hostnamectl set-hostname
apt update
apt-get install bash-completion

sudo apt update && sudo apt install -y curl vim net-tools rsync sshpass

root登陆

vim /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes

验证设备uuid

cat /sys/class/dmi/id/product_uuid

关闭swap分区

mkfs.ext4 /dev/sda3
cat /etc/fstab
reboot

修改ll

vim /etc/bash.bashrc
alias ll='ls -lh'
source /etc/bash.bashrc

apt-get update
apt-get install -y curl
apt-get install -y ansible

curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh

curl -L "https://github.com/docker/compose/releases/download/v2.35.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/bin/docker-compose

所有用户永久添加环境变量：

编辑/etc/profile文件 vim /etc/profile
文件末尾添加：export PATH="/usr/bin/:$PATH"
source /etc/profile

1.2. 禁用防火墙
sudo systemctl disable ufw
sudo apt install -y policycoreutils
sudo setenforce 0
sudo sed -i 's#=permissive#=disabled#g' /etc/selinux/config
sudo sestatus #确保状态为disabled

3.开启IPv4转发
每台机器都要设置

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

sysctl --system

echo '1' | sudo tee /proc/sys/net/bridge/bridge-nf-call-iptables
sudo nano /etc/sysctl.conf
在文件的末尾添加以下两行配置
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1

sudo sysctl -p
sysctl --system

lsmod | grep br_netfilter
lsmod | grep overlay

通过运行以下指令确认 net.bridge.bridge-nf-call-iptables、net.bridge.bridge-nf-call-ip6tables 和 net.ipv4.ip_forward 系统变量在你的 sysctl 配置中被设置为 1：

sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward

sudo apt-get install -y ntp
sudo systemctl enable ntp
sudo systemctl start ntp
ntpq -p # 验证同步状态

apt install chrony
systemctl start chrony
systemctl enable chrony
systemctl restart chrony
systemctl status chrony
chronyc tracking

vim /etc/chrony/chrony.conf

timedatectl set-timezone Asia/Shanghai

ssh-keygen -t rsa
ssh-copy-id root@ # 对每个节点执行

验证：
ssh root@ hostname
ssh [email protected]
ssh [email protected]
ssh [email protected]

10.211.55.10 k8s-master
10.211.55.11 k8s-node1
10.211.55.12 k8s-node2

ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]

cat >> /etc/hosts << EOF
10.211.55.10 k8s-master
10.211.55.11 k8s-node1
10.211.55.12 k8s-node2
EOF

wget https://github.com/easzlab/kubeasz/releases/download/3.6.6/ezdown
chmod +x ./ezdown
./ezdown -D -m standard

./ezctl new k8s-cluster1

/etc/kubeasz/clusters/k8s-cluster1/hosts
/etc/kubeasz/clusters/k8s-cluster1/config.yml

config.yml
MASTER_CERT_HOSTS:
10.211.55.10

--ENABLE_LOCAL_DNS_CACHE: flase
--CALICO_IPV4POOL_IPIP: "Never" #同子网配置为Never即可.

hosts
[etcd]
10.211.55.10

[kube_master]
10.211.55.10 k8s_nodename='k8s-master'

[kube_node]
10.211.55.11 k8s_nodename='k8s-node1'
10.211.55.12 k8s_nodename='k8s-node2'

python3默认路径
/usr/bin/python3

从master开始执行01-07

./ezctl setup k8s-cluster1 01 #（01.prepare.yml）在所有节点（kube_master、kube_node、etcd 等）上执行基础环境配置。
./ezctl setup k8s-cluster1 02 #（02.etcd.yml）在 [etcd] 组定义的节点（你的配置中是 k8s-master）上部署 etcd。
./ezctl setup k8s-cluster1 03 #（03.kube-master.yml）在 [kube_control_plane] 组定义的节点（k8s-master）上部署控制平面组件：
./ezctl setup k8s-cluster1 04 #（04.kube-node.yml）在 [kube_worker] 组定义的节点（k8s-node1 和 k8s-node2）上部署 Worker 组件：
./ezctl setup k8s-cluster1 05 #（05.network.yml）部署 CNI 插件应用 Calico 的 YAML 清单配置 Pod 网络
./ezctl setup k8s-cluster1 06 #（06.cluster-addon.yml） CoreDNS 和 Metrics Server 提供 DNS 解析和资源监控功能，增强集群可用性。
./ezctl setup k8s-cluster1 07 #（07.cluster-extras.yml）部署一些可选的集群扩展组件如果不需要 Dashboard 或 Ingress，可以跳过此步骤。建议至少部署 Ingress Controller，以便通过域名访问服务。

./ezctl setup k8s-cluster1 06
ansible-playbook -i clusters/k8s-cluster1/hosts -e @clusters/k8s-cluster1/config.yml playbooks/06.network.yml

01 是基础，必须先完成，为后续步骤准备环境。
02 部署 etcd，控制平面依赖 etcd 存储。
03 初始化 Master，生成 token 和配置。
04 依赖 03 的 token，将 Worker 加入集群。
05 依赖 04，网络插件需要所有节点就绪。
06 依赖 05，CoreDNS 等插件需要网络正常。
07 依赖 06，额外组件需要基础插件支持。

删除 calico-node DaemonSet

kubectl delete daemonset -n kube-system calico-node

删除 calico-kube-controllers Deployment

kubectl delete deployment -n kube-system calico-kube-controllers

删除 Calico ConfigMap

kubectl delete configmap -n kube-system calico-config

kubelet 启动失败

cat /etc/containerd/config.toml
确保 [plugins."io.containerd.grpc.v1.cri"] 部分存在且启用。例如：
[plugins."io.containerd.grpc.v1.cri"]
  sandbox_image = "easzlab.io.local:5000/easzlab/pause:3.10"
  enable_tls_streaming = false

如果 CRI 部分缺失，生成默认配置：
sudo containerd config default > /etc/containerd/config.toml

systemctl restart containerd
systemctl status containerd

systemctl status kubelet

containerd config dump

kubectl delete pod -n kube-system calico-kube-xx

kubectl delete pod -n kube-system -l k8s-app=calico-node

kubectl get pod -n kube-system -w

kubectl edit daemonset -n kube-system calico-node

kubectl get pods -n kube-system -l k8s-app=calico-node -o wide

curl http://easzlab.io.local:5000/v2/_catalog

cat /etc/cni/net.d/10-calico.conflist

chmod 644 /etc/cni/net.d/10-calico.conflist

docker exec -it kubeasz ezctl setup k8s-cluster1 all

sed -i '34a -A INPUT -s 172.20.0.0/16 -j ACCEPT' /etc/sysconfig/iptables

iptables -A INPUT -s 172.20.0.0/16 -j ACCEPT

iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT

iptables -L -n -v

ubantu22 扩磁盘

lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv
resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
df -h

scp /opt/kube/bin/kubectl [email protected]:/opt/kube/bin/
scp /root/.kube/config [email protected]:/root/.kube/

kubectl -n kube-system get svc kubernetes-dashboard

获取登录 Token

kubectl -n kube-system get secret | grep admin-user

kubectl -n kube-system describe secret admin-user

This file describes the network interfaces available on your system

and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

The loopback network interface

auto lo
iface lo inet loopback

The primary network interface

allow-hotplug enp0s5
auto enp0s5
iface enp0s5 inet static

address 10.211.55.10
netmask 255.255.255.0
gateway 10.211.55.1
dns-nameservers 10.211.55.1

vim /etc/network/interfaces
systemctl restart networking
systemctl status networking

ubantu22
touch /etc/cloud/cloud-init.disabled
vim /etc/netplan/50-cloud-init.yaml
netplan apply
netplan try
systemctl restart systemd-networkd

ubantu 22 安装k8s