ubantu20.10 搭建部署k8s v1.20.0集群步骤

一. 安装前准备工作:(所有节点操作)

安装条件:

1)Linux内核版本:3.0以上

     uname -r

2) 内核参数: net.ipv4.ip_forward IP转发开启:

    echo "net.ipv4.ip_forward = 1"  >> /etc/sysctl.conf 

    sysctl -p

3)关闭swap交换分区:

sudo swapoff -a

注释/etc/fstab中的swap

4) 所有节点时间一致:

 timedatectl status 保证NTP服务是active ,同步是yes。

如果没有同步时间,安装同步服务

apt install -y chrony

sudo systemctl enable chrony

5) 关闭服务器 休眠 功能:

sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

6) 开启IPTABLES支持bridge跟踪功能模块

sudo tee /etc/sysctl.d/k8s.conf <<'EOF'

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

EOF

7) 加载br_netfilter模块

sudo tee /etc/modules-load.d/modules.conf <<'EOF'

br_netfilter

EOF

modprobe br_netfilter

验证

lsmod |grep netfilter

br_netfilter           28672  0

bridge                176128  1 br_netfilter

8) 设置rp_filter的值

sudo cat /etc/sysctl.d/10-network-security.conf

net.ipv4.conf.default.rp_filter=1

net.ipv4.conf.all.rp_filter=1

二. 安装docker.io(所有节点操作)

1) 安装docker

sudo apt update

sudo apt install docker.io

启动服务:

 sudo systemctl enable docker

查看服务状态

 sudo systemctl status docker

2) 配置国内的docker 镜像源:阿里docker镜像源

sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<-'EOF'

{

"registry-mirrors": ["https://i1pfdcu7.mirror.aliyuncs.com"],

"insecure-registries": ["harbor.od.com"]

}

EOF

sudo systemctl daemon-reload

sudo systemctl restart docker

sudo systemctl status docker

三.部署k8s:(所有节点操作)

1)安装工具包:

sudo apt-get update && sudo apt-get install -y ca-certificates curl software-properties-common apt-transport-https

2)配置阿里的kubernetes仓库:

添加apt-key: gpg软件包校验

curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -

3)添加阿里k8s源:

sudo tee /etc/apt/sources.list.d/kubernetes.list <

deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main

EOF

sudo apt update

4)安装核心组件:

通过kubeadm方式部署:可以指定版本  eg:1.20.0

安装kubernetes软件:  kubeadm  kubelet kubectl

sudo apt -y install kubeadm=1.20.0-00 kubelet=1.20.0-00 kubectl=1.20.0-00

5)在master初始化 kubernetes :(只在master节点操作)

1)指定部署kubernetes版本: 1.20.0(和之前kubeadm  kubelet kubectl版本一致)

2)  kubernetes的docker image仓库地址: 阿里的加速站

3)pod-cidr网络:  10.244.0.0/16

4)  service-cidr网络: 10.1.0.0/16

sudo kubeadm init --kubernetes-version=1.20.0 \

--apiserver-advertise-address=masterip \

--image-repository registry.aliyuncs.com/google_containers \

--service-cidr=10.1.0.0/16 \

--pod-network-cidr=10.244.0.0/16

[init] Using Kubernetes version: v1.20.0

[preflight] Running pre-flight checks

[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/

[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.2. Latest validated version: 19.03

[preflight] Pulling images required for setting up a Kubernetes cluster

[preflight] This might take a minute or two, depending on the speed of your internet connection

[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'

[addons] Applied essential addon: CoreDNS

[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.19.100:6443 --token f1so77.it9hla15i42796xs \

--discovery-token-ca-cert-hash sha256:ada46a5fd862b041fd10550749a6c5cc155a519e6cba2d490f4010f2b96869d0

出现以上界面表示成功,按照提示在master节点只想如下命令:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

ps:如果报错比如先查看kebulet服务报找不到node节点,执行

swapoff -a && kubeadm reset  && systemctl daemon-reload && systemctl restart kubelet  && iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X

6)添加节点:

kubeadm join 192.168.19.100:6443 --token f1so77.it9hla15i42796xs     --discovery-token-ca-cert-hash sha256:ada46a5fd862b041fd10550749a6c5cc155a519e6cba2d490f4010f2b96869d0

[preflight] Running pre-flight checks

[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/

[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.2. Latest validated version: 19.03

[preflight] Reading configuration from the cluster...

[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'

[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"

[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"

[kubelet-start] Starting the kubelet

[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:

* Certificate signing request was sent to apiserver and a response was received.

* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

出现以上界面表示成功,同理相继添加剩余节点

7)验证

在master节点上查看有k8s节点

kubectl get nodes

NAME     STATUS     ROLES                  AGE    VERSION

master   NotReady   control-plane,master   5m6s   v1.20.0

node1    NotReady                    111s   v1.20.0

node2    NotReady                    27s    v1.20.0

student@master:~$

问题 : NotReady 没有连接网络, k8s 不通过docker0联网

四.安装k8s addons添加功能 网络:cailco

安装calico网络插件支持  网络策略: flannel 不建议使用 #  不支持  网络策略

#部署v3.11 

1)下载资源清单文件

wget https://docs.projectcalico.org/v3.11/manifests/calico.yaml

2)修改cailco.yml 配置pod-cidr网络 10.244.0.0/16

3)部署cailco网络组件:

kubectl create -f calico.yaml

4)验证

kubectl get pods --all-namespaces

看到cailco的pod为running

ps:如果calico 组件部署 running 比较慢 ,需要重启各个节点。

五.如若安装其他第三方组件(dashboard,metrics,prometheus,grafana等)按照cailco安装部署方式执行

你可能感兴趣的:(ubantu20.10 搭建部署k8s v1.20.0集群步骤)