跳到主要内容 Ubuntu Linux 部署 Kubernetes 集群实战指南 | 极客日志
Shell / Bash
Ubuntu Linux 部署 Kubernetes 集群实战指南 在 Ubuntu 系统上通过 VirtualBox 虚拟机搭建 Kubernetes 集群的步骤。涵盖环境准备(网络、SSH、主机名)、安装 containerd 与 Kubeadm 组件、配置国内镜像源、初始化 Master 节点、将 Node 加入集群以及验证集群状态。包含端口开放、内核模块配置及 Flannel 网络插件安装说明,并提供 Nginx 测试应用验证调度功能。
莫名其妙 发布于 2026/3/25 更新于 2026/4/16 环境准备
虚拟机
VirtualBox
Linux 镜像文件下载
Ubuntu 25.10
硬件配置
建议配置:2C4G,存储空间 400GB
网络配置
桥接模式 (相当于独立设备)
启用 ssh 服务并开放 22 端口
启用 ssh 服务
防火墙开放 22 端口
静态 ip 配置 sudo vim /etc/netplan/00-installer-config.yaml
================ 修改前 =================
network:
ethernets:
enp0s3:
dhcp4: true
dhcp6: true
match:
macaddress: 08:00:27:2d:a1:c0
set-name: enp0s3
version: 2
================ 修改后 (k8s-master 节点) =================
network:
ethernets:
enp0s3:
dhcp4: false
addresses:
- 192.168.31.10/24
routes:
- to: default via: 192.168.31.1
nameservers:
addresses: [192.168.31.1, 8.8.8.8]
dhcp6: false
match:
macaddress: 08:00:27:2d:a1:c0
set-name: enp0s3
version: 2
================ 修改后 (k8s-node1 节点) =================
network:
ethernets:
enp0s3:
dhcp4: false
addresses:
- 192.168.31.11/24
routes:
- to: default via: 192.168.31.1
nameservers:
addresses: [192.168.31.1, 8.8.8.8]
dhcp6: false
match:
macaddress: 08:00:27:2d:a1:c0
set-name: enp0s3
version: 2
设置主机名
sudo hostnamectl set-hostname k8s-master
sudo hostnamectl set-hostname k8s-node1
配置 /etc/hosts sudo tee -a /etc/hosts <<EOF
192.168.31.10 k8s-master
192.168.31.11 k8s-node1
EOF
禁用 swap sudo swapoff -a
sudo sed -i '/swap/s/^/#/' /etc/fstab
启用内核模块 & 调整参数 cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
开放端口
Master 节点
sudo ufw allow 6443/tcp
sudo ufw allow 2379:2380/tcp
sudo ufw allow 10250/tcp
sudo ufw allow 10259/tcp
sudo ufw allow 10257/tcp
sudo ufw allow 8472/udp
sudo ufw allow 30000:32767/tcp
Node 节点
sudo ufw allow 22/tcp
sudo ufw allow 10250/tcp
sudo ufw allow 8472/udp
sudo ufw allow 30000:32767/tcp
端口详情 端口 协议 需要节点 用途 22 TCP All SSH 远程管理 6443 TCP Master Kubernetes API Server 2379-2380 TCP Master etcd 数据库 10250 TCP All Kubelet API 10257 TCP Master Controller Manager 10259 TCP Master Scheduler 8472 UDP All Flannel VXLAN(关键!) 30000-32767 TCP All NodePort 服务范围
安装 k8s(所有节点)
安装 containerd
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
安装 kubeadm、kubelet、kubectl
方案一:支持访问外网
curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt update
sudo apt install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
如果这一步报错:curl: (28) Failed to connect to packages.cloud.google.com port 443 after 148795 ms: Could not connect to server. ------------ 表示无法访问外网,直接用方案二
方案二:国内建议 sudo rm -f /etc/apt/sources.list.d/kubernetes.list
sudo rm -f /etc/apt/keyrings/kubernetes-archive-keyring.gpg
sudo mkdir -p /etc/apt/keyrings
sudo rm -f /etc/apt/keyrings/kubernetes-aliyun.gpg &&\
curl -fsSL https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.31/deb/Release.key |\
sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-aliyun.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-aliyun.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.31/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt update
sudo apt install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
修改 kubectl 镜像源(可选,国内建议) sudo vim /etc/containerd/config.toml
[plugins.'io.containerd.cri.v1.images' .pinned_images]
sandbox = 'registry.aliyuncs.com/google_containers/pause:3.10.1'
[plugins.'io.containerd.cri.v1.images' .registry]
config_path ='/etc/containerd/certs.d'
sudo mkdir -p /etc/containerd/certs.d/docker.io
sudo tee /etc/containerd/certs.d/docker.io/hosts.toml <<EOF
server = "https://registry-1.docker.io"
[host."https://docker.m.daocloud.io"]
capabilities = ["pull", "resolve"]
EOF
sudo systemctl restart containerd
初始化 Master 节点
第一步:初始化 kubeadm sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.31.10
sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=192.168.31.10 --image-repository=registry.aliyuncs.com/google_containers
注意事项
--pod-network-cidr 根据你后续要安装的 CNI 插件设定。这里以 Flannel 为例(使用 10.244.0.0/16)。生产环境建议使用 Calico。
常见报错解决
报错:[ERROR FileExisting-conntrack]: conntrack not found in system path
原因:缺少 conntrack 工具。
解决:安装 conntrack 包:
sudo apt update && sudo apt install -y conntrack
第二步:配置 kubectl mkdir -p $HOME /.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME /.kube/config
sudo chown $(id -u):$(id -g)$HOME /.kube/config
安装 CNI 网络插件(Master 节点) kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
注意:若遇到网络问题,可以先在浏览器下载 -> 上传到服务器,然后执行 kubectl apply -f kube-flannel.yml
检查网络插件安装情况 kubectl get pods -n kube-flannel
NAME READY STATUS RESTARTS AGE
kube-flannel-ds-68fsw 1/1 Running 0 23m
kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-855c4dd65d-g2pgd 1/1 Running 0 26m
coredns-855c4dd65d-q727j 1/1 Running 0 26m
...
kubectl describe pod coredns-855c4dd65d-g2pgd -n kube-system
将 Node 加入集群
Master 节点执行 kubeadm token create --print-join-command
kubeadm join 192.168.31.10:6443 --token i50jq7.xxxx --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxx
Node 节点执行 sudo kubeadm join 192.168.31.10:6443 --token i50jq7.xxxx --discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxx
常见报错解决
报错:[ERROR FileExisting-conntrack]: conntrack not found in system path
问题:缺少 缺少 conntrack 工具
解决:安装 conntrack:
sudo apt update && sudo apt install -y conntrack
验证阶段(master 节点上验证) kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 30m v1.31.14
k8s-node1 Ready <none> 96s v1.31.14
部署一个测试应用 创建一个简单的 Nginx Deployment 和 Service 来验证调度和网络功能:
kubectl create deployment nginx --image=nginx
deployment.apps/nginx created
kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-676b6c5bbc-wdz4w 1/1 Running 0 23s 10.244.1.2 k8s-node1 <none><none>
kubectl expose deployment nginx --port=80 --type =NodePort
service/nginx exposed
kubectl get svc nginx
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx NodePort 10.97.208.222 <none>80:31301/TCP 5s
curl -I 192.168.31.11:31301
HTTP/1.1 200 OK
Server: nginx/1.29.5
Date: Thu, 12 Feb 2026 02:31:16 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Wed, 04 Feb 2026 15:12:20 GMT
Connection: keep-alive
ETag: "698361d4-267"
Accept-Ranges: bytes
微信扫一扫,关注极客日志 微信公众号「极客日志」,在微信中扫描左侧二维码关注。展示文案:极客日志 zeeklog
相关免费在线工具 Base64 字符串编码/解码 将字符串编码和解码为其 Base64 格式表示形式即可。 在线工具,Base64 字符串编码/解码在线工具,online
Base64 文件转换器 将字符串、文件或图像转换为其 Base64 表示形式。 在线工具,Base64 文件转换器在线工具,online
Markdown转HTML 将 Markdown(GFM)转为 HTML 片段,浏览器内 marked 解析;与 HTML转Markdown 互为补充。 在线工具,Markdown转HTML在线工具,online
HTML转Markdown 将 HTML 片段转为 GitHub Flavored Markdown,支持标题、列表、链接、代码块与表格等;浏览器内处理,可链接预填。 在线工具,HTML转Markdown在线工具,online
JSON 压缩 通过删除不必要的空白来缩小和压缩JSON。 在线工具,JSON 压缩在线工具,online
JSON美化和格式化 将JSON字符串修饰为友好的可读格式。 在线工具,JSON美化和格式化在线工具,online
