以下是优化Debian上K8s安装的关键步骤,涵盖系统准备、性能调优及安全配置:
硬件与内核配置
sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
sudo tee /etc/modules-load.d/containerd.conf <<EOF
overlay br_netfilter
EOF
sudo tee /etc/sysctl.d/99-kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
EOF
sudo sysctl --system
容器运行时安装
sudo apt update && sudo apt install -y containerd
sudo containerd config default | sudo tee /etc/containerd/config.toml
sudo sed -i 's/SystemdCgroup false/SystemdCgroup true/' /etc/containerd/config.toml
sudo systemctl restart containerd
添加官方源并安装核心组件
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt update
sudo apt install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl # 锁定版本避免自动更新
初始化集群与网络插件
sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=<主节点IP>
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
资源管理与调度
存储优化
安全增强
kubectl top和kubectl describe命令持续监控节点和Pod性能。