kubernetes v1.28.2 container版本部署

root@k8s-master01:~# vim /etc/hosts
10.0.0.11 kubeapi.gao.com kubeapi
10.0.0.11 k8s-master01.gao.com k8s-master01
10.0.0.12 k8s-master02.gao.com k8s-master02
10.0.0.13 k8s-master03.gao.com k8s-master03
10.0.0.21 k8s-node01.gao.com k8s-node01
10.0.0.22 k8s-node02.gao.com k8s-node02
10.0.0.23 k8s-node03.gao.com k8s-node03

root@k8s-master01:modprobe br_netfilter

root@k8s-master01:echo "1" > /proc/sys/net/ipv4/ip_forward;echo "1">/proc/sys/net/bridge/bridge-nf-call-iptables

root@k8s-master01:sysctl -p

root@k8s-master01:swapoff -a

root@k8s-master01:~# vim /etc/fstab 

#/swap.img      none    swap    sw      0       0

root@k8s-master01:systemctl  --type swap

root@k8s-master01:ufw disable

root@k8s-master01:ufw status

root@k8s-master01:apt -y install chrony

root@k8s-master01:systemctl start chrony

root@k8s-master01:vim /etc/chrony/chrony.conf
server ntp.aliyun.com iburst

 
root@k8s-master01:curl -LO https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.8/cri-dockerd_0.3.8.3-0.ubuntu-jammy_amd64.deb

root@k8s-master01:apt -y install apt-transport-https ca-certificates curl software-properties-common

root@k8s-master01:sudo apt-get update

root@k8s-master01:apt -y install apt-transport-https ca-certificates curl software-properties-common

root@k8s-master01:curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -

root@k8s-master01:add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

root@k8s-master01:apt update

root@k8s-master01:apt-get install  containerd.io

root@k8s-master01:mkdir /etc/containerd

root@k8s-master01:containerd config default > /etc/containerd/config.toml

root@k8s-master01:vim /etc/containerd/config.toml
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.magedu.com"]
          endpoint = ["https://registry.magedu.com"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://docker.mirrors.ustc.edu.cn", "https://registry.docker-cn.com"]

    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
      endpoint = ["https://registry.aliyuncs.com/google_containers"]

sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"

root@k8s-master01:systemctl daemon-reload 

root@k8s-master01:systemctl restart containerd

root@k8s-master01:vim /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: true

root@k8s-master01:apt update && apt -y install apt-transport-https curl

root@k8s-master01:curl -fsSL https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -

root@k8s-master01:cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
 
root@k8s-master01:apt update

root@k8s-master01:apt install -y kubelet kubeadm kubectl

root@k8s-master01:systemctl enable kubelet

root@k8s-master01:containerd config default

root@k8s-master01:kubeadm config images list

root@k8s-master01:containerd -v

root@k8s-master01:systemctl status containerd

root@k8s-master01:kubeadm init --control-plane-endpoint="kubeapi.gao.com" --kubernetes-version=v1.28.2 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --image-repository=registry.aliyuncs.com/google_containers --upload-certs --cri-socket unix:///run/containerd/containerd.sock

You can now join any number of the control-plane node running the following command on each as root:
#其他master节点执行此命令加入集群
  kubeadm join kubeapi.gao.com:6443 --token bdx15c.kgt7so8awbtc234s \
    --discovery-token-ca-cert-hash sha256:891cdb46f640292f089c80f077b59db7f145225cd2850f853edd68668d11a642 \
    --control-plane --certificate-key 4e5e43e3148c79fa287beacc9beddce694371f7dc6d86bfd53ef9e627570f2e4

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:
#word节点执行此命令加入集群
kubeadm join kubeapi.gao.com:6443 --token bdx15c.kgt7so8awbtc234s \
    --discovery-token-ca-cert-hash sha256:891cdb46f640292f089c80f077b59db7f145225cd2850f853edd68668d11a642 

root@k8s-master01:mkdir .kube

root@k8s-master01:cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

root@k8s-master01:kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

root@k8s-master01:kubectl get nodes
NAME           STATUS   ROLES           AGE   VERSION
k8s-master01   Ready    control-plane   24h   v1.28.2
k8s-master02   Ready    control-plane   24h   v1.28.2
k8s-master03   Ready    control-plane   24h   v1.28.2
k8s-node01     Ready    <none>          24h   v1.28.2
k8s-node02     Ready    <none>          24h   v1.28.2
k8s-node03     Ready    <none>          24h   v1.28.2