一. 安裝前準備工作：(所有節點操作)

安裝條件：

1）Linux內核版本:3.0以上

? ? ?uname -r

2） 內核參數： net.ipv4.ip_forward IP轉發開啟：

? ? echo "net.ipv4.ip_forward = 1"? >> /etc/sysctl.conf?

? ? sysctl -p

3）關閉swap交換分區：

sudo swapoff -a

注釋/etc/fstab中的swap

4） 所有節點時間一致：

?timedatectl status 保證NTP服務是active ，同步是yes。

如果沒有同步時間,安裝同步服務

apt install -y chrony

sudo?systemctl enable chrony

5）?關閉服務器 休眠 功能：

sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

6）?開啟IPTABLES支持bridge跟蹤功能模塊

sudo tee /etc/sysctl.d/k8s.conf?<<'EOF'

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

EOF

7）?加載br_netfilter模塊

sudo tee /etc/modules-load.d/modules.conf?<<'EOF'

br_netfilter

EOF

modprobe br_netfilter

驗證

lsmod |grep netfilter

br_netfilter???????????28672??0

bridge????????????????176128??1 br_netfilter

8）?設置rp_filter的值

sudo cat /etc/sysctl.d/10-network-security.conf

net.ipv4.conf.default.rp_filter=1

net.ipv4.conf.all.rp_filter=1

二. 安裝docker.io(所有節點操作)

1）?安裝docker

sudo apt update

sudo apt install?docker.io

啟動服務：

?sudo systemctl enable docker

查看服務狀態

?sudo systemctl status docker

2） 配置國內的docker 鏡像源：阿里docker鏡像源

sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<-'EOF'

{

"registry-mirrors": ["https://i1pfdcu7.mirror.aliyuncs.com"],

"insecure-registries": ["harbor.od.com"]

}

EOF

sudo systemctl daemon-reload

sudo systemctl restart docker

sudo systemctl status docker

三.部署k8s：（所有節點操作）

1）安裝工具包：

sudo apt-get update && sudo apt-get install -y ca-certificates curl software-properties-common apt-transport-https

2）配置阿里的kubernetes倉庫:

添加apt-key: gpg軟件包校驗

curl -s?https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg?| sudo apt-key add -

3）添加阿里k8s源：

sudo tee /etc/apt/sources.list.d/kubernetes.list <

deb?https://mirrors.aliyun.com/kubernetes/apt/?kubernetes-xenial main

EOF

sudo apt update

4）安裝核心組件：

通過kubeadm方式部署：可以指定版本? eg：1.20.0

安裝kubernetes軟件：??kubeadm??kubelet kubectl

sudo apt -y install kubeadm=1.20.0-00 kubelet=1.20.0-00 kubectl=1.20.0-00

5）在master初始化 kubernetes :（只在master節點操作）

1）指定部署kubernetes版本: 1.20.0（和之前kubeadm??kubelet kubectl版本一致）

2)??kubernetes的docker image倉庫地址： 阿里的加速站

3）pod-cidr網絡：??10.244.0.0/16

4)??service-cidr網絡： 10.1.0.0/16

sudo kubeadm init --kubernetes-version=1.20.0 \

--apiserver-advertise-address=masterip \

--image-repository?registry.aliyuncs.com/google_containers?\

--service-cidr=10.1.0.0/16 \

--pod-network-cidr=10.244.0.0/16

[init] Using Kubernetes version: v1.20.0

[preflight] Running pre-flight checks

[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at?https://kubernetes.io/docs/setup/cri/

[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.2. Latest validated version: 19.03

[preflight] Pulling images required for setting up a Kubernetes cluster

[preflight] This might take a minute or two, depending on the speed of your internet connection

[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'

[addons] Applied essential addon: CoreDNS

[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

??export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.

Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.19.100:6443 --token f1so77.it9hla15i42796xs \

--discovery-token-ca-cert-hash sha256:ada46a5fd862b041fd10550749a6c5cc155a519e6cba2d490f4010f2b96869d0

出現以上界面表示成功，按照提示在master節點只想如下命令：

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

ps：如果報錯比如先查看kebulet服務報找不到node節點，執行

swapoff -a && kubeadm reset? && systemctl daemon-reload && systemctl restart kubelet? && iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X

6）添加節點：

kubeadm join 192.168.19.100:6443 --token f1so77.it9hla15i42796xs?????--discovery-token-ca-cert-hash sha256:ada46a5fd862b041fd10550749a6c5cc155a519e6cba2d490f4010f2b96869d0

[preflight] Running pre-flight checks

[WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at?https://kubernetes.io/docs/setup/cri/

[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.2. Latest validated version: 19.03

[preflight] Reading configuration from the cluster...

[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'

[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"

[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"

[kubelet-start] Starting the kubelet

[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:

* Certificate signing request was sent to apiserver and a response was received.

* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

出現以上界面表示成功，同理相繼添加剩余節點

7）驗證

在master節點上查看有k8s節點

kubectl get nodes

NAME?????STATUS?????ROLES??????????????????AGE????VERSION

master???NotReady???control-plane,master???5m6s???v1.20.0

node1????NotReady????????????????????111s???v1.20.0

node2????NotReady????????????????????27s????v1.20.0

student@master:~$

問題 ： NotReady 沒有連接網絡， k8s 不通過docker0聯網

四.安裝k8s addons添加功能 網絡：cailco

安裝calico網絡插件支持??網絡策略： flannel 不建議使用 #??不支持??網絡策略

#部署v3.11?

1）下載資源清單文件

wget?https://docs.projectcalico.org/v3.11/manifests/calico.yaml

2）修改cailco.yml 配置pod-cidr網絡 10.244.0.0/16

3）部署cailco網絡組件：

kubectl create -f calico.yaml

4）驗證

kubectl get pods --all-namespaces

看到cailco的pod為running

ps:如果calico 組件部署 running 比較慢 ，需要重啟各個節點。

五.如若安裝其他第三方組件(dashboard,metrics,prometheus,grafana等)按照cailco安裝部署方式執行