一. 安装前准备工作:(所有节点操作)
安装条件:
1)Linux内核版本:3.0以上
uname -r
2) 内核参数: net.ipv4.ip_forward IP转发开启:
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
3)关闭swap交换分区:
sudo swapoff -a
注释/etc/fstab中的swap
4) 所有节点时间一致:
timedatectl status 保证NTP服务是active ,同步是yes。
如果没有同步时间,安装同步服务
apt install -y chrony
sudo systemctl enable chrony
5) 关闭服务器 休眠 功能:
sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
6) 开启IPTABLES支持bridge跟踪功能模块
sudo tee /etc/sysctl.d/k8s.conf <<'EOF'
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
7) 加载br_netfilter模块
sudo tee /etc/modules-load.d/modules.conf <<'EOF'
br_netfilter
EOF
modprobe br_netfilter
验证
lsmod |grep netfilter
br_netfilter 28672 0
bridge 176128 1 br_netfilter
8) 设置rp_filter的值
sudo cat /etc/sysctl.d/10-network-security.conf
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
二. 安装docker.io(所有节点操作)
1) 安装docker
sudo apt update
sudo apt install docker.io
启动服务:
sudo systemctl enable docker
查看服务状态
sudo systemctl status docker
2) 配置国内的docker 镜像源:阿里docker镜像源
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://i1pfdcu7.mirror.aliyuncs.com"],
"insecure-registries": ["harbor.od.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo systemctl status docker
三.部署k8s:(所有节点操作)
1)安装工具包:
sudo apt-get update && sudo apt-get install -y ca-certificates curl software-properties-common apt-transport-https
2)配置阿里的kubernetes仓库:
添加apt-key: gpg软件包校验
curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -
3)添加阿里k8s源:
sudo tee /etc/apt/sources.list.d/kubernetes.list <
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF
sudo apt update
4)安装核心组件:
通过kubeadm方式部署:可以指定版本 eg:1.20.0
安装kubernetes软件: kubeadm kubelet kubectl
sudo apt -y install kubeadm=1.20.0-00 kubelet=1.20.0-00 kubectl=1.20.0-00
5)在master初始化 kubernetes :(只在master节点操作)
1)指定部署kubernetes版本: 1.20.0(和之前kubeadm kubelet kubectl版本一致)
2) kubernetes的docker image仓库地址: 阿里的加速站
3)pod-cidr网络: 10.244.0.0/16
4) service-cidr网络: 10.1.0.0/16
sudo kubeadm init --kubernetes-version=1.20.0 \
--apiserver-advertise-address=masterip \
--image-repository registry.aliyuncs.com/google_containers \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
[init] Using Kubernetes version: v1.20.0
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.2. Latest validated version: 19.03
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.19.100:6443 --token f1so77.it9hla15i42796xs \
--discovery-token-ca-cert-hash sha256:ada46a5fd862b041fd10550749a6c5cc155a519e6cba2d490f4010f2b96869d0
出现以上界面表示成功,按照提示在master节点只想如下命令:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
ps:如果报错比如先查看kebulet服务报找不到node节点,执行
swapoff -a && kubeadm reset && systemctl daemon-reload && systemctl restart kubelet && iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
6)添加节点:
kubeadm join 192.168.19.100:6443 --token f1so77.it9hla15i42796xs --discovery-token-ca-cert-hash sha256:ada46a5fd862b041fd10550749a6c5cc155a519e6cba2d490f4010f2b96869d0
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/
[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.2. Latest validated version: 19.03
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
出现以上界面表示成功,同理相继添加剩余节点
7)验证
在master节点上查看有k8s节点
kubectl get nodes
NAME STATUS ROLES AGE VERSION
master NotReady control-plane,master 5m6s v1.20.0
node1 NotReady 111s v1.20.0
node2 NotReady 27s v1.20.0
student@master:~$
问题 : NotReady 没有连接网络, k8s 不通过docker0联网
四.安装k8s addons添加功能 网络:cailco
安装calico网络插件支持 网络策略: flannel 不建议使用 # 不支持 网络策略
#部署v3.11
1)下载资源清单文件
wget https://docs.projectcalico.org/v3.11/manifests/calico.yaml
2)修改cailco.yml 配置pod-cidr网络 10.244.0.0/16
3)部署cailco网络组件:
kubectl create -f calico.yaml
4)验证
kubectl get pods --all-namespaces
看到cailco的pod为running
ps:如果calico 组件部署 running 比较慢 ,需要重启各个节点。
五.如若安装其他第三方组件(dashboard,metrics,prometheus,grafana等)按照cailco安装部署方式执行
网友评论