2026年VPS Kubernetes部署完全指南:15个关键步骤掌握容器编排
引言
在2026年,Kubernetes(K8s)已成为容器编排的事实标准。虽然在单个VPS上运行完整的Kubernetes集群可能资源紧张,但多台VPS组成的集群能提供强大的容器管理能力。本文将系统性地介绍在VPS环境下部署Kubernetes的15个关键步骤。
Kubernetes核心概念
Kubernetes架构
Master节点组件:
- API Server(kube-apiserver):集群管理入口
- 调度器(kube-scheduler):Pod调度
- 控制器管理器(kube-controller-manager):维护集群状态
- etcd:分布式键值存储
Worker节点组件:
- Kubelet:节点代理,管理Pod
- Kube-proxy:网络代理,服务发现
- 容器运行时(containerd/docker):运行容器
单节点 vs 多节点集群
| 部署模式 | 优点 | 缺点 | 适用场景 |
|---|---|---|---|
| 单Master+单Worker | 简单、资源占用少 | 单点故障 | 测试、学习 |
| 多Master+多Worker | 高可用、无单点故障 | 复杂、资源占用多 | 生产环境 |
| 单节点(All-in-One) | 最简单 | 不适用生产 | 开发、测试 |
准备VPS环境
系统要求和准备
最低配置(单节点):
- CPU:2核
- 内存:4GB
- 磁盘:40GB SSD
- 操作系统:Ubuntu 22.04 LTS / CentOS 9 Stream
推荐配置(多节点):
- Master节点:4核CPU,8GB内存,100GB SSD
- Worker节点:4核CPU,8GB内存,200GB SSD
系统初始化
# 1. 设置主机名
sudo hostnamectl set-hostname k8s-master
# 2. 配置hosts文件
echo "192.168.1.10 k8s-master" | sudo tee -a /etc/hosts
echo "192.168.1.11 k8s-worker1" | sudo tee -a /etc/hosts
# 3. 禁用swap(Kubernetes要求)
sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
# 4. 加载内核模块
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# 5. 设置内核参数
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
安装容器运行时
安装containerd
# 安装containerd
sudo apt update
sudo apt install containerd -y
# 生成默认配置
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
# 修改配置(启用SystemdCgroup)
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
# 重启服务
sudo systemctl restart containerd
sudo systemctl enable containerd
安装Docker(可选)
# 添加Docker仓库
sudo apt update
sudo apt install ca-certificates curl gnupg lsb-release -y
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# 安装Docker
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
# 配置Docker使用systemd作为cgroup驱动
sudo mkdir -p /etc/docker
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
sudo systemctl enable docker
sudo systemctl daemon-reload
sudo systemctl restart docker
安装Kubernetes组件
添加Kubernetes仓库
# Ubuntu/Debian
sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list
# CentOS/RHEL
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
安装kubeadm、kubelet和kubectl
# Ubuntu/Debian
sudo apt update
sudo apt install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
# CentOS/RHEL
sudo dnf install -y kubelet kubeadm kubectl
sudo systemctl enable kubelet
初始化Master节点
使用kubeadm初始化
# 初始化Master节点(使用Flannel网络)
sudo kubeadm init \
--pod-network-cidr=10.244.0.0/16 \
--upload-certs
# 初始化Master节点(使用Calico网络)
sudo kubeadm init \
--pod-network-cidr=192.168.0.0/16 \
--upload-certs
# 记录输出中的kubeadm join命令,用于添加Worker节点
配置kubectl
# 为root用户配置kubectl
mkdir -p $HOME/.kube
sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 为普通用户配置kubectl
mkdir -p $HOME/.kube
sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $USER:$USER $HOME/.kube/config
# 验证集群状态
kubectl get nodes
安装网络插件
安装Flannel
# 安装Flannel网络插件
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/v0.24.0/Documentation/kube-flannel.yml
# 验证Flannel Pod运行状态
kubectl get pods -n kube-system -l app=flannel
安装Calico
# 安装Calico网络插件
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.0/manifests/tigera-operator.yaml
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.0/manifests/custom-resources.yaml
# 验证Calico Pod运行状态
kubectl get pods -n calico-system
网络插件对比:
| 插件 | 优点 | 缺点 | 适用场景 |
|---|---|---|---|
| Flannel | 简单、易用 | 功能较少 | 小规模集群 |
| Calico | 功能强大、性能好 | 配置复杂 | 生产环境 |
| Weave Net | 无需配置 | 性能一般 | 快速部署 |
| Cilium | 基于eBPF、性能极佳 | 较新、文档少 | 高级用户 |
添加Worker节点
在Master节点获取加入命令
# 重新生成加入命令(如果之前的失效)
sudo kubeadm token create --print-join-command
# 输出示例:
# kubeadm join 192.168.1.10:6443 --token abcdef.1234567890abcdef \
# --discovery-token-ca-cert-hash sha256:1234567890abcdef...
在Worker节点执行加入命令
# 在Worker节点上执行Master节点生成的命令
sudo kubeadm join 192.168.1.10:6443 --token abcdef.1234567890abcdef \
--discovery-token-ca-cert-hash sha256:1234567890abcdef...
# 返回Master节点验证
kubectl get nodes
部署示例应用
创建Nginx部署
# nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.25-alpine
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
暴露服务
# nginx-service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
部署和验证
# 部署应用
kubectl apply -f nginx-deployment.yaml
kubectl apply -f nginx-service.yaml
# 查看部署状态
kubectl get deployments
kubectl get pods
kubectl get services
# 查看Pod日志
kubectl logs -l app=nginx
# 进入Pod调试
kubectl exec -it <pod-name> -- /bin/bash
配置存储
创建持久卷(PV)和持久卷声明(PVC)
# pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-volume
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: manual
hostPath:
path: "/mnt/data"
# pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pv-claim
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
使用StorageClass(动态供给)
# storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
provisioner: k8s.io/minikube-hostpath
reclaimPolicy: Delete
volumeBindingMode: Immediate
配置Ingress
安装Nginx Ingress Controller
# 安装Nginx Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml
# 验证安装
kubectl get pods -n ingress-nginx
创建Ingress资源
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
配置Dashboard
部署Kubernetes Dashboard
# 部署Dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
# 创建管理员用户
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
# 获取登录Token
kubectl -n kubernetes-dashboard create token admin-user
# 启动代理
kubectl proxy
访问Dashboard:http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
安全配置
配置RBAC(基于角色的访问控制)
# rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-pods
namespace: default
subjects:
- kind: User
name: jane
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io
配置Pod安全策略
# pod-security-policy.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
spec:
privileged: false
runAsUser:
rule: MustRunAsNonRoot
seLinux:
rule: RunAsAny
fsGroup:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- emptyDir
- secret
监控和日志
部署Prometheus和Grafana
# 添加Prometheus Helm仓库
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
# 安装Prometheus
helm install prometheus prometheus-community/kube-prometheus-stack
# 访问Grafana
kubectl port-forward -n default svc/prometheus-grafana 3000:80
# 默认用户名/密码:admin/prom-operator
查看集群日志
# 查看Pod日志
kubectl logs <pod-name>
# 查看前序容器日志
kubectl logs <pod-name> -c <container-name>
# 实时跟踪日志
kubectl logs -f <pod-name>
# 查看事件
kubectl get events --sort-by='.lastTimestamp'
备份和恢复
备份etcd
# 备份etcd快照
sudo ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-snapshot.db \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key
# 验证快照
sudo ETCDCTL_API=3 etcdctl --write-out=table snapshot status /backup/etcd-snapshot.db
恢复etcd
# 停止kube-apiserver和etcd
sudo systemctl stop kubelet
sudo systemctl stop etcd
# 恢复快照
sudo ETCDCTL_API=3 etcdctl snapshot restore /backup/etcd-snapshot.db \
--name=etcd-0 \
--initial-cluster=etcd-0=https://127.0.0.1:2380 \
--initial-cluster-token=etcd-cluster-1 \
--initial-advertise-peer-urls=https://127.0.0.1:2380 \
--data-dir=/var/lib/etcd
# 重启服务
sudo systemctl start etcd
sudo systemctl start kubelet
常见问题排查
节点状态为NotReady
排查步骤:
# 1. 查看节点详细信息
kubectl describe node <node-name>
# 2. 检查kubelet状态
sudo systemctl status kubelet
# 3. 查看kubelet日志
sudo journalctl -u kubelet -f
# 4. 检查网络插件
kubectl get pods -n kube-system
Pod状态为CrashLoopBackOff
排查步骤:
# 1. 查看Pod详细信息
kubectl describe pod <pod-name>
# 2. 查看Pod日志
kubectl logs <pod-name> --previous
# 3. 检查资源限制
kubectl get pod <pod-name> -o yaml | grep resources -A 5
# 4. 检查镜像拉取
kubectl describe pod <pod-name> | grep -A 5 Events
总结
2026年VPS环境下部署Kubernetes集群需要掌握以下15个关键步骤:
- 环境准备 - 配置VPS满足K8s requirements
- 容器运行时 - 安装containerd或Docker
- 安装K8s组件 - 安装kubeadm、kubelet、kubectl
- 初始化Master - 使用kubeadm init初始化
- 安装网络插件 - 选择并安装CNI插件
- 添加Worker节点 - 使用kubeadm join添加节点
- 部署应用 - 使用Deployment和Service
- 配置存储 - 创建PV/PVC或StorageClass
- 配置Ingress - 安装Ingress Controller
- 配置Dashboard - 部署Web管理界面
- 安全配置 - 配置RBAC和Pod安全策略
- 监控日志 - 部署Prometheus/Grafana
- 备份恢复 - 备份etcd和数据
- 升级集群 - 规划并执行版本升级
- 故障排查 - 掌握常见问题的排查方法
虽然在VPS上运行Kubernetes有一定挑战,但通过合理的规划和配置,您可以建立功能强大的容器编排平台。
相关文章推荐
- 2026年VPS Docker Compose完全指南 - 轻量级容器编排
- 2026年VPS安全配置完全指南 - 保护K8s集群安全
- 2026年VPS优化Nginx完全指南 - 优化Ingress性能
- 2026年VPS备份策略:数据安全完整方案 - 备份K8s集群数据
- 2026年VPS故障排查完全指南 - 解决K8s常见问题
本文作者: SEO优化团队
最后更新: 2026年5月28日
版权声明: 本文为 www.shenma98.com 原创文章,转载请注明出处。
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
评论(0)