VMware+CentOS部署单机版Kubernetes
目录
1 必备条件
2 为CentOS添加Kubernetes的阿里源
3 CentOS系统配置
4 安装Kubernetes
5 第一次执行初始化
6 获取本机IP地址
7 Kubernetes的配置文件
8 拉取images
9 初始化Kubernetes
10 修改resolv.conf
11 安装网络插件
12 将Master节点设为工作节点
13 安装Dashboard
1 必备条件
docker已经安装;所有命令都以root身份运行,除非特殊说明。
2 为CentOS添加Kubernetes的阿里源
Kubernetes属于谷歌产品,所以国内网络安装的话,无法从原始地址下载数据,我们要为CentOS提供国内源。命令如下:
# cat < /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
3 CentOS系统配置
关闭防火墙:
systemctl stop firewalld & systemctl disable firewalld关闭swap
swapoff -a- 修改/etc/fstab文件,注释掉包含“swap”的那一行
- 重启系统;
- 通过free -m命令查看swap是否关闭,如果关闭,则输出如下:
关闭Selinux
setenforce 0修改/etc/sysconfig/selinux文件
SELINUX=disabled创建/etc/sysctl.d/k8s.conf,内容如下
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1创建完成后,执行
sysctl --system4 安装Kubernetes
执行下列命令,进行安装:
yum install -y kubelet kubectl kubeadm kubernetes-cni5 第一次执行初始化
先执行一次初始化,这一步主要是为了获取我们安装的Kubernetes的版本号,执行命令如下:
kubeadm init得到命令输出如下:
记录下安装的版本号“v1.12.2”。
第一次执行,肯定会报错,主要是因为该命令下载资源是从谷歌下载,国内无法访问。
6 获取本机IP地址
该IP用于后续的配置文件,执行如下命令:
ifconfig得到如下输入:
记录下本机IP为“192.168.114.130”。
7 Kubernetes的配置文件
用命令,获取Kubernetes的默认配置
kubeadm config print-default > kubeadm.conf执行下列命令,将advertiseAddress参数值改为本机IP
sed -i "s/advertiseAddress: .*/advertiseAddress: 192.168.114.130/g" kubeadm.conf执行下列命令,将所选的网络插件的配置,写进kubeadm.conf文件,可参考这个地址,进一步了解网络插件,我们这里选择了Calico,后续会有网络插件相关安装步骤。
sed -i "s/podSubnet: .*/podSubnet: \"192.168.0.0\/16\"/g" kubeadm.conf修改配置文件中的镜像仓库地址,防止再次冲谷歌地址下载镜像:
sed -i "s/imageRepository: .*/imageRepository: registry.aliyuncs.com\/google_containers/g" kubeadm.conf指定版本号,防止从谷歌地址读取版本号:
sed -i "s/kubernetesVersion: .*/kubernetesVersion: v1.12.2/g" kubeadm.conf尝试修改配置文件,修改“nodeRegisteration”属性,增加下列值:
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
pod-infra-container-image: registry.aliyuncs.com/google_containers/pause:3.1注意上表中的内容,最后一行,冒号和后面的值之间存在一个空格,不要省略掉了。
8 拉取images
执行下列命令,将初始化需要的image下载下来:
kubeadm config images pull --config kubeadm.conf如果过程中出现连接超时的错误,请多试几次。
9 初始化Kubernetes
这一步开始,主要是master机器的配置。
kubeadm init --config kubeadm.conf成功时,最后输出的命令如下:
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join 192.168.114.130:6443 --token abcdef.0123456789abcdef --discovery-token-ca-cert-hash sha256:796da3a54e6dfe4c9e8dcf452800a703f7a5be3f6905d26230f6a7df9a1ddc14根据上面提示执行下面几个命令,不执行的话,后续安装网络插件的步骤会报网络连接被拒绝的错误:
//先切换到原用户
su xxx
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g)
如果sudo时候报错,提示是非sudo用户,那么执行下面的操作:
//切换到root
# su
//注意,vi和sudo之间没有空格
# visudo
//visudo执行后打开了一个文件,在文件最后输入下面信息
your-user-name ALL=(ALL) ALL
//保存并退出,这样你的用户就可以使用sudo操作
如果初始化的时候,报节点错误,如下:
Nov 22 07:49:43 icegan-centos-7-k8s-master.novalocal kubelet[1942]: E1122 07:49:43.339350 1942 kubelet.go:2236] node "icegan-centos-7-k8s-master.novalocal" not found
Nov 22 07:49:43 icegan-centos-7-k8s-master.novalocal kubelet[1942]: E1122 07:49:43.375396 1942 eviction_manager.go:243] eviction manager: failed to get get summary stats: failed to get node info: node "icegan-centos-7-k8s-master.novalocal" not found
Nov 22 07:49:44 icegan-centos-7-k8s-master.novalocal kubelet[1942]: E1122 07:49:44.401786 1942 kubelet.go:2236] node "icegan-centos-7-k8s-master.novalocal" not found
Nov 22 07:49:44 icegan-centos-7-k8s-master.novalocal kubelet[1942]: E1122 07:49:44.848153 1942 kubelet.go:2236] node "icegan-centos-7-k8s-master.novalocal" not found
Nov 22 07:49:45 icegan-centos-7-k8s-master.novalocal kubelet[1942]: W1122 07:49:45.457890 1942 cni.go:188] Unable to update cni config: No networks found in /etc/cni/net.d
Nov 22 07:49:45 icegan-centos-7-k8s-master.novalocal kubelet[1942]: E1122 07:49:45.581856 1942 kubelet.go:2236] node "icegan-centos-7-k8s-master.novalocal" not found
Nov 22 07:49:45 icegan-centos-7-k8s-master.novalocal kubelet[1942]: E1122 07:49:45.767435 1942 reflector.go:134] k8s.io/kubernetes/pkg/kubelet/kubelet.go:442: Failed to list *v1.Service: Get https://192.168.100.19:6443/api/v1/services?limit=500&resourceVersion=0: dial tcp 192.168.100.19:6443: connect: connection refused
Nov 22 07:49:46 icegan-centos-7-k8s-master.novalocal kubelet[1942]: E1122 07:49:46.053011 1942 reflector.go:134] k8s.io/kubernetes/pkg/kubelet/kubelet.go:451: Failed to list *v1.Node: Get https://192.168.100.19:6443/api/v1/nodes?fieldSelector=metadata.name%3Dicegan-centos-7-k8s-master.novalocal&limit=500&resourceVersion=0: dial tcp 192.168.100.19:6443: connect: connection refused
Nov 22 07:49:46 icegan-centos-7-k8s-master.novalocal kubelet[1942]: E1122 07:49:44.772915 1942 certificate_manager.go:348] Failed while requesting a signed certificate from the master: cannot create certificate signing request: Post https://192.168.100.19:6443/apis/certificates.k8s.io/v1beta1/certificatesigningrequests: dial tcp 192.168.100.19:6443: connect: connection refused
Nov 22 07:49:46 icegan-centos-7-k8s-master.novalocal kubelet[1942]: E1122 07:49:46.404503 1942 reflector.go:134] k8s.io/kubernetes/pkg/kubelet/config/apiserver.go:47: Failed to list *v1.Pod: Get https://192.168.100.19:6443/api/v1/pods?fieldSelector=spec.nodeName%3Dicegan-centos-7-k8s-master.novalocal&limit=500&resourceVersion=0: dial tcp 192.168.100.19:6443: connect: connection refused
Nov 22 07:49:48 icegan-centos-7-k8s-master.novalocal kubelet[1942]: E1122 07:49:47.787778 1942 kubelet.go:2236] node "icegan-centos-7-k8s-master.novalocal" not found在配置文件"/etc/hosts"中增加:
192.168.100.19 icegan-centos-7-k8s-master.novalocal
10 修改resolv.conf
为了防止后续安装网络插件,出现“more than twice, loop detected”的异常,我们需要更改resolve.conf。解决方案参考这个。
# cd /etc
//备份resolv.conf
# mv resolv.conf resolv.conf.bak
//新建resolv.conf
# vi resolv.conf
//添加如下内容
nameserver 8.8.4.4
nameserver 8.8.8.8
11 安装网络插件
网络查件是用来支持pod之间互通的工具,根据这个地址,选择你自己想要安装的插件,我选择的是Calico,用下面的命令进行安装:
kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml安装完成后,等大概10分钟左右,执行下列命令:
kubectl get pods --all-namespaces输出结果如下:
STATUS状态全部为Running,证明安装成功,接下来就可以加入其它节点及部署应用了。
12 将Master节点设为工作节点
K8S集群默认不会将Pod调度到Master上,这样Master的资源就浪费了。在Master上,我们可以运行下列命令使其作为一个工作节点:
# kubectl taint nodes --all node-role.kubernetes.io/master -这样,我们也可以创建一个单节点的K8S集群。
13 安装Dashboard
(一)下载Dashboard配置文件
wget http://mirror.faasx.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml修改配置文件中的Dashboard镜像地址为国内源:
国内源为:registry.cn-hangzhou.aliyuncs.com/jonny/kubernetes-dashboard-amd64:v1.8.3
(二)安装
kubectl apply -f kubernetes-dashboard.yaml(三)查看启动状态
kubectl get pods --all-namespaces
(四)Master节点本机访问
kubectl proxyMaster服务器浏览器访问
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
(五)创建admin用户
创建文件
apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBinding
metadata:
name: admin-user
annotations: rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system通过命令生成admin-user
kubectl create -f {path}/admin-user.yaml获取admin-user的访问token
kubectl describe secret admin-user --namespace=kube-system在命令行中会打印token,在第四步的访问地址访问时,会弹出下列页面
选择“令牌”,在输入框输入token,登录即可正常访问。如果跳过的话,会因为权限问题,导致很多操作不可用。