hep-k8s-master01\u3001hep-k8s-master02\u3001hep-k8s-master03\u4e3a\u4e09\u53f0master\u8282\u70b9\uff0chep-k8s-worker01\u3001hep-k8s-worker02\u3001hep-k8s-worker03\u3001hep-k8s-worker04\u4e3a\u56db\u53f0worker\u8282\u70b9\u3002VIP\u5730\u5740192.168.31.200\uff0c\u91c7\u7528kube-vip\u7684\u65b9\u5f0f\u3002\u8fd9\u5957\u914d\u7f6e\u8003\u8651\u4e86\u5404\u79cd\u5b89\u5168\u4e0e\u53ef\u9760\u6027\uff0c\u53ef\u4ee5\u5e94\u5bf9\u4e2d\u5c0f\u578b\u4f01\u4e1a\u5e94\u7528\uff0c\u751a\u81f3\u662f\u5fae\u5927\u578b\u4f01\u4e1a\u4e5f\u662f\u53ef\u4ee5\u7684\u3002<\/p>\n
\u6240\u6709\u8fd9\u4e9b\u673a\u5668\u90fd\u90e8\u7f72\u5728PVE\u4e0a\uff0c\u91c7\u7528 Intel(R) Xeon(R) CPU D-1581 @ 1.80GHz (1 Socket)\uff0c16\u6838\u5fc332\u7ebf\u7a0b\uff0c\u540e\u7eed\u5982\u679c\u60f3\u589e\u52a0worker\u8282\u70b9\uff0c\u6bd4\u5982\u95f2\u7f6e\u7684\u8ff7\u4f60\u4e3b\u673a\u3001\u7b14\u8bb0\u672c\u3001\u5de5\u4f5c\u7ad9\u3001\u670d\u52a1\u5668\uff0c\u90fd\u53ef\u4ee5\u81ea\u884c\u52a0\u5165K8S\u96c6\u7fa4\uff0c\u4ece\u800c\u5c31\u53ef\u4ee5\u5728K8S\u96c6\u7fa4\u4e0a\u90e8\u7f72\u5404\u79cd\u5e94\u7528\uff0c\u7136\u540e\u5c31\u53ef\u4ee5\u6109\u5feb\u7684\u73a9\u800d\u5566\u3002<\/p>\n
\u4e8c\u3001\u524d\u7f6e\u5de5\u4f5c<\/h2>\n
\u6211\u7684K8S\u96c6\u7fa4\u8282\u70b9\u90fd\u5728PVE\u4e0a\uff0c\u4e3a\u4e86\u66f4\u65b9\u4fbf\uff0c\u90a3\u4e9b\u91cd\u590d\u6027\u7684\u5de5\u4f5c\u6211\u5c31\u653e\u5728\u4e00\u53f0\u673a\u5668hep-k8s-master-worker-temp\u4e0a\u6267\u884c\uff0c\u7136\u540e\u76f4\u63a5\u590d\u5236\u865a\u62df\u673a\uff0c\u5927\u5927\u63d0\u9ad8\u6548\u7387\u3002\u5982\u679c\u4f60\u662f\u5355\u72ec\u7684\u673a\u5668\uff0c\u53ef\u4ee5\u5728\u673a\u5668\u4e0a\u91cd\u590d\u6267\u884c\u8fd9\u4e9b\u547d\u4ee4\u5373\u53ef\uff0c\u4ece\u800c\u8fbe\u5230\u673a\u5668\u914d\u7f6e\u7684\u4e00\u81f4\u6027\u3002<\/p>\n
![\"Screenshot](\"\/wp-content\/uploads\/2025\/12\/24\/Screenshot-2025-12-24-113007.png\")
<\/p>\n
2.1 \u57fa\u7840\u73af\u5883\u914d\u7f6e<\/h3>\n# \u5207root\nsudo su -\n# \u66f4\u65b0\napt update \napt upgrade -y\n\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-master01\n\n# \u914d\u7f6e hosts \u89e3\u6790\ncat >> \/etc\/hosts << EOF\n192.168.31.200 lb.k8s.hep.cc\n192.168.31.201 hep-k8s-master01\n192.168.31.202 hep-k8s-master02\n192.168.31.203 hep-k8s-master03\n192.168.31.204 hep-k8s-worker01\n192.168.31.205 hep-k8s-worker02\n192.168.31.206 hep-k8s-worker03\n192.168.31.207 hep-k8s-worker04\nEOF\n\n# \u8bbe\u7f6e\u65f6\u95f4\u540c\u6b65\ntimedatectl set-timezone Asia\/Shanghai\n# \u67e5\u770b\u65f6\u95f4\ndate\n#\u5b89\u88c5ntpdate\u547d\u4ee4\napt install ntpdate -y\nntpdate ntp.aliyun.com\n\n# \u521b\u5efa\u52a0\u8f7d\u5185\u6838\u6a21\u5757\u6587\u4ef6\ncat << EOF | tee \/etc\/modules-load.d\/k8s.conf\noverlay\nbr_netfilter\nEOF\n# \u624b\u52a8\u52a0\u8f7d\u6a21\u5757\nmodprobe overlay\nmodprobe br_netfilter\n# \u67e5\u770b\u5df2\u52a0\u8f7d\u6a21\u5757\nlsmod | egrep \"overlay\"\nlsmod | egrep \"br_netfilter\"\n# \u6dfb\u52a0\u7f51\u6865\u8fc7\u6ee4\u53ca\u5185\u6838\u8f6c\u53d1\u914d\u7f6e\u6587\u4ef6\ncat << EOF | tee \/etc\/sysctl.d\/k8s.conf\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables = 1\nnet.ipv4.ip_forward = 1\nEOF\n# \u751f\u6548\u914d\u7f6e\nsysctl --system\n# \u5b89\u88c5 ipset \u53ca ipvsadm\napt install ipset ipvsadm -y\n# \u914d\u7f6e ipvsadm \u6a21\u5757\u52a0\u8f7d\ncat << EOF | tee \/etc\/modules-load.d\/ipvs.conf\nip_vs\nip_vs_rr\nip_vs_wrr\nip_vs_sh\nnf_conntrack\nEOF\n# \u521b\u5efa\u52a0\u8f7d\u6a21\u5757\u811a\u672c\u6587\u4ef6\ncat << EOF | tee ipvs.sh\n#!\/bin\/sh\nmodprobe -- ip_vs\nmodprobe -- ip_vs_rr\nmodprobe -- ip_vs_wrr\nmodprobe -- ip_vs_sh\nmodprobe -- nf_conntrack\nEOF\n# \u6267\u884c\u811a\u672c\u6587\u4ef6\u52a0\u8f7d\u6a21\u5757\nsh ipvs.sh\n# \u5173\u95ed Swap \u5206\u533a\n# \u4e34\u65f6\u5173\u95ed\nswapoff -a\n# \u6c38\u4e45\u5173\u95ed(\u6ce8\u91ca swap \u884c\uff09\nsed -i '\/swap\/s\/^\/#\/' \/etc\/fstab\n# \u9a8c\u8bc1(\u65e0\u8f93\u51fa\u5373\u6210\u529f\uff09\ncat \/etc\/fstab | grep swap<\/code><\/pre>\n2.2 \u914d\u7f6edocker\u3001cri-dockerd<\/h3>\n# \u914d\u7f6edocker\n# \u6dfb\u52a0 Docker \u5b98\u65b9 GPG \u5bc6\u94a5\napt update\napt install ca-certificates curl -y\ninstall -m 0755 -d \/etc\/apt\/keyrings\ncurl -fsSL https:\/\/download.docker.com\/linux\/ubuntu\/gpg -o \/etc\/apt\/keyrings\/docker.asc\nchmod a+r \/etc\/apt\/keyrings\/docker.asc\n# \u5c06\u4ed3\u5e93\u6dfb\u52a0\u5230 Apt \u6e90\necho \\\n \"deb [arch=$(dpkg --print-architecture) signed-by=\/etc\/apt\/keyrings\/docker.asc] \\\n https:\/\/download.docker.com\/linux\/ubuntu \\\n $(. \/etc\/os-release && echo \"$VERSION_CODENAME\") stable\" | \\\n sudo tee \/etc\/apt\/sources.list.d\/docker.list > \/dev\/null\n\n# \u66f4\u65b0\u6e90\napt update\n# \u5b89\u88c5 Docker \u8f6f\u4ef6\u5305\napt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y\n# \u67e5\u770b\u7248\u672c\ndocker --version\n# \u914d\u7f6ecri-dockerd\n# \u514b\u9686 cri-dockerd \u4ee3\u7801\u4ed3\u5e93\ngit clone https:\/\/github.com\/Mirantis\/cri-dockerd.git\n# \u4e0b\u8f7d\u6307\u5b9a\u7248\u672c\u7684 cri-dockerd \u538b\u7f29\u5305\uff0c\u8fd9\u91cc\u6709\u7f16\u8bd1\u597d\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\nwget https:\/\/github.com\/Mirantis\/cri-dockerd\/releases\/download\/v0.3.21\/cri-dockerd-0.3.21.amd64.tgz\n# \u89e3\u538b\u538b\u7f29\u5305\uff0c\u89e3\u538b\u4f1a\u76f4\u63a5\u751f\u6210cri-dockerd\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u5230cri-dockerd\/\u76ee\u5f55\u4e0b\ntar xf cri-dockerd-0.3.21.amd64.tgz\n# \u8fdb\u5165\u76ee\u5f55\u5e76\u67e5\u770b\u5185\u5bb9\n# \u5728cri-dockerd\/\u76ee\u5f55\u4e0b\uff0c\u6709cri-dockerd\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\n# \u5728cri-dockerd\/packaging\/systemd\/\u4e0b\uff0c\u6709cri-docker.service\u3001cri-docker.socket\u4e24\u4e2a\u914d\u7f6e\u6587\u4ef6\uff0c\u5f85\u4f1a\u8981\u7528\ncd cri-dockerd\/\nls\n# \u5728cri-dockerd\/\u76ee\u5f55\u4e0b\uff0c\u6267\u884c\u3002\u5b89\u88c5 cri-dockerd \u53ef\u6267\u884c\u6587\u4ef6\ninstall -o root -g root -m 0755 cri-dockerd \/usr\/local\/bin\/cri-dockerd\n# \u590d\u5236cri-dockerd\/packaging\/systemd\/\u4e0bcri-docker.service\u3001cri-docker.socket\u4e24\u4e2a\u914d\u7f6e\u6587\u4ef6\u5230\/etc\/systemd\/system\ncp packaging\/systemd\/* \/etc\/systemd\/system\n# \u4fee\u6b63\u670d\u52a1\u6587\u4ef6\u4e2d\u7684\u53ef\u6267\u884c\u8def\u5f84\nsed -i -e 's,\/usr\/bin\/cri-dockerd,\/usr\/local\/bin\/cri-dockerd,' \/etc\/systemd\/system\/cri-docker.service\n# \u914d\u7f6e Pod \u57fa\u7840\u8bbe\u65bd\u5bb9\u5668\u955c\u50cf\n# \u4fee\u6539\u7b2c 10 \u884c\u7684ExecStart\u914d\u7f6e\uff0c\u6dfb\u52a0--pod-infra-container-image=registry.k8s.io\/pause:3.10.1\nvim \/etc\/systemd\/system\/cri-docker.service\nExecStart=\/usr\/local\/bin\/cri-dockerd --pod-infra-container-image=registry.k8s.io\/pause:3.10.1 --container-runtime-endpoint fd:\/\/\n# \u8bbe\u7f6e\u4e3a\u5f00\u673a\u81ea\u542f\u52a8\u5e76\u4e14\u73b0\u5728\u5c31\u542f\u52a8\nsystemctl enable --now cri-docker.socket\n# \u9a8c\u8bc1 cri-dockerd \u72b6\u6001\uff0c\u8f93\u51fa active (running) \u5373\u6210\u529f\nsystemctl daemon-reload\nsystemctl status cri-docker<\/code><\/pre>\n2.3 \u914d\u7f6eGPG&apt\u4ed3\u5e93<\/h3>\n# \u83b7\u53d6 Kubernetes \u5b98\u65b9 GPG \u9a8c\u8bc1\u5bc6\u94a5\ncurl -fsSL https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.35\/deb\/Release.key | sudo gpg --dearmor -o \/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg\n\n# \u6dfb\u52a0 Kubernetes 1.35 \u7248\u672c\u7684 apt \u4ed3\u5e93\necho 'deb [signed-by=\/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg] https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.35\/deb\/ \/' | sudo tee \/etc\/apt\/sources.list.d\/kubernetes.list\n\n# \u66f4\u65b0apt\u5305\u7d22\u5f15\napt update\n# \u67e5\u770bkubeadm\u7684\u5305\u7b56\u7565(\u72b6\u6001\u4e0e\u7248\u672c\u6765\u6e90\uff09\napt-cache policy kubeadm\n# \u67e5\u770b kubeadm \u7684\u8be6\u7ec6\u4fe1\u606f\u4e0e\u4f9d\u8d56\u5173\u7cfb\n# apt-cache showpkg kubeadm\n# \u67e5\u770b kubeadm \u7684\u53ef\u7528\u7248\u672c\u5217\u8868\n# apt-cache madison kubeadm<\/code><\/pre>\n\u4e09\u3001\u51c6\u5907Master&Worker\u8282\u70b9<\/h2>\n
\u590d\u5236hep-k8s-master-worker-temp\u865a\u62df\u673a\uff0c\u53f3\u952eclone\u5373\u53ef\uff0c\u7136\u540e\u4fee\u6539\u4e3b\u673a\u540d\u3001IP\u5730\u5740\u3002\u4e00\u5171\u590d\u5236\u51fa\u4e09\u53f0Master\u56db\u53f0Worker\u5373\u53ef\uff0c\u8fd9\u4e9b\u8282\u70b9\u90fd\u6709\u4e0a\u9762\u914d\u7f6e\u597d\u7684\u5185\u5bb9\u3002\u5982\u679c\u4f60\u662f\u72ec\u7acb\u7684Linux\uff0c\u53ef\u4ee5\u5728\u6bcf\u53f0\u673a\u5668\u4e0a\u90fd\u6267\u884c\u4e00\u4e0b\u6b65\u9aa4\u4e8c\u7684\u6240\u7528\u5185\u5bb9\u3002<\/p>\n
![\"QQ20251224-114259\"](\"\/wp-content\/uploads\/2025\/12\/24\/QQ20251224-114259.png\")
<\/p>\n
3.1 \u8bbe\u7f6e\u4e3b\u673a\u540d&\u56fa\u5b9aIP\u5730\u5740<\/h3>\n# hep-k8s-master01\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-master01\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-master01\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.201\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.201\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-master02\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-master02\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-master02\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.202\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.202\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-master03\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-master03\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-master03\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.203\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.203\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-worker01\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-worker01\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-worker01\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.204\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.204\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-worker02\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-worker02\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-worker02\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.205\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.205\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-worker03\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-worker03\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-worker03\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.206\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.206\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-worker04\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-worker04\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-worker04\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.207\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.207\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot<\/code><\/pre>\n3.2 \u5f00\u653e\u7aef\u53e3\u53f7<\/h3>\n
\u4e3a\u4e86\u96c6\u7fa4\u7684\u5b89\u5168\u6027\u8003\u8651\uff0c\u6211\u8fd9\u91cc\u5e76\u6ca1\u6709\u5b8c\u5168\u5173\u95ed\u9632\u706b\u5899\uff0c\u800c\u662f\u91c7\u7528\u9700\u8981\u54ea\u4e2a\u7aef\u53e3\u5c31\u6253\u5f00\u54ea\u4e2a\u7aef\u53e3\uff0c\u8fd9\u6837\u4e5f\u66f4\u7b26\u5408\u4f01\u4e1a\u4f7f\u7528\u4e60\u60ef\uff0c\u4e5f\u4f1a\u5177\u6709\u66f4\u9ad8\u7684\u53ef\u9760\u6027\u5b89\u5168\u6027\u3002<\/p>\n
3.2.1 Master\u8282\u70b9<\/h4>\n# \u5728\u4e09\u53f0Master\u8282\u70b9\u6267\u884c\uff0c\u5f00\u653e\u7684\u7aef\u53e3\u6bd4worker\u8282\u70b9\u591a\n# \u5f00\u653e\u7aef\u53e3\n# \u542f\u7528 UFW \u9632\u706b\u5899\nufw enable\n\n# \u5f00\u653e k8s Master \u5fc5\u9700\u7aef\u53e3\nufw allow 6443\/tcp\nufw allow 2379:2380\/tcp\nufw allow 10250\/tcp\nufw allow 10251\/tcp\nufw allow 10252\/tcp\nufw allow 10257\/tcp\nufw allow 10259\/tcp\nufw allow 8472\/udp\nufw allow 30000:32767\/tcp\nufw allow ssh\/tcp\n\n# \u5f00\u653e kube-vip ARP\/VRRP \u76f8\u5173\u7aef\u53e3\nufw allow 4789\/udp\nufw allow 51820\/udp\nufw allow 51821\/udp\n\n# \u9a8c\u8bc1\u9632\u706b\u5899\u89c4\u5219\nufw status numbered<\/code><\/pre>\n3.2.2 worker\u8282\u70b9<\/h4>\n# \u5728\u56db\u53f0Worker\u8282\u70b9\u6267\u884c\n# \u542f\u7528 UFW \u9632\u706b\u5899\nufw enable\n\n# \u5f00\u653e k8s Worker \u5fc5\u9700\u7aef\u53e3\nufw allow 10250\/tcp\nufw allow 8472\/udp\nufw allow 30000:32767\/tcp\nufw allow ssh\/tcp\n\n# \u9a8c\u8bc1\u9632\u706b\u5899\u89c4\u5219\nufw status numbered<\/code><\/pre>\n\u56db\u3001K8S\u51c6\u5907\u5de5\u4f5c<\/h2>\n4.1 K8S\u96c6\u7fa4\u8f6f\u4ef6&\u5bb9\u5668\u955c\u50cf\u51c6\u5907<\/h3>\n# \u66f4\u65b0\u6e90\napt update\n# \u67e5\u770b kubeadm \u7684\u5305\u7b56\u7565(\u72b6\u6001\u4e0e\u7248\u672c\u6765\u6e90\uff09\napt-cache policy kubeadm\n# \u9ed8\u8ba4\u5b89\u88c5 K8s \u6838\u5fc3\u7ec4\u4ef6\n# apt install -y kubelet kubeadm kubectl\n\n# \u5b89\u88c5\u6307\u5b9a\u7248\u672c\u7684 K8s \u6838\u5fc3\u7ec4\u4ef6\n# Master\u8282\u70b9\u5b89\u88c5kubelet\u3001kubeadm\u3001kubectl\uff0cWorker\u8282\u70b9\u5b89\u88c5kubelet\u3001kubeadm\n# apt install -y kubelet=1.35.0-1.1 kubeadm=1.35.0-1.1 \napt install -y kubelet=1.35.0-1.1 kubeadm=1.35.0-1.1 kubectl=1.35.0-1.1\n# \u7248\u672c\u9501\u5b9a(\u9632\u6b62\u81ea\u52a8\u66f4\u65b0\uff09\n# Worker\u8282\u70b9\u9501\u5b9akubelet\u3001kubeadm\n# apt-mark hold kubelet kubeadm\napt-mark hold kubelet kubeadm kubectl\n# \u7248\u672c\u89e3\u9501(\u5141\u8bb8\u66f4\u65b0\uff09\nsudo apt-mark unhold kubelet kubeadm kubectl\n# \u914d\u7f6e kubelet \u7684 cgroup \u9a71\u52a8\nvim \/etc\/default\/kubelet\nKUBELET_EXTRA_ARGS=\"--cgroup-driver=systemd\"\n# \u6216\u8005\u4e00\u6761\u547d\u4ee4\u4fee\u6539KUBELET_EXTRA_ARGS=\"--cgroup-driver=systemd\"\n# echo 'KUBELET_EXTRA_ARGS=\"--cgroup-driver=systemd\"' | sudo tee \/etc\/default\/kubelet\n\n# \u8bbe\u7f6e kubelet \u5f00\u673a\u81ea\u542f\nsystemctl enable kubelet\n\n# \u67e5\u770b K8s 1.35.0 \u6240\u9700\u7684\u955c\u50cf\u5217\u8868\nkubeadm config images list\nkubeadm config images list --kubernetes-version=v1.35.0\n\n# \u62c9\u53d6 K8s 1.35.0 \u955c\u50cf(\u6307\u5b9a cri-dockerd \u5bb9\u5668\u8fd0\u884c\u65f6\uff09\n# \u8fd9\u4e2a\u65f6\u5019\uff0c\u4f60\u6ca1\u6709\u79d1\u5b66\u4e0a\u7f51\u5e94\u8be5\u662f\u62c9\u53d6\u4e0d\u4e86\u7684\uff0c\u60f3\u77e5\u9053\u600e\u4e48\u914d\u7f6e\u53ef\u4ee5\u8f6c\u5230\u6587\u7ae0\u7b2c\u4e03\u90e8\u5206\uff0c\u4e86\u89e3\u4e00\u4e0b\u3002\nkubeadm config images pull --cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock<\/code><\/pre>\n4.2 \u4e91\u539f\u751f\u8d1f\u8f7d\u5747\u8861\u5668kube-vip\u51c6\u5907<\/h3>\n# \u5728Master01\u4e0a\u6267\u884c\n# \u5b9a\u4e49kube-vip\u6240\u9700\u73af\u5883\u53d8\u91cf\nexport VIP=192.168.31.200\nexport INTERFACE=ens18\nexport KVVERSION=v1.0.3\n\n# \u751f\u6210kube-vip\u9759\u6001Pod\u6e05\u5355\u5e76\u5199\u5165K8s\u9759\u6001Pod\u76ee\u5f55\ndocker run -it --rm --net=host ghcr.io\/kube-vip\/kube-vip:$KVVERSION manifest pod \\\n--interface $INTERFACE \\\n--address $VIP \\\n--controlplane \\\n--services \\\n--arp \\\n--enableLoadBalancer \\\n--leaderElection | tee \/etc\/kubernetes\/manifests\/kube-vip.yaml\n\n# \/etc\/kubernetes\/manifests\/\u4e0b\uff0c\u751f\u6210\u7684kube-vip.yaml\u6587\u4ef6\u5907\u4efd\u4e00\u4e0b\nroot@hep-k8s-master01:~# cd \/etc\/kubernetes\/manifests\/\nroot@hep-k8s-master01:\/etc\/kubernetes\/manifests# ls\nkube-vip.yaml\ncp kube-vip.yaml \/home\/kelsen\/kube-vip.yaml\n\n# \u5c06kube-vip.yaml\u6587\u4ef6\u590d\u5236\u5230hep-k8s-master02\u8282\u70b9\u7684\u5bf9\u5e94\u76ee\u5f55\nscp \/etc\/kubernetes\/manifests\/kube-vip.yaml hep-k8s-master02:\/etc\/kubernetes\/manifests\/\n\n# \u5c06kube-vip.yaml\u6587\u4ef6\u590d\u5236\u5230hep-k8s-master03\u8282\u70b9\u7684\u5bf9\u5e94\u76ee\u5f55\nscp \/etc\/kubernetes\/manifests\/kube-vip.yaml hep-k8s-master03:\/etc\/kubernetes\/manifests\/<\/code><\/pre>\n\u4e94\u3001K8S\u96c6\u7fa4\u521d\u59cb\u5316<\/h2>\n5.1 kubeadm-config.yaml\u914d\u7f6e<\/h3>\n
kubeadm-config.yaml\u6587\u4ef6\u7684\u4fee\u6539\u662f\u91cd\u70b9\uff0c\u8fd9\u4e2a\u641e\u597d\u4e86\u5c31\u6210\u529f\u4e86\u4e00\u534a\u4e86\u3002<\/p>\n
# \u751f\u6210\u914d\u7f6e\u6587\u4ef6\u6837\u4f8b kubeadm-config.yaml\nkubeadm config print init-defaults --component-configs KubeProxyConfiguration > kubeadm-config.yaml\n\n# \u4fee\u6539\u8fd9\u4e2a\u914d\u7f6e\u6587\u4ef6\u4ee5\u4e0b\u5185\u5bb9\n# advertiseAddress: 192.168.31.201\uff0c\u6539\u6210\u81ea\u5df1\u7684\u4e3b\u673a\u5730\u5740\n# criSocket: unix:\/\/\/var\/run\/cri-dockerd.sock \u4f7f\u7528cri-dockerd\n# name: hep-k8s-master01\uff0c\u81ea\u5df1\u7684\u4e3b\u673a\u540d\n# \u589e\u52a0 certSANs: \u8ba4\u8bc1\u8bc1\u4e66\u914d\u7f6e\uff0cMaster\u8282\u70b9\u7684\u4e3b\u673a\u540d\u548cIP\u90fd\u5199\u4e0a\u5566\n #- lb.k8s.hep.cc\n #- hep-k8s-master01\n #- hep-k8s-master02\n #- hep-k8s-master03\n #- 192.168.31.201\n #- 192.168.31.202\n #- 192.168.31.203\n# \u589e\u52a0 controlPlaneEndpoint: \"lb.k8s.hep.cc:6443\"\uff0cVIP\u5730\u5740\u548c\u7aef\u53e3\n# \u589e\u52a0 podSubnet: 192.168.0.0\/12\uff0c\u548cCalico \u9ed8\u8ba4 Pod \u5b50\u7f51\u5339\u914d\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5\u9ed8\u8ba4\u3002\u6211\u8fd9\u91cc\u5c31\u6ca1\u4fee\u6539\uff0c\u91c7\u7528\u9ed8\u8ba4\u7684\n# strictARP: true\n# mode: \"ipvs\"\nvim kubeadm-config.yaml\nlocalAPIEndpoint:\n advertiseAddress: 192.168.31.201\nnodeRegistration:\n criSocket: unix:\/\/\/var\/run\/cri-dockerd.sock\n name: hep-k8s-master01\napiServer:\n certSANs:\n - lb.k8s.hep.cc\n - hep-k8s-master01\n - hep-k8s-master02\n - hep-k8s-master03\n - 192.168.31.201\n - 192.168.31.202\n - 192.168.31.203\ncontrolPlaneEndpoint: \"lb.k8s.hep.cc:6443\"\nnetworking:\n dnsDomain: cluster.local\n serviceSubnet: 10.96.0.0\/12\n podSubnet: 192.168.0.0\/12\n\n...\n\nipvs:\n excludeCIDRs: null\n minSyncPeriod: 0s\n scheduler: \"\"\n strictARP: true\n syncPeriod: 0s\n tcpFinTimeout: 0s\n tcpTimeout: 0s\n udpTimeout: 0s\nkind: KubeProxyConfiguration\nlogging:\n flushFrequency: 0\n options:\n json:\n infoBufferSize: \"0\"\n text:\n infoBufferSize: \"0\"\n verbosity: 0\nmetricsBindAddress: \"\"\nmode: \"ipvs\"\nnftables:\n masqueradeAll: false\n masqueradeBit: null\n minSyncPeriod: 0s\n syncPeriod: 0s\nnodePortAddresses: null<\/code><\/pre>\n5.2 master\u8282\u70b9\u914d\u7f6e<\/h3>\n# kubeadm \u521d\u59cb\u5316\u524d\u4fee\u6539 kube-vip.yaml\nsed -i 's#path: \/etc\/kubernetes\/admin.conf#path: \/etc\/kubernetes\/super-admin.conf#' \/etc\/kubernetes\/manifests\/kube-vip.yaml\n\n# kubeadm \u521d\u59cb\u5316\u540e\u6062\u590d kube-vip.yaml\n# sed -i 's#path: \/etc\/kubernetes\/super-admin.conf#path: \/etc\/kubernetes\/admin.conf#' \/etc\/kubernetes\/manifests\/kube-vip.yaml\n\n# K8s \u96c6\u7fa4\u521d\u59cb\u5316\u547d\u4ee4\nkubeadm init --config kubeadm-config.yaml --upload-certs -v=9\n\n# \u8f93\u51fa\u5185\u5bb9\n...\nI1224 16:15:49.355797 1333 loader.go:405] Config loaded from file: \/etc\/kubernetes\/admin.conf\n\nYour Kubernetes control-plane has initialized successfully!\n\nTo start using your cluster, you need to run the following as a regular user:\n\n mkdir -p $HOME\/.kube\n sudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\n sudo chown $(id -u):$(id -g) $HOME\/.kube\/config\n\nAlternatively, if you are the root user, you can run:\n\n export KUBECONFIG=\/etc\/kubernetes\/admin.conf\n\nYou should now deploy a pod network to the cluster.\nRun \"kubectl apply -f [podnetwork].yaml\" with one of the options listed at:\n https:\/\/kubernetes.io\/docs\/concepts\/cluster-administration\/addons\/\n\nYou can now join any number of control-plane nodes running the following command on each as root:\n\n kubeadm join lb.k8s.hep.cc:6443 --token abcdef.0123456789abcdef \\\n --discovery-token-ca-cert-hash sha256:bc9f80c85cd754eeb87dabcefd42e2ecbd26dd6644ff59bb88008cb397f2c569 \\\n --control-plane --certificate-key 55ccb68ad350de6c3cee535b1277d13426fbc0b48e7d4c9d9abe22916e69d6fb\n\nPlease note that the certificate-key gives access to cluster sensitive data, keep it secret!\nAs a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use\n\"kubeadm init phase upload-certs --upload-certs\" to reload certs afterward.\n\nThen you can join any number of worker nodes by running the following on each as root:\n\nkubeadm join lb.k8s.hep.cc:6443 --token abcdef.0123456789abcdef \\\n --discovery-token-ca-cert-hash sha256:bc9f80c85cd754eeb87dabcefd42e2ecbd26dd6644ff59bb88008cb397f2c569\nroot@hep-k8s-master01:~#\n\n# \u914d\u7f6ekubectl\u73af\u5883\nmkdir -p $HOME\/.kube\nsudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\nsudo chown $(id -u):$(id -g) $HOME\/.kube\/config\n\n# hep-k8s-master02\u3001hep-k8s-master03\u52a0\u5165\u63a7\u5236\u8282\u70b9\uff0c\u4e00\u5b9a\u5e26\u4e0a--cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock\u53c2\u6570\nkubeadm join lb.k8s.hep.cc:6443 --token abcdef.0123456789abcdef \\\n --discovery-token-ca-cert-hash sha256:bc9f80c85cd754eeb87dabcefd42e2ecbd26dd6644ff59bb88008cb397f2c569 \\\n --control-plane --certificate-key 55ccb68ad350de6c3cee535b1277d13426fbc0b48e7d4c9d9abe22916e69d6fb --cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock\n\n# hep-k8s-master02\u3001hep-k8s-master03\u6210\u529f\u52a0\u5165\u63a7\u5236\u8282\u70b9\u540e\uff0c\u914d\u7f6ekubectl\u73af\u5883\nmkdir -p $HOME\/.kube\nsudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\nsudo chown $(id -u):$(id -g) $HOME\/.kube\/config<\/code><\/pre>\n5.3 worker\u8282\u70b9\u914d\u7f6e<\/h3>\n# hep-k8s-worker01\u3001hep-k8s-worker02\u3001hep-k8s-worker03\u3001hep-k8s-worker04\u52a0\u5165\u96c6\u7fa4\uff0c\u4e00\u5b9a\u5e26\u4e0a--cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock\u53c2\u6570\nkubeadm join lb.k8s.hep.cc:6443 --token abcdef.0123456789abcdef \\\n --discovery-token-ca-cert-hash sha256:bc9f80c85cd754eeb87dabcefd42e2ecbd26dd6644ff59bb88008cb397f2c569 --cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock<\/code><\/pre>\n5.4 \u90e8\u7f72Calico<\/h3>\n# \u5e94\u7528Calico Operator\u8d44\u6e90\u6e05\u5355(\u90e8\u7f72Calico\u63a7\u5236\u5668\uff09\nkubectl create -f https:\/\/raw.githubusercontent.com\/projectcalico\/calico\/v3.29.1\/manifests\/tigera-operator.yaml\n# \u67e5\u770btigera-operator\u662f\u5426\u4e3aRunning\nroot@hep-k8s-master01:~# kubectl get ns\nNAME STATUS AGE\ndefault Active 11m\nkube-node-lease Active 11m\nkube-public Active 11m\nkube-system Active 11m\ntigera-operator Active 12s\nroot@hep-k8s-master01:~# kubectl get pods -n tigera-operator\nNAME READY STATUS RESTARTS AGE\ntigera-operator-58986cfc84-mqfjj 1\/1 Running 0 23s\nroot@hep-k8s-master01:~#\n\n# \u4e0b\u8f7dCalico\u81ea\u5b9a\u4e49\u8d44\u6e90\u914d\u7f6e\u6587\u4ef6\nwget https:\/\/raw.githubusercontent.com\/projectcalico\/calico\/v3.29.1\/manifests\/custom-resources.yaml\n\n# \u4fee\u6539\u81ea\u5b9a\u4e49\u8d44\u6e90\u6587\u4ef6(\u5339\u914dkubeadm\u521d\u59cb\u5316\u7684Pod\u7f51\u7edcCIDR\uff09\uff0c\u6211\u8fd9\u91cc\u6ca1\u4fee\u6539\uff0c\u7528\u7684\u9ed8\u8ba4192.168.0.0\nvim custom-resources.yaml\n# (\u4fee\u6539\u7b2c13\u884c\u7684cidr\u4e3akubeadm init --pod-network-cidr\u6307\u5b9a\u7684\u5730\u5740\uff0c\u9ed8\u8ba4\u4e3a192.168.0.0\/16\uff09\n\n# \u5e94\u7528Calico\u81ea\u5b9a\u4e49\u8d44\u6e90\u914d\u7f6e(\u5b8c\u6210Calico\u90e8\u7f72\uff09\uff0c\u5927\u6982\u8fc7\u4e2a\u4e94\u5206\u949f\uff0c\u5c31\u90fdRunning\u72b6\u6001\u4e86\nkubectl create -f custom-resources.yaml\n\nroot@hep-k8s-master01:~# kubectl get ns\nNAME STATUS AGE\ncalico-apiserver Active 20s\ncalico-system Active 20s\ndefault Active 15m\nkube-node-lease Active 15m\nkube-public Active 15m\nkube-system Active 15m\ntigera-operator Active 3m51s\nroot@hep-k8s-master01:~# kubectl get pods -n calico-system\nNAME READY STATUS RESTARTS AGE\ncalico-kube-controllers-564c6979db-gqm5p 0\/1 Pending 0 33s\ncalico-node-2ms4h 0\/1 Init:0\/2 0 33s\ncalico-node-5vhq4 0\/1 Init:1\/2 0 33s\ncalico-node-ffbk8 0\/1 Init:1\/2 0 33s\ncalico-node-rw2sw 0\/1 Init:ImagePullBackOff 0 33s\ncalico-node-v9sps 0\/1 Init:1\/2 0 33s\ncalico-node-x5brm 0\/1 Init:1\/2 0 33s\ncalico-node-zhzg5 0\/1 Init:1\/2 0 33s\ncalico-typha-79dbf4db54-f478z 0\/1 ContainerCreating 0 27s\ncalico-typha-79dbf4db54-mnj7h 1\/1 Running 0 27s\ncalico-typha-79dbf4db54-ntbjc 1\/1 Running 0 34s\ncsi-node-driver-79tqj 0\/2 ContainerCreating 0 33s\ncsi-node-driver-b65fb 0\/2 ContainerCreating 0 33s\ncsi-node-driver-dbqpb 0\/2 ContainerCreating 0 33s\ncsi-node-driver-fw5br 0\/2 ContainerCreating 0 33s\ncsi-node-driver-m7fc4 0\/2 ContainerCreating 0 33s\ncsi-node-driver-wclw2 0\/2 ContainerCreating 0 33s\ncsi-node-driver-xbpk4 0\/2 ContainerCreating 0 33s\nroot@hep-k8s-master01:~#\n# \u6b64\u65f6worker\u8282\u70b9\u7684ROLES\u90fd\u662fnone\uff0c\u770b\u7740\u8ba9\u4eba\u5f88\u4e0d\u8212\u670d\uff0c\u6211\u4eec\u4fee\u6539\u4e00\u4e0b\nroot@hep-k8s-master01:~# kubectl get nodes\nNAME STATUS ROLES AGE VERSION\nhep-k8s-master01 Ready control-plane 22m v1.35.0\nhep-k8s-master02 Ready control-plane 18m v1.35.0\nhep-k8s-master03 Ready control-plane 17m v1.35.0\nhep-k8s-worker01 Ready 15m v1.35.0\nhep-k8s-worker02 Ready 14m v1.35.0\nhep-k8s-worker03 Ready 14m v1.35.0\nhep-k8s-worker04 Ready 14m v1.35.0\nroot@hep-k8s-master01:~#\n# \u4fee\u6539 Worker \u8282\u70b9 ROLES\u4e3aworker\nkubectl label node hep-k8s-worker01 node-role.kubernetes.io\/worker=worker\nkubectl label node hep-k8s-worker02 node-role.kubernetes.io\/worker=worker\nkubectl label node hep-k8s-worker03 node-role.kubernetes.io\/worker=worker\nkubectl label node hep-k8s-worker04 node-role.kubernetes.io\/worker=worker\n# worker\u7684ROLES\u88ab\u6253\u4e0aworker\u7684label\u4e86\nroot@hep-k8s-master01:~# kubectl get nodes\nNAME STATUS ROLES AGE VERSION\nhep-k8s-master01 Ready control-plane 23m v1.35.0\nhep-k8s-master02 Ready control-plane 18m v1.35.0\nhep-k8s-master03 Ready control-plane 18m v1.35.0\nhep-k8s-worker01 Ready worker 15m v1.35.0\nhep-k8s-worker02 Ready worker 15m v1.35.0\nhep-k8s-worker03 Ready worker 15m v1.35.0\nhep-k8s-worker04 Ready worker 15m v1.35.0\nroot@hep-k8s-master01:~#<\/code><\/pre>\n\u516d\u3001\u90e8\u7f72Nginx\u9a8c\u8bc1\u96c6\u7fa4\u53ef\u7528\u6027<\/h2>\n6.1 \u9a8c\u8bc1K8S\u96c6\u7fa4\u7f51\u7edc<\/h3>\nroot@hep-k8s-master01:~# kubectl get service -n kube-system\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkube-dns ClusterIP 10.96.0.10 53\/UDP,53\/TCP,9153\/TCP 24m\nroot@hep-k8s-master01:~# dig -t a www.baidu.com @10.96.0.10\n; <<>> DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu <<>> -t a www.baidu.com @10.96.0.10\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16197\n;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 1232\n; COOKIE: c5c39a4461293870 (echoed)\n;; QUESTION SECTION:\n;www.baidu.com. IN A\n;; ANSWER SECTION:\nwww.baidu.com. 30 IN CNAME www.a.shifen.com.\nwww.a.shifen.com. 30 IN A 153.3.238.28\nwww.a.shifen.com. 30 IN A 153.3.238.127\n;; Query time: 204 msec\n;; SERVER: 10.96.0.10#53(10.96.0.10) (UDP)\n;; WHEN: Wed Dec 24 16:40:39 CST 2025\n;; MSG SIZE rcvd: 161\nroot@hep-k8s-master01:~#<\/code><\/pre>\n6.2 \u5229\u7528K8S\u90e8\u7f72Nginx<\/h3>\n# \u521b\u5efa\u4e00\u4e2anginx.yaml\u6587\u4ef6\uff0c\u5176\u5185\u5bb9\u5982\u4e0b\nvim nginx.yaml\n\n---\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n name: nginxweb\nspec:\n selector:\n matchLabels:\n app: nginxweb1\n replicas: 2\n template:\n metadata:\n labels:\n app: nginxweb1\n spec:\n containers:\n - name: nginxwebc\n image: nginx:latest\n imagePullPolicy: IfNotPresent\n ports:\n - containerPort: 80\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: nginxweb-service\nspec:\n externalTrafficPolicy: Cluster\n selector:\n app: nginxweb1\n ports:\n - protocol: TCP\n port: 80\n targetPort: 80\n nodePort: 30080\n type: NodePort\n\nroot@hep-k8s-master01:~# kubectl apply -f nginx.yaml\ndeployment.apps\/nginxweb created\nservice\/nginxweb-service created\nroot@hep-k8s-master01:~# kubectl get pods\nNAME READY STATUS RESTARTS AGE\nnginxweb-6799787475-7xnwz 0\/1 ContainerCreating 0 8s\nnginxweb-6799787475-wvgdf 0\/1 ContainerCreating 0 8s\nroot@hep-k8s-master01:~# kubectl get service\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkubernetes ClusterIP 10.96.0.1 443\/TCP 27m\nnginxweb-service NodePort 10.97.67.72 80:30080\/TCP 16s\nroot@hep-k8s-master01:~# kubectl get pods\nNAME READY STATUS RESTARTS AGE\nnginxweb-6799787475-7xnwz 1\/1 Running 0 36s\nnginxweb-6799787475-wvgdf 0\/1 ContainerCreating 0 36s\nroot@hep-k8s-master01:~# kubectl get pods\nNAME READY STATUS RESTARTS AGE\nnginxweb-6799787475-7xnwz 1\/1 Running 0 54s\nnginxweb-6799787475-wvgdf 1\/1 Running 0 54s\nroot@hep-k8s-master01:~# kubectl get service\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkubernetes ClusterIP 10.96.0.1 443\/TCP 30m\nnginxweb-service NodePort 10.97.67.72 80:30080\/TCP 3m7s\nroot@hep-k8s-master01:~#<\/code><\/pre>\n6.3 \u9a8c\u8bc1Nginx<\/h3>\n# \u5728Master\u548cworker\u6240\u6709\u673a\u5668\u4e0a\u5f00\u901a30080\u7aef\u53e3\nufw allow 30080\/tcp\n# \u5728\u5c40\u57df\u7f51\u6d4f\u89c8\u5668\u4e2d\u8bbf\u95eehttp:\/\/192.168.31.204:30080\/\u5373\u53ef\u770b\u5230Nginx\u4e3b\u9875\n# \u4e09\u53f0Master+30080\u4ee5\u53ca\u56db\u53f0worker+30080\u90fd\u53ef\u4ee5\u8bbf\u95eeNginx<\/code><\/pre>\n![\"image-20251224165514695\"](\"\/wp-content\/uploads\/2025\/12\/24\/image-20251224165514695.png\")
<\/p>\n
\u4e03\u3001Ubuntu24.04\u914d\u7f6e\u955c\u50cf\u52a0\u901f<\/h2>\n
\u4e3a\u4e86\u66f4\u597d\u7684\u79d1\u5b66\u4e0a\u7f51\uff0c\u6211\u8fd9\u91cc\u6709\u81ea\u5df1\u7684Ghelper\u673a\u573a\u3002\u4f60\u4e5f\u53ef\u4ee5\u4f7f\u7528\u81ea\u5df1\u7684\u8fdb\u884c\u7ffb\u5899\u3002<\/p>\n
![\"Screenshot](\"\/wp-content\/uploads\/2025\/12\/24\/Screenshot-2025-12-24-200208.png\")
<\/p>\n
cd \/home\/kelsen\n\n# \u4e0b\u8f7d\u5e26\u6709 -compatible \u6807\u8bc6\u7684\u7248\u672c\nwget https:\/\/github.com\/MetaCubeX\/mihomo\/releases\/download\/v1.18.9\/mihomo-linux-amd64-compatible-v1.18.9.gz\n\n# \u89e3\u538b\u5e76\u66ff\u6362\ngunzip -f mihomo-linux-amd64-compatible-v1.18.9.gz\nchmod +x mihomo-linux-amd64-compatible-v1.18.9\nmv -f mihomo-linux-amd64-compatible-v1.18.9 \/usr\/local\/bin\/mihomo\n\nmkdir -p ~\/.config\/mihomo\n# \u5c06\u4e0b\u9762\u7684 URL \u66ff\u6362\u4e3a\u4f60\u56fe\u7247\u4e2d Mihomo \u884c\u5bf9\u5e94\u7684\u90a3\u4e2a\u94fe\u63a5\ncurl -L -o ~\/.config\/mihomo\/config.yaml \"\u4f60\u7684Mihomo\u8ba2\u9605\u94fe\u63a5\"\n\ncd \/root\/.config\/mihomo\ncurl -L -o Country.mmdb https:\/\/github.com\/P3TERX\/GeoLite.mmdb\/raw\/download\/GeoLite2-Country.mmdb\n# \u6216\u8005curl -L -o \/root\/.config\/mihomo\/Country.mmdb https:\/\/testingcf.jsdelivr.net\/gh\/MetaCubeX\/meta-rules-dat@release\/geoip.metadb\n\n# \u624b\u52a8\u8fd0\u884c\n\/usr\/local\/bin\/mihomo -d \/root\/.config\/mihomo\n\nvim \/etc\/systemd\/system\/mihomo.service\n[Unit]\nDescription=Mihomo Daemon\nAfter=network.target\n\n[Service]\nType=simple\nUser=root\nExecStart=\/usr\/local\/bin\/mihomo -d \/root\/.config\/mihomo\nRestart=always\n\n[Install]\nWantedBy=multi-user.target\n\nsystemctl enable --now mihomo\n\nexport http_proxy=http:\/\/127.0.0.1:9981\nexport https_proxy=http:\/\/127.0.0.1:9981\n\ncurl -I https:\/\/www.google.com\n\n# \u5f3a\u529b\u6740\u6389\u6240\u6709\u6b8b\u7559\u7684 mihomo \u8fdb\u7a0b\nsudo pkill -9 mihomo\n\n# \u786e\u8ba4\u6ca1\u6709\u4efb\u4f55\u8fdb\u7a0b\u5728\u5360\u7528 9981 \u7aef\u53e3 (\u6267\u884c\u540e\u4e0d\u5e94\u6709\u8f93\u51fa)\nss -tlnp | grep 9981\n\n# \u91cd\u65b0\u542f\u52a8\u670d\u52a1\nsudo systemctl restart mihomo\n\n# \u518d\u6b21\u67e5\u770b\u72b6\u6001\uff0c\u786e\u4fdd\u6ca1\u6709 \"bind: address already in use\" \u62a5\u9519\nsudo systemctl status mihomo\n\n\/usr\/local\/bin\/mihomo -d \/root\/.config\/mihomo\n\nvim \/etc\/apt\/apt.conf.d\/proxy.conf\nAcquire::http::Proxy \"http:\/\/127.0.0.1:9981\";\nAcquire::https::Proxy \"http:\/\/127.0.0.1:9981\";\n\napt-get update\napt-get install -y apt-transport-https ca-certificates curl gpg\n\nsystemctl daemon-reload\nsystemctl restart mihomo\nsystemctl status mihomo\n\n# \u7ec8\u7aef\u53d8\u91cf\uff08export\uff09\u7684\u6301\u4e45\u6027\nvim ~\/.bashrc\n# Mihomo Proxy\nexport http_proxy=\"http:\/\/127.0.0.1:9981\"\nexport https_proxy=\"http:\/\/127.0.0.1:9981\"\n# \u6ce8\u610f\uff1a\u5b89\u88c5 K8S \u5fc5\u987b\u8bbe\u7f6e NO_PROXY\uff0c\u5426\u5219\u96c6\u7fa4\u5185\u90e8\u901a\u4fe1\u4f1a\u62a5\u9519\nexport no_proxy=\"localhost,127.0.0.1,192.168.31.0\/24,10.96.0.0\/12,192.168.0.0\/16,lb.k8s.hep.cc,.svc,.cluster.local\"\nsource ~\/.bashrc\n\n# \u65e2\u7136\u4f60\u4f7f\u7528\u4e86 cri-dockerd \u4f5c\u4e3a\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u90a3\u4e48\u955c\u50cf\u7684\u5b9e\u9645\u62c9\u53d6\u64cd\u4f5c\u662f\u7531 Docker \u5b88\u62a4\u8fdb\u7a0b (Docker Daemon) \u5b8c\u6210\u7684\u3002\u4ec5\u4ec5\u5728\u7ec8\u7aef\u6267\u884c export http_proxy \u5bf9 kubeadm \u547d\u4ee4\u672c\u8eab\u6709\u6548\uff0c\u4f46\u65e0\u6cd5\u4f20\u9012\u7ed9\u540e\u53f0\u8fd0\u884c\u7684 Docker \u670d\u52a1\u3002\u4f60\u5fc5\u987b\u4e3a Docker Service \u914d\u7f6e\u6301\u4e45\u5316\u7684\u73af\u5883\u53d8\u91cf\u3002\nmkdir -p \/etc\/systemd\/system\/docker.service.d\n\nvim \/etc\/systemd\/system\/docker.service.d\/http-proxy.conf\n[Service]\nEnvironment=\"HTTP_PROXY=http:\/\/127.0.0.1:9981\"\nEnvironment=\"HTTPS_PROXY=http:\/\/127.0.0.1:9981\"\nEnvironment=\"NO_PROXY=localhost,127.0.0.1,192.168.31.0\/24,lb.k8s.hep.cc,.cluster.local\"\n\nsystemctl daemon-reload\nsystemctl restart docker\n\n# \u786e\u4fdd\u7ec8\u7aef\u5f53\u524d\u4e5f\u6709\u4ee3\u7406\u53d8\u91cf\uff08\u4e3a\u4e86 kubeadm \u8bbf\u95ee api \u83b7\u53d6\u955c\u50cf\u5217\u8868\uff09\nexport http_proxy=http:\/\/127.0.0.1:9981\nexport https_proxy=http:\/\/127.0.0.1:9981\n\n# \u6267\u884c\u62c9\u53d6\nkubeadm config images pull --cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock<\/code><\/pre>\n\u516b\u3001\u96c6\u7fa4\u4f18\u96c5\u5f00\u5173\u673a<\/h2>\n8.1 K8S\u96c6\u7fa4\u5173\u673a<\/h3>\n# \u5982\u679c\u662f\u4e3a\u4e86\u957f\u671f\u505c\u673a\u6216\u7ef4\u62a4\uff0c\u5efa\u8bae\u5148\u6e05\u7a7a\u8282\u70b9\u3002\u5982\u679c\u53ea\u662f\u4e34\u65f6\u91cd\u542f\uff0c\u53ef\u8df3\u8fc7\u6b64\u6b65\u3002\n# \u5728 master01 \u6267\u884c\uff0c\u5faa\u73af\u5904\u7406 worker \u8282\u70b9\nkubectl drain hep-k8s-worker01 --ignore-daemonsets --delete-emptydir-data\n# \u5bf9\u5176\u4ed6 worker02-04 \u91cd\u590d\u6b64\u64cd\u4f5c\nkubectl drain hep-k8s-worker02 --ignore-daemonsets --delete-emptydir-data\nkubectl drain hep-k8s-worker03 --ignore-daemonsets --delete-emptydir-data\nkubectl drain hep-k8s-worker04 --ignore-daemonsets --delete-emptydir-data\n# \u5173\u95ed\u6240\u6709 Worker Nodes\n# \u4f9d\u6b21\u767b\u5f55\u5230\u56db\u53f0 Worker \u8282\u70b9\uff0801-04\uff09\uff0c\u6267\u884c\u5173\u673a\n# \u505c\u6b62 kubelet\uff0c\u9632\u6b62\u5b83\u5728\u5173\u673a\u8fc7\u7a0b\u4e2d\u5c1d\u8bd5\u62c9\u8d77\u5bb9\u5668\nsudo systemctl stop kubelet\nsudo systemctl stop containerd\nsudo shutdown -h now\n# \u9010\u4e2a\u5173\u95ed Master \u8282\u70b9 (\u5173\u952e)\n# \u5148\u5173 Master 02 \u548c Master 03\nsudo systemctl stop kubelet\nsudo systemctl stop containerd\nsudo shutdown -h now\n# \u6700\u540e\u5173 Master 01 (VIP \u627f\u8f7d\u8005)\uff1a \u6700\u540e\u5173\u95ed\u6301\u6709 VIP \u7684\u8282\u70b9\uff0c\u786e\u4fdd\u63a7\u5236\u5e73\u9762\u5728\u5173\u673a\u6700\u540e\u4e00\u523b\u4f9d\u7136\u53ef\u7528\u3002<\/code><\/pre>\n8.2 K8S\u96c6\u7fa4\u5f00\u673a<\/h3>\n# \u540c\u65f6\u5f00\u542f Master 01, 02, 03\n# \u68c0\u67e5 kube-vip\uff1a \u7531\u4e8e\u4f7f\u7528\u4e86 kube-vip\uff0c\u5b83\u901a\u5e38\u4f5c\u4e3a\u9759\u6001 Pod \u8fd0\u884c\u3002Master \u8282\u70b9\u542f\u52a8\u540e\uff0c\u68c0\u67e5 VIP \u662f\u5426\u80fd\u591f Ping \u901a\nping 192.168.31.200\n# \u68c0\u67e5\u63a7\u5236\u5e73\u9762\u72b6\u6001\uff1a \u767b\u5f55\u5230 Master 01\uff0c\u89c2\u5bdf\u6838\u5fc3\u7ec4\u4ef6\u548c etcd \u72b6\u6001\nkubectl get nodes\nkubectl get pods -n kube-system\n# \u542f\u52a8 Worker \u8282\u70b9\n# \u4e00\u65e6 kubectl get nodes \u663e\u793a Master \u8282\u70b9\u4e3a Ready \u72b6\u6001\uff0c\u5373\u53ef\u542f\u52a8\u6240\u6709 Worker \u8282\u70b9\nkubectl uncordon hep-k8s-worker01\nkubectl uncordon hep-k8s-worker02\nkubectl uncordon hep-k8s-worker03\nkubectl uncordon hep-k8s-worker04<\/code><\/pre>\n\nReference:
\n\u5b98\u65b9\u6587\u6863k8s1.30\u5b89\u88c5\u90e8\u7f72\u9ad8\u53ef\u7528\u96c6\u7fa4\uff0ckubeadm\u5b89\u88c5Kubernetes1.30\u6700\u65b0\u7248\u672c:https:\/\/blog.csdn.net\/weixin_45652150\/article\/details\/138492600<\/a>
\nubuntu22.04\u5b89\u88c5Kubernetes1.25.0(k8s1.25.0)\u9ad8\u53ef\u7528\u96c6\u7fa4\uff1ahttp:\/\/www.huerpu.cc:7000\/?p=432<\/a>
\n60\u5206\u949f\u6781\u901f\u90e8\u7f72\u4f01\u4e1a\u7ea7kubernetes k8s 1.35\u96c6\u7fa4:https:\/\/www.bilibili.com\/video\/BV1oNqkBzEuy\/<\/a><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"Ubuntu Server24.04\u5b89\u88c5Kubernetes(k8s v1.35.0)\u9ad8\u53ef\u7528\u96c6\u7fa4 \u4e3a\u4e86\u66f4\u597d\u7684\u4f53 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1883","post","type-post","status-publish","format-standard","hentry","category-pve"],"_links":{"self":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts\/1883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1883"}],"version-history":[{"count":6,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts\/1883\/revisions"}],"predecessor-version":[{"id":1889,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts\/1883\/revisions\/1889"}],"wp:attachment":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1883"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
# \u5207root\nsudo su -\n# \u66f4\u65b0\napt update \napt upgrade -y\n\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-master01\n\n# \u914d\u7f6e hosts \u89e3\u6790\ncat >> \/etc\/hosts << EOF\n192.168.31.200 lb.k8s.hep.cc\n192.168.31.201 hep-k8s-master01\n192.168.31.202 hep-k8s-master02\n192.168.31.203 hep-k8s-master03\n192.168.31.204 hep-k8s-worker01\n192.168.31.205 hep-k8s-worker02\n192.168.31.206 hep-k8s-worker03\n192.168.31.207 hep-k8s-worker04\nEOF\n\n# \u8bbe\u7f6e\u65f6\u95f4\u540c\u6b65\ntimedatectl set-timezone Asia\/Shanghai\n# \u67e5\u770b\u65f6\u95f4\ndate\n#\u5b89\u88c5ntpdate\u547d\u4ee4\napt install ntpdate -y\nntpdate ntp.aliyun.com\n\n# \u521b\u5efa\u52a0\u8f7d\u5185\u6838\u6a21\u5757\u6587\u4ef6\ncat << EOF | tee \/etc\/modules-load.d\/k8s.conf\noverlay\nbr_netfilter\nEOF\n# \u624b\u52a8\u52a0\u8f7d\u6a21\u5757\nmodprobe overlay\nmodprobe br_netfilter\n# \u67e5\u770b\u5df2\u52a0\u8f7d\u6a21\u5757\nlsmod | egrep \"overlay\"\nlsmod | egrep \"br_netfilter\"\n# \u6dfb\u52a0\u7f51\u6865\u8fc7\u6ee4\u53ca\u5185\u6838\u8f6c\u53d1\u914d\u7f6e\u6587\u4ef6\ncat << EOF | tee \/etc\/sysctl.d\/k8s.conf\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables = 1\nnet.ipv4.ip_forward = 1\nEOF\n# \u751f\u6548\u914d\u7f6e\nsysctl --system\n# \u5b89\u88c5 ipset \u53ca ipvsadm\napt install ipset ipvsadm -y\n# \u914d\u7f6e ipvsadm \u6a21\u5757\u52a0\u8f7d\ncat << EOF | tee \/etc\/modules-load.d\/ipvs.conf\nip_vs\nip_vs_rr\nip_vs_wrr\nip_vs_sh\nnf_conntrack\nEOF\n# \u521b\u5efa\u52a0\u8f7d\u6a21\u5757\u811a\u672c\u6587\u4ef6\ncat << EOF | tee ipvs.sh\n#!\/bin\/sh\nmodprobe -- ip_vs\nmodprobe -- ip_vs_rr\nmodprobe -- ip_vs_wrr\nmodprobe -- ip_vs_sh\nmodprobe -- nf_conntrack\nEOF\n# \u6267\u884c\u811a\u672c\u6587\u4ef6\u52a0\u8f7d\u6a21\u5757\nsh ipvs.sh\n# \u5173\u95ed Swap \u5206\u533a\n# \u4e34\u65f6\u5173\u95ed\nswapoff -a\n# \u6c38\u4e45\u5173\u95ed(\u6ce8\u91ca swap \u884c\uff09\nsed -i '\/swap\/s\/^\/#\/' \/etc\/fstab\n# \u9a8c\u8bc1(\u65e0\u8f93\u51fa\u5373\u6210\u529f\uff09\ncat \/etc\/fstab | grep swap<\/code><\/pre>\n2.2 \u914d\u7f6edocker\u3001cri-dockerd<\/h3>\n# \u914d\u7f6edocker\n# \u6dfb\u52a0 Docker \u5b98\u65b9 GPG \u5bc6\u94a5\napt update\napt install ca-certificates curl -y\ninstall -m 0755 -d \/etc\/apt\/keyrings\ncurl -fsSL https:\/\/download.docker.com\/linux\/ubuntu\/gpg -o \/etc\/apt\/keyrings\/docker.asc\nchmod a+r \/etc\/apt\/keyrings\/docker.asc\n# \u5c06\u4ed3\u5e93\u6dfb\u52a0\u5230 Apt \u6e90\necho \\\n \"deb [arch=$(dpkg --print-architecture) signed-by=\/etc\/apt\/keyrings\/docker.asc] \\\n https:\/\/download.docker.com\/linux\/ubuntu \\\n $(. \/etc\/os-release && echo \"$VERSION_CODENAME\") stable\" | \\\n sudo tee \/etc\/apt\/sources.list.d\/docker.list > \/dev\/null\n\n# \u66f4\u65b0\u6e90\napt update\n# \u5b89\u88c5 Docker \u8f6f\u4ef6\u5305\napt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y\n# \u67e5\u770b\u7248\u672c\ndocker --version\n# \u914d\u7f6ecri-dockerd\n# \u514b\u9686 cri-dockerd \u4ee3\u7801\u4ed3\u5e93\ngit clone https:\/\/github.com\/Mirantis\/cri-dockerd.git\n# \u4e0b\u8f7d\u6307\u5b9a\u7248\u672c\u7684 cri-dockerd \u538b\u7f29\u5305\uff0c\u8fd9\u91cc\u6709\u7f16\u8bd1\u597d\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\nwget https:\/\/github.com\/Mirantis\/cri-dockerd\/releases\/download\/v0.3.21\/cri-dockerd-0.3.21.amd64.tgz\n# \u89e3\u538b\u538b\u7f29\u5305\uff0c\u89e3\u538b\u4f1a\u76f4\u63a5\u751f\u6210cri-dockerd\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\u5230cri-dockerd\/\u76ee\u5f55\u4e0b\ntar xf cri-dockerd-0.3.21.amd64.tgz\n# \u8fdb\u5165\u76ee\u5f55\u5e76\u67e5\u770b\u5185\u5bb9\n# \u5728cri-dockerd\/\u76ee\u5f55\u4e0b\uff0c\u6709cri-dockerd\u7684\u4e8c\u8fdb\u5236\u6587\u4ef6\n# \u5728cri-dockerd\/packaging\/systemd\/\u4e0b\uff0c\u6709cri-docker.service\u3001cri-docker.socket\u4e24\u4e2a\u914d\u7f6e\u6587\u4ef6\uff0c\u5f85\u4f1a\u8981\u7528\ncd cri-dockerd\/\nls\n# \u5728cri-dockerd\/\u76ee\u5f55\u4e0b\uff0c\u6267\u884c\u3002\u5b89\u88c5 cri-dockerd \u53ef\u6267\u884c\u6587\u4ef6\ninstall -o root -g root -m 0755 cri-dockerd \/usr\/local\/bin\/cri-dockerd\n# \u590d\u5236cri-dockerd\/packaging\/systemd\/\u4e0bcri-docker.service\u3001cri-docker.socket\u4e24\u4e2a\u914d\u7f6e\u6587\u4ef6\u5230\/etc\/systemd\/system\ncp packaging\/systemd\/* \/etc\/systemd\/system\n# \u4fee\u6b63\u670d\u52a1\u6587\u4ef6\u4e2d\u7684\u53ef\u6267\u884c\u8def\u5f84\nsed -i -e 's,\/usr\/bin\/cri-dockerd,\/usr\/local\/bin\/cri-dockerd,' \/etc\/systemd\/system\/cri-docker.service\n# \u914d\u7f6e Pod \u57fa\u7840\u8bbe\u65bd\u5bb9\u5668\u955c\u50cf\n# \u4fee\u6539\u7b2c 10 \u884c\u7684ExecStart\u914d\u7f6e\uff0c\u6dfb\u52a0--pod-infra-container-image=registry.k8s.io\/pause:3.10.1\nvim \/etc\/systemd\/system\/cri-docker.service\nExecStart=\/usr\/local\/bin\/cri-dockerd --pod-infra-container-image=registry.k8s.io\/pause:3.10.1 --container-runtime-endpoint fd:\/\/\n# \u8bbe\u7f6e\u4e3a\u5f00\u673a\u81ea\u542f\u52a8\u5e76\u4e14\u73b0\u5728\u5c31\u542f\u52a8\nsystemctl enable --now cri-docker.socket\n# \u9a8c\u8bc1 cri-dockerd \u72b6\u6001\uff0c\u8f93\u51fa active (running) \u5373\u6210\u529f\nsystemctl daemon-reload\nsystemctl status cri-docker<\/code><\/pre>\n2.3 \u914d\u7f6eGPG&apt\u4ed3\u5e93<\/h3>\n# \u83b7\u53d6 Kubernetes \u5b98\u65b9 GPG \u9a8c\u8bc1\u5bc6\u94a5\ncurl -fsSL https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.35\/deb\/Release.key | sudo gpg --dearmor -o \/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg\n\n# \u6dfb\u52a0 Kubernetes 1.35 \u7248\u672c\u7684 apt \u4ed3\u5e93\necho 'deb [signed-by=\/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg] https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.35\/deb\/ \/' | sudo tee \/etc\/apt\/sources.list.d\/kubernetes.list\n\n# \u66f4\u65b0apt\u5305\u7d22\u5f15\napt update\n# \u67e5\u770bkubeadm\u7684\u5305\u7b56\u7565(\u72b6\u6001\u4e0e\u7248\u672c\u6765\u6e90\uff09\napt-cache policy kubeadm\n# \u67e5\u770b kubeadm \u7684\u8be6\u7ec6\u4fe1\u606f\u4e0e\u4f9d\u8d56\u5173\u7cfb\n# apt-cache showpkg kubeadm\n# \u67e5\u770b kubeadm \u7684\u53ef\u7528\u7248\u672c\u5217\u8868\n# apt-cache madison kubeadm<\/code><\/pre>\n\u4e09\u3001\u51c6\u5907Master&Worker\u8282\u70b9<\/h2>\n
\u590d\u5236hep-k8s-master-worker-temp\u865a\u62df\u673a\uff0c\u53f3\u952eclone\u5373\u53ef\uff0c\u7136\u540e\u4fee\u6539\u4e3b\u673a\u540d\u3001IP\u5730\u5740\u3002\u4e00\u5171\u590d\u5236\u51fa\u4e09\u53f0Master\u56db\u53f0Worker\u5373\u53ef\uff0c\u8fd9\u4e9b\u8282\u70b9\u90fd\u6709\u4e0a\u9762\u914d\u7f6e\u597d\u7684\u5185\u5bb9\u3002\u5982\u679c\u4f60\u662f\u72ec\u7acb\u7684Linux\uff0c\u53ef\u4ee5\u5728\u6bcf\u53f0\u673a\u5668\u4e0a\u90fd\u6267\u884c\u4e00\u4e0b\u6b65\u9aa4\u4e8c\u7684\u6240\u7528\u5185\u5bb9\u3002<\/p>\n
<\/p>\n
3.1 \u8bbe\u7f6e\u4e3b\u673a\u540d&\u56fa\u5b9aIP\u5730\u5740<\/h3>\n# hep-k8s-master01\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-master01\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-master01\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.201\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.201\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-master02\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-master02\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-master02\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.202\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.202\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-master03\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-master03\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-master03\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.203\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.203\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-worker01\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-worker01\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-worker01\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.204\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.204\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-worker02\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-worker02\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-worker02\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.205\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.205\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-worker03\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-worker03\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-worker03\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.206\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.206\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot\n\n# hep-k8s-worker04\u8282\u70b9\n# \u8bbe\u7f6e\u4e3b\u673a\u540d\nhostnamectl set-hostname hep-k8s-worker04\n# \u56fa\u5b9aIP\u5730\u5740\uff0c\u4f60\u7684\u53ef\u80fd\u4e0d\u53eb50-cloud-init.yaml\uff0c\u4f46\u90fd\u5728\/etc\/netplan\/\uff0c\u770b\u4f60\u7684\u662f\u54ea\u4e2a\u3002\n# hep-k8s-worker04\u8282\u70b9IP\u56fa\u5b9a\u4f4d192.168.31.207\nvim \/etc\/netplan\/50-cloud-init.yaml\nnetwork:\n ethernets:\n ens18:\n dhcp4: false\n addresses: [192.168.31.207\/24]\n gateway4: 192.168.31.2\n nameservers:\n addresses: [192.168.31.1,8.8.8.8]\n\n version: 2\n# \u91cd\u542f\u751f\u6548\nreboot<\/code><\/pre>\n3.2 \u5f00\u653e\u7aef\u53e3\u53f7<\/h3>\n
\u4e3a\u4e86\u96c6\u7fa4\u7684\u5b89\u5168\u6027\u8003\u8651\uff0c\u6211\u8fd9\u91cc\u5e76\u6ca1\u6709\u5b8c\u5168\u5173\u95ed\u9632\u706b\u5899\uff0c\u800c\u662f\u91c7\u7528\u9700\u8981\u54ea\u4e2a\u7aef\u53e3\u5c31\u6253\u5f00\u54ea\u4e2a\u7aef\u53e3\uff0c\u8fd9\u6837\u4e5f\u66f4\u7b26\u5408\u4f01\u4e1a\u4f7f\u7528\u4e60\u60ef\uff0c\u4e5f\u4f1a\u5177\u6709\u66f4\u9ad8\u7684\u53ef\u9760\u6027\u5b89\u5168\u6027\u3002<\/p>\n
3.2.1 Master\u8282\u70b9<\/h4>\n# \u5728\u4e09\u53f0Master\u8282\u70b9\u6267\u884c\uff0c\u5f00\u653e\u7684\u7aef\u53e3\u6bd4worker\u8282\u70b9\u591a\n# \u5f00\u653e\u7aef\u53e3\n# \u542f\u7528 UFW \u9632\u706b\u5899\nufw enable\n\n# \u5f00\u653e k8s Master \u5fc5\u9700\u7aef\u53e3\nufw allow 6443\/tcp\nufw allow 2379:2380\/tcp\nufw allow 10250\/tcp\nufw allow 10251\/tcp\nufw allow 10252\/tcp\nufw allow 10257\/tcp\nufw allow 10259\/tcp\nufw allow 8472\/udp\nufw allow 30000:32767\/tcp\nufw allow ssh\/tcp\n\n# \u5f00\u653e kube-vip ARP\/VRRP \u76f8\u5173\u7aef\u53e3\nufw allow 4789\/udp\nufw allow 51820\/udp\nufw allow 51821\/udp\n\n# \u9a8c\u8bc1\u9632\u706b\u5899\u89c4\u5219\nufw status numbered<\/code><\/pre>\n3.2.2 worker\u8282\u70b9<\/h4>\n# \u5728\u56db\u53f0Worker\u8282\u70b9\u6267\u884c\n# \u542f\u7528 UFW \u9632\u706b\u5899\nufw enable\n\n# \u5f00\u653e k8s Worker \u5fc5\u9700\u7aef\u53e3\nufw allow 10250\/tcp\nufw allow 8472\/udp\nufw allow 30000:32767\/tcp\nufw allow ssh\/tcp\n\n# \u9a8c\u8bc1\u9632\u706b\u5899\u89c4\u5219\nufw status numbered<\/code><\/pre>\n\u56db\u3001K8S\u51c6\u5907\u5de5\u4f5c<\/h2>\n4.1 K8S\u96c6\u7fa4\u8f6f\u4ef6&\u5bb9\u5668\u955c\u50cf\u51c6\u5907<\/h3>\n# \u66f4\u65b0\u6e90\napt update\n# \u67e5\u770b kubeadm \u7684\u5305\u7b56\u7565(\u72b6\u6001\u4e0e\u7248\u672c\u6765\u6e90\uff09\napt-cache policy kubeadm\n# \u9ed8\u8ba4\u5b89\u88c5 K8s \u6838\u5fc3\u7ec4\u4ef6\n# apt install -y kubelet kubeadm kubectl\n\n# \u5b89\u88c5\u6307\u5b9a\u7248\u672c\u7684 K8s \u6838\u5fc3\u7ec4\u4ef6\n# Master\u8282\u70b9\u5b89\u88c5kubelet\u3001kubeadm\u3001kubectl\uff0cWorker\u8282\u70b9\u5b89\u88c5kubelet\u3001kubeadm\n# apt install -y kubelet=1.35.0-1.1 kubeadm=1.35.0-1.1 \napt install -y kubelet=1.35.0-1.1 kubeadm=1.35.0-1.1 kubectl=1.35.0-1.1\n# \u7248\u672c\u9501\u5b9a(\u9632\u6b62\u81ea\u52a8\u66f4\u65b0\uff09\n# Worker\u8282\u70b9\u9501\u5b9akubelet\u3001kubeadm\n# apt-mark hold kubelet kubeadm\napt-mark hold kubelet kubeadm kubectl\n# \u7248\u672c\u89e3\u9501(\u5141\u8bb8\u66f4\u65b0\uff09\nsudo apt-mark unhold kubelet kubeadm kubectl\n# \u914d\u7f6e kubelet \u7684 cgroup \u9a71\u52a8\nvim \/etc\/default\/kubelet\nKUBELET_EXTRA_ARGS=\"--cgroup-driver=systemd\"\n# \u6216\u8005\u4e00\u6761\u547d\u4ee4\u4fee\u6539KUBELET_EXTRA_ARGS=\"--cgroup-driver=systemd\"\n# echo 'KUBELET_EXTRA_ARGS=\"--cgroup-driver=systemd\"' | sudo tee \/etc\/default\/kubelet\n\n# \u8bbe\u7f6e kubelet \u5f00\u673a\u81ea\u542f\nsystemctl enable kubelet\n\n# \u67e5\u770b K8s 1.35.0 \u6240\u9700\u7684\u955c\u50cf\u5217\u8868\nkubeadm config images list\nkubeadm config images list --kubernetes-version=v1.35.0\n\n# \u62c9\u53d6 K8s 1.35.0 \u955c\u50cf(\u6307\u5b9a cri-dockerd \u5bb9\u5668\u8fd0\u884c\u65f6\uff09\n# \u8fd9\u4e2a\u65f6\u5019\uff0c\u4f60\u6ca1\u6709\u79d1\u5b66\u4e0a\u7f51\u5e94\u8be5\u662f\u62c9\u53d6\u4e0d\u4e86\u7684\uff0c\u60f3\u77e5\u9053\u600e\u4e48\u914d\u7f6e\u53ef\u4ee5\u8f6c\u5230\u6587\u7ae0\u7b2c\u4e03\u90e8\u5206\uff0c\u4e86\u89e3\u4e00\u4e0b\u3002\nkubeadm config images pull --cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock<\/code><\/pre>\n4.2 \u4e91\u539f\u751f\u8d1f\u8f7d\u5747\u8861\u5668kube-vip\u51c6\u5907<\/h3>\n# \u5728Master01\u4e0a\u6267\u884c\n# \u5b9a\u4e49kube-vip\u6240\u9700\u73af\u5883\u53d8\u91cf\nexport VIP=192.168.31.200\nexport INTERFACE=ens18\nexport KVVERSION=v1.0.3\n\n# \u751f\u6210kube-vip\u9759\u6001Pod\u6e05\u5355\u5e76\u5199\u5165K8s\u9759\u6001Pod\u76ee\u5f55\ndocker run -it --rm --net=host ghcr.io\/kube-vip\/kube-vip:$KVVERSION manifest pod \\\n--interface $INTERFACE \\\n--address $VIP \\\n--controlplane \\\n--services \\\n--arp \\\n--enableLoadBalancer \\\n--leaderElection | tee \/etc\/kubernetes\/manifests\/kube-vip.yaml\n\n# \/etc\/kubernetes\/manifests\/\u4e0b\uff0c\u751f\u6210\u7684kube-vip.yaml\u6587\u4ef6\u5907\u4efd\u4e00\u4e0b\nroot@hep-k8s-master01:~# cd \/etc\/kubernetes\/manifests\/\nroot@hep-k8s-master01:\/etc\/kubernetes\/manifests# ls\nkube-vip.yaml\ncp kube-vip.yaml \/home\/kelsen\/kube-vip.yaml\n\n# \u5c06kube-vip.yaml\u6587\u4ef6\u590d\u5236\u5230hep-k8s-master02\u8282\u70b9\u7684\u5bf9\u5e94\u76ee\u5f55\nscp \/etc\/kubernetes\/manifests\/kube-vip.yaml hep-k8s-master02:\/etc\/kubernetes\/manifests\/\n\n# \u5c06kube-vip.yaml\u6587\u4ef6\u590d\u5236\u5230hep-k8s-master03\u8282\u70b9\u7684\u5bf9\u5e94\u76ee\u5f55\nscp \/etc\/kubernetes\/manifests\/kube-vip.yaml hep-k8s-master03:\/etc\/kubernetes\/manifests\/<\/code><\/pre>\n\u4e94\u3001K8S\u96c6\u7fa4\u521d\u59cb\u5316<\/h2>\n5.1 kubeadm-config.yaml\u914d\u7f6e<\/h3>\n
kubeadm-config.yaml\u6587\u4ef6\u7684\u4fee\u6539\u662f\u91cd\u70b9\uff0c\u8fd9\u4e2a\u641e\u597d\u4e86\u5c31\u6210\u529f\u4e86\u4e00\u534a\u4e86\u3002<\/p>\n
# \u751f\u6210\u914d\u7f6e\u6587\u4ef6\u6837\u4f8b kubeadm-config.yaml\nkubeadm config print init-defaults --component-configs KubeProxyConfiguration > kubeadm-config.yaml\n\n# \u4fee\u6539\u8fd9\u4e2a\u914d\u7f6e\u6587\u4ef6\u4ee5\u4e0b\u5185\u5bb9\n# advertiseAddress: 192.168.31.201\uff0c\u6539\u6210\u81ea\u5df1\u7684\u4e3b\u673a\u5730\u5740\n# criSocket: unix:\/\/\/var\/run\/cri-dockerd.sock \u4f7f\u7528cri-dockerd\n# name: hep-k8s-master01\uff0c\u81ea\u5df1\u7684\u4e3b\u673a\u540d\n# \u589e\u52a0 certSANs: \u8ba4\u8bc1\u8bc1\u4e66\u914d\u7f6e\uff0cMaster\u8282\u70b9\u7684\u4e3b\u673a\u540d\u548cIP\u90fd\u5199\u4e0a\u5566\n #- lb.k8s.hep.cc\n #- hep-k8s-master01\n #- hep-k8s-master02\n #- hep-k8s-master03\n #- 192.168.31.201\n #- 192.168.31.202\n #- 192.168.31.203\n# \u589e\u52a0 controlPlaneEndpoint: \"lb.k8s.hep.cc:6443\"\uff0cVIP\u5730\u5740\u548c\u7aef\u53e3\n# \u589e\u52a0 podSubnet: 192.168.0.0\/12\uff0c\u548cCalico \u9ed8\u8ba4 Pod \u5b50\u7f51\u5339\u914d\uff0c\u5f53\u7136\u4e5f\u53ef\u4ee5\u9ed8\u8ba4\u3002\u6211\u8fd9\u91cc\u5c31\u6ca1\u4fee\u6539\uff0c\u91c7\u7528\u9ed8\u8ba4\u7684\n# strictARP: true\n# mode: \"ipvs\"\nvim kubeadm-config.yaml\nlocalAPIEndpoint:\n advertiseAddress: 192.168.31.201\nnodeRegistration:\n criSocket: unix:\/\/\/var\/run\/cri-dockerd.sock\n name: hep-k8s-master01\napiServer:\n certSANs:\n - lb.k8s.hep.cc\n - hep-k8s-master01\n - hep-k8s-master02\n - hep-k8s-master03\n - 192.168.31.201\n - 192.168.31.202\n - 192.168.31.203\ncontrolPlaneEndpoint: \"lb.k8s.hep.cc:6443\"\nnetworking:\n dnsDomain: cluster.local\n serviceSubnet: 10.96.0.0\/12\n podSubnet: 192.168.0.0\/12\n\n...\n\nipvs:\n excludeCIDRs: null\n minSyncPeriod: 0s\n scheduler: \"\"\n strictARP: true\n syncPeriod: 0s\n tcpFinTimeout: 0s\n tcpTimeout: 0s\n udpTimeout: 0s\nkind: KubeProxyConfiguration\nlogging:\n flushFrequency: 0\n options:\n json:\n infoBufferSize: \"0\"\n text:\n infoBufferSize: \"0\"\n verbosity: 0\nmetricsBindAddress: \"\"\nmode: \"ipvs\"\nnftables:\n masqueradeAll: false\n masqueradeBit: null\n minSyncPeriod: 0s\n syncPeriod: 0s\nnodePortAddresses: null<\/code><\/pre>\n5.2 master\u8282\u70b9\u914d\u7f6e<\/h3>\n# kubeadm \u521d\u59cb\u5316\u524d\u4fee\u6539 kube-vip.yaml\nsed -i 's#path: \/etc\/kubernetes\/admin.conf#path: \/etc\/kubernetes\/super-admin.conf#' \/etc\/kubernetes\/manifests\/kube-vip.yaml\n\n# kubeadm \u521d\u59cb\u5316\u540e\u6062\u590d kube-vip.yaml\n# sed -i 's#path: \/etc\/kubernetes\/super-admin.conf#path: \/etc\/kubernetes\/admin.conf#' \/etc\/kubernetes\/manifests\/kube-vip.yaml\n\n# K8s \u96c6\u7fa4\u521d\u59cb\u5316\u547d\u4ee4\nkubeadm init --config kubeadm-config.yaml --upload-certs -v=9\n\n# \u8f93\u51fa\u5185\u5bb9\n...\nI1224 16:15:49.355797 1333 loader.go:405] Config loaded from file: \/etc\/kubernetes\/admin.conf\n\nYour Kubernetes control-plane has initialized successfully!\n\nTo start using your cluster, you need to run the following as a regular user:\n\n mkdir -p $HOME\/.kube\n sudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\n sudo chown $(id -u):$(id -g) $HOME\/.kube\/config\n\nAlternatively, if you are the root user, you can run:\n\n export KUBECONFIG=\/etc\/kubernetes\/admin.conf\n\nYou should now deploy a pod network to the cluster.\nRun \"kubectl apply -f [podnetwork].yaml\" with one of the options listed at:\n https:\/\/kubernetes.io\/docs\/concepts\/cluster-administration\/addons\/\n\nYou can now join any number of control-plane nodes running the following command on each as root:\n\n kubeadm join lb.k8s.hep.cc:6443 --token abcdef.0123456789abcdef \\\n --discovery-token-ca-cert-hash sha256:bc9f80c85cd754eeb87dabcefd42e2ecbd26dd6644ff59bb88008cb397f2c569 \\\n --control-plane --certificate-key 55ccb68ad350de6c3cee535b1277d13426fbc0b48e7d4c9d9abe22916e69d6fb\n\nPlease note that the certificate-key gives access to cluster sensitive data, keep it secret!\nAs a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use\n\"kubeadm init phase upload-certs --upload-certs\" to reload certs afterward.\n\nThen you can join any number of worker nodes by running the following on each as root:\n\nkubeadm join lb.k8s.hep.cc:6443 --token abcdef.0123456789abcdef \\\n --discovery-token-ca-cert-hash sha256:bc9f80c85cd754eeb87dabcefd42e2ecbd26dd6644ff59bb88008cb397f2c569\nroot@hep-k8s-master01:~#\n\n# \u914d\u7f6ekubectl\u73af\u5883\nmkdir -p $HOME\/.kube\nsudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\nsudo chown $(id -u):$(id -g) $HOME\/.kube\/config\n\n# hep-k8s-master02\u3001hep-k8s-master03\u52a0\u5165\u63a7\u5236\u8282\u70b9\uff0c\u4e00\u5b9a\u5e26\u4e0a--cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock\u53c2\u6570\nkubeadm join lb.k8s.hep.cc:6443 --token abcdef.0123456789abcdef \\\n --discovery-token-ca-cert-hash sha256:bc9f80c85cd754eeb87dabcefd42e2ecbd26dd6644ff59bb88008cb397f2c569 \\\n --control-plane --certificate-key 55ccb68ad350de6c3cee535b1277d13426fbc0b48e7d4c9d9abe22916e69d6fb --cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock\n\n# hep-k8s-master02\u3001hep-k8s-master03\u6210\u529f\u52a0\u5165\u63a7\u5236\u8282\u70b9\u540e\uff0c\u914d\u7f6ekubectl\u73af\u5883\nmkdir -p $HOME\/.kube\nsudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\nsudo chown $(id -u):$(id -g) $HOME\/.kube\/config<\/code><\/pre>\n5.3 worker\u8282\u70b9\u914d\u7f6e<\/h3>\n# hep-k8s-worker01\u3001hep-k8s-worker02\u3001hep-k8s-worker03\u3001hep-k8s-worker04\u52a0\u5165\u96c6\u7fa4\uff0c\u4e00\u5b9a\u5e26\u4e0a--cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock\u53c2\u6570\nkubeadm join lb.k8s.hep.cc:6443 --token abcdef.0123456789abcdef \\\n --discovery-token-ca-cert-hash sha256:bc9f80c85cd754eeb87dabcefd42e2ecbd26dd6644ff59bb88008cb397f2c569 --cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock<\/code><\/pre>\n5.4 \u90e8\u7f72Calico<\/h3>\n# \u5e94\u7528Calico Operator\u8d44\u6e90\u6e05\u5355(\u90e8\u7f72Calico\u63a7\u5236\u5668\uff09\nkubectl create -f https:\/\/raw.githubusercontent.com\/projectcalico\/calico\/v3.29.1\/manifests\/tigera-operator.yaml\n# \u67e5\u770btigera-operator\u662f\u5426\u4e3aRunning\nroot@hep-k8s-master01:~# kubectl get ns\nNAME STATUS AGE\ndefault Active 11m\nkube-node-lease Active 11m\nkube-public Active 11m\nkube-system Active 11m\ntigera-operator Active 12s\nroot@hep-k8s-master01:~# kubectl get pods -n tigera-operator\nNAME READY STATUS RESTARTS AGE\ntigera-operator-58986cfc84-mqfjj 1\/1 Running 0 23s\nroot@hep-k8s-master01:~#\n\n# \u4e0b\u8f7dCalico\u81ea\u5b9a\u4e49\u8d44\u6e90\u914d\u7f6e\u6587\u4ef6\nwget https:\/\/raw.githubusercontent.com\/projectcalico\/calico\/v3.29.1\/manifests\/custom-resources.yaml\n\n# \u4fee\u6539\u81ea\u5b9a\u4e49\u8d44\u6e90\u6587\u4ef6(\u5339\u914dkubeadm\u521d\u59cb\u5316\u7684Pod\u7f51\u7edcCIDR\uff09\uff0c\u6211\u8fd9\u91cc\u6ca1\u4fee\u6539\uff0c\u7528\u7684\u9ed8\u8ba4192.168.0.0\nvim custom-resources.yaml\n# (\u4fee\u6539\u7b2c13\u884c\u7684cidr\u4e3akubeadm init --pod-network-cidr\u6307\u5b9a\u7684\u5730\u5740\uff0c\u9ed8\u8ba4\u4e3a192.168.0.0\/16\uff09\n\n# \u5e94\u7528Calico\u81ea\u5b9a\u4e49\u8d44\u6e90\u914d\u7f6e(\u5b8c\u6210Calico\u90e8\u7f72\uff09\uff0c\u5927\u6982\u8fc7\u4e2a\u4e94\u5206\u949f\uff0c\u5c31\u90fdRunning\u72b6\u6001\u4e86\nkubectl create -f custom-resources.yaml\n\nroot@hep-k8s-master01:~# kubectl get ns\nNAME STATUS AGE\ncalico-apiserver Active 20s\ncalico-system Active 20s\ndefault Active 15m\nkube-node-lease Active 15m\nkube-public Active 15m\nkube-system Active 15m\ntigera-operator Active 3m51s\nroot@hep-k8s-master01:~# kubectl get pods -n calico-system\nNAME READY STATUS RESTARTS AGE\ncalico-kube-controllers-564c6979db-gqm5p 0\/1 Pending 0 33s\ncalico-node-2ms4h 0\/1 Init:0\/2 0 33s\ncalico-node-5vhq4 0\/1 Init:1\/2 0 33s\ncalico-node-ffbk8 0\/1 Init:1\/2 0 33s\ncalico-node-rw2sw 0\/1 Init:ImagePullBackOff 0 33s\ncalico-node-v9sps 0\/1 Init:1\/2 0 33s\ncalico-node-x5brm 0\/1 Init:1\/2 0 33s\ncalico-node-zhzg5 0\/1 Init:1\/2 0 33s\ncalico-typha-79dbf4db54-f478z 0\/1 ContainerCreating 0 27s\ncalico-typha-79dbf4db54-mnj7h 1\/1 Running 0 27s\ncalico-typha-79dbf4db54-ntbjc 1\/1 Running 0 34s\ncsi-node-driver-79tqj 0\/2 ContainerCreating 0 33s\ncsi-node-driver-b65fb 0\/2 ContainerCreating 0 33s\ncsi-node-driver-dbqpb 0\/2 ContainerCreating 0 33s\ncsi-node-driver-fw5br 0\/2 ContainerCreating 0 33s\ncsi-node-driver-m7fc4 0\/2 ContainerCreating 0 33s\ncsi-node-driver-wclw2 0\/2 ContainerCreating 0 33s\ncsi-node-driver-xbpk4 0\/2 ContainerCreating 0 33s\nroot@hep-k8s-master01:~#\n# \u6b64\u65f6worker\u8282\u70b9\u7684ROLES\u90fd\u662fnone\uff0c\u770b\u7740\u8ba9\u4eba\u5f88\u4e0d\u8212\u670d\uff0c\u6211\u4eec\u4fee\u6539\u4e00\u4e0b\nroot@hep-k8s-master01:~# kubectl get nodes\nNAME STATUS ROLES AGE VERSION\nhep-k8s-master01 Ready control-plane 22m v1.35.0\nhep-k8s-master02 Ready control-plane 18m v1.35.0\nhep-k8s-master03 Ready control-plane 17m v1.35.0\nhep-k8s-worker01 Ready 15m v1.35.0\nhep-k8s-worker02 Ready 14m v1.35.0\nhep-k8s-worker03 Ready 14m v1.35.0\nhep-k8s-worker04 Ready 14m v1.35.0\nroot@hep-k8s-master01:~#\n# \u4fee\u6539 Worker \u8282\u70b9 ROLES\u4e3aworker\nkubectl label node hep-k8s-worker01 node-role.kubernetes.io\/worker=worker\nkubectl label node hep-k8s-worker02 node-role.kubernetes.io\/worker=worker\nkubectl label node hep-k8s-worker03 node-role.kubernetes.io\/worker=worker\nkubectl label node hep-k8s-worker04 node-role.kubernetes.io\/worker=worker\n# worker\u7684ROLES\u88ab\u6253\u4e0aworker\u7684label\u4e86\nroot@hep-k8s-master01:~# kubectl get nodes\nNAME STATUS ROLES AGE VERSION\nhep-k8s-master01 Ready control-plane 23m v1.35.0\nhep-k8s-master02 Ready control-plane 18m v1.35.0\nhep-k8s-master03 Ready control-plane 18m v1.35.0\nhep-k8s-worker01 Ready worker 15m v1.35.0\nhep-k8s-worker02 Ready worker 15m v1.35.0\nhep-k8s-worker03 Ready worker 15m v1.35.0\nhep-k8s-worker04 Ready worker 15m v1.35.0\nroot@hep-k8s-master01:~#<\/code><\/pre>\n\u516d\u3001\u90e8\u7f72Nginx\u9a8c\u8bc1\u96c6\u7fa4\u53ef\u7528\u6027<\/h2>\n6.1 \u9a8c\u8bc1K8S\u96c6\u7fa4\u7f51\u7edc<\/h3>\nroot@hep-k8s-master01:~# kubectl get service -n kube-system\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkube-dns ClusterIP 10.96.0.10 53\/UDP,53\/TCP,9153\/TCP 24m\nroot@hep-k8s-master01:~# dig -t a www.baidu.com @10.96.0.10\n; <<>> DiG 9.18.39-0ubuntu0.24.04.2-Ubuntu <<>> -t a www.baidu.com @10.96.0.10\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16197\n;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1\n;; OPT PSEUDOSECTION:\n; EDNS: version: 0, flags:; udp: 1232\n; COOKIE: c5c39a4461293870 (echoed)\n;; QUESTION SECTION:\n;www.baidu.com. IN A\n;; ANSWER SECTION:\nwww.baidu.com. 30 IN CNAME www.a.shifen.com.\nwww.a.shifen.com. 30 IN A 153.3.238.28\nwww.a.shifen.com. 30 IN A 153.3.238.127\n;; Query time: 204 msec\n;; SERVER: 10.96.0.10#53(10.96.0.10) (UDP)\n;; WHEN: Wed Dec 24 16:40:39 CST 2025\n;; MSG SIZE rcvd: 161\nroot@hep-k8s-master01:~#<\/code><\/pre>\n6.2 \u5229\u7528K8S\u90e8\u7f72Nginx<\/h3>\n# \u521b\u5efa\u4e00\u4e2anginx.yaml\u6587\u4ef6\uff0c\u5176\u5185\u5bb9\u5982\u4e0b\nvim nginx.yaml\n\n---\napiVersion: apps\/v1\nkind: Deployment\nmetadata:\n name: nginxweb\nspec:\n selector:\n matchLabels:\n app: nginxweb1\n replicas: 2\n template:\n metadata:\n labels:\n app: nginxweb1\n spec:\n containers:\n - name: nginxwebc\n image: nginx:latest\n imagePullPolicy: IfNotPresent\n ports:\n - containerPort: 80\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: nginxweb-service\nspec:\n externalTrafficPolicy: Cluster\n selector:\n app: nginxweb1\n ports:\n - protocol: TCP\n port: 80\n targetPort: 80\n nodePort: 30080\n type: NodePort\n\nroot@hep-k8s-master01:~# kubectl apply -f nginx.yaml\ndeployment.apps\/nginxweb created\nservice\/nginxweb-service created\nroot@hep-k8s-master01:~# kubectl get pods\nNAME READY STATUS RESTARTS AGE\nnginxweb-6799787475-7xnwz 0\/1 ContainerCreating 0 8s\nnginxweb-6799787475-wvgdf 0\/1 ContainerCreating 0 8s\nroot@hep-k8s-master01:~# kubectl get service\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkubernetes ClusterIP 10.96.0.1 443\/TCP 27m\nnginxweb-service NodePort 10.97.67.72 80:30080\/TCP 16s\nroot@hep-k8s-master01:~# kubectl get pods\nNAME READY STATUS RESTARTS AGE\nnginxweb-6799787475-7xnwz 1\/1 Running 0 36s\nnginxweb-6799787475-wvgdf 0\/1 ContainerCreating 0 36s\nroot@hep-k8s-master01:~# kubectl get pods\nNAME READY STATUS RESTARTS AGE\nnginxweb-6799787475-7xnwz 1\/1 Running 0 54s\nnginxweb-6799787475-wvgdf 1\/1 Running 0 54s\nroot@hep-k8s-master01:~# kubectl get service\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nkubernetes ClusterIP 10.96.0.1 443\/TCP 30m\nnginxweb-service NodePort 10.97.67.72 80:30080\/TCP 3m7s\nroot@hep-k8s-master01:~#<\/code><\/pre>\n6.3 \u9a8c\u8bc1Nginx<\/h3>\n# \u5728Master\u548cworker\u6240\u6709\u673a\u5668\u4e0a\u5f00\u901a30080\u7aef\u53e3\nufw allow 30080\/tcp\n# \u5728\u5c40\u57df\u7f51\u6d4f\u89c8\u5668\u4e2d\u8bbf\u95eehttp:\/\/192.168.31.204:30080\/\u5373\u53ef\u770b\u5230Nginx\u4e3b\u9875\n# \u4e09\u53f0Master+30080\u4ee5\u53ca\u56db\u53f0worker+30080\u90fd\u53ef\u4ee5\u8bbf\u95eeNginx<\/code><\/pre>\n<\/p>\n
\u4e03\u3001Ubuntu24.04\u914d\u7f6e\u955c\u50cf\u52a0\u901f<\/h2>\n
\u4e3a\u4e86\u66f4\u597d\u7684\u79d1\u5b66\u4e0a\u7f51\uff0c\u6211\u8fd9\u91cc\u6709\u81ea\u5df1\u7684Ghelper\u673a\u573a\u3002\u4f60\u4e5f\u53ef\u4ee5\u4f7f\u7528\u81ea\u5df1\u7684\u8fdb\u884c\u7ffb\u5899\u3002<\/p>\n
<\/p>\n
cd \/home\/kelsen\n\n# \u4e0b\u8f7d\u5e26\u6709 -compatible \u6807\u8bc6\u7684\u7248\u672c\nwget https:\/\/github.com\/MetaCubeX\/mihomo\/releases\/download\/v1.18.9\/mihomo-linux-amd64-compatible-v1.18.9.gz\n\n# \u89e3\u538b\u5e76\u66ff\u6362\ngunzip -f mihomo-linux-amd64-compatible-v1.18.9.gz\nchmod +x mihomo-linux-amd64-compatible-v1.18.9\nmv -f mihomo-linux-amd64-compatible-v1.18.9 \/usr\/local\/bin\/mihomo\n\nmkdir -p ~\/.config\/mihomo\n# \u5c06\u4e0b\u9762\u7684 URL \u66ff\u6362\u4e3a\u4f60\u56fe\u7247\u4e2d Mihomo \u884c\u5bf9\u5e94\u7684\u90a3\u4e2a\u94fe\u63a5\ncurl -L -o ~\/.config\/mihomo\/config.yaml \"\u4f60\u7684Mihomo\u8ba2\u9605\u94fe\u63a5\"\n\ncd \/root\/.config\/mihomo\ncurl -L -o Country.mmdb https:\/\/github.com\/P3TERX\/GeoLite.mmdb\/raw\/download\/GeoLite2-Country.mmdb\n# \u6216\u8005curl -L -o \/root\/.config\/mihomo\/Country.mmdb https:\/\/testingcf.jsdelivr.net\/gh\/MetaCubeX\/meta-rules-dat@release\/geoip.metadb\n\n# \u624b\u52a8\u8fd0\u884c\n\/usr\/local\/bin\/mihomo -d \/root\/.config\/mihomo\n\nvim \/etc\/systemd\/system\/mihomo.service\n[Unit]\nDescription=Mihomo Daemon\nAfter=network.target\n\n[Service]\nType=simple\nUser=root\nExecStart=\/usr\/local\/bin\/mihomo -d \/root\/.config\/mihomo\nRestart=always\n\n[Install]\nWantedBy=multi-user.target\n\nsystemctl enable --now mihomo\n\nexport http_proxy=http:\/\/127.0.0.1:9981\nexport https_proxy=http:\/\/127.0.0.1:9981\n\ncurl -I https:\/\/www.google.com\n\n# \u5f3a\u529b\u6740\u6389\u6240\u6709\u6b8b\u7559\u7684 mihomo \u8fdb\u7a0b\nsudo pkill -9 mihomo\n\n# \u786e\u8ba4\u6ca1\u6709\u4efb\u4f55\u8fdb\u7a0b\u5728\u5360\u7528 9981 \u7aef\u53e3 (\u6267\u884c\u540e\u4e0d\u5e94\u6709\u8f93\u51fa)\nss -tlnp | grep 9981\n\n# \u91cd\u65b0\u542f\u52a8\u670d\u52a1\nsudo systemctl restart mihomo\n\n# \u518d\u6b21\u67e5\u770b\u72b6\u6001\uff0c\u786e\u4fdd\u6ca1\u6709 \"bind: address already in use\" \u62a5\u9519\nsudo systemctl status mihomo\n\n\/usr\/local\/bin\/mihomo -d \/root\/.config\/mihomo\n\nvim \/etc\/apt\/apt.conf.d\/proxy.conf\nAcquire::http::Proxy \"http:\/\/127.0.0.1:9981\";\nAcquire::https::Proxy \"http:\/\/127.0.0.1:9981\";\n\napt-get update\napt-get install -y apt-transport-https ca-certificates curl gpg\n\nsystemctl daemon-reload\nsystemctl restart mihomo\nsystemctl status mihomo\n\n# \u7ec8\u7aef\u53d8\u91cf\uff08export\uff09\u7684\u6301\u4e45\u6027\nvim ~\/.bashrc\n# Mihomo Proxy\nexport http_proxy=\"http:\/\/127.0.0.1:9981\"\nexport https_proxy=\"http:\/\/127.0.0.1:9981\"\n# \u6ce8\u610f\uff1a\u5b89\u88c5 K8S \u5fc5\u987b\u8bbe\u7f6e NO_PROXY\uff0c\u5426\u5219\u96c6\u7fa4\u5185\u90e8\u901a\u4fe1\u4f1a\u62a5\u9519\nexport no_proxy=\"localhost,127.0.0.1,192.168.31.0\/24,10.96.0.0\/12,192.168.0.0\/16,lb.k8s.hep.cc,.svc,.cluster.local\"\nsource ~\/.bashrc\n\n# \u65e2\u7136\u4f60\u4f7f\u7528\u4e86 cri-dockerd \u4f5c\u4e3a\u5bb9\u5668\u8fd0\u884c\u65f6\uff0c\u90a3\u4e48\u955c\u50cf\u7684\u5b9e\u9645\u62c9\u53d6\u64cd\u4f5c\u662f\u7531 Docker \u5b88\u62a4\u8fdb\u7a0b (Docker Daemon) \u5b8c\u6210\u7684\u3002\u4ec5\u4ec5\u5728\u7ec8\u7aef\u6267\u884c export http_proxy \u5bf9 kubeadm \u547d\u4ee4\u672c\u8eab\u6709\u6548\uff0c\u4f46\u65e0\u6cd5\u4f20\u9012\u7ed9\u540e\u53f0\u8fd0\u884c\u7684 Docker \u670d\u52a1\u3002\u4f60\u5fc5\u987b\u4e3a Docker Service \u914d\u7f6e\u6301\u4e45\u5316\u7684\u73af\u5883\u53d8\u91cf\u3002\nmkdir -p \/etc\/systemd\/system\/docker.service.d\n\nvim \/etc\/systemd\/system\/docker.service.d\/http-proxy.conf\n[Service]\nEnvironment=\"HTTP_PROXY=http:\/\/127.0.0.1:9981\"\nEnvironment=\"HTTPS_PROXY=http:\/\/127.0.0.1:9981\"\nEnvironment=\"NO_PROXY=localhost,127.0.0.1,192.168.31.0\/24,lb.k8s.hep.cc,.cluster.local\"\n\nsystemctl daemon-reload\nsystemctl restart docker\n\n# \u786e\u4fdd\u7ec8\u7aef\u5f53\u524d\u4e5f\u6709\u4ee3\u7406\u53d8\u91cf\uff08\u4e3a\u4e86 kubeadm \u8bbf\u95ee api \u83b7\u53d6\u955c\u50cf\u5217\u8868\uff09\nexport http_proxy=http:\/\/127.0.0.1:9981\nexport https_proxy=http:\/\/127.0.0.1:9981\n\n# \u6267\u884c\u62c9\u53d6\nkubeadm config images pull --cri-socket unix:\/\/\/var\/run\/cri-dockerd.sock<\/code><\/pre>\n\u516b\u3001\u96c6\u7fa4\u4f18\u96c5\u5f00\u5173\u673a<\/h2>\n8.1 K8S\u96c6\u7fa4\u5173\u673a<\/h3>\n# \u5982\u679c\u662f\u4e3a\u4e86\u957f\u671f\u505c\u673a\u6216\u7ef4\u62a4\uff0c\u5efa\u8bae\u5148\u6e05\u7a7a\u8282\u70b9\u3002\u5982\u679c\u53ea\u662f\u4e34\u65f6\u91cd\u542f\uff0c\u53ef\u8df3\u8fc7\u6b64\u6b65\u3002\n# \u5728 master01 \u6267\u884c\uff0c\u5faa\u73af\u5904\u7406 worker \u8282\u70b9\nkubectl drain hep-k8s-worker01 --ignore-daemonsets --delete-emptydir-data\n# \u5bf9\u5176\u4ed6 worker02-04 \u91cd\u590d\u6b64\u64cd\u4f5c\nkubectl drain hep-k8s-worker02 --ignore-daemonsets --delete-emptydir-data\nkubectl drain hep-k8s-worker03 --ignore-daemonsets --delete-emptydir-data\nkubectl drain hep-k8s-worker04 --ignore-daemonsets --delete-emptydir-data\n# \u5173\u95ed\u6240\u6709 Worker Nodes\n# \u4f9d\u6b21\u767b\u5f55\u5230\u56db\u53f0 Worker \u8282\u70b9\uff0801-04\uff09\uff0c\u6267\u884c\u5173\u673a\n# \u505c\u6b62 kubelet\uff0c\u9632\u6b62\u5b83\u5728\u5173\u673a\u8fc7\u7a0b\u4e2d\u5c1d\u8bd5\u62c9\u8d77\u5bb9\u5668\nsudo systemctl stop kubelet\nsudo systemctl stop containerd\nsudo shutdown -h now\n# \u9010\u4e2a\u5173\u95ed Master \u8282\u70b9 (\u5173\u952e)\n# \u5148\u5173 Master 02 \u548c Master 03\nsudo systemctl stop kubelet\nsudo systemctl stop containerd\nsudo shutdown -h now\n# \u6700\u540e\u5173 Master 01 (VIP \u627f\u8f7d\u8005)\uff1a \u6700\u540e\u5173\u95ed\u6301\u6709 VIP \u7684\u8282\u70b9\uff0c\u786e\u4fdd\u63a7\u5236\u5e73\u9762\u5728\u5173\u673a\u6700\u540e\u4e00\u523b\u4f9d\u7136\u53ef\u7528\u3002<\/code><\/pre>\n8.2 K8S\u96c6\u7fa4\u5f00\u673a<\/h3>\n# \u540c\u65f6\u5f00\u542f Master 01, 02, 03\n# \u68c0\u67e5 kube-vip\uff1a \u7531\u4e8e\u4f7f\u7528\u4e86 kube-vip\uff0c\u5b83\u901a\u5e38\u4f5c\u4e3a\u9759\u6001 Pod \u8fd0\u884c\u3002Master \u8282\u70b9\u542f\u52a8\u540e\uff0c\u68c0\u67e5 VIP \u662f\u5426\u80fd\u591f Ping \u901a\nping 192.168.31.200\n# \u68c0\u67e5\u63a7\u5236\u5e73\u9762\u72b6\u6001\uff1a \u767b\u5f55\u5230 Master 01\uff0c\u89c2\u5bdf\u6838\u5fc3\u7ec4\u4ef6\u548c etcd \u72b6\u6001\nkubectl get nodes\nkubectl get pods -n kube-system\n# \u542f\u52a8 Worker \u8282\u70b9\n# \u4e00\u65e6 kubectl get nodes \u663e\u793a Master \u8282\u70b9\u4e3a Ready \u72b6\u6001\uff0c\u5373\u53ef\u542f\u52a8\u6240\u6709 Worker \u8282\u70b9\nkubectl uncordon hep-k8s-worker01\nkubectl uncordon hep-k8s-worker02\nkubectl uncordon hep-k8s-worker03\nkubectl uncordon hep-k8s-worker04<\/code><\/pre>\n\nReference:
\n\u5b98\u65b9\u6587\u6863k8s1.30\u5b89\u88c5\u90e8\u7f72\u9ad8\u53ef\u7528\u96c6\u7fa4\uff0ckubeadm\u5b89\u88c5Kubernetes1.30\u6700\u65b0\u7248\u672c:https:\/\/blog.csdn.net\/weixin_45652150\/article\/details\/138492600<\/a>
\nubuntu22.04\u5b89\u88c5Kubernetes1.25.0(k8s1.25.0)\u9ad8\u53ef\u7528\u96c6\u7fa4\uff1ahttp:\/\/www.huerpu.cc:7000\/?p=432<\/a>
\n60\u5206\u949f\u6781\u901f\u90e8\u7f72\u4f01\u4e1a\u7ea7kubernetes k8s 1.35\u96c6\u7fa4:https:\/\/www.bilibili.com\/video\/BV1oNqkBzEuy\/<\/a><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"Ubuntu Server24.04\u5b89\u88c5Kubernetes(k8s v1.35.0)\u9ad8\u53ef\u7528\u96c6\u7fa4 \u4e3a\u4e86\u66f4\u597d\u7684\u4f53 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1883","post","type-post","status-publish","format-standard","hentry","category-pve"],"_links":{"self":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts\/1883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1883"}],"version-history":[{"count":6,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts\/1883\/revisions"}],"predecessor-version":[{"id":1889,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=\/wp\/v2\/posts\/1883\/revisions\/1889"}],"wp:attachment":[{"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1883"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.huerpu.cc:7000\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}