ubantu20.10 搭建部署k8s v1.20.0集群步骤

一. 安装前准备工作：(所有节点操作)

安装条件：

1）Linux内核版本:3.0以上

     uname -r

2） 内核参数： net.ipv4.ip_forward IP转发开启：

    echo "net.ipv4.ip_forward = 1"  >> /etc/sysctl.conf 

    sysctl -p

3）关闭swap交换分区：

sudo swapoff -a

注释/etc/fstab中的swap

4） 所有节点时间一致：

 timedatectl status 保证NTP服务是active ，同步是yes。

如果没有同步时间,安装同步服务

apt install -y chrony

sudo systemctl enable chrony

5） 关闭服务器 休眠 功能：

sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

6） 开启IPTABLES支持bridge跟踪功能模块

sudo tee /etc/sysctl.d/k8s.conf <<'EOF'

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

EOF

7） 加载br_netfilter模块

sudo tee /etc/modules-load.d/modules.conf <<'EOF'

br_netfilter

EOF

modprobe br_netfilter

验证

lsmod |grep netfilter

br_netfilter           28672  0

bridge                176128  1 br_netfilter

8） 设置rp_filter的值

sudo cat /etc/sysctl.d/10-network-security.conf

net.ipv4.conf.default.rp_filter=1

net.ipv4.conf.all.rp_filter=1

二. 安装docker.io(所有节点操作)

1） 安装docker

sudo apt update

sudo apt install docker.io

启动服务：

 sudo systemctl enable docker

查看服务状态

 sudo systemctl status docker

2） 配置国内的docker 镜像源：阿里docker镜像源

sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<-'EOF'

{

"registry-mirrors": ["https://i1pfdcu7.mirror.aliyuncs.com"],

"insecure-registries": ["harbor.od.com"]

}

EOF

sudo systemctl daemon-reload

sudo systemctl restart docker

sudo systemctl status docker

三.部署k8s：（所有节点操作）

1）安装工具包：

sudo apt-get update && sudo apt-get install -y ca-certificates curl software-properties-common apt-transport-https

2）配置阿里的kubernetes仓库:

添加apt-key: gpg软件包校验

curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -

3）添加阿里k8s源：

sudo tee /etc/apt/sources.list.d/kubernetes.list <

deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main

EOF

sudo apt update

4）安装核心组件：

通过kubeadm方式部署：可以指定版本  eg：1.20.0

安装kubernetes软件：  kubeadm  kubelet kubectl

sudo apt -y install kubeadm=1.20.0-00 kubelet=1.20.0-00 kubectl=1.20.0-00

5）在master初始化 kubernetes :（只在master节点操作）

1）指定部署kubernetes版本: 1.20.0（和之前kubeadm  kubelet kubectl版本一致）

2)  kubernetes的docker image仓库地址： 阿里的加速站

3）pod-cidr网络：  10.244.0.0/16

4)  service-cidr网络： 10.1.0.0/16

sudo kubeadm init --kubernetes-version=1.20.0 \

--apiserver-advertise-address=masterip \

--image-repository registry.aliyuncs.com/google_containers \

--service-cidr=10.1.0.0/16 \

--pod-network-cidr=10.244.0.0/16

[init] Using Kubernetes version: v1.20.0

[preflight] Running pre-flight checks

[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/

[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.2. Latest validated version: 19.03

[preflight] Pulling images required for setting up a Kubernetes cluster

[preflight] This might take a minute or two, depending on the speed of your internet connection

[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'

[addons] Applied essential addon: CoreDNS

[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.19.100:6443 --token f1so77.it9hla15i42796xs \

--discovery-token-ca-cert-hash sha256:ada46a5fd862b041fd10550749a6c5cc155a519e6cba2d490f4010f2b96869d0

出现以上界面表示成功，按照提示在master节点只想如下命令：

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

ps：如果报错比如先查看kebulet服务报找不到node节点，执行

swapoff -a && kubeadm reset  && systemctl daemon-reload && systemctl restart kubelet  && iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X

6）添加节点：

kubeadm join 192.168.19.100:6443 --token f1so77.it9hla15i42796xs     --discovery-token-ca-cert-hash sha256:ada46a5fd862b041fd10550749a6c5cc155a519e6cba2d490f4010f2b96869d0

[preflight] Running pre-flight checks

[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/

[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.2. Latest validated version: 19.03

[preflight] Reading configuration from the cluster...

[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'

[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"

[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"

[kubelet-start] Starting the kubelet

[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:

* Certificate signing request was sent to apiserver and a response was received.

* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

出现以上界面表示成功，同理相继添加剩余节点

7）验证

在master节点上查看有k8s节点

kubectl get nodes

NAME     STATUS     ROLES                  AGE    VERSION

master   NotReady   control-plane,master   5m6s   v1.20.0

node1    NotReady                    111s   v1.20.0

node2    NotReady                    27s    v1.20.0

student@master:~$

问题 ： NotReady 没有连接网络， k8s 不通过docker0联网

四.安装k8s addons添加功能 网络：cailco

安装calico网络插件支持  网络策略： flannel 不建议使用 #  不支持  网络策略

#部署v3.11 

1）下载资源清单文件

wget https://docs.projectcalico.org/v3.11/manifests/calico.yaml

2）修改cailco.yml 配置pod-cidr网络 10.244.0.0/16

3）部署cailco网络组件：

kubectl create -f calico.yaml

4）验证

kubectl get pods --all-namespaces

看到cailco的pod为running

ps:如果calico 组件部署 running 比较慢 ，需要重启各个节点。

五.如若安装其他第三方组件(dashboard,metrics,prometheus,grafana等)按照cailco安装部署方式执行