从零搭建 Kubernetes 1.30 集群基于 kubeadm 的完整部署与集群管理指南手把手教你用 kubeadm 部署生产级 K8s 集群并掌握节点管理、命名空间与多集群切换写在前面Kubernetes 作为容器编排的事实标准已经成为云原生时代的必备技能。本文基于Ubuntu 24.04和Kubernetes 1.30.2使用官方推荐的kubeadm工具从虚拟机模板准备到集群部署、网络插件安装再到节点管理、命名空间与多集群切换一条龙带你入门 K8s 运维。如果你是准备 CKA/CKAD 考试的考生想在生产环境自建集群的运维工程师刚接触 K8s 的开发者这篇文章将是你绝佳的实战手册。一、环境准备1.1 节点规划节点名称IP角色master30.tz.cloud10.1.8.30masterworker31.tz.cloud10.1.8.31workerworker32.tz.cloud10.1.8.32worker1.2 硬件与软件VMware Workstation 17Ubuntu 24.04 LTS最小化安装Kubernetes 1.30.2containerd.io 1.7.20nerdctl 1.7.7Calico 网络插件 v3.30.7虚拟机配置2 CPU、4GB 内存、100GB 硬盘NAT 网络。二、基础系统配置模板机为了后续克隆节点方便我们先准备一台干净的模板机完成所有通用配置。2.1 安装与分区安装 Ubuntu 24.04 时断开网络以避免自动更新拖慢安装。分区建议/boot2GB/剩余全部90GB不创建 swap。2.2 配置软件源使用华为云镜像加速cat/etc/apt/sources.list.d/ubuntu.sourcesEOF Types: deb URIs: http://mirrors.huaweicloud.com/ubuntu/ Suites: noble noble-updates noble-backports Components: main restricted universe multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg EOF添加 containerd 官方源用于安装 containerd.iocurl-fsSLhttps://mirrors.huaweicloud.com/docker-ce/linux/ubuntu/gpg|gpg--dearmour-o/etc/apt/trusted.gpg.d/containerd.gpgechodeb [archamd64] https://mirrors.huaweicloud.com/docker-ce/linux/ubuntu noble stable/etc/apt/sources.list.d/docker-ce.list添加 Kubernetes 1.30 源阿里云curl-fsSLhttps://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/Release.key|gpg--dearmor-o/etc/apt/keyrings/kubernetes-apt-keyring.gpgechodeb [signed-by/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/ //etc/apt/sources.list.d/kubernetes.list2.3 安装基础软件包aptupdateaptinstall-yvimlrzsz bash-completion open-vm-tools apt-transport-https sshpass2.4 配置静态 IP以 master 为例mkdir/etc/netplan/originmv/etc/netplan/*yaml /etc/netplan/origincat/etc/netplan/00-static.yamlEOF network: ethernets: ens33: dhcp4: no addresses: - 10.1.8.30/24 routes: - to: default via: 10.1.8.2 nameservers: addresses: - 10.1.8.2 - 223.5.5.5 version: 2 EOFchmod600/etc/netplan/00-static.yaml netplan apply2.5 配置主机名解析catEOF/etc/hosts###### kubernetes ##### 10.1.8.30 master30.tz.cloud master30 10.1.8.31 worker31.tz.cloud worker31 10.1.8.32 worker32.tz.cloud worker32 EOF2.6 关闭 swapswapoff-ased-i/^.*swap/d/etc/fstabrm-f/swap.img2.7 配置时间同步aptinstall-ychrony systemctlenablechrony--nowtimedatectl set-timezone Asia/Shanghai2.8 SSH 优化与免密echoUseDNS no/etc/ssh/sshd_configechoStrictHostKeyChecking no/etc/ssh/ssh_config ssh-keygen-N-f~/.ssh/id_rsa-trsa sshpass-ppassword ssh-copy-id rootlocalhost# 替换为实际密码2.9 加载内核模块IPVS 网络aptinstall-yiptables ipvsadm ipset conntrack# 临时加载modprobe overlay br_netfilter modprobe ip_vs ip_vs_rr ip_vs_wrr ip_vs_lc ip_vs_sh nf_conntrack# 永久生效cat/etc/modules-load.d/k8s-net.confEOF br_netfilter overlay ip_vs ip_vs_rr ip_vs_wrr ip_vs_lc ip_vs_sh nf_conntrack EOF2.10 配置内核参数cat/etc/sysctl.d/k8s.confEOF net.bridge.bridge-nf-call-iptables1 net.bridge.bridge-nf-call-ip6tables1 net.ipv4.ip_forward1 vm.swappiness0 EOFsysctl-p/etc/sysctl.d/k8s.conf三、安装 containerd 与客户端工具3.1 安装 containerd.ioaptinstall-ycontainerd.io1.7.20-1 cri-tools crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock生成默认配置并修改containerd config default/etc/containerd/config.tomlsed-is/SystemdCgroup false/SystemdCgroup true//etc/containerd/config.tomlsed-is|sandbox_image .*|sandbox_image registry.k8s.io/pause:3.9|/etc/containerd/config.toml3.2 配置镜像加速CRI 方式编辑/etc/containerd/config.toml在[plugins.io.containerd.grpc.v1.cri.registry.mirrors]下添加[plugins.io.containerd.grpc.v1.cri.registry.mirrors.docker.io] endpoint [https://docker.m.daocloud.io,https://docker.1ms.run,https://docker.xuanyuan.me] [plugins.io.containerd.grpc.v1.cri.registry.mirrors.registry.k8s.io] endpoint [https://k8s.m.daocloud.io,https://registry.cn-hangzhou.aliyuncs.com/google_containers]重启 containerdsystemctl restart containerd3.3 安装 nerdctl 和 CNI 插件wgethttp://192.168.46.100/01.softwares/03.stage-3/nerdctl-1.7.7-linux-amd64.tar.gztar-xfnerdctl-1.7.7-linux-amd64.tar.gz-C/usr/bin/wgethttp://192.168.46.100/01.softwares/03.stage-3/cni-plugins-linux-amd64-v1.6.0.tgzmkdir-p/opt/cni/bintar-xfcni-plugins-linux-amd64-v1.6.0.tgz-C/opt/cni/bin3.4 配置 nerdctl 镜像加速原生 APInerdctl 不读取 CRI 的mirrors需单独配置certs.dmkdir-p/etc/containerd/certs.d/docker.iocat/etc/containerd/certs.d/docker.io/hosts.tomlEOF server https://registry-1.docker.io [host.https://09def58152000fc00ff0c00057bad7e0.mirror.swr.myhuaweicloud.com] capabilities [pull, resolve] EOFmkdir-p/etc/containerd/certs.d/registry.k8s.iocat/etc/containerd/certs.d/registry.k8s.io/hosts.tomlEOF server https://registry.k8s.io [host.https://k8s.m.daocloud.io] capabilities [pull, resolve] [host.https://k8s.mirrorify.net] capabilities [pull, resolve] [host.https://registry.cn-hangzhou.aliyuncs.com/google_containers] capabilities [pull, resolve] override_path true EOF3.5 安装 kubeadm、kubelet、kubectlaptinstall-ykubeadm1.30.2-1.1kubelet1.30.2-1.1kubectl1.30.2-1.1 systemctlenablekubelet--now3.6 配置命令补全mkdir-p/etc/bash_completion.d crictl completionbash/etc/bash_completion.d/crictl nerdctl completionbash/etc/bash_completion.d/nerdctlechoexport CONTAINERD_NAMESPACEk8s.io/etc/bash_completion.d/nerdctl kubectl completionbash/etc/bash_completion.d/kubectl kubeadm completionbash/etc/bash_completion.d/kubeadmsource/etc/bash_completion.d/*关键点CONTAINERD_NAMESPACEk8s.io确保 nerdctl 默认操作 k8s 使用的命名空间否则 kubelet 无法识别镜像。四、克隆节点与配置网络关闭模板机使用完全克隆创建三个节点。分别启动后修改主机名和 IP 地址以 worker31 为例hostnamectl set-hostname worker31.tz.cloudcat/etc/netplan/00-static.yamlEOF network: ethernets: ens33: dhcp4: no addresses: - 10.1.8.31/24 routes: - to: default via: 10.1.8.2 nameservers: addresses: - 10.1.8.2 - 223.5.5.5 version: 2 EOFnetplan apply确保所有节点的/etc/hosts都包含三台机器的解析记录。五、部署 Kubernetes 集群5.1 预拉取镜像master 节点kubeadm config images pull --kubernetes-versionv1.30.2worker 节点只需拉取kube-proxy和pausenerdctl pull registry.k8s.io/kube-proxy:v1.30.2 nerdctl pull registry.k8s.io/pause:3.95.2 初始化 masterkubeadm init --kubernetes-versionv1.30.2 --pod-network-cidr10.224.0.0/16如果拉取镜像慢可加--image-repository registry.aliyuncs.com/google_containers使用阿里云镜像。初始化成功后会输出类似下面的 join 命令务必保存kubeadm join 10.1.8.30:6443 --token token --discovery-token-ca-cert-hash sha256:hash5.3 配置 kubectl 凭据mkdir-p$HOME/.kubecp-i/etc/kubernetes/admin.conf$HOME/.kube/configchown$(id-u):$(id-g)$HOME/.kube/config5.4 安装 Calico 网络插件wget--no-check-certificate https://raw.githubusercontent.com/projectcalico/calico/v3.30.7/manifests/calico.yaml修改calico.yaml将CALICO_IPV4POOL_CIDR改为与初始化时一致的网段10.224.0.0/16sed-is|# - name: CALICO_IPV4POOL_CIDR|- name: CALICO_IPV4POOL_CIDR|gcalico.yamlsed-is|# value:\192.*| value:\10.224.0.0/16\|gcalico.yaml所有节点提前下载 Calico 镜像nerdctl pull docker.io/calico/cni:v3.30.7 nerdctl pull docker.io/calico/node:v3.30.7 nerdctl pull docker.io/calico/kube-controllers:v3.30.7部署kubectl apply-fcalico.yaml5.5 加入 worker 节点在 worker31 和 worker32 上执行上面保存的 join 命令。如果忘记 token可在 master 上重新生成kubeadm token create --print-join-command5.6 验证集群kubectl get nodes kubectl get pods-A所有节点状态应为Ready所有系统 Pod 为Running。六、集群管理进阶6.1 节点管理查看节点详情kubectl describenodeworker31.tz.cloud维护节点驱逐 Podkubectl drain worker31.tz.cloud --ignore-daemonsets删除节点kubectl deletenodeworker31.tz.cloud在被删除的节点上执行重置kubeadm reset-f恢复节点重新加入节点重置后重新执行 join 命令即可。6.2 命名空间NamespaceNamespace 用于逻辑隔离资源。Kubernetes 默认有四个default默认命名空间kube-system系统组件kube-public公共可读kube-node-lease节点心跳创建 Namespacekubectl create ns laoma或使用 YAMLapiVersion:v1kind:Namespacemetadata:name:laomakubectl apply-fns-laoma.yaml在指定命名空间操作资源kubectl run nginx--imagenginx-nlaoma kubectl get pods-nlaoma删除 Namespace会级联删除其中所有资源kubectl delete ns laoma6.3 切换默认命名空间使用 kubectl 命令kubectl config set-context--current--namespacelaoma kubectl config get-contexts# 查看当前上下文使用 kubens 工具更便捷安装wgethttps://codeload.github.com/ahmetb/kubectx/zip/refs/heads/master-Okubectx.zipunzipkubectx.zipcpkubectx-master/kubens /usr/local/bin/chmodx /usr/local/bin/kubenscpkubectx-master/completion/kubens.bash /etc/bash_completion.d/source/etc/bash_completion.d/kubens.bash使用kubens# 列出所有命名空间kubens kube-system# 切换到 kube-systemkubens -# 切换到上一个6.4 多集群切换Context当你有多个 K8s 集群时可以通过~/.kube/config定义多个 context。查看当前配置kubectl config view kubectl config get-contexts kubectl config get-clusters切换 contextkubectl config use-contextcontext-name使用 kubectx 工具安装与 kubens 同包cpkubectx-master/kubectx /usr/local/bin/chmodx /usr/local/bin/kubectxcpkubectx-master/completion/kubectx.bash /etc/bash_completion.d/使用kubectx# 列出所有 contextkubectxname# 切换kubectx-c# 显示当前 contextkubectx-u# 取消当前 context七、集群销毁与重建7.1 删除所有节点kubectl drain worker31.tz.cloud --ignore-daemonsets--forcekubectl drain worker32.tz.cloud --ignore-daemonsets--forcekubectl deletenodeworker31.tz.cloud worker32.tz.cloud在 worker 节点上执行kubeadm reset-f7.2 删除 masterkubectl deletenodemaster30.tz.cloud kubeadm reset-frm-rf.kube/7.3 重建集群可使用之前保存的kubeadm.yml来自kubectl get cm kubeadm-config -n kube-system -o yaml清理后或直接运行kubeadm init命令然后重复部署网络和加入节点步骤。八、常见问题与避坑指南问题解决方案kubectl get nodes显示 NotReady检查网络插件是否部署成功Calico 镜像拉取失败可手动拉取kubeadm init拉取镜像超时更换镜像仓库--image-repository或配置代理节点加入失败token 过期在 master 重新生成 tokenkubeadm token create --print-join-commandnerdctl pull慢检查/etc/containerd/certs.d加速配置是否正确K8s 无法识别镜像确保 nerdctl 默认命名空间为k8s.io见 3.6 节删除 namespace 卡住检查是否有 finalizer可kubectl patch ns ns -p {metadata:{finalizers:[]}} --typemerge忘记admin.conf密码可直接从/etc/kubernetes/admin.conf复制或重新生成证书总结本文详细记录了从 Ubuntu 24.04 系统初始化到部署 Kubernetes 1.30 集群的全过程包括系统基础优化与内核参数调整containerd 安装与镜像加速CRI 和 nerdctl 双配置kubeadm 初始化集群与 Calico 网络插件部署节点管理、命名空间切换和多集群 context 管理通过这篇实战指南你不仅能够搭建一个生产可用的 K8s 集群还能掌握日常运维的常用命令和排错思路。后续可继续探索存储卷PV/PVC、负载均衡Service/Ingress、自动伸缩HPA等高级主题。如果觉得有用欢迎收藏、评论也欢迎关注我的 CSDN后续会带来更多云原生干货本文所有命令均经过实测基于 Kubernetes v1.30.2 containerd 1.7.20如有版本差异请适当调整。
从零搭建 Kubernetes 1.30 集群:基于 kubeadm 的完整部署与集群管理指南
发布时间:2026/6/24 2:19:56
从零搭建 Kubernetes 1.30 集群基于 kubeadm 的完整部署与集群管理指南手把手教你用 kubeadm 部署生产级 K8s 集群并掌握节点管理、命名空间与多集群切换写在前面Kubernetes 作为容器编排的事实标准已经成为云原生时代的必备技能。本文基于Ubuntu 24.04和Kubernetes 1.30.2使用官方推荐的kubeadm工具从虚拟机模板准备到集群部署、网络插件安装再到节点管理、命名空间与多集群切换一条龙带你入门 K8s 运维。如果你是准备 CKA/CKAD 考试的考生想在生产环境自建集群的运维工程师刚接触 K8s 的开发者这篇文章将是你绝佳的实战手册。一、环境准备1.1 节点规划节点名称IP角色master30.tz.cloud10.1.8.30masterworker31.tz.cloud10.1.8.31workerworker32.tz.cloud10.1.8.32worker1.2 硬件与软件VMware Workstation 17Ubuntu 24.04 LTS最小化安装Kubernetes 1.30.2containerd.io 1.7.20nerdctl 1.7.7Calico 网络插件 v3.30.7虚拟机配置2 CPU、4GB 内存、100GB 硬盘NAT 网络。二、基础系统配置模板机为了后续克隆节点方便我们先准备一台干净的模板机完成所有通用配置。2.1 安装与分区安装 Ubuntu 24.04 时断开网络以避免自动更新拖慢安装。分区建议/boot2GB/剩余全部90GB不创建 swap。2.2 配置软件源使用华为云镜像加速cat/etc/apt/sources.list.d/ubuntu.sourcesEOF Types: deb URIs: http://mirrors.huaweicloud.com/ubuntu/ Suites: noble noble-updates noble-backports Components: main restricted universe multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg EOF添加 containerd 官方源用于安装 containerd.iocurl-fsSLhttps://mirrors.huaweicloud.com/docker-ce/linux/ubuntu/gpg|gpg--dearmour-o/etc/apt/trusted.gpg.d/containerd.gpgechodeb [archamd64] https://mirrors.huaweicloud.com/docker-ce/linux/ubuntu noble stable/etc/apt/sources.list.d/docker-ce.list添加 Kubernetes 1.30 源阿里云curl-fsSLhttps://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/Release.key|gpg--dearmor-o/etc/apt/keyrings/kubernetes-apt-keyring.gpgechodeb [signed-by/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.30/deb/ //etc/apt/sources.list.d/kubernetes.list2.3 安装基础软件包aptupdateaptinstall-yvimlrzsz bash-completion open-vm-tools apt-transport-https sshpass2.4 配置静态 IP以 master 为例mkdir/etc/netplan/originmv/etc/netplan/*yaml /etc/netplan/origincat/etc/netplan/00-static.yamlEOF network: ethernets: ens33: dhcp4: no addresses: - 10.1.8.30/24 routes: - to: default via: 10.1.8.2 nameservers: addresses: - 10.1.8.2 - 223.5.5.5 version: 2 EOFchmod600/etc/netplan/00-static.yaml netplan apply2.5 配置主机名解析catEOF/etc/hosts###### kubernetes ##### 10.1.8.30 master30.tz.cloud master30 10.1.8.31 worker31.tz.cloud worker31 10.1.8.32 worker32.tz.cloud worker32 EOF2.6 关闭 swapswapoff-ased-i/^.*swap/d/etc/fstabrm-f/swap.img2.7 配置时间同步aptinstall-ychrony systemctlenablechrony--nowtimedatectl set-timezone Asia/Shanghai2.8 SSH 优化与免密echoUseDNS no/etc/ssh/sshd_configechoStrictHostKeyChecking no/etc/ssh/ssh_config ssh-keygen-N-f~/.ssh/id_rsa-trsa sshpass-ppassword ssh-copy-id rootlocalhost# 替换为实际密码2.9 加载内核模块IPVS 网络aptinstall-yiptables ipvsadm ipset conntrack# 临时加载modprobe overlay br_netfilter modprobe ip_vs ip_vs_rr ip_vs_wrr ip_vs_lc ip_vs_sh nf_conntrack# 永久生效cat/etc/modules-load.d/k8s-net.confEOF br_netfilter overlay ip_vs ip_vs_rr ip_vs_wrr ip_vs_lc ip_vs_sh nf_conntrack EOF2.10 配置内核参数cat/etc/sysctl.d/k8s.confEOF net.bridge.bridge-nf-call-iptables1 net.bridge.bridge-nf-call-ip6tables1 net.ipv4.ip_forward1 vm.swappiness0 EOFsysctl-p/etc/sysctl.d/k8s.conf三、安装 containerd 与客户端工具3.1 安装 containerd.ioaptinstall-ycontainerd.io1.7.20-1 cri-tools crictl config runtime-endpoint unix:///var/run/containerd/containerd.sock生成默认配置并修改containerd config default/etc/containerd/config.tomlsed-is/SystemdCgroup false/SystemdCgroup true//etc/containerd/config.tomlsed-is|sandbox_image .*|sandbox_image registry.k8s.io/pause:3.9|/etc/containerd/config.toml3.2 配置镜像加速CRI 方式编辑/etc/containerd/config.toml在[plugins.io.containerd.grpc.v1.cri.registry.mirrors]下添加[plugins.io.containerd.grpc.v1.cri.registry.mirrors.docker.io] endpoint [https://docker.m.daocloud.io,https://docker.1ms.run,https://docker.xuanyuan.me] [plugins.io.containerd.grpc.v1.cri.registry.mirrors.registry.k8s.io] endpoint [https://k8s.m.daocloud.io,https://registry.cn-hangzhou.aliyuncs.com/google_containers]重启 containerdsystemctl restart containerd3.3 安装 nerdctl 和 CNI 插件wgethttp://192.168.46.100/01.softwares/03.stage-3/nerdctl-1.7.7-linux-amd64.tar.gztar-xfnerdctl-1.7.7-linux-amd64.tar.gz-C/usr/bin/wgethttp://192.168.46.100/01.softwares/03.stage-3/cni-plugins-linux-amd64-v1.6.0.tgzmkdir-p/opt/cni/bintar-xfcni-plugins-linux-amd64-v1.6.0.tgz-C/opt/cni/bin3.4 配置 nerdctl 镜像加速原生 APInerdctl 不读取 CRI 的mirrors需单独配置certs.dmkdir-p/etc/containerd/certs.d/docker.iocat/etc/containerd/certs.d/docker.io/hosts.tomlEOF server https://registry-1.docker.io [host.https://09def58152000fc00ff0c00057bad7e0.mirror.swr.myhuaweicloud.com] capabilities [pull, resolve] EOFmkdir-p/etc/containerd/certs.d/registry.k8s.iocat/etc/containerd/certs.d/registry.k8s.io/hosts.tomlEOF server https://registry.k8s.io [host.https://k8s.m.daocloud.io] capabilities [pull, resolve] [host.https://k8s.mirrorify.net] capabilities [pull, resolve] [host.https://registry.cn-hangzhou.aliyuncs.com/google_containers] capabilities [pull, resolve] override_path true EOF3.5 安装 kubeadm、kubelet、kubectlaptinstall-ykubeadm1.30.2-1.1kubelet1.30.2-1.1kubectl1.30.2-1.1 systemctlenablekubelet--now3.6 配置命令补全mkdir-p/etc/bash_completion.d crictl completionbash/etc/bash_completion.d/crictl nerdctl completionbash/etc/bash_completion.d/nerdctlechoexport CONTAINERD_NAMESPACEk8s.io/etc/bash_completion.d/nerdctl kubectl completionbash/etc/bash_completion.d/kubectl kubeadm completionbash/etc/bash_completion.d/kubeadmsource/etc/bash_completion.d/*关键点CONTAINERD_NAMESPACEk8s.io确保 nerdctl 默认操作 k8s 使用的命名空间否则 kubelet 无法识别镜像。四、克隆节点与配置网络关闭模板机使用完全克隆创建三个节点。分别启动后修改主机名和 IP 地址以 worker31 为例hostnamectl set-hostname worker31.tz.cloudcat/etc/netplan/00-static.yamlEOF network: ethernets: ens33: dhcp4: no addresses: - 10.1.8.31/24 routes: - to: default via: 10.1.8.2 nameservers: addresses: - 10.1.8.2 - 223.5.5.5 version: 2 EOFnetplan apply确保所有节点的/etc/hosts都包含三台机器的解析记录。五、部署 Kubernetes 集群5.1 预拉取镜像master 节点kubeadm config images pull --kubernetes-versionv1.30.2worker 节点只需拉取kube-proxy和pausenerdctl pull registry.k8s.io/kube-proxy:v1.30.2 nerdctl pull registry.k8s.io/pause:3.95.2 初始化 masterkubeadm init --kubernetes-versionv1.30.2 --pod-network-cidr10.224.0.0/16如果拉取镜像慢可加--image-repository registry.aliyuncs.com/google_containers使用阿里云镜像。初始化成功后会输出类似下面的 join 命令务必保存kubeadm join 10.1.8.30:6443 --token token --discovery-token-ca-cert-hash sha256:hash5.3 配置 kubectl 凭据mkdir-p$HOME/.kubecp-i/etc/kubernetes/admin.conf$HOME/.kube/configchown$(id-u):$(id-g)$HOME/.kube/config5.4 安装 Calico 网络插件wget--no-check-certificate https://raw.githubusercontent.com/projectcalico/calico/v3.30.7/manifests/calico.yaml修改calico.yaml将CALICO_IPV4POOL_CIDR改为与初始化时一致的网段10.224.0.0/16sed-is|# - name: CALICO_IPV4POOL_CIDR|- name: CALICO_IPV4POOL_CIDR|gcalico.yamlsed-is|# value:\192.*| value:\10.224.0.0/16\|gcalico.yaml所有节点提前下载 Calico 镜像nerdctl pull docker.io/calico/cni:v3.30.7 nerdctl pull docker.io/calico/node:v3.30.7 nerdctl pull docker.io/calico/kube-controllers:v3.30.7部署kubectl apply-fcalico.yaml5.5 加入 worker 节点在 worker31 和 worker32 上执行上面保存的 join 命令。如果忘记 token可在 master 上重新生成kubeadm token create --print-join-command5.6 验证集群kubectl get nodes kubectl get pods-A所有节点状态应为Ready所有系统 Pod 为Running。六、集群管理进阶6.1 节点管理查看节点详情kubectl describenodeworker31.tz.cloud维护节点驱逐 Podkubectl drain worker31.tz.cloud --ignore-daemonsets删除节点kubectl deletenodeworker31.tz.cloud在被删除的节点上执行重置kubeadm reset-f恢复节点重新加入节点重置后重新执行 join 命令即可。6.2 命名空间NamespaceNamespace 用于逻辑隔离资源。Kubernetes 默认有四个default默认命名空间kube-system系统组件kube-public公共可读kube-node-lease节点心跳创建 Namespacekubectl create ns laoma或使用 YAMLapiVersion:v1kind:Namespacemetadata:name:laomakubectl apply-fns-laoma.yaml在指定命名空间操作资源kubectl run nginx--imagenginx-nlaoma kubectl get pods-nlaoma删除 Namespace会级联删除其中所有资源kubectl delete ns laoma6.3 切换默认命名空间使用 kubectl 命令kubectl config set-context--current--namespacelaoma kubectl config get-contexts# 查看当前上下文使用 kubens 工具更便捷安装wgethttps://codeload.github.com/ahmetb/kubectx/zip/refs/heads/master-Okubectx.zipunzipkubectx.zipcpkubectx-master/kubens /usr/local/bin/chmodx /usr/local/bin/kubenscpkubectx-master/completion/kubens.bash /etc/bash_completion.d/source/etc/bash_completion.d/kubens.bash使用kubens# 列出所有命名空间kubens kube-system# 切换到 kube-systemkubens -# 切换到上一个6.4 多集群切换Context当你有多个 K8s 集群时可以通过~/.kube/config定义多个 context。查看当前配置kubectl config view kubectl config get-contexts kubectl config get-clusters切换 contextkubectl config use-contextcontext-name使用 kubectx 工具安装与 kubens 同包cpkubectx-master/kubectx /usr/local/bin/chmodx /usr/local/bin/kubectxcpkubectx-master/completion/kubectx.bash /etc/bash_completion.d/使用kubectx# 列出所有 contextkubectxname# 切换kubectx-c# 显示当前 contextkubectx-u# 取消当前 context七、集群销毁与重建7.1 删除所有节点kubectl drain worker31.tz.cloud --ignore-daemonsets--forcekubectl drain worker32.tz.cloud --ignore-daemonsets--forcekubectl deletenodeworker31.tz.cloud worker32.tz.cloud在 worker 节点上执行kubeadm reset-f7.2 删除 masterkubectl deletenodemaster30.tz.cloud kubeadm reset-frm-rf.kube/7.3 重建集群可使用之前保存的kubeadm.yml来自kubectl get cm kubeadm-config -n kube-system -o yaml清理后或直接运行kubeadm init命令然后重复部署网络和加入节点步骤。八、常见问题与避坑指南问题解决方案kubectl get nodes显示 NotReady检查网络插件是否部署成功Calico 镜像拉取失败可手动拉取kubeadm init拉取镜像超时更换镜像仓库--image-repository或配置代理节点加入失败token 过期在 master 重新生成 tokenkubeadm token create --print-join-commandnerdctl pull慢检查/etc/containerd/certs.d加速配置是否正确K8s 无法识别镜像确保 nerdctl 默认命名空间为k8s.io见 3.6 节删除 namespace 卡住检查是否有 finalizer可kubectl patch ns ns -p {metadata:{finalizers:[]}} --typemerge忘记admin.conf密码可直接从/etc/kubernetes/admin.conf复制或重新生成证书总结本文详细记录了从 Ubuntu 24.04 系统初始化到部署 Kubernetes 1.30 集群的全过程包括系统基础优化与内核参数调整containerd 安装与镜像加速CRI 和 nerdctl 双配置kubeadm 初始化集群与 Calico 网络插件部署节点管理、命名空间切换和多集群 context 管理通过这篇实战指南你不仅能够搭建一个生产可用的 K8s 集群还能掌握日常运维的常用命令和排错思路。后续可继续探索存储卷PV/PVC、负载均衡Service/Ingress、自动伸缩HPA等高级主题。如果觉得有用欢迎收藏、评论也欢迎关注我的 CSDN后续会带来更多云原生干货本文所有命令均经过实测基于 Kubernetes v1.30.2 containerd 1.7.20如有版本差异请适当调整。
)
:仅3款工具通过L4级工程就绪认证,第7名意外逆袭!)
及其对数据平台架构的影响)
