由于我是在笔记本虚拟机中安装,笔记本性能有限,所以这里就只安装一个node和一个master。准备工作如下,部署好两个虚拟机,都安装好centos7.4系统和docker。
– | ip | docker | 系统 |
---|---|---|---|
master | 192.168.226.140 | 1.13.1 | centos7.4 |
node | 192.168.226.141 | 1.13.1 | centos7.4 |
以下两步所有节点都需要操作。
1、修改docker镜像源为国内源
sudo vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
systemctl enable docker.service
重启docker服务: systemctl restart docker
2、配置kubenetes阿里镜像源
vim /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1
gpgcheck=0
Master节点需要安装以下组件
组件 | 作用 |
---|---|
etcd | etcd负责保存Kubernetes Cluster的配置信息和各种资源的状态信 息。 当数据发生变化时, etcd会快速地通知Kubernetes相关组 件 |
kube-apiserver | 提供HTTP/HTTPS RESTful API, 即Kubernetes API。 API Server是Kubernetes Cluster的前端接口 |
kube-controller-manager | Controller Manager负责管理Cluster各种资源, 保证资源处于预期的状态。 |
kube-scheduler | Scheduler负责决定将Pod放在哪个Node上运行。 Scheduler在调度 时会 充分虑Cluster的拓扑结构, 当前各个节点的负载, 以及应用对 高可用、 性能、 数据亲和性的需求。 |
以上组件都会以容器的方式由kubelet拉起。
sudo yum install socat kubelet kubeadm kubectl kubernetes-cni -y
sudo systemctl enable kubelet.service && sudo systemctl start kubelet.service
初始化master节点
kubeadm init --kubernetes-version=1.11.0 --apiserver-advertise-address 192.168.226.140 --pod-network-cidr=10.244.0.0/16
–apiserver-advertise-address指明用Master的哪个interface与Cluster 的其他节点通信。 如果Master有多个interface, 建议明确指定, 如果 不指定, kubeadm会自动选择有默认网关的interface。
在初始化master节点的时候需要去拉取镜像,但是会拉取失败,因为gcr.io被墙,可以下载大神们制作好的镜像。把拉取失败的镜像名填入下面的脚本中进行镜像拉取。
images=(coredns:1.1.3 pause:3.1 kube-controller-manager-amd64:v1.11.0 kube-scheduler-amd64:v1.11.0 kube-scheduler-amd64:v1.11.0 kube-proxy-amd64:v1.11.0 kube-apiserver-amd64:v1.11.0 etcd-amd64:3.2.18 kube-proxy-amd64:v1.11.0)
for imageName in ${images[@]} ; do
docker pull cloudnil/$imageName
docker tag cloudnil/$imageName k8s.gcr.io/$imageName
docker rmi cloudnil/$imageName
done
拉取镜像后,执行kubeadm reset清除之前安装的残留,然后再次重试。
如果成功的话会有下面这个输出
[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join 192.168.226.140:6443 --token ct127x.9vc3wev5zc48bzko --discovery-token-ca-cert-hash sha256:89aa40ed38fd00cbff53eccc2d859c6f91dbcbf064e108e52dc7089e9a472a6d
1、进/var/log/messages查看具体错误信息
2、进入docker容器查看日志文件
[root@k8s-master ~]# kubeadm init --kubernetes-version=1.11.0 --apiserver-advertise-address 192.168.226.140 --pod-network-cidr=10.244.0.0/16
[init] using Kubernetes version: v1.11.0
[preflight] running pre-flight checks
I0923 19:45:32.731532 33481 kernel_validator.go:81] Validating kernel version
I0923 19:45:32.731693 33481 kernel_validator.go:96] Validating kernel config
[WARNING Hostname]: hostname "k8s-master" could not be reached
[WARNING Hostname]: hostname "k8s-master" lookup k8s-master on 8.8.8.8:53: no such host
[preflight] Some fatal errors occurred:
[ERROR Swap]: running with swap on is not supported. Please disable swap
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
结果报上面的错误,hostname修改/etc/hosts文件配置好。swap错误可以用swapoff -a关闭。
上面错误解决后仍然起不来,docker ps -a 产看哪个服务没有起来。进去查看日志:etcdmain: open /etc/kubernetes/pki/etcd/peer.crt: permission denied
[root@k8s-master log]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b7f4e07a116 a68bfbd73ab7 "kube-apiserver --..." 3 minutes ago Exited (1) 3 minutes ago k8s_kube-apiserver_kube-apiserver-k8s-master_kube-system_561e3b45e6e68179a91caccad9c1a852_7
e100a2a11c24 78b282dd9c2e "etcd --advertise-..." 3 minutes ago Exited (1) 3 minutes ago k8s_etcd_etcd-k8s-master_kube-system_1129548e8dabf0990c651f2471eeb7e2_7
30b6059b4e90 c1211e0f980b "kube-controller-m..." 14 minutes ago Up 14 minutes k8s_kube-controller-manager_kube-controller-manager-k8s-master_kube-system_d732e49a6ef43c8d652c917767ad4bc8_0
......
[root@k8s-master log]# docker logs e100a2a11c24
2018-09-23 13:30:38.435551 I | etcdmain: etcd Version: 3.2.18
2018-09-23 13:30:38.435879 I | etcdmain: Git SHA: eddf599c6
2018-09-23 13:30:38.435887 I | etcdmain: Go Version: go1.8.7
2018-09-23 13:30:38.435892 I | etcdmain: Go OS/Arch: linux/amd64
2018-09-23 13:30:38.435902 I | etcdmain: setting maximum number of CPUs to 2, total number of available CPUs is 2
2018-09-23 13:30:38.436132 I | embed: peerTLS: cert = /etc/kubernetes/pki/etcd/peer.crt, key = /etc/kubernetes/pki/etcd/peer.key, ca = , trusted-ca = /etc/kubernetes/pki/etcd/ca.crt, client-cert-auth = true
2018-09-23 13:30:38.436659 C | etcdmain: open /etc/kubernetes/pki/etcd/peer.crt: permission denied
上面这个错误我关闭了selinux就可以了。
[root@localhost ~]# setenforce 0 //临时关闭
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# vim /etc/sysconfig/selinux //永久关闭
将SELINUX=enforcing 改为 SELINUX=disabled 。
sudo yum install kubelet kubeadm kubectl -y
sudo systemctl enable kubelet.service && sudo systemctl start kubelet.service
[root@k8s-node ~]# kubeadm join 192.168.226.140:6443 --token ct127x.9vc3wev5zc48bzko --discovery-token-ca-cert-hash sha256:89aa40ed38fd00cbff53eccc2d859c6f91dbcbf064e108e52dc7089e9a472a6d
出现这个错误:[ERROR Swap]: running with swap on is not supported. Please disable swap
执行swapoff -a关闭
这里安装flannel网络,需要在master和node节点都下载好两个镜像。
[root@k8s-master ~]# curl -ssL https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml -o kube-flannel.yml
[root@k8s-master ~]# kubectl apply -f kube-flannel.yml
此处下载那个flannel镜像真心超级慢,我等了好久才下载成功。要有耐心。
安装控制台,先下载一个yaml文件。
[root@k8s-master ~]# curl -ssL https://raw.githubusercontent.com/winse/docker-hadoop/master/kube-deploy/kubeadm/kubernetes-dashboard.yaml -o kubernetes-dashboard.yml
[root@k8s-master ~]# kubectl apply -f kubernetes-dashboard.yml
采坑记录请参考:https://www.cnblogs.com/RainingNight/p/deploying-k8s-dashboard-ui.html
文中详细讲述了四种登入dashboard的方式:
kubectl proxy
NodePort
API Server
Ingress
经过尝试之后使用之后使用了最简单的第二种方式来访问:
使用kubectl -n kube-system edit service kubernetes-dashboard来编辑配置,将文件中的type: ClusterIP
修改为type: NodePort
,保存后使用kubectl get service
命令来查看自动生产的端口
[root@k8s-master ~]# kubectl -n kube-system edit service kubernetes-dashboard
service/kubernetes-dashboard edited
[root@k8s-master ~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 2h
[root@k8s-master ~]# kubectl -n kube-system get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.100.84.158 <none> 80:31248/TCP 52m
可以看到port为31248。然后查看dashboard具体运行在那个node或者master上面
[root@k8s-master ~]# kubectl get pods -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE
.......
kube-proxy-8frqn 1/1 Running 0 3h 192.168.226.140 k8s-master
kube-proxy-hv6lg 1/1 Running 0 2h 192.168.226.141 k8s-node
kube-scheduler-k8s-master 1/1 Running 0 1h 192.168.226.140 k8s-master
kubernetes-dashboard-98bf745c6-xcxnm 1/1 Running 0 59m 10.244.1.5 k8s-node
我这里可以看到运行在k8s-node节点上面,也就是192.168.226.141上面,这样我就可以在windows浏览器里面打开:http://192.168.226.141:31248/#!/overview?namespace=default 就可以打开dashboard了。
至此k8s实验环境docker版安装算完成了。以后有空试一试二进制来安装,这也是最复杂的安装方式。