一,基本知识
1.简介
(1)官方文档:https://www.kubernetes.org.cn/docs
(2)Kubernetes是一个开源的,用于管理云平台中多个主机上的容器化的应用,Kubernetes的目标是让部署容器化的应用简单并且高效(powerful),Kubernetes提供了应用部署,规划,更新,维护的一种机制。
(3)Kubernetes一个核心的特点就是能够自主的管理容器来保证云平台中的容器按照用户的期望状态运行着(比如用户想让apache一直运行,用户不需要关心怎么去做,Kubernetes会自动去监控,然后去重启,新建,总之,让apache一直提供服务),管理员可以加载一个微型服务,让规划器来找到合适的位置,同时,Kubernetes也系统提升工具以及人性化方面,让用户能够方便的部署自己的应用。
2.Kubernetes组成
(1)Kubernetes节点有运行应用容器必备的服务,而这些都是受Master的控制。每个节点上都要运行Docker。Docker来负责所有具体的映像下载和容器运行。
(2)Kubernetes主要由以下几个核心组件组成:
etcd:保存了整个集群的状态;
apiserver:提供了资源操作的唯一入口,并提供认证、授权、访问控制、API注册和发现等机制
controller manager:负责维护集群的状态,比如故障检测、自动扩展、滚动更新等;
scheduler:负责资源的调度,按照预定的调度策略将Pod调度到相应的机器上;
kubelet:负责维护容器的生命周期,同时也负责Volume(CVI)和网络(CNI)的管理;
Container runtime:负责镜像管理以及Pod和容器的真正运行(CRI);
kube-proxy:负责为Service提供cluster内部的服务发现和负载均衡;
除了核心组件,还有一些推荐的Add-ons:
kube-dns:负责为整个集群提供DNS服务
Ingress Controller:为服务提供外网入口
Heapster:提供资源监控
Dashboard:提供GUI
Federation:提供跨可用区的集群
Fluentd-elasticsearch:提供集群日志采集、存储与查询
二、Kubernetes集群搭建
此实验需要联网
实验环境:(安装docker并开启)
docker1:172.25.26.1 (k8s-master)
docker2:172.25.26.2 (k8s-node1)
1.先清理之前的swarm环境
[root@docker2 ~]# docker swarm leave
Node left the swarm.
[root@docker3 ~]# docker swarm leave
Node left the swarm.
[root@docker1 ~]# docker swarm leave --force
[root@docker1 ~]# docker container prune
WARNING! This will remove all stopped containers.
Are you sure you want to continue? [y/N] y
[root@docker2 ~]# docker container prune
[root@docker3 ~]# docker container prune
2.安装相应软件
[root@docker1 mnt]# yum install -y kubeadm-1.12.2-0.x86_64.rpm kubelet-1.12.2-0.x86_64.rpm kubectl-1.12.2-0.x86_64.rpm kubernetes-cni-0.6.0-0.x86_64.rpm cri-tools-1.12.0-0.x86_64.rpm
[root@docker2 mnt]# yum install -y kubeadm-1.12.2-0.x86_64.rpm kubelet-1.12.2-0.x86_64.rpm kubectl-1.12.2-0.x86_64.rpm kubernetes-cni-0.6.0-0.x86_64.rpm cri-tools-1.12.0-0.x86_64.rpm
3.关闭系统的交换分区
[root@docker1 ~]# swapoff -a
[root@docker1 mnt]# vim /etc/fstab
#/dev/mapper/rhel-swap swap swap defaults 0 0
[root@docker1 ~]# systemctl enable kubelet.service
##server2同上
4.查看 kubeadm 会用到的镜像
[root@docker1 ~]# kubeadm config images list
I0323 16:49:02.001547 11145 version.go:93] could not fetch a Kubernetes version from the internet: unable to get URL "https://dl.k8s.io/release/stable-1.txt": Get https://dl.k8s.io/release/stable-1.txt: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I0323 16:49:02.001631 11145 version.go:94] falling back to the local client version: v1.12.2
k8s.gcr.io/kube-apiserver:v1.12.2
k8s.gcr.io/kube-controller-manager:v1.12.2
k8s.gcr.io/kube-scheduler:v1.12.2
k8s.gcr.io/kube-proxy:v1.12.2
k8s.gcr.io/pause:3.1
k8s.gcr.io/etcd:3.2.24
k8s.gcr.io/coredns:1.2.2
5.导入需要的镜像
[root@docker1 mnt]# docker load -i kube-apiserver.tar
[root@docker1 mnt]# docker load -i kube-controller-manager.tar
[root@docker1 mnt]# docker load -i kube-proxy.tar
[root@docker1 mnt]# docker load -i pause.tar
[root@docker1 mnt]# docker load -i etcd.tar
[root@docker1 mnt]# docker load -i coredns.tar
[root@docker1 mnt]# docker load -i kube-scheduler.tar
[root@docker1 mnt]# docker load -i flannel.tar
6.初始化
[root@docker1 mnt]# vim kube-flannel.yml
76 "Network": "10.244.0.0/16"
[root@docker1 mnt]# kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=172.25.26.1
kubeadm join 172.25.26.1:6443 --token 693yuj.qgwr45c2229j9jpw --discovery-token-ca-cert-hash sha256:c2a74972df8d21ba875a37b3bf6fd595396a110f429feccf4c0d64c09e89ceb4
[root@docker1 mnt]# useradd k8s
[root@docker1 mnt]# vim /etc/sudoers
92 k8s ALL=(ALL) NOPASSWD:ALL
[root@docker1 mnt]# vim /home/k8s/.bashrc
source <(kubectl completion bash)'
[root@docker1 mnt]# su - k8s
##执行下面的命令进行配置(注意这三个命令必须用k8s用户执行)
[k8s@docker1 ~]$ mkdir -p $HOME/.kube
[k8s@docker1 ~]$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[k8s@docker1 ~]$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
8.在master部署flannel
[root@docker1 mnt]# cp kube-flannel.yml /home/k8s
[root@docker1 mnt]# su - k8s
Last login: Tue Jun 4 12:27:58 CST 2019 on pts/0
-bash: /home/k8s/.bashrc: line 12: unexpected EOF while looking for matching `''
-bash: /home/k8s/.bashrc: line 13: syntax error: unexpected end of file
[k8s@server1 ~]$ kubectl apply -f kube-flannel.yml
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.extensions/kube-flannel-ds-amd64 created
daemonset.extensions/kube-flannel-ds-arm64 created
daemonset.extensions/kube-flannel-ds-arm created
daemonset.extensions/kube-flannel-ds-ppc64le created
daemonset.extensions/kube-flannel-ds-s390x created
[k8s@server1 ~]$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0dbba405ff79 k8s.gcr.io/pause:3.1 "/pause" 3 seconds ago Up 1 second k8s_POD_coredns-576cbf47c7-k9vz6_kube-system_c82dc5b1-8680-11e9-9df3-5254008ef942_0
ca2e84dd9f18 k8s.gcr.io/pause:3.1 "/pause" 3 seconds ago Up 1 second k8s_POD_coredns-576cbf47c7-h5dqh_kube-system_c80f8c10-8680-11e9-9df3-5254008ef942_0
fe96aeea23ef f0fad859c909 "/opt/bin/flanneld -…" 7 seconds ago Up 6 seconds k8s_kube-flannel_kube-flannel-ds-amd64-vddq5_kube-system_5e937bc1-8681-11e9-9df3-5254008ef942_0
be319b39a0bb k8s.gcr.io/pause:3.1 "/pause" 9 seconds ago Up 8 seconds k8s_POD_kube-flannel-ds-amd64-vddq5_kube-system_5e937bc1-8681-11e9-9df3-5254008ef942_0
a40b7690914c 96eaf5076bfe "/usr/local/bin/kube…" 4 minutes ago Up 4 minutes k8s_kube-proxy_kube-proxy-r8bwq_kube-system_c8058575-8680-11e9-9df3-5254008ef942_0
de95d4f40a10 k8s.gcr.io/pause:3.1 "/pause" 4 minutes ago Up 4 minutes k8s_POD_kube-proxy-r8bwq_kube-system_c8058575-8680-11e9-9df3-5254008ef942_0
64a26cb7a348 a84dd4efbe5f "kube-scheduler --ad…" 4 minutes ago Up 4 minutes k8s_kube-scheduler_kube-scheduler-server1_kube-system_ee7b1077c61516320f4273309e9b4690_0
3aaf09541bc4 b57e69295df1 "etcd --advertise-cl…" 5 minutes ago Up 4 minutes k8s_etcd_etcd-server1_kube-system_62901bda05af0d9d9b9185862b776eb8_0
c5cd658b605a 6e3fa7b29763 "kube-apiserver --au…" 5 minutes ago Up 4 minutes k8s_kube-apiserver_kube-apiserver-server1_kube-system_219287070edde1f1a1ef514520c65e3e_0
34f7899e2f0d b9a2d5b91fd6 "kube-controller-man…" 5 minutes ago Up 5 minutes k8s_kube-controller-manager_kube-controller-manager-server1_kube-system_ce6614527f7b9b296834d491867f5fee_0
20c82b4fdc7c k8s.gcr.io/pause:3.1 "/pause" 5 minutes ago Up 4 minutes k8s_POD_kube-scheduler-server1_kube-system_ee7b1077c61516320f4273309e9b4690_0
11bd52490ca5 k8s.gcr.io/pause:3.1 "/pause" 5 minutes ago Up 5 minutes k8s_POD_kube-controller-manager-server1_kube-system_ce6614527f7b9b296834d491867f5fee_0
fca253e49b21 k8s.gcr.io/pause:3.1 "/pause" 5 minutes ago Up 5 minutes k8s_POD_etcd-server1_kube-system_62901bda05af0d9d9b9185862b776eb8_0
67b7740f3f64 k8s.gcr.io/pause:3.1 "/pause" 5 minutes ago Up 5 minutes k8s_POD_kube-apiserver-server1_kube-system_219287070edde1f1a1ef514520c65e3e_0
9.部署node节点
[root@docker2 mnt]# swapon -s
[root@docker2 mnt]# modprobe ip_vs_wrr
[root@docker2 mnt]# modprobe ip_vs_sh
[root@server2 mnt]# kubeadm join 172.25.26.1:6443 --token 693yuj.qgwr45c2229j9jpw --discovery-token-ca-cert-hash sha256:c2a74972df8d21ba875a37b3bf6fd595396a110f429feccf4c0d64c09e89ceb4
10.在master节点查看节点信息,可以看到node1 已经加入集群
[k8s@docker1 ~]$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
docker1 Ready master 34m v1.12.2
docker2 Ready 92s v1.12.2
10.在真机添加火墙策略
[root@foundation26 k8s]# iptables -t nat -I POSTROUTING -s 172.25.26.0/24 -j MASQUERADE
11.查看所有namespaces的pod
[k8s@docker1 ~]$ kubectl get pod --all-namespaces
然后删除状态有问题的,直到所有都是running,可以多刷新一会
[k8s@docker1 ~]$ kubectl delete pod coredns-576cbf47c7-bx8cl -n kube-system
[k8s@docker1 ~]$ kubectl get pod --all-namespaces