS\n        auth_pass XiaoHH\n    }\n    virtual_ipaddress {\n        192.168.31.49\n    }\n    track_script {\n        check_apiserver\n    }\n}<\/code><\/pre>\n
      tips<\/code>\uff1a<\/p>\n
        \n
      • state<\/code>: \u72b6\u6001\uff0c\u4e3b\u8282\u70b9\u4e3aMASTER<\/code>\uff0c\u4ece\u8282\u70b9\u4e3aBACKUP<\/code><\/li>\n
      • interface<\/code>\uff1a\u7269\u7406\u7f51\u53e3\u540d\u79f0\uff0c\u53ef\u6267\u884c ip a<\/code>\u547d\u4ee4\u83b7\u5f97\u4f60\u81ea\u5df1\u7684<\/li>\n
      • priority<\/code>\uff1a\u4f18\u5148\u7ea7\uff0c\u4e3b\u8282\u70b9\u4e3a101<\/code>\uff0c\u4ece\u8282\u70b9\u4e3a100<\/code><\/li>\n
      • virtual_ipaddress<\/code>\uff1a\u865a\u62dfIP\u5730\u5740\uff0c\u6211\u7684\u4e3a192.168.31.49<\/code>\uff0cK8S<\/code>\u96c6\u7fa4\u673a\u5668\u7684IP<\/code>\u662f\u4ece192.168.31.41<\/code>\u5230192.168.31.48<\/code>\uff0c192.168.31.49<\/code>\u8fd9\u4e2aIP<\/code>\u662f\u6ca1\u6709\u88ab\u5360\u7528\u7684<\/li>\n<\/ul>\n
        #keepalived\u8fd8\u9700\u8981\u4e00\u4e2a\u5065\u5eb7\u68c0\u67e5\u811a\u672c\uff0c\u811a\u672c\u5730\u5740\u4e3a\/etc\/keepalived\/check_apiserver.sh\uff0c\u6ce8\u610f\u8fd9\u91cc\u89c4\u5212\u7684\u8d1f\u8f7d\u5747\u8861\u7aef\u53e3\u4e3a6443\uff0c\u5982\u679c\u4e0d\u540c\u6ce8\u610f\u4fee\u6539\u4e3a\u4f60\u81ea\u5df1\u7684\u3002\u5185\u5bb9\u4e3a(\u4e3b\u4ece\u8282\u70b9\u5185\u5bb9\u4e00\u6837)\nvim \/etc\/keepalived\/check_apiserver.sh\n\n#!\/bin\/sh\nerrorExit() {\n    echo "*** $*" 1>&2\n    exit 1\n}\ncurl -sfk --max-time 2 https:\/\/localhost:6443\/healthz -o \/dev\/null || errorExit "Error GET https:\/\/localhost:6443\/healthz"<\/code><\/pre>\n
        #\u5c06\u8fd9\u4e2a\u6587\u4ef6\u6dfb\u52a0\u6267\u884c\u6743\u9650\nchmod +x \/etc\/keepalived\/check_apiserver.sh\n\n#\u4fee\u6539haproxy\u914d\u7f6e\u6587\u4ef6\nvim \/etc\/haproxy\/haproxy.cfg\n#\u5176\u5185\u5bb9\u589e\u52a0frontend apiserver\u548cbackend apiserverbackend\u4e24\u90e8\u5206\nglobal\n        log \/dev\/log    local0\n        log \/dev\/log    local1 notice\n        chroot \/var\/lib\/haproxy\n        stats socket \/run\/haproxy\/admin.sock mode 660 level admin\n        stats timeout 30s\n        user haproxy\n        group haproxy\n        daemon\n\n        # Default SSL material locations\n        ca-base \/etc\/ssl\/certs\n        crt-base \/etc\/ssl\/private\n\n        # See: https:\/\/ssl-config.mozilla.org\/#server=haproxy&server-version=2.0.3&config=intermediate\n        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384\n        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256\n        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets\n\ndefaults\n        log     global\n        mode    http\n        option  httplog\n        option  dontlognull\n        timeout connect 5000\n        timeout client  50000\n        timeout server  50000\n        errorfile 400 \/etc\/haproxy\/errors\/400.http\n        errorfile 403 \/etc\/haproxy\/errors\/403.http\n        errorfile 408 \/etc\/haproxy\/errors\/408.http\n        errorfile 500 \/etc\/haproxy\/errors\/500.http\n        errorfile 502 \/etc\/haproxy\/errors\/502.http\n        errorfile 503 \/etc\/haproxy\/errors\/503.http\n        errorfile 504 \/etc\/haproxy\/errors\/504.http\n\n#---------------------------------------------------------------------\n# apiserver frontend which proxys to the control plane nodes\n#---------------------------------------------------------------------\nfrontend apiserver\n    # \u8d1f\u8f7d\u5747\u8861\u7aef\u53e3\n    bind *:6443\n    mode tcp\n    option tcplog\n    default_backend apiserverbackend\n\n#---------------------------------------------------------------------\n# round robin balancing for apiserver\n#---------------------------------------------------------------------\nbackend apiserverbackend\n    option httpchk\n\n    http-check connect ssl\n    http-check send meth GET uri \/healthz\n    http-check expect status 200\n\n    mode tcp\n    balance     roundrobin\n\n    # \u4e3b\u8282\u70b9\u5217\u8868\uff0c\u6ce8\u610fIP\u5730\u5740\u4fee\u6539\u4e3a\u4f60\u81ea\u5df1\u7684\n    server hep-kubernetes-master-prd-01 192.168.31.41:6443 check verify none\n    server hep-kubernetes-master-prd-02 192.168.31.42:6443 check verify none\n    server hep-kubernetes-master-prd-03 192.168.31.43:6443 check verify none\n\n#\u542f\u52a8keepalived\u548chaproxy\uff0c\u5e76\u5f00\u673a\u81ea\u542f\u52a8\nsystemctl enable --now keepalived\nsystemctl enable --now haproxy\n\n#\u67e5\u770b\u72b6\u6001\nsystemctl status keepalived\n\n#\u5f00\u653e\u7aef\u53e3\uff0c\u8fd9\u662f\u767e\u5ea6\u51fa\u7684K8S\u96c6\u7fa4\u9700\u8981\u901a\u4fe1\u7684\u7aef\u53e3\u53f7\nufw allow 6443\nufw allow 10248\nufw allow 10259\nufw allow 10257\nufw allow 10250\nufw allow 10251\nufw allow 10252\nufw allow 10259\nufw allow 10257\nufw allow 10255\nufw allow 10256\nufw allow 2375\nufw allow 8472\nufw allow 4789\nufw allow 9099\nufw allow 9796\nufw allow 2379\nufw allow 2380\nufw allow 80\nufw allow 443\nufw allow 9443\n\n#\u5f00\u673a\u81ea\u542f\u52a8\nufw enable\n\n#\u5f53\u7136\u4f60\u4e5f\u53ef\u4ee5\u65e0\u8111\u64cd\u4f5c\u5173\u95ed\u9632\u706b\u5899\uff0c\u4f46\u751f\u4ea7\u73af\u5883\u4e0d\u5efa\u8bae\uff0c\u5982\u679c\u4f60\u53ea\u662f\u672c\u5730\u8dd1\u8dd1\u73a9\u73a9\nufw disable<\/code><\/pre>\n
        \u770b\u5230\u4e0b\u9762\u7ed3\u679c\u4ee3\u8868\u542f\u52a8\u6210\u529f\u3002<\/p>\n
        \"keepalived\"<\/p>\n
        \u56db\u3001\u5b89\u88c5kubelet kubeadm kubectl<\/h2>\n
        \u4e0b\u9762\u64cd\u4f5c\u5728hep-kubernetes-master-prd-01<\/code>\u3001hep-kubernetes-master-prd-02<\/code>\u3001hep-kubernetes-master-prd-03<\/code>\u4e0a\u5206\u522b\u6267\u884c<\/p>\n
        apt update\n#apt-transport-https\u53ef\u80fd\u662f\u4e00\u4e2a\u865a\u62df\u5305(dummy package)\uff0c\u5982\u679c\u662f\u7684\u8bdd\uff0c\u4f60\u53ef\u4ee5\u8df3\u8fc7\u5b89\u88c5\u8fd9\u4e2a\u5305\napt install -y apt-transport-https ca-certificates curl gpg\n\n# \u4e0b\u8f7d\u7528\u4e8e Kubernetes \u8f6f\u4ef6\u5305\u4ed3\u5e93\u7684\u516c\u5171\u7b7e\u540d\u5bc6\u94a5\u3002\u5982\u679c\/etc\/apt\/keyrings\u76ee\u5f55\u4e0d\u5b58\u5728\uff0c\u5219\u5e94\u5728curl\u547d\u4ee4\u4e4b\u524d\u521b\u5efa\u5b83\uff0c\u8bf7\u9605\u8bfb\u4e0b\u9762\u7684\u6ce8\u91ca\n# sudo mkdir -p -m 755 \/etc\/apt\/keyrings\ncurl -fsSL https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.30\/deb\/Release.key | sudo gpg --dearmor -o \/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg\n\n#\u6dfb\u52a0Kubernetes apt\u4ed3\u5e93\u3002\u6b64\u64cd\u4f5c\u4f1a\u8986\u76d6\/etc\/apt\/sources.list.d\/kubernetes.list\u4e2d\u73b0\u5b58\u7684\u6240\u6709\u914d\u7f6e\u3002\necho 'deb [signed-by=\/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg] https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.30\/deb\/ \/' | sudo tee \/etc\/apt\/sources.list.d\/kubernetes.list\n\n#\u66f4\u65b0apt\u5305\u7d22\u5f15\uff0c\u5b89\u88c5kubelet\u3001kubeadm\u548ckubectl\napt update\napt install -y kubelet kubeadm kubectl\n#\u9501\u5b9a\u5176\u7248\u672c\napt-mark hold kubelet kubeadm kubectl<\/code><\/pre>\n
        \u4e94\u3001\u521d\u59cb\u5316\u96c6\u7fa4<\/h2>\n
        \u5728\u4e3b\u8282\u70b9\u7684\u4e09\u53f0\u673a\u5668hep-kubernetes-master-prd-01<\/code>\u3001hep-kubernetes-master-prd-02<\/code>\u3001hep-kubernetes-master-prd-03<\/code>\u4e0a\u5206\u522b\u6267\u884c\u62c9\u53d6\u955c\u50cf\u3002<\/p>\n
        #hep-kubernetes-master-prd-01\u3001hep-kubernetes-master-prd-02\u3001hep-kubernetes-master-prd-03\u4e0a\u6267\u884c\nkubeadm config images pull --image-repository=registry.aliyuncs.com\/google_containers --kubernetes-version=v1.30.4<\/code><\/pre>\n
        \u4efb\u610f\u4e00\u53f0\u4e3b\u8282\u70b9\u4e0a\u6267\u884c\u4e0b\u9762\u547d\u4ee4\u8fdb\u884c\u521d\u59cb\u5316\uff0c\u6211\u9009\u62e9\u4e86hep-kubernetes-master-prd-01<\/code>\u8fd9\u53f0\u3002<\/p>\n
        kubeadm init  --apiserver-advertise-address=192.168.31.41 --control-plane-endpoint="192.168.31.49:6443" --upload-certs --image-repository=registry.aliyuncs.com\/google_containers --kubernetes-version=v1.30.4 --service-cidr=10.96.0.0\/12 --pod-network-cidr=10.244.0.0\/16 --cri-socket=unix:\/\/\/run\/containerd\/containerd.sock<\/code><\/pre>\n
        \u53c2\u6570\u89e3\u91ca\uff1a<\/p>\n
          \n
        • \n
          \u2013apiserver-advertise-address<\/code>\uff1a\u6267\u884c\u8fd9\u884c\u547d\u4ee4\u7684\u4e3b\u8282\u70b9IP\u5730\u5740\uff0c\u6ce8\u610f\u4fee\u6539\u4e3a\u4f60\u81ea\u5df1\u7684<\/p>\n<\/li>\n
        • \n
          \u2013control-plane-endpoint<\/code>\uff1a\u8d1f\u8f7d\u5747\u8861apiserver<\/code>\u7684\u865a\u62dfIP<\/code>\u5730\u5740\u548c\u7aef\u53e3\uff0c\u6ce8\u610f\u4fee\u6539\u4e3a\u81ea\u5df1\u7684<\/p>\n<\/li>\n
        • \n
          \u2013upload-certs<\/code>\uff1a\u6807\u5fd7\u7528\u6765\u5c06\u5728\u6240\u6709\u63a7\u5236\u5e73\u9762\u5b9e\u4f8b\u4e4b\u95f4\u7684\u5171\u4eab\u8bc1\u4e66\u4e0a\u4f20\u5230\u96c6\u7fa4<\/p>\n<\/li>\n
        • \n
          \u2013image-repository<\/code>\uff1a\u56e0\u4e3a\u5b98\u65b9\u955c\u50cf\u5728\u8c37\u6b4c\uff0c\u56fd\u5185\u62c9\u53d6\u4e0d\u4e0b\u6765\uff0c\u6240\u4ee5\u4f7f\u7528\u56fd\u5185\u7684\u963f\u91cc\u4e91\u955c\u50cf<\/p>\n<\/li>\n
        • \n
          \u2013kubernetes-version<\/code>\uff1aKubernetes<\/code>\u7684\u7248\u672c\u53f7<\/p>\n<\/li>\n
        • \n
          \u2013service-cidr<\/code>\uff1aService<\/code>\u7684\u7f51\u6bb5\u5730\u5740<\/p>\n<\/li>\n
        • \n
          \u2013pod-network-cidr<\/code>\uff1apod<\/code>\u7684\u7f51\u6bb5\u5730\u5740<\/p>\n<\/li>\n
        • \n
          \u2013cri-socket<\/code>\uff1a\u6807\u5fd7\u4f7f\u7528containerd<\/code>\u4f5c\u4e3a\u5bb9\u5668\u8fd0\u884c\u65f6<\/p>\n<\/li>\n<\/ul>\n
          root@hep-kubernetes-master-prd-01:\/# kubeadm init  --apiserver-advertise-address=192.168.31.41 --control-plane-endpoint="192.168.31.49:6443" --upload-certs --image-repository=registry.aliyuncs.com\/google_containers --kubernetes-version=v1.30.4 --service-cidr=10.96.0.0\/12 --pod-network-cidr=10.244.0.0\/16 --cri-socket=unix:\/\/\/run\/containerd\/containerd.sock\n[init] Using Kubernetes version: v1.30.4\n[preflight] Running pre-flight checks\n[preflight] Pulling images required for setting up a Kubernetes cluster\n[preflight] This might take a minute or two, depending on the speed of your internet connection\n[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'\n[certs] Using certificateDir folder "\/etc\/kubernetes\/pki"\n[certs] Generating "ca" certificate and key\n[certs] Generating "apiserver" certificate and key\n[certs] apiserver serving cert is signed for DNS names [hep-kubernetes-master-prd-01 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.31.41 192.168.31.49]\n[certs] Generating "apiserver-kubelet-client" certificate and key\n[certs] Generating "front-proxy-ca" certificate and key\n[certs] Generating "front-proxy-client" certificate and key\n[certs] Generating "etcd\/ca" certificate and key\n[certs] Generating "etcd\/server" certificate and key\n[certs] etcd\/server serving cert is signed for DNS names [hep-kubernetes-master-prd-01 localhost] and IPs [192.168.31.41 127.0.0.1 ::1]\n[certs] Generating "etcd\/peer" certificate and key\n[certs] etcd\/peer serving cert is signed for DNS names [hep-kubernetes-master-prd-01 localhost] and IPs [192.168.31.41 127.0.0.1 ::1]\n[certs] Generating "etcd\/healthcheck-client" certificate and key\n[certs] Generating "apiserver-etcd-client" certificate and key\n[certs] Generating "sa" key and public key\n[kubeconfig] Using kubeconfig folder "\/etc\/kubernetes"\n[kubeconfig] Writing "admin.conf" kubeconfig file\n[kubeconfig] Writing "super-admin.conf" kubeconfig file\n[kubeconfig] Writing "kubelet.conf" kubeconfig file\n[kubeconfig] Writing "controller-manager.conf" kubeconfig file\n[kubeconfig] Writing "scheduler.conf" kubeconfig file\n[etcd] Creating static Pod manifest for local etcd in "\/etc\/kubernetes\/manifests"\n[control-plane] Using manifest folder "\/etc\/kubernetes\/manifests"\n[control-plane] Creating static Pod manifest for "kube-apiserver"\n[control-plane] Creating static Pod manifest for "kube-controller-manager"\n[control-plane] Creating static Pod manifest for "kube-scheduler"\n[kubelet-start] Writing kubelet environment file with flags to file "\/var\/lib\/kubelet\/kubeadm-flags.env"\n[kubelet-start] Writing kubelet configuration to file "\/var\/lib\/kubelet\/config.yaml"\n[kubelet-start] Starting the kubelet\n[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "\/etc\/kubernetes\/manifests"\n[kubelet-check] Waiting for a healthy kubelet at http:\/\/127.0.0.1:10248\/healthz. This can take up to 4m0s\n[kubelet-check] The kubelet is healthy after 1.002423766s\n[api-check] Waiting for a healthy API server. This can take up to 4m0s\n[api-check] The API server is healthy after 8.031481885s\n[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace\n[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster\n[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace\n[upload-certs] Using certificate key:\n32a341ee000f200b411d5cdd0ddacc2d1813e968119b66795eb37eb8257f3e43\n[mark-control-plane] Marking the node hep-kubernetes-master-prd-01 as control-plane by adding the labels: [node-role.kubernetes.io\/control-plane node.kubernetes.io\/exclude-from-external-load-balancers]\n[mark-control-plane] Marking the node hep-kubernetes-master-prd-01 as control-plane by adding the taints [node-role.kubernetes.io\/control-plane:NoSchedule]\n[bootstrap-token] Using token: 2vqrer.gd62n98hnn8sllft\n[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles\n[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes\n[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials\n[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token\n[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster\n[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace\n[kubelet-finalize] Updating "\/etc\/kubernetes\/kubelet.conf" to point to a rotatable kubelet client certificate and key\n[addons] Applied essential addon: CoreDNS\n[addons] Applied essential addon: kube-proxy\n\nYour Kubernetes control-plane has initialized successfully!\n\nTo start using your cluster, you need to run the following as a regular user:\n\n  mkdir -p $HOME\/.kube\n  sudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\n  sudo chown $(id -u):$(id -g) $HOME\/.kube\/config\n\nAlternatively, if you are the root user, you can run:\n\n  export KUBECONFIG=\/etc\/kubernetes\/admin.conf\n\nYou should now deploy a pod network to the cluster.\nRun "kubectl apply -f [podnetwork].yaml" with one of the options listed at:\n  https:\/\/kubernetes.io\/docs\/concepts\/cluster-administration\/addons\/\n\nYou can now join any number of the control-plane node running the following command on each as root:\n\n  kubeadm join 192.168.31.49:6443 --token 2vqrer.gd62n98hnn8sllft \\\n        --discovery-token-ca-cert-hash sha256:bcc83fdffbb24d51576c2e7a37dd0c07d0068b3eb43327f254f326426f961fbe \\\n        --control-plane --certificate-key 32a341ee000f200b411d5cdd0ddacc2d1813e968119b66795eb37eb8257f3e43\n\nPlease note that the certificate-key gives access to cluster sensitive data, keep it secret!\nAs a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use\n"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.\n\nThen you can join any number of worker nodes by running the following on each as root:\n\nkubeadm join 192.168.31.49:6443 --token 2vqrer.gd62n98hnn8sllft \\\n        --discovery-token-ca-cert-hash sha256:bcc83fdffbb24d51576c2e7a37dd0c07d0068b3eb43327f254f326426f961fbe \nroot@hep-kubernetes-master-prd-01:\/# <\/code><\/pre>\n
          \u5982\u679c\u6267\u884c\u4e0d\u6210\u529f\uff0c\u53ef\u4ee5\u4f7f\u7528kubeadm reset<\/code>\u547d\u4ee4\uff0c\u4fee\u6539\u53c2\u6570\u540e\u91cd\u65b0\u6267\u884c\uff0c\u5982\u679c\u6267\u884c\u6210\u529f\u53ef\u4ee5kubectl get nodes -o wide<\/code>\u83b7\u5f97\u8282\u70b9\u4fe1\u606f\u3002<\/p>\n
          #\u83b7\u5f97node\nkubectl get nodes -o wide\n\n#\u91cd\u7f6e\nkubeadm reset<\/code><\/pre>\n
          \u5728\u521d\u59cb\u5316\u6210\u529f\u7684\u4e3b\u8282\u70b9\u672c\u5730\u6267\u884c<\/p>\n
          mkdir -p $HOME\/.kube\nsudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\nsudo chown $(id -u):$(id -g) $HOME\/.kube\/config<\/code><\/pre>\n
          \u5176\u4f59\u4e3b\u8282\u70b9\u6267\u884c\u8fd9\u6761\u547d\u4e86\u52a0\u5165\u4e3b\u8282\u70b9\u96c6\u7fa4\uff0c\u6ce8\u610f\u540e\u9762\u52a0\u4e0a\u4e86 --cri-<\/code>\u3002\u8fd9\u91cc\u7684token<\/code>\u3001certificate<\/code>\u90fd\u4e0d\u4e00\u6837\uff0c\u4f60\u53ef\u4ee5\u6839\u636e\u4e0a\u9762\u521d\u59cb\u5316\u6210\u529f\u540e\u8fd4\u56de\u7684\u4ee3\u7801\u4e2d\uff0c\u6709\u5bf9\u5e94\u7684\u4e3b\u8282\u70b9\u548c\u5de5\u4f5c\u8282\u70b9\u52a0\u5165\u96c6\u7fa4\u7684\u547d\u4ee4\uff0c\u590d\u5236\u8fc7\u6765\u5c31\u884c\u5566\u3002<\/p>\n
          kubeadm join 192.168.31.49:6443 --token 2vqrer.gd62n98hnn8sllft \\\n        --discovery-token-ca-cert-hash sha256:bcc83fdffbb24d51576c2e26f961fbe7a37dd0c07d0068b3eb43327f254f3264 \\\n        --control-plane --certificate-key 32a341ee000f200b411d5cdd0ddb37eb8257f3e43acc2d1813e968119b66795e \\\n        --cri-socket=unix:\/\/\/run\/containerd\/containerd.sock\n\n#\u5982\u679c\u6709\u62a5\u9519\u53ef\u80fd\u662f\u6362\u884c\u7684\u539f\u56e0\uff0c\u53ef\u4ee5\u5199\u6210\u4e00\u884c\u7684\u5f62\u5f0f\nkubeadm join 192.168.31.49:6443 --token 2vqrer.gd62n98hnn8sllft --discovery-token-ca-cert-hash sha256:bcc83fdffbb24d51576c2e26f961fbe7a37dd0c07d0068b3eb43327f254f3264 --control-plane --certificate-key 32a341ee000f200b411d5cdd0ddb37eb8257f3e43acc2d1813e968119b66795e --cri-socket=unix:\/\/\/run\/containerd\/containerd.sock<\/code><\/pre>\n
          \u521d\u59cb\u5316\u6210\u529f\u4e4b\u540e\uff0c\u53ef\u4ee5\u67e5\u770b\u4e00\u4e0bpod<\/code>\u4fe1\u606f<\/p>\n
          kubectl get pods --all-namespaces<\/code><\/pre>\n
          \u516d\u3001\u52a0\u5165\u5de5\u4f5c\u8282\u70b9<\/h2>\n
          6.1 hep-kubernetes-worker-prd-01<\/h3>\n
          #\u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname ep-kubernetes-worker-prd-01\n#\u4fee\u6539hosts\u6587\u4ef6\uff0c\u628ak8s\u6240\u6709\u673a\u5668\u4e3b\u673a\u540d\u90fd\u586b\u4e0a\u53bb\uff0c\u8fd9\u6837\u96c6\u7fa4\u5185\u5c31\u53ef\u4ee5\u6839\u636e\u4e3b\u673a\u540d\u5339\u914d\u5230\u5bf9\u5e94\u7684IP\u5730\u5740\uff0c\u4ece\u800c\u8fdb\u884c\u901a\u4fe1\u4e86\nvim \/etc\/hosts\n#\u589e\u52a0\u5982\u4e0b\u5185\u5bb9\n192.168.31.41 hep-kubernetes-master-prd-01\n192.168.31.42 hep-kubernetes-master-prd-02\n192.168.31.43 hep-kubernetes-master-prd-03\n192.168.31.44 hep-kubernetes-apiserver-lb-prd-01\n192.168.31.45 hep-kubernetes-apiserver-lb-prd-02\n192.168.31.46 hep-kubernetes-worker-prd-01\n192.168.31.47 hep-kubernetes-worker-prd-02\n192.168.31.48 hep-kubernetes-worker-prd-03\n\n#\u8bbe\u7f6e\u4e3a\u4e2d\u56fd\u4e0a\u6d77\u65f6\u533a\ntimedatectl set-timezone Asia\/Shanghai\n\n#\u65f6\u95f4\u540c\u6b65\u5de5\u5177\napt install -y ntpdate\n#\u8fdb\u884c\u65f6\u95f4\u540c\u6b65\nntpdate ntp.aliyun.com\n\n#\u4fee\u6539\/etc\/fstab\u6587\u4ef6\u6ce8\u91ca\u6389\u5e26\/swap.img\u7684\u8fd9\u4e00\u884c\nvim \/etc\/fstab\n\n# \u8bbe\u7f6e\u6240\u9700\u7684 sysctl \u53c2\u6570\uff0c\u53c2\u6570\u5728\u91cd\u65b0\u542f\u52a8\u540e\u4fdd\u6301\u4e0d\u53d8\ncat <<EOF | sudo tee \/etc\/sysctl.d\/k8s.conf\nnet.ipv4.ip_forward = 1\nEOF\n\n# \u5e94\u7528 sysctl \u53c2\u6570\u800c\u4e0d\u91cd\u65b0\u542f\u52a8\nsysctl --system\n\n#\u9a8c\u8bc1 net.ipv4.ip_forward \u662f\u5426\u8bbe\u7f6e\u4e3a 1\nsysctl net.ipv4.ip_forward\n\n#\u9009\u7528\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\u662fcontainerd\uff0c\u7248\u672c\u53f7\u4e3a 1.7.20\uff0c\u53ef\u76f4\u63a5\u6267\u884c\u4e0b\u9762\u8fd9\u884c\u547d\u4ee4\u4e0b\u8f7d\u6b64\u5b89\u88c5\u5305\ncurl -LO https:\/\/github.com\/containerd\/containerd\/releases\/download\/v1.7.20\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz\n\n#\u6211\u8fd9\u91cc\u662f\u4f7f\u7528\u7684webmin\u8fdc\u7a0b\u767b\u5f55\u5230\u5bb6\u91cc\u7684\u673a\u5668\uff0c\u4ece\u8fd9\u53f0\u673a\u5668\u62f7\u8d1dcontainerd\u5230\u5f53\u524d\u673a\u5668\nscp root@192.168.31.2:\/usr\/software\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz \/usr\/software\/\n\n#\u538b\u7f29\u5305\u89e3\u538b\u5230\u6839\u76ee\u5f55\ntar -zxvf cri-containerd-cni-1.7.20-linux-amd64.tar.gz -C \/\n\n#\u67e5\u770b\u7248\u672c\u53f7\ncontainerd --version\n\n#\u56e0\u4e3a\u5b89\u88c5\u540e\u9ed8\u8ba4\u662f\u4e0d\u81ea\u5e26\u914d\u7f6e\u6587\u4ef6\u7684\uff0c\u6240\u4ee5\u9700\u8981\u521b\u5efa\u76ee\u5f55\u5e76\u751f\u6210\u914d\u7f6e\u6587\u4ef6\nmkdir \/etc\/containerd\n\n#\u6267\u884c\u8fd9\u884c\u547d\u4ee4\u751f\u6210\u914d\u7f6e\u6587\u4ef6\ncontainerd config default | sudo tee \/etc\/containerd\/config.toml\n\nvim \/etc\/containerd\/config.toml\n#\u56e0\u4e3a\u9ed8\u8ba4\u7684pause\u955c\u50cf\u662f\u5728\u8c37\u6b4c\u4e0a\u62c9\u53d6\u7684\uff0c\u56fd\u5185\u62c9\u53d6\u4e0d\u4e0b\u6765\uff0c\u6240\u4ee5\u9700\u8981\u4fee\u6539 \/etc\/containerd\/config.toml \u914d\u7f6e\u6587\u4ef6\uff0c\u5c06pause\u955c\u50cf\u6539\u4e3a registry.aliyuncs.com\/google_containers\/pause:3.9\nsandbox_image = "registry.aliyuncs.com\/google_containers\/pause:3.9"\n#\u641c\u7d22plugins."io.containerd.grpc.v1.cri".registry.mirrors\uff0c\u589e\u52a0\u51e0\u4e2adocker\u4ed3\u5e93\n[plugins."io.containerd.grpc.v1.cri".registry.mirrors]\n  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.m.daocloud.io"]\n        endpoint = ["https:\/\/docker.m.daocloud.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/noohub.ru"]\n        endpoint = ["https:\/\/noohub.ru"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/huecker.io"]\n        endpoint = ["https:\/\/huecker.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/dockerhub.timeweb.cloud"]\n        endpoint = ["https:\/\/dockerhub.timeweb.cloud"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.rainbond.cc"]\n       endpoint = ["https:\/\/docker.rainbond.cc"]\n\n#\u7136\u540e\u9700\u8981\u5f00\u542fcgroup\uff0c\u7528\u4e8e\u9650\u5236\u5206\u914d\u7ed9\u8fdb\u7a0b\u7684\u8d44\u6e90\u3002\u5c06SystemdCgroup\u8bbe\u7f6e\u4e3atrue\nSystemdCgroup = true\n\n#\u542f\u52a8containerd\uff0c\u5e76\u8bbe\u7f6e\u4e3a\u5f00\u673a\u81ea\u542f\u52a8\nsystemctl start containerd\nsystemctl enable --now containerd\n\n#\u5f00\u653e\u7aef\u53e3\uff0c\u8fd9\u662f\u767e\u5ea6\u51fa\u7684K8S\u96c6\u7fa4\u9700\u8981\u901a\u4fe1\u7684\u7aef\u53e3\u53f7\nufw allow 6443\nufw allow 10248\nufw allow 10259\nufw allow 10257\nufw allow 10250\nufw allow 10251\nufw allow 10252\nufw allow 10259\nufw allow 10257\nufw allow 10255\nufw allow 10256\nufw allow 2375\nufw allow 8472\nufw allow 4789\nufw allow 9099\nufw allow 9796\nufw allow 2379\nufw allow 2380\nufw allow 80\nufw allow 443\nufw allow 9443\n\n#\u5f00\u673a\u81ea\u542f\u52a8\nufw enable\n\n#\u5f53\u7136\u4f60\u4e5f\u53ef\u4ee5\u65e0\u8111\u64cd\u4f5c\u5173\u95ed\u9632\u706b\u5899\uff0c\u4f46\u751f\u4ea7\u73af\u5883\u4e0d\u5efa\u8bae\uff0c\u5982\u679c\u4f60\u53ea\u662f\u672c\u5730\u8dd1\u8dd1\u73a9\u73a9\nufw disable\n\napt update\n#apt-transport-https\u53ef\u80fd\u662f\u4e00\u4e2a\u865a\u62df\u5305(dummy package)\uff0c\u5982\u679c\u662f\u7684\u8bdd\uff0c\u4f60\u53ef\u4ee5\u8df3\u8fc7\u5b89\u88c5\u8fd9\u4e2a\u5305\napt install -y apt-transport-https ca-certificates curl gpg\n\n# \u4e0b\u8f7d\u7528\u4e8e Kubernetes \u8f6f\u4ef6\u5305\u4ed3\u5e93\u7684\u516c\u5171\u7b7e\u540d\u5bc6\u94a5\u3002\u5982\u679c\/etc\/apt\/keyrings\u76ee\u5f55\u4e0d\u5b58\u5728\uff0c\u5219\u5e94\u5728curl\u547d\u4ee4\u4e4b\u524d\u521b\u5efa\u5b83\uff0c\u8bf7\u9605\u8bfb\u4e0b\u9762\u7684\u6ce8\u91ca\n# sudo mkdir -p -m 755 \/etc\/apt\/keyrings\ncurl -fsSL https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.30\/deb\/Release.key | sudo gpg --dearmor -o \/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg\n\n#\u6dfb\u52a0Kubernetes apt\u4ed3\u5e93\u3002\u6b64\u64cd\u4f5c\u4f1a\u8986\u76d6\/etc\/apt\/sources.list.d\/kubernetes.list\u4e2d\u73b0\u5b58\u7684\u6240\u6709\u914d\u7f6e\u3002\necho 'deb [signed-by=\/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg] https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.30\/deb\/ \/' | sudo tee \/etc\/apt\/sources.list.d\/kubernetes.list\n\n#\u66f4\u65b0apt\u5305\u7d22\u5f15\uff0c\u5b89\u88c5kubelet\u3001kubeadm\u548ckubectl\napt update\napt install -y kubelet kubeadm kubectl\n#\u9501\u5b9a\u5176\u7248\u672c\napt-mark hold kubelet kubeadm kubectl\n\n#\u4ece\u6307\u5b9a\u7684\u955c\u50cf\u4ed3\u5e93registry.aliyuncs.com\/google_containers\u62c9\u53d6\u5b89\u88c5 Kubernetes\u6307\u5b9a\u7248\u672cv1.30.4\u6240\u9700\u7684\u5bb9\u5668\u955c\u50cf\nkubeadm config images pull --image-repository=registry.aliyuncs.com\/google_containers --kubernetes-version=v1.30.4\n\n#\u52a0\u5165k8s\u96c6\u7fa4\nkubeadm join 192.168.31.49:6443 --token 2vqrer.gd62n98hnn8sllft --discovery-token-ca-cert-hash sha256:bcc83fdffbb24d51576c2e26f961fbe7a37dd0c07d0068b3eb43327f254f3264 --cri-socket=unix:\/\/\/run\/containerd\/containerd.sock\n<\/code><\/pre>\n
          6.2 hep-kubernetes-worker-prd-02<\/h3>\n
          #\u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname ep-kubernetes-worker-prd-02\n#\u4fee\u6539hosts\u6587\u4ef6\uff0c\u628ak8s\u6240\u6709\u673a\u5668\u4e3b\u673a\u540d\u90fd\u586b\u4e0a\u53bb\uff0c\u8fd9\u6837\u96c6\u7fa4\u5185\u5c31\u53ef\u4ee5\u6839\u636e\u4e3b\u673a\u540d\u5339\u914d\u5230\u5bf9\u5e94\u7684IP\u5730\u5740\uff0c\u4ece\u800c\u8fdb\u884c\u901a\u4fe1\u4e86\nvim \/etc\/hosts\n#\u589e\u52a0\u5982\u4e0b\u5185\u5bb9\n192.168.31.41 hep-kubernetes-master-prd-01\n192.168.31.42 hep-kubernetes-master-prd-02\n192.168.31.43 hep-kubernetes-master-prd-03\n192.168.31.44 hep-kubernetes-apiserver-lb-prd-01\n192.168.31.45 hep-kubernetes-apiserver-lb-prd-02\n192.168.31.46 hep-kubernetes-worker-prd-01\n192.168.31.47 hep-kubernetes-worker-prd-02\n192.168.31.48 hep-kubernetes-worker-prd-03\n\n#\u8bbe\u7f6e\u4e3a\u4e2d\u56fd\u4e0a\u6d77\u65f6\u533a\ntimedatectl set-timezone Asia\/Shanghai\n\n#\u65f6\u95f4\u540c\u6b65\u5de5\u5177\napt install -y ntpdate\n#\u8fdb\u884c\u65f6\u95f4\u540c\u6b65\nntpdate ntp.aliyun.com\n\n#\u4fee\u6539\/etc\/fstab\u6587\u4ef6\u6ce8\u91ca\u6389\u5e26\/swap.img\u7684\u8fd9\u4e00\u884c\nvim \/etc\/fstab\n\n# \u8bbe\u7f6e\u6240\u9700\u7684 sysctl \u53c2\u6570\uff0c\u53c2\u6570\u5728\u91cd\u65b0\u542f\u52a8\u540e\u4fdd\u6301\u4e0d\u53d8\ncat <<EOF | sudo tee \/etc\/sysctl.d\/k8s.conf\nnet.ipv4.ip_forward = 1\nEOF\n\n# \u5e94\u7528 sysctl \u53c2\u6570\u800c\u4e0d\u91cd\u65b0\u542f\u52a8\nsysctl --system\n\n#\u9a8c\u8bc1 net.ipv4.ip_forward \u662f\u5426\u8bbe\u7f6e\u4e3a 1\nsysctl net.ipv4.ip_forward\n\n#\u9009\u7528\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\u662fcontainerd\uff0c\u7248\u672c\u53f7\u4e3a 1.7.20\uff0c\u53ef\u76f4\u63a5\u6267\u884c\u4e0b\u9762\u8fd9\u884c\u547d\u4ee4\u4e0b\u8f7d\u6b64\u5b89\u88c5\u5305\ncurl -LO https:\/\/github.com\/containerd\/containerd\/releases\/download\/v1.7.20\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz\n\n#\u6211\u8fd9\u91cc\u662f\u4f7f\u7528\u7684webmin\u8fdc\u7a0b\u767b\u5f55\u5230\u5bb6\u91cc\u7684\u673a\u5668\uff0c\u4ece\u8fd9\u53f0\u673a\u5668\u62f7\u8d1dcontainerd\u5230\u5f53\u524d\u673a\u5668\nscp root@192.168.31.2:\/usr\/software\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz \/usr\/software\/\n\n#\u538b\u7f29\u5305\u89e3\u538b\u5230\u6839\u76ee\u5f55\ntar -zxvf cri-containerd-cni-1.7.20-linux-amd64.tar.gz -C \/\n\n#\u67e5\u770b\u7248\u672c\u53f7\ncontainerd --version\n\n#\u56e0\u4e3a\u5b89\u88c5\u540e\u9ed8\u8ba4\u662f\u4e0d\u81ea\u5e26\u914d\u7f6e\u6587\u4ef6\u7684\uff0c\u6240\u4ee5\u9700\u8981\u521b\u5efa\u76ee\u5f55\u5e76\u751f\u6210\u914d\u7f6e\u6587\u4ef6\nmkdir \/etc\/containerd\n\n#\u6267\u884c\u8fd9\u884c\u547d\u4ee4\u751f\u6210\u914d\u7f6e\u6587\u4ef6\ncontainerd config default | sudo tee \/etc\/containerd\/config.toml\n\nvim \/etc\/containerd\/config.toml\n#\u56e0\u4e3a\u9ed8\u8ba4\u7684pause\u955c\u50cf\u662f\u5728\u8c37\u6b4c\u4e0a\u62c9\u53d6\u7684\uff0c\u56fd\u5185\u62c9\u53d6\u4e0d\u4e0b\u6765\uff0c\u6240\u4ee5\u9700\u8981\u4fee\u6539 \/etc\/containerd\/config.toml \u914d\u7f6e\u6587\u4ef6\uff0c\u5c06pause\u955c\u50cf\u6539\u4e3a registry.aliyuncs.com\/google_containers\/pause:3.9\nsandbox_image = "registry.aliyuncs.com\/google_containers\/pause:3.9"\n#\u641c\u7d22plugins."io.containerd.grpc.v1.cri".registry.mirrors\uff0c\u589e\u52a0\u51e0\u4e2adocker\u4ed3\u5e93\n[plugins."io.containerd.grpc.v1.cri".registry.mirrors]\n  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.m.daocloud.io"]\n        endpoint = ["https:\/\/docker.m.daocloud.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/noohub.ru"]\n        endpoint = ["https:\/\/noohub.ru"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/huecker.io"]\n        endpoint = ["https:\/\/huecker.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/dockerhub.timeweb.cloud"]\n        endpoint = ["https:\/\/dockerhub.timeweb.cloud"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.rainbond.cc"]\n       endpoint = ["https:\/\/docker.rainbond.cc"]\n\n#\u7136\u540e\u9700\u8981\u5f00\u542fcgroup\uff0c\u7528\u4e8e\u9650\u5236\u5206\u914d\u7ed9\u8fdb\u7a0b\u7684\u8d44\u6e90\u3002\u5c06SystemdCgroup\u8bbe\u7f6e\u4e3atrue\nSystemdCgroup = true\n\n#\u542f\u52a8containerd\uff0c\u5e76\u8bbe\u7f6e\u4e3a\u5f00\u673a\u81ea\u542f\u52a8\nsystemctl start containerd\nsystemctl enable --now containerd\n\n#\u5f00\u653e\u7aef\u53e3\uff0c\u8fd9\u662f\u767e\u5ea6\u51fa\u7684K8S\u96c6\u7fa4\u9700\u8981\u901a\u4fe1\u7684\u7aef\u53e3\u53f7\nufw allow 6443\nufw allow 10248\nufw allow 10259\nufw allow 10257\nufw allow 10250\nufw allow 10251\nufw allow 10252\nufw allow 10259\nufw allow 10257\nufw allow 10255\nufw allow 10256\nufw allow 2375\nufw allow 8472\nufw allow 4789\nufw allow 9099\nufw allow 9796\nufw allow 2379\nufw allow 2380\nufw allow 80\nufw allow 443\nufw allow 9443\n\n#\u5f00\u673a\u81ea\u542f\u52a8\nufw enable\n\n#\u5f53\u7136\u4f60\u4e5f\u53ef\u4ee5\u65e0\u8111\u64cd\u4f5c\u5173\u95ed\u9632\u706b\u5899\uff0c\u4f46\u751f\u4ea7\u73af\u5883\u4e0d\u5efa\u8bae\uff0c\u5982\u679c\u4f60\u53ea\u662f\u672c\u5730\u8dd1\u8dd1\u73a9\u73a9\nufw disable\n\napt update\n#apt-transport-https\u53ef\u80fd\u662f\u4e00\u4e2a\u865a\u62df\u5305(dummy package)\uff0c\u5982\u679c\u662f\u7684\u8bdd\uff0c\u4f60\u53ef\u4ee5\u8df3\u8fc7\u5b89\u88c5\u8fd9\u4e2a\u5305\napt install -y apt-transport-https ca-certificates curl gpg\n\n# \u4e0b\u8f7d\u7528\u4e8e Kubernetes \u8f6f\u4ef6\u5305\u4ed3\u5e93\u7684\u516c\u5171\u7b7e\u540d\u5bc6\u94a5\u3002\u5982\u679c\/etc\/apt\/keyrings\u76ee\u5f55\u4e0d\u5b58\u5728\uff0c\u5219\u5e94\u5728curl\u547d\u4ee4\u4e4b\u524d\u521b\u5efa\u5b83\uff0c\u8bf7\u9605\u8bfb\u4e0b\u9762\u7684\u6ce8\u91ca\n# sudo mkdir -p -m 755 \/etc\/apt\/keyrings\ncurl -fsSL https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.30\/deb\/Release.key | sudo gpg --dearmor -o \/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg\n\n#\u6dfb\u52a0Kubernetes apt\u4ed3\u5e93\u3002\u6b64\u64cd\u4f5c\u4f1a\u8986\u76d6\/etc\/apt\/sources.list.d\/kubernetes.list\u4e2d\u73b0\u5b58\u7684\u6240\u6709\u914d\u7f6e\u3002\necho 'deb [signed-by=\/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg] https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.30\/deb\/ \/' | sudo tee \/etc\/apt\/sources.list.d\/kubernetes.list\n\n#\u66f4\u65b0apt\u5305\u7d22\u5f15\uff0c\u5b89\u88c5kubelet\u3001kubeadm\u548ckubectl\napt update\napt install -y kubelet kubeadm kubectl\n#\u9501\u5b9a\u5176\u7248\u672c\napt-mark hold kubelet kubeadm kubectl\n\n#\u4ece\u6307\u5b9a\u7684\u955c\u50cf\u4ed3\u5e93registry.aliyuncs.com\/google_containers\u62c9\u53d6\u5b89\u88c5 Kubernetes\u6307\u5b9a\u7248\u672cv1.30.4\u6240\u9700\u7684\u5bb9\u5668\u955c\u50cf\nkubeadm config images pull --image-repository=registry.aliyuncs.com\/google_containers --kubernetes-version=v1.30.4\n\n#\u52a0\u5165k8s\u96c6\u7fa4\nkubeadm join 192.168.31.49:6443 --token 75zmv3.h2hus7ym9b5lhsym \\\n        --discovery-token-ca-cert-hash sha256:cb65e5d203864392463f630741beea2be3f0453cbf119536c0454560d754939d \n         --cri-socket=unix:\/\/\/run\/containerd\/containerd.sock<\/code><\/pre>\n
          6.3 hep-kubernetes-worker-prd-03<\/h3>\n
          #\u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname ep-kubernetes-worker-prd-03\n#\u4fee\u6539hosts\u6587\u4ef6\uff0c\u628ak8s\u6240\u6709\u673a\u5668\u4e3b\u673a\u540d\u90fd\u586b\u4e0a\u53bb\uff0c\u8fd9\u6837\u96c6\u7fa4\u5185\u5c31\u53ef\u4ee5\u6839\u636e\u4e3b\u673a\u540d\u5339\u914d\u5230\u5bf9\u5e94\u7684IP\u5730\u5740\uff0c\u4ece\u800c\u8fdb\u884c\u901a\u4fe1\u4e86\nvim \/etc\/hosts\n#\u589e\u52a0\u5982\u4e0b\u5185\u5bb9\n192.168.31.41 hep-kubernetes-master-prd-01\n192.168.31.42 hep-kubernetes-master-prd-02\n192.168.31.43 hep-kubernetes-master-prd-03\n192.168.31.44 hep-kubernetes-apiserver-lb-prd-01\n192.168.31.45 hep-kubernetes-apiserver-lb-prd-02\n192.168.31.46 hep-kubernetes-worker-prd-01\n192.168.31.47 hep-kubernetes-worker-prd-02\n192.168.31.48 hep-kubernetes-worker-prd-03\n\n#\u8bbe\u7f6e\u4e3a\u4e2d\u56fd\u4e0a\u6d77\u65f6\u533a\ntimedatectl set-timezone Asia\/Shanghai\n\n#\u65f6\u95f4\u540c\u6b65\u5de5\u5177\napt install -y ntpdate\n#\u8fdb\u884c\u65f6\u95f4\u540c\u6b65\nntpdate ntp.aliyun.com\n\n#\u4fee\u6539\/etc\/fstab\u6587\u4ef6\u6ce8\u91ca\u6389\u5e26\/swap.img\u7684\u8fd9\u4e00\u884c\nvim \/etc\/fstab\n\n# \u8bbe\u7f6e\u6240\u9700\u7684 sysctl \u53c2\u6570\uff0c\u53c2\u6570\u5728\u91cd\u65b0\u542f\u52a8\u540e\u4fdd\u6301\u4e0d\u53d8\ncat <<EOF | sudo tee \/etc\/sysctl.d\/k8s.conf\nnet.ipv4.ip_forward = 1\nEOF\n\n# \u5e94\u7528 sysctl \u53c2\u6570\u800c\u4e0d\u91cd\u65b0\u542f\u52a8\nsysctl --system\n\n#\u9a8c\u8bc1 net.ipv4.ip_forward \u662f\u5426\u8bbe\u7f6e\u4e3a 1\nsysctl net.ipv4.ip_forward\n\n#\u9009\u7528\u7684\u5bb9\u5668\u8fd0\u884c\u65f6\u662fcontainerd\uff0c\u7248\u672c\u53f7\u4e3a 1.7.20\uff0c\u53ef\u76f4\u63a5\u6267\u884c\u4e0b\u9762\u8fd9\u884c\u547d\u4ee4\u4e0b\u8f7d\u6b64\u5b89\u88c5\u5305\ncurl -LO https:\/\/github.com\/containerd\/containerd\/releases\/download\/v1.7.20\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz\n\n#\u6211\u8fd9\u91cc\u662f\u4f7f\u7528\u7684webmin\u8fdc\u7a0b\u767b\u5f55\u5230\u5bb6\u91cc\u7684\u673a\u5668\uff0c\u4ece\u8fd9\u53f0\u673a\u5668\u62f7\u8d1dcontainerd\u5230\u5f53\u524d\u673a\u5668\nscp root@192.168.31.2:\/usr\/software\/cri-containerd-cni-1.7.20-linux-amd64.tar.gz \/usr\/software\/\n\n#\u538b\u7f29\u5305\u89e3\u538b\u5230\u6839\u76ee\u5f55\ntar -zxvf cri-containerd-cni-1.7.20-linux-amd64.tar.gz -C \/\n\n#\u67e5\u770b\u7248\u672c\u53f7\ncontainerd --version\n\n#\u56e0\u4e3a\u5b89\u88c5\u540e\u9ed8\u8ba4\u662f\u4e0d\u81ea\u5e26\u914d\u7f6e\u6587\u4ef6\u7684\uff0c\u6240\u4ee5\u9700\u8981\u521b\u5efa\u76ee\u5f55\u5e76\u751f\u6210\u914d\u7f6e\u6587\u4ef6\nmkdir \/etc\/containerd\n\n#\u6267\u884c\u8fd9\u884c\u547d\u4ee4\u751f\u6210\u914d\u7f6e\u6587\u4ef6\ncontainerd config default | sudo tee \/etc\/containerd\/config.toml\n\nvim \/etc\/containerd\/config.toml\n#\u56e0\u4e3a\u9ed8\u8ba4\u7684pause\u955c\u50cf\u662f\u5728\u8c37\u6b4c\u4e0a\u62c9\u53d6\u7684\uff0c\u56fd\u5185\u62c9\u53d6\u4e0d\u4e0b\u6765\uff0c\u6240\u4ee5\u9700\u8981\u4fee\u6539 \/etc\/containerd\/config.toml \u914d\u7f6e\u6587\u4ef6\uff0c\u5c06pause\u955c\u50cf\u6539\u4e3a registry.aliyuncs.com\/google_containers\/pause:3.9\nsandbox_image = "registry.aliyuncs.com\/google_containers\/pause:3.9"\n#\u641c\u7d22plugins."io.containerd.grpc.v1.cri".registry.mirrors\uff0c\u589e\u52a0\u51e0\u4e2adocker\u4ed3\u5e93\n[plugins."io.containerd.grpc.v1.cri".registry.mirrors]\n  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.m.daocloud.io"]\n        endpoint = ["https:\/\/docker.m.daocloud.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/noohub.ru"]\n        endpoint = ["https:\/\/noohub.ru"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/huecker.io"]\n        endpoint = ["https:\/\/huecker.io"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/dockerhub.timeweb.cloud"]\n        endpoint = ["https:\/\/dockerhub.timeweb.cloud"]\n      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."https:\/\/docker.rainbond.cc"]\n       endpoint = ["https:\/\/docker.rainbond.cc"]\n\n#\u7136\u540e\u9700\u8981\u5f00\u542fcgroup\uff0c\u7528\u4e8e\u9650\u5236\u5206\u914d\u7ed9\u8fdb\u7a0b\u7684\u8d44\u6e90\u3002\u5c06SystemdCgroup\u8bbe\u7f6e\u4e3atrue\nSystemdCgroup = true\n\n#\u542f\u52a8containerd\uff0c\u5e76\u8bbe\u7f6e\u4e3a\u5f00\u673a\u81ea\u542f\u52a8\nsystemctl start containerd\nsystemctl enable --now containerd\n\n#\u5f00\u653e\u7aef\u53e3\uff0c\u8fd9\u662f\u767e\u5ea6\u51fa\u7684K8S\u96c6\u7fa4\u9700\u8981\u901a\u4fe1\u7684\u7aef\u53e3\u53f7\nufw allow 6443\nufw allow 10248\nufw allow 10259\nufw allow 10257\nufw allow 10250\nufw allow 10251\nufw allow 10252\nufw allow 10259\nufw allow 10257\nufw allow 10255\nufw allow 10256\nufw allow 2375\nufw allow 8472\nufw allow 4789\nufw allow 9099\nufw allow 9796\nufw allow 2379\nufw allow 2380\nufw allow 80\nufw allow 443\nufw allow 9443\n\n#\u5f00\u673a\u81ea\u542f\u52a8\nufw enable\n\n#\u5f53\u7136\u4f60\u4e5f\u53ef\u4ee5\u65e0\u8111\u64cd\u4f5c\u5173\u95ed\u9632\u706b\u5899\uff0c\u4f46\u751f\u4ea7\u73af\u5883\u4e0d\u5efa\u8bae\uff0c\u5982\u679c\u4f60\u53ea\u662f\u672c\u5730\u8dd1\u8dd1\u73a9\u73a9\nufw disable\n\napt update\n#apt-transport-https\u53ef\u80fd\u662f\u4e00\u4e2a\u865a\u62df\u5305(dummy package)\uff0c\u5982\u679c\u662f\u7684\u8bdd\uff0c\u4f60\u53ef\u4ee5\u8df3\u8fc7\u5b89\u88c5\u8fd9\u4e2a\u5305\napt install -y apt-transport-https ca-certificates curl gpg\n\n# \u4e0b\u8f7d\u7528\u4e8e Kubernetes \u8f6f\u4ef6\u5305\u4ed3\u5e93\u7684\u516c\u5171\u7b7e\u540d\u5bc6\u94a5\u3002\u5982\u679c\/etc\/apt\/keyrings\u76ee\u5f55\u4e0d\u5b58\u5728\uff0c\u5219\u5e94\u5728curl\u547d\u4ee4\u4e4b\u524d\u521b\u5efa\u5b83\uff0c\u8bf7\u9605\u8bfb\u4e0b\u9762\u7684\u6ce8\u91ca\n# sudo mkdir -p -m 755 \/etc\/apt\/keyrings\ncurl -fsSL https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.30\/deb\/Release.key | sudo gpg --dearmor -o \/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg\n\n#\u6dfb\u52a0Kubernetes apt\u4ed3\u5e93\u3002\u6b64\u64cd\u4f5c\u4f1a\u8986\u76d6\/etc\/apt\/sources.list.d\/kubernetes.list\u4e2d\u73b0\u5b58\u7684\u6240\u6709\u914d\u7f6e\u3002\necho 'deb [signed-by=\/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg] https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.30\/deb\/ \/' | sudo tee \/etc\/apt\/sources.list.d\/kubernetes.list\n\n#\u66f4\u65b0apt\u5305\u7d22\u5f15\uff0c\u5b89\u88c5kubelet\u3001kubeadm\u548ckubectl\napt update\napt install -y kubelet kubeadm kubectl\n#\u9501\u5b9a\u5176\u7248\u672c\napt-mark hold kubelet kubeadm kubectl\n\n#\u4ece\u6307\u5b9a\u7684\u955c\u50cf\u4ed3\u5e93registry.aliyuncs.com\/google_containers\u62c9\u53d6\u5b89\u88c5 Kubernetes\u6307\u5b9a\u7248\u672cv1.30.4\u6240\u9700\u7684\u5bb9\u5668\u955c\u50cf\nkubeadm config images pull --image-repository=registry.aliyuncs.com\/google_containers --kubernetes-version=v1.30.4\n\n#\u52a0\u5165k8s\u96c6\u7fa4\nkubeadm join 192.168.31.49:6443 --token 75zmv3.h2hus7ym9b5lhsym \\\n        --discovery-token-ca-cert-hash sha256:cb65e5d203864392463f630741beea2be3f0453cbf119536c0454560d754939d \n         --cri-socket=unix:\/\/\/run\/containerd\/containerd.sock<\/code><\/pre>\n
          \u4e03\u3001\u5b89\u88c5calico\u7f51\u7edc\u63d2\u4ef6<\/h2>\n
          \u5927\u4f6c\u8bf4\u7684\u65b9\u5f0f\u662f\uff0c\u5982\u679c\u4f60\u7684\u8282\u70b9\u6570\u91cf\u5c0f\u4e8e\u7b49\u4e8e50\uff0c\u6267\u884c\u4e0b\u9762\u8fd9\u884c\u547d\u4ee4\u5b89\u88c5calico<\/code>\u3002<\/p>\n
          kubectl create -f https:\/\/raw.githubusercontent.com\/xiaohh-me\/kubernetes-yaml\/main\/network\/calico\/calico-v3.28.1.yaml<\/code><\/pre>\n
          \u5982\u679c\u4f60\u7684\u8282\u70b9\u6570\u91cf\u5927\u4e8e50\u4e2a\uff0c\u6267\u884c\u8fd9\u884c\u547d\u4ee4\u8fdb\u884c\u5b89\u88c5calico<\/p>\n
          kubectl create -f https:\/\/raw.githubusercontent.com\/xiaohh-me\/kubernetes-yaml\/main\/network\/calico\/calico-typha-v3.28.1.yaml<\/code><\/pre>\n
          \u4f46\u662f\u6211\u7684\u673a\u5668\u8fd8\u662f\u8bbf\u95ee\u4e0d\u5230\u8fd9\u4e2a\u7f51\u5740\uff0c\u6240\u4ee5\u81ea\u5df1\u64cd\u4f5c\u4e00\u4e0b\u5427\u3002<\/p>\n
          #\u4f60\u53ef\u4ee5\u4f7f\u7528wget\u547d\u4ee4\u628a\u8fd9\u4e2a\u6587\u4ef6\u4e0b\u8f7d\u5230\u672c\u5730\uff0c\u6216\u8005\u76f4\u63a5\u8bbf\u95ee\u8fd9\u4e2a\u7f51\u5740\u62f7\u8d1d\u4e0b\u6765\u4fdd\u5b58\u90fd\u53ef\u4ee5\uff0c\u6700\u540e\u5c31\u662f\u4e2acalico-v3.28.1.yaml\u6587\u4ef6\u800c\u5df2\nwget https:\/\/raw.githubusercontent.com\/xiaohh-me\/kubernetes-yaml\/main\/network\/calico\/calico-v3.28.1.yaml\n\n#calico-v3.28.1.yaml\u8fd9\u4e2a\u6587\u4ef6\u5df2\u7ecf\u5b58\u5728\u4e8e\u5f53\u524d\u76ee\u5f55\u4e86\uff0c\u5b89\u88c5calico\u7f51\u7edc\u63d2\u4ef6\nkubectl create -f calico-v3.28.1.yaml\n--cri-socket=unix:\/\/\/run\/containerd\/containerd.sock\n\n#\u83b7\u5f97pod\u8282\u70b9\u4fe1\u606f\nkubectl get pod -A\n\n#\u83b7\u5f97node\u8282\u70b9\u4fe1\u606f\nkubectl get node -A<\/code><\/pre>\n
          \u5982\u679c\u4f60\u6ca1\u6709\u6210\u529f\u5b89\u88c5\u7684\u8bdd\uff0c\u8fd9\u4e2a\u72b6\u6001\u4e0d\u662fRuning<\/code>\uff0c\u4e0b\u9762\u662f\u5931\u8d25\u4e0e\u6210\u529f\u7684\u5bf9\u6bd4\u56fe\u3002\u89e3\u51b3\u529e\u6cd5\u53ef\u4ee5\u53c2\u8003\u95ee\u9898\u6392\u9519\u4e0e\u89e3\u51b3\u3002<\/p>\n
          \"calico\"<\/p>\n
          \u516b\u3001\u6211\u7684\u7b2c\u4e00\u4e2aK8S\u5e94\u7528<\/h2>\n
          \u521b\u5efa\u4e00\u4e2anginx-deployment.yaml<\/code>\u6587\u4ef6\uff0c\u5176\u5185\u5bb9\u5982\u4e0b<\/p>\n
          apiVersion: apps\/v1\nkind: Deployment\nmetadata:\n  name: nginx-deployment\n  labels:\n    app: nginx\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: nginx\n  template:\n    metadata:\n      labels:\n        app: nginx\n    spec:\n      containers:\n     -name: nginx-container\n        image: docker.m.daocloud.io\/library\/nginx:latest\n        ports:\n       -containerPort: 80<\/code><\/pre>\n
          #\u5f53\u6267\u884ckubectl apply-f nginx-deployment.yaml\u65f6\uff0ckubectl\u4f1a\u8bfb\u53d6nginx-deployment.yaml\u6587\u4ef6\u4e2d\u7684\u914d\u7f6e\u4fe1\u606f\uff0c\u7136\u540e\u5728 Kubernetes \u96c6\u7fa4\u4e2d\u521b\u5efa\u4e00\u4e2a\u540d\u4e3anginx-deployment\u7684\u90e8\u7f72\uff0c\u8fd9\u4e2a\u90e8\u7f72\u4f1a\u6839\u636e\u6587\u4ef6\u4e2d\u7684\u5b9a\u4e49\u521b\u5efa1\u4e2a\u5305\u542bNginx\u5bb9\u5668\u7684Pod\u526f\u672c\uff0c\u5e76\u786e\u4fdd\u8fd9\u4e9b\u526f\u672c\u7684\u72b6\u6001\u7b26\u5408\u9884\u671f\u3002\u5982\u679c\u8fd9\u4e2a\u90e8\u7f72\u5df2\u7ecf\u5b58\u5728\uff0ckubectl apply\u4f1a\u6839\u636e\u6587\u4ef6\u4e2d\u7684\u914d\u7f6e\u66f4\u65b0\u8be5\u90e8\u7f72\uff0c\u4f7f\u5176\u4e0e\u65b0\u7684\u914d\u7f6e\u4e00\u81f4\nkubectl apply -f nginx-deployment.yaml <\/code><\/pre>\n
          \u521b\u5efanginx-service.yaml<\/code>\u6587\u4ef6\uff0c\u5176\u5185\u5bb9\u5982\u4e0b<\/p>\n
          apiVersion: v1\nkind: Service\nmetadata:\n  name: nginx-service\nspec:\n  type: NodePort\n  selector:\n    app: nginx\n  ports:\n -protocol: TCP\n    port: 80\n    targetPort: 80\n    nodePort: 30080<\/code><\/pre>\n
          #kubectl apply -f nginx-service.yaml\u7684\u542b\u4e49\u662f\u4ee5\u6587\u4ef6\u5f62\u5f0fnginx-service.yaml\u5c06\u5b9a\u4e49\u7684NodePort\u7c7b\u578b\u7684Nginx\u670d\u52a1\u540d\u4e3anginx-service\uff0c\u5173\u8054app:nginx\u6807\u7b7e\u7684 Pod\uff0c\u7aef\u53e3\u6620\u5c04\u4e3a80\u523080\u4e14\u8282\u70b9\u66b4\u9732\u7aef\u53e3\u4e3a30080\u5e94\u7528\u5230Kubernetes\u96c6\u7fa4\uff0c\u82e5\u4e0d\u5b58\u5728\u5219\u521b\u5efa\uff0c\u5b58\u5728\u5219\u66f4\u65b0\nkubectl apply -f nginx-service.yaml \nufw allow 30080<\/code><\/pre>\n
          \u6211\u4eec\u7684hep-kubernetes-master-prd-01<\/code>\u673a\u5668\u7684IP\u5730\u5740\u4e3a192.168.31.41<\/code>\uff0c\u6240\u4ee5\u5728\u5c40\u57df\u7f51\u6d4f\u89c8\u5668\u8f93\u5165master<\/code>\u7684IP<\/code>\u5730\u5740+\u66b4\u9732\u51fa\u768430080<\/code>\u7aef\u53e3\u53f7\uff0c\u5c31\u53ef\u4ee5\u8bbf\u95ee\u5230K8S<\/code>\u5bb9\u5668\u91cc\u90e8\u7f72\u7684Nginx<\/code>\u4e3b\u9875\u4e86\u3002<\/p>\n
          \"Screenshot<\/p>\n
          \u6211\u4eec\u7684\u7b2c\u4e00\u4e2ak8s<\/code>\u5e94\u7528\u5c31\u8fd9\u4e48\u6109\u5feb\u5730\u90e8\u7f72\u6210\u529f\u4e86\uff0c\u540e\u9762\u8fd8\u9700\u8981\u7ee7\u7eed\u52a0\u6cb9\u52aa\u529b\uff0c\u6784\u5efa\u66f4\u5f3a\u5927\u7684\u5e94\u7528\u670d\u52a1\u3002<\/p>\n
          \u4e5d\u3001\u6700\u540e<\/h2>\n
          9.1 \u91cd\u542f\u987a\u5e8f<\/h3>\n
          9.1.1 \u5173\u95ed\u96c6\u7fa4\u7684\u5408\u7406\u6b65\u9aa4<\/h4>\n
          \u9996\u5148\uff0c\u5728\u8d1f\u8f7d\u5747\u8861\u5668\u8282\u70b9\u4e0a\uff0c\u505c\u6b62haproxy<\/code>\u548ckeepalived<\/code>\u670d\u52a1\uff0c\u8d1f\u8f7d\u5747\u8861\u5668\u8282\u70b9(hep-kubernetes-apiserver-lb-prd-01 \u548c hep-kubernetes-apiserver-lb-prd-02)<\/code>\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002<\/p>\n
          systemctl stop haproxy\nsystemctl stop keepalived<\/code><\/pre>\n
          Master<\/code> \u8282\u70b9(hep-kubernetes-master-prd-01\u3001hep-kubernetes-master-prd-02\u3001hep-kubernetes-master-prd-03)<\/code>\u5c06\u8282\u70b9\u6807\u8bb0\u4e3a\u4e0d\u53ef\u8c03\u5ea6\uff0c\u5e76\u4e14\u5b89\u5168\u5730\u9a71\u9010\u8be5\u8282\u70b9\u4e0a\u7684 Pod<\/code>\u3002<\/p>\n
          kubectl drain hep-kubernetes-master-prd-01 --ignore-daemonsets<\/code><\/pre>\n
          \u540c\u6837\u5728master<\/code>\u4e09\u4e2a\u8282\u70b9\u4e0a\uff0c\u505c\u6b62 kube-apiserver<\/code>\u3001kube-scheduler<\/code>\u548ckube-controller-manager<\/code>\u7b49\u5173\u952e\u7684Kubernetes<\/code>\u7ec4\u4ef6\u670d\u52a1\u3002<\/p>\n
          systemctl stop kube-apiserver\nsystemctl stop kube-scheduler\nsystemctl stop kube-controller-manager<\/code><\/pre>\n
          Worker<\/code>\u8282\u70b9(hep-kubernetes-worker-prd-01\u3001hep-kubernetes-worker-prd-02\u3001hep-kubernetes-worker-prd-03)<\/code>\u4f7f\u7528kubectl drain<\/code>\u547d\u4ee4\u5c06\u8282\u70b9\u6807\u8bb0\u4e3a\u4e0d\u53ef\u8c03\u5ea6\u5e76\u9a71\u9010Pod<\/code>\u3002<\/p>\n
          kubectl drain hep-kubernetes-worker-prd-01 --ignore-daemonsets\nsystemctl stop kubelet\nsystemctl stop kube-proxy<\/code><\/pre>\n
          9.1.2 \u91cd\u542f\u96c6\u7fa4\u7684\u5408\u7406\u6b65\u9aa4<\/h4>\n
          \u9996\u5148\u542f\u52a8\u4e09\u4e2aworker<\/code>\u8282\u70b9(hep-kubernetes-worker-prd-01\u3001hep-kubernetes-worker-prd-02\u3001hep-kubernetes-worker-prd-03)<\/code>\u3002<\/p>\n
          systemctl start kubelet\nsystemctl start kube-proxy\n\n#\u5f85\u4e00\u6bb5\u65f6\u95f4\uff0c\u53ef\u4ee5\u901a\u8fc7\u67e5\u770b\u65e5\u5fd7\u6216\u8005\u68c0\u67e5\u670d\u52a1\u72b6\u6001\u6765\u786e\u5b9a\u670d\u52a1\u662f\u5426\u5b8c\u5168\u542f\u52a8\uff0c\u7136\u540e\u4f7f\u7528`kubectl uncordon`\u547d\u4ee4\u5c06\u8282\u70b9\u91cd\u65b0\u6807\u8bb0\u4e3a\u53ef\u8c03\u5ea6\u72b6\u6001\u3002\nkubectl uncordon hep-kubernetes-worker-prd-01<\/code><\/pre>\n
          \u5176\u6b21\u542f\u52a8Master<\/code>\u8282\u70b9(hep-kubernetes-master-prd-01\u3001hep-kubernetes-master-prd-02\u3001hep-kubernetes-master-prd-03)<\/code>\u542f\u52a8\u4e0b\u9762\u4e09\u4e2a\u670d\u52a1\u3002<\/p>\n
          systemctl start kube-apiserver\nsystemctl start kube-scheduler\nsystemctl start kube-controller-manager<\/code><\/pre>\n
          \u6700\u540e\u542f\u52a8\u8d1f\u8f7d\u5747\u8861\u5668(LB)<\/code>\u8282\u70b9(hep-kubernetes-apiserver-lb-prd-01 \u548c hep-kubernetes-apiserver-lb-prd-02)<\/code>\u542f\u52a8haproxy<\/code>\u548ckeepalived<\/code>\u3002<\/p>\n
          systemctl start haproxy\nsystemctl start keepalived<\/code><\/pre>\n
          9.2 \u6392\u9519\u4e0e\u89e3\u51b3<\/h3>\n
          #master\u8282\u70b9\u9519\u8bef\u6216\u8005workder\u8282\u70b9\u52a0\u5165\u96c6\u7fa4\u9519\u8bef\u5e76\u91cd\u7f6e\n#\u5220\u9664\u914d\u7f6e\nrm -rf $HOME\/.kube\/config\n\n#\u91cd\u7f6e\nkubeadm reset\n\n#\u5982\u679c\u4f60\u7b2c\u4e00\u6b21\u6ca1\u6709\u6210\u529f\u5b89\u88c5calico\uff0c\u4e0b\u9762\u64cd\u4f5c\u53ef\u4ee5\u6e05\u9664calico\uff0c\u64cd\u4f5c\u4e4b\u540e\u5c31\u53ef\u4ee5\u91cd\u65b0\u5b89\u88c5\u4e86\u3002\nkubectl delete crd bgpconfigurations.crd.projectcalico.org\nkubectl delete crd bgppeers.crd.projectcalico.org\nkubectl delete crd blockaffinities.crd.projectcalico.org\nkubectl delete crd caliconodestatuses.crd.projectcalico.org\nkubectl delete crd clusterinformations.crd.projectcalico.org\nkubectl delete crd felixconfigurations.crd.projectcalico.org\nkubectl delete crd globalnetworkpolicies.crd.projectcalico.org\nkubectl delete crd globalnetworksets.crd.projectcalico.org\nkubectl delete crd hostendpoints.crd.projectcalico.org\nkubectl delete crd ipamblocks.crd.projectcalico.org\nkubectl delete crd ipamconfigs.crd.projectcalico.org\nkubectl delete crd ipamhandles.crd.projectcalico.org\nkubectl delete crd ippools.crd.projectcalico.org\nkubectl delete crd kubecontrollersconfigurations.crd.projectcalico.org\nkubectl delete crd networkpolicies.crd.projectcalico.org\nkubectl delete crd networksets.crd.projectcalico.org\n\nkubectl  delete deployment calico-kube-controllers -n kube-system\n\nkubectl  delete daemonset calico-node -n kube-system\n\n#\u5220\u9664\u6240\u6709calico\u7684pod\nkubectl delete pod -l k8s-app=calico-node -n kube-system\n\nrm -rf \/etc\/calico\/\n\nkubectl -n kube-system delete poddisruptionbudgets.policy calico-kube-controllers\nkubectl -n kube-system delete poddisruptionbudgets.policy calico-node\nkubectl -n kube-system delete serviceaccount calico-kube-controllers\nkubectl -n kube-system delete serviceaccount calico-node\nkubectl -n kube-system delete serviceaccount calico-cni-plugin\nkubectl -n kube-system delete configmap calico-config\nkubectl -n kube-system delete clusterrole calico-kube-controllers\nkubectl -n kube-system delete clusterrole calico-node\nkubectl -n kube-system delete clusterrole calico-cni-plugin\nkubectl -n kube-system delete clusterrolebinding calico-kube-controllers\nkubectl -n kube-system delete clusterrolebinding calico-node\nkubectl -n kube-system delete clusterrolebinding calico-cni-plugin\nkubectl delete crd bgpfilters.crd.projectcalico.org\nkubectl delete crd ipreservations.crd.projectcalico.org\n\n#Nginx\u90e8\u7f72\u5931\u8d25\uff0c\u5220\u9664\u5e76\u91cd\u65b0\u90e8\u7f72\nkubectl describe pod nginx-deployment-67b449cd77-qwvw2\n\nkubectl describe deployment nginx-deployment\n\nkubectl delete deployment -l app=nginx -n default\n\nkubectl apply -f nginx-deployment.yaml \n\n#docker\u53ef\u7528\u6e90\n{\n    "registry-mirrors" :\n        [\n            "https:\/\/docker.m.daocloud.io",\n            "https:\/\/noohub.ru",\n            "https:\/\/huecker.io",\n            "https:\/\/dockerhub.timeweb.cloud",\n            "https:\/\/docker.rainbond.cc"\n        ]\n}\n\n#containerd\u5c1d\u8bd5\u62c9\u53d6\u955c\u50cf\nctr -n k8s.io images pull docker.m.daocloud.io\/library\/nginx:latest    <\/code><\/pre>\n
          \n
          Reference\uff1a<\/p>\n
          \u5728Ubuntu24.04\u4e0a\u5b89\u88c5\u591a\u4e3b\u591a\u4ece\u7684\u9ad8\u53ef\u7528Kubernetes\u8282\u70b9\uff1ahttps:\/\/blog.csdn.net\/m0_51510236\/article\/details\/141671652<\/a><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
          ubuntu24.04\u5b89\u88c5Kubernetes1.30.0(kubernetes1.30.0)\u9ad8\u53ef\u7528\u96c6\u7fa4 \u4e00\u3001 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[],"class_list":["post-1059","post","type-post","status-publish","format-standard","hentry","category-18"],"_links":{"self":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts\/1059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1059"}],"version-history":[{"count":1,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts\/1059\/revisions"}],"predecessor-version":[{"id":1066,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts\/1059\/revisions\/1066"}],"wp:attachment":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1059"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}