企业官网建设流程全解析

一、环境准备

1.1 虚拟机配置

表格

节点 IP 配置

k8s-master1 192.168.245.8 1C4G

k8s-worker1 192.168.245.9 1C2G

k8s-worker2 192.168.245.10 1C2G

1.2 安装 Anolis OS 8.10

下载：AnolisOS-8.10-x86_64-minimal.iso

VMware 选择：CentOS 8 64位

安装时选择 ANCK 内核（不要选 RHCK）

二、基础配置（所有节点执行）

2.1 修改主机名和 hosts

bash

# 根据节点修改

# 所有节点执行cat >> /etc/hosts <<EOF

192.168.245.8 k8s-master1

192.168.245.9 k8s-worker1

192.168.245.10 k8s-worker2

EOF

2.2 切换到 cgroup v2（必须）

bash

grubby --update-kernel=DEFAULT --args="systemd.unified_cgroup_hierarchy=1"

grub2-mkconfig -o /boot/grub2/grub.cfgreboot

重启后验证：

bash

stat -fc %T /sys/fs/cgroup# 输出: cgroup2fs

三、环境初始化脚本（所有节点执行）

保存为 init-env.sh：

bash

#!/bin/bash

set -e

echo "[1/6] 禁用 SWAP"sed -i '/swap/d' /etc/fstab

swapoff -a || true

echo "[2/6] 配置 SELinux"if getenforce 2>/dev/null | grep -q "Enforcing"; then

setenforce 0fised -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/configsed -i 's/^SELINUX=disabled/SELINUX=permissive/' /etc/selinux/config

echo "[3/6] 停止防火墙"

systemctl stop firewalld || true

systemctl disable firewalld || true

echo "[4/6] 加载内核模块"cat > /etc/modules-load.d/k8s.conf <<EOF

overlay

br_netfilter

EOF

modprobe overlay

modprobe br_netfilter

echo "[5/6] 配置内核参数"cat > /etc/sysctl.d/k8s.conf <<EOF

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

net.ipv4.ip_forward = 1

EOFsysctl --system

echo "[6/6] 安装 Containerd（阿里云源）"cat > /etc/yum.repos.d/docker-ce.repo <<'EOF'

[docker-ce-stable]

name=Docker CE Stable - $basearch

baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable

enabled=1

gpgcheck=1

gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

EOF

dnf install -y -q containerd.io

# 配置 containerd（关键：sandbox_image 指向阿里云）

containerd config default > /etc/containerd/config.tomlsed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.tomlsed -i 's|sandbox_image = "registry.k8s.io/pause:.*"|sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"|' /etc/containerd/config.toml

systemctl restart containerd

systemctl enable containerd

echo "环境初始化完成"

执行：

bash

chmod +x init-env.shbash init-env.sh

四、Master 节点部署

4.1 安装 K8s 组件

bash

cat > /etc/yum.repos.d/kubernetes.repo <<EOF

[kubernetes]

name=Kubernetes

baseurl=https://pkgs.k8s.io/core:/stable:/v1.35/rpm/

enabled=1

gpgcheck=1

gpgkey=https://pkgs.k8s.io/core:/stable:/v1.35/rpm/repodata/repomd.xml.key

exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni

EOF

dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

systemctl enable kubelet

4.2 初始化集群（阿里云镜像）

bash

kubeadm init \

--pod-network-cidr=10.244.0.0/16 \

--cri-socket unix:///run/containerd/containerd.sock \

--image-repository=registry.aliyuncs.com/google_containers

4.3 配置 kubectl

bash

mkdir -p $HOME/.kubecp -i /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/configecho 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> ~/.bashrc

4.4 安装 Flannel 网络

bash

# 下载 Flannel YAML（DaoCloud 代理）curl -L -o kube-flannel.yml https://m.daocloud.io/github.com/flannel-io/flannel/raw/master/Documentation/kube-flannel.yml

# 安装

kubectl apply -f kube-flannel.yml

4.5 获取 Worker 加入命令

bash

kubeadm token create --print-join-command

复制输出，等下在 Worker 上执行。

五、Worker 节点部署

5.1 安装 K8s 组件（不需要 kubectl）

bash

# 使用同样的仓库cat > /etc/yum.repos.d/kubernetes.repo <<EOF

[kubernetes]

name=Kubernetes

baseurl=https://pkgs.k8s.io/core:/stable:/v1.35/rpm/

enabled=1

gpgcheck=1

gpgkey=https://pkgs.k8s.io/core:/stable:/v1.35/rpm/repodata/repomd.xml.key

exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni

EOF

dnf install -y kubelet kubeadm --disableexcludes=kubernetes

systemctl enable kubelet

5.2 预拉取 Worker 所需镜像

bash

# Flannel 镜像

ctr -n k8s.io images pull m.daocloud.io/ghcr.io/flannel-io/flannel:v0.28.4

ctr -n k8s.io images pull m.daocloud.io/ghcr.io/flannel-io/flannel-cni-plugin:v1.9.1-flannel1

ctr -n k8s.io images tag m.daocloud.io/ghcr.io/flannel-io/flannel:v0.28.4 ghcr.io/flannel-io/flannel:v0.28.4

ctr -n k8s.io images tag m.daocloud.io/ghcr.io/flannel-io/flannel-cni-plugin:v1.9.1-flannel1 ghcr.io/flannel-io/flannel-cni-plugin:v1.9.1-flannel1

# kube-proxy 镜像

ctr -n k8s.io images pull registry.aliyuncs.com/google_containers/kube-proxy:v1.35.5

ctr -n k8s.io images tag registry.aliyuncs.com/google_containers/kube-proxy:v1.35.5 registry.k8s.io/kube-proxy:v1.35.5

5.3 加入集群

bash

# 执行 Master 上复制的命令

kubeadm join 192.168.245.8:6443 --token xxx \

--discovery-token-ca-cert-hash sha256:xxx \

--cri-socket unix:///run/containerd/containerd.sock

六、验证集群

在 Master 上执行：

bash

# 查看节点

kubectl get nodes

# 查看所有系统 Pod

kubectl get pods -n kube-system

kubectl get pods -n kube-flannel

# 部署测试应用

kubectl create deployment nginx --image=nginx --replicas=3

kubectl get pods -o wide

七、可选：SSH 免密配置（多节点管理）

在 Master 上执行：

bash

ssh-keygen -t rsa -b 4096 -N ""

for host in k8s-worker1 k8s-worker2; do

ssh-copy-id root@${host}done