Debian系统中Kubernetes部署的网络配置指南

Pre-Installation Checks

• Set Hostnames and Update /etc/hosts: On each node, set a unique hostname (e.g., k8s-master01, k8s-worker01) using sudo hostnamectl set-hostname. Add entries to /etc/hosts mapping IPs to hostnames (e.g., 192.168.1.20 k8s-master01), ensuring name resolution works across the cluster.
• Disable Swap Partition: Kubernetes requires swap to be disabled for proper kubelet operation. Run sudo swapoff -a to disable swap temporarily, then edit /etc/fstab to comment out or remove the swap line. Use sudo swapon --show to verify swap is off.

Install Container Runtime

• Install containerd: containerd is the recommended runtime for Kubernetes. On all nodes, run:

  sudo apt update
  sudo apt install -y containerd
  

  Configure containerd to use required kernel modules by creating /etc/modules-load.d/containerd.conf with:

  overlay
  br_netfilter
  

  Load the modules immediately with sudo modprobe overlay && sudo modprobe br_netfilter. Set up sysctl rules for bridging in /etc/sysctl.d/99-kubernetes-k8s.conf:

  net.bridge.bridge-nf-call-iptables = 1
  net.ipv4.ip_forward = 1
  

  Apply sysctl changes with sudo sysctl --system.

Install Kubernetes Components

• Add Kubernetes Repository: On all nodes, add the Kubernetes APT repository to install signed packages. Run:

  sudo apt update
  sudo apt install -y apt-transport-https curl
  curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
  echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
  sudo apt update
  

• Install kubeadm, kubelet, and kubectl: Install the core Kubernetes tools and hold them at the current version to prevent accidental upgrades:

  sudo apt install -y kubelet kubeadm kubectl
  sudo apt-mark hold kubelet kubeadm kubectl
  

Initialize Kubernetes Cluster

• Initialize Master Node: On the master node, run kubeadm init with critical parameters for networking. For example:

  sudo kubeadm init --apiserver-advertise-address=<MASTER_IP> --pod-network-cidr=10.244.0.0/16 --service-cidr=10.100.0.0/16 --image-repository registry.aliyuncs.com/google_containers
  

  Replace <MASTER_IP> with the master’s static IP. The --pod-network-cidr must match your chosen network plugin’s requirements (e.g., Flannel uses 10.244.0.0/16).
• Configure kubectl: After initialization, set up kubectl to communicate with the cluster:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
  

Deploy a Network Plugin

• Choose a Plugin: Popular plugins include Flannel (simple) and Calico (advanced features like network policies). Below are steps for both:
  • Flannel: Apply the Flannel manifest to set up overlay networking:

    kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
    

  • Calico: Download and apply the Calico manifest (adjust versions as needed):

    wget https://docs.projectcalico.org/v3.26.1/manifests/calico.yaml
    kubectl apply -f calico.yaml
    

  • Firewall Rules: Open required ports for your plugin. For Calico, allow BGP (179/tcp) and VXLAN (4789/udp):

    sudo ufw allow 179/tcp
    sudo ufw allow 4789/udp
    sudo ufw reload
    

Verify Network Configuration

• Check Pod Status: Ensure all network plugin pods are running in the kube-system namespace:

  kubectl get pods -n kube-system
  

  Look for Running status next to Flannel/Calico pods.
• Test Pod Connectivity: Create a test deployment and service to validate inter-pod communication:

  kubectl create deployment nginx-app --image=nginx --replicas=2
  kubectl expose deployment nginx-app --name=nginx-web-svc --type=NodePort --port=80 --target-port=80
  

  Get the NodePort assigned to the service (kubectl get svc nginx-web-svc) and access it from any node or external machine using <NODE_IP>:<NODE_PORT>.

Join Worker Nodes (Optional)

• Get Join Command: On the master node, run kubeadm token create --print-join-command to generate a command like:

  sudo kubeadm join <MASTER_IP>:6443 --token <TOKEN> --discovery-token-ca-cert-hash sha256:<HASH>
  

• Run on Worker Nodes: Execute the join command on each worker node to add them to the cluster. Verify worker nodes are Ready with kubectl get nodes.