目标环境:Ubuntu 20.04 | 3 Master + 2 Worker | keepalived + haproxy VIP(推荐,此处未写) | 容器运行时 containerd
1 节点规划(企业级 IP 分配)
| 主机名 |
物理 IP |
角色 |
组件 |
| k8s-m1 |
10.10.50.11/24 |
Master-1 |
kube-apiserver, etcd, controller-manager, scheduler |
| k8s-m2 |
10.10.50.12/24 |
Master-2 |
同上 |
| k8s-m3 |
10.10.50.13/24 |
Master-3 |
同上 |
| k8s-n1 |
10.10.50.21/24 |
Worker-1 |
kubelet, containerd |
| k8s-n2 |
10.10.50.22/24 |
Worker-2 |
同上 |
| VIP |
10.10.50.30/24 |
浮动 IP |
keepalived 漂移地址,供 HAProxy 监听 |
企业网络策略确认:
- DHCP 已排除
10.10.50.11-13, .21-22, .30
- 防火墙白名单放行所有节点间端口
- 重点:VIP 的 MAC 地址将使用 VRRP 虚拟 MAC,需管理员绑定该 MAC 到交换机端口
2️ 所有节点基础配置
1
2
3
4
5
6
7
8
9
10
11
12
13
|
sudo apt update && sudo apt upgrade -y
sudo apt install -y \
apt-transport-https ca-certificates curl gnupg lsb-release chrony net-tools vim
sudo swapoff -a
sudo sed -i '/ swap / s/^/#/' /etc/fstab
sudo ufw disable || true
sudo sed -i '/^pool\|^server/c\server ntp.aliyun.com iburst' /etc/chrony/chrony.conf
sudo systemctl enable --now chronyd
|
1
2
3
4
5
6
7
8
| sealos run registry.cn-shanghai.aliyuncs.com/labring/kubernetes:v1.29.9 \
registry.cn-shanghai.aliyuncs.com/labring/helm:v3.9.4 \
registry.cn-shanghai.aliyuncs.com/labring/cilium:v1.13.4 \
--masters 172.18.51.112,172.18.51.137,172.18.51.173 \
--nodes 172.18.51.51,172.18.51.28
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
|
