实验环境:
操作系统:centos7.2_x64
master:192.168.72.183
minion01 : 192.168.72.184 容器网段:172.17.0.0/16
设置主机信息:
1. master上执行:
a) 设置主机名称命令:hostnamectl --static set-hostname k8s-master
b) 关闭防火墙命令:
i. systemctl disable firewalld.service
ii. systemctl stop firewalld.service
c) 设置hosts命令:echo '192.168.72.183 k8s-master
192.168.72.183 etcd
192.168.72.183 registry
192.168.72.184 k8s-node-1' >> /etc/hosts
2. minion01上执行:
a) 设置主机名称命令:hostnamectl --static set-hostname k8s-node-1
b) 关闭防火墙命令:
i. systemctl disable firewalld.service
ii. systemctl stop firewalld.service
c) 设置hosts命令:echo '192.168.72.183 k8s-master
192.168.72.183 etcd
192.168.72.183 registry
192.168.72.184 k8s-node-1' >> /etc/hosts
SSH免密匙安装:
1. master安装ssh-agent
a) 执行命令:ssh-keygen,会在~/.ssh/目录下多出来两个文件:id_rsa.pub(公钥文件)和id_rsa(私钥文件)
b) 在所有minion节点中~/.ssh/authorized_keys配置文件添加公钥文件内容,(注:没有文件就创建文件)
i. Scp id_rsa.pub [email protected]:~/.ssh/
ii. Cat id_rsa.pub >> ~/.ssh/authorized_keys
2. 测试ssh
master执行ssh 192.168.72.184登录minion节点不需要密码则成功
Etcd安装:
1. Master安装etcd:
a) yum install etcd -y
2. yum安装的etcd默认配置文件在/etc/etcd/etcd.conf。编辑配置文件,更改以下带颜色部分信息
vi /etc/etcd/etcd.conf
# [member]
ETCD_NAME=master
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_WAL_DIR=""
#ETCD_SNAPSHOT_COUNT="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
#ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379,http://0.0.0.0:4001"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
#ETCD_CORS=""
#
#[cluster]
#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
# if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
#ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
#ETCD_INITIAL_CLUSTER_STATE="new"
#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="http://etcd:2379,http://etcd:4001"
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_SRV=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
3. 启动并验证状态
a) systemctl start etcd
b) etcdctl set testdir/testkey0 0
0
c) etcdctl get testdir/testkey0
0
d) etcdctl -C http://etcd:4001 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://0.0.0.0:2379
cluster is healthy
e) etcdctl -C http://etcd:2379 cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://0.0.0.0:2379
cluster is healthy
Docker安装:
1. Master安装docker:
a) yum install docker
2. 配置Docker配置文件,使其允许从registry中拉取镜像
vi /etc/sysconfig/docker
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
OPTIONS='--insecure-registry registry:5000'
3. 设置开机自启动并开启服务
a) chkconfig docker on
b) systemctl start docker.service
4. 查看docker版本
a) docker version
k8s集群部署:
1. master安装kubernetes
a) yum install kubernetes
2. 配置并启动kubernetes
a) vi /etc/kubernetes/apiserver
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#
# The address on the local server to listen to.
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
# The port on the local server to listen on.
KUBE_API_PORT="--port=8080"
# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"
# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://etcd:2379"
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
# default admission control policies
#KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
# Add your own!
KUBE_API_ARGS=""
b) Vi /etc/kubernetes/config
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
# kube-apiserver.service
# kube-controller-manager.service
# kube-scheduler.service
# kubelet.service
# kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"
# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://k8s-master:8080"
3. 启动服务并设置开机自启动(先重启os)
a) systemctl enable kube-apiserver.service
b) systemctl start kube-apiserver.service
c) systemctl enable kube-controller-manager.service
d) systemctl start kube-controller-manager.service
e) systemctl enable kube-scheduler.service
f) systemctl start kube-scheduler.service
4. Node安装docker/kubernets,参考master安装
a) 安装k8s后配置并启动kubernetes
vi /etc/kubernetes/config
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
# kube-apiserver.service
# kube-controller-manager.service
# kube-scheduler.service
# kubelet.service
# kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"
# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://k8s-master:8080"
b) vi /etc/kubernetes/kubelet
###
# kubernetes kubelet (minion) config
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=0.0.0.0"
# The port for the info server to serve on
# KUBELET_PORT="--port=10250"
# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname-override=k8s-node-1"
# location of the api-server
KUBELET_API_SERVER="--api-servers=http://k8s-master:8080"
# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
# Add your own!
KUBELET_ARGS=""
5. 启动kubelet、kube-proxy服务并设置开机自启动
a) systemctl enable kubelet.service
b) systemctl start kubelet.service
c) systemctl enable kube-proxy.service
d) systemctl start kube-proxy.service
6. Master上执行Kubectl get no检查k8s是否部署成功
a) 查询集群节点:kubectl get no
b) 查询api:http://192.168.72.131:8080/swagger-ui/
7. 安装网络Flannel
a) 在master、node上均执行如下命令,进行安装
yum install flannel
b) 配置Flannel,master、node上均编辑/etc/sysconfig/flanneld,修改红色部分
vi /etc/sysconfig/flanneld
# Flanneld configuration options
# etcd url location. Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://etcd:2379"
# etcd config key. This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"
# Any additional options that you want to pass
#FLANNEL_OPTIONS=""
c) 配置etcd中关于flannel的key
执行命令:etcdctl mk /atomic.io/network/config '{ "Network": "10.0.0.0/16" }'
{ "Network": "10.0.0.0/16" }
d) 启动Flannel之后,需要依次重启docker、kubernete,在master执行
i. systemctl enable flanneld.service
ii. systemctl start flanneld.service
iii. service docker restart
iv. systemctl restart kube-apiserver.service
v. systemctl restart kube-controller-manager.service
vi. systemctl restart kube-scheduler.service
e) 在node上执行
i. systemctl enable flanneld.service
ii. systemctl start flanneld.service
iii. service docker restart
iv. systemctl restart kubelet.service
v. systemctl restart kube-proxy.service