openclaw/shell
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8b10db63f9cb2ba57521b7635681eff7bbdf9972
shell/k8s/k8s.md
starry 8b10db63f9 Create k8s.md
2025-07-24 02:20:49 +08:00

193 lines
4.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# k8s环境安装 - Debian 12
## 快速环境准备
```bash
# 一键系统准备脚本
cat <<'EOF' > k8s-prep.sh
#!/bin/bash
set -e
# 禁用swap
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# 配置内核模块和参数
cat <<MODULES > /etc/modules-load.d/k8s.conf
overlay
br_netfilter
MODULES
modprobe overlay
modprobe br_netfilter
cat <<SYSCTL > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
SYSCTL
sysctl --system
echo "系统准备完成"
EOF
chmod +x k8s-prep.sh
sudo ./k8s-prep.sh
```
## 安装容器运行时 (containerd)
```bash
# 安装containerd
apt update
apt install -y ca-certificates curl gnupg lsb-release
mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list
apt update && apt install -y containerd.io
# 配置containerd
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
systemctl restart containerd
systemctl enable containerd
```
## 安装Kubernetes组件
```bash
# 添加K8s官方仓库
apt update
apt install -y apt-transport-https ca-certificates curl gpg
mkdir -p -m 755 /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.33/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.33/deb/ /' > /etc/apt/sources.list.d/kubernetes.list
# 安装K8s组件
apt update
apt install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
systemctl enable --now kubelet
```
---
---
---
## 初始化集群(控制平面)
```bash
# 初始化集群 (替换YOUR_IP为实际IP)
kubeadm init \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--apiserver-advertise-address=YOUR_IP
# 配置kubectl
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
```
## 安装网络插件 (Flannel)
```bash
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
# 等待网络插件就绪
kubectl wait --for=condition=ready pod -l app=flannel -n kube-flannel --timeout=300s
```
## 安装Helm
```bash
# 安装Helm
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | tee /usr/share/keyrings/helm.gpg > /dev/null
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" > /etc/apt/sources.list.d/helm-stable-debian.list
apt update
apt install -y helm
# 验证Helm安装
helm version
```
## 安装cert-manager
cert-manager是生产环境必需的TLS证书管理工具
```bash
# 添加cert-manager Helm仓库
helm repo add jetstack https://charts.jetstack.io
helm repo update
# 创建cert-manager命名空间
kubectl create namespace cert-manager
# 安装cert-manager (包含CRDs)
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--version v1.18.2 \
--set crds.enabled=true \
--set global.leaderElection.namespace=cert-manager
# 验证cert-manager安装
kubectl wait --for=condition=ready pod -l app.kubernetes.io/instance=cert-manager -n cert-manager --timeout=300s
kubectl get pods -n cert-manager
```
## 配置Let's Encrypt证书颁发者
```bash
# 创建生产环境ClusterIssuer
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: your-email@example.com # 替换为你的邮箱
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
EOF
```
## 常用操作命令
```bash
# 查看集群状态
kubectl cluster-info
kubectl get nodes
kubectl get pods -A
# 查看证书状态
kubectl get certificates -A
kubectl describe certificate <cert-name>
# 查看Ingress
kubectl get ingress -A
# 重启部署
kubectl rollout restart deployment/<deployment-name>
# 查看资源使用
kubectl top nodes
kubectl top pods -A
```
Reference in New Issue View Git Blame Copy Permalink