K8S Docker集群搭建

一 Kubernetes主件组成简介

​ kubernetes是google公司基于docker所做的一个分布式集群,有以下主件组成:

etcd: 高可用存储共享配置和服务发现,作为与minion机器上的flannel配套使用,作用是使每台 minion上运行的docker拥有不同的ip段,最终目的是使不同minion上正在运行的docker containner都有一个与别的任意一个containner(别的minion上运行的docker containner)不一样的IP地址。

flannel: 网络结构支持

kube-apiserver: 不论通过kubectl还是使用remote api 直接控制,都要经过apiserver

kube-controller-manager: 对replication controller, endpoints controller, namespace controller, and serviceaccounts controller的循环控制,与kube-apiserver交互,保证这些controller工作

kube-scheduler: Kubernetes scheduler的作用就是根据特定的调度算法将pod调度到指定的工作节点(minion)上,这一过程也叫绑定(bind)

kubelet: Kubelet运行在Kubernetes Minion Node上. 它是container agent的逻辑继任者

kube-proxy: kube-proxy是kubernetes 里运行在minion节点上的一个组件, 它起的作用是一个服务代理的角色

二 环境准备

1 centos7.4系统机器三台:

​ 10.110.30.50: 用来安装kubernetes master

​ 10.110.30.59: 用作kubernetes minion (minion1)

​ 10.110.30.60: 用作kubbernetes minion (minion2)

2 关闭系统运行的防火墙及selinux

2.1 如果系统开启了防火墙则按如下步骤关闭防火墙(所有机器)

systemctl stop firewalld 
systemctl disable firewalld

2.2 关闭selinux

setenforce 0 #临时关闭
sed -i '/^SELINUX=/cSELINUX=disabled' /etc/sysconfig/selinux #永久关闭

三 安装docker

1 docker旧版本安装(1.13.1版本)

1.1 执行安装命令

yum -y install docker

1.2 启动docker并设置开机启动

systemctl start docker
systemctl enable docker

1.3 验证docker是否安装成功

docker version

Client:
 Version:         1.13.1
 API version:     1.26
 Package version: docker-1.13.1-102.git7f2769b.el7.centos.x86_64
 Go version:      go1.10.3
 Git commit:      7f2769b/1.13.1
 Built:           Mon Aug  5 15:09:42 2019
 OS/Arch:         linux/amd64

Server:
 Version:         1.13.1
 API version:     1.26 (minimum version 1.12)
 Package version: docker-1.13.1-102.git7f2769b.el7.centos.x86_64
 Go version:      go1.10.3
 Git commit:      7f2769b/1.13.1
 Built:           Mon Aug  5 15:09:42 2019
 OS/Arch:         linux/amd64
 Experimental:    false

四 安装Kubernetes

1 MASTER安装配置

1.1 安装并配置Kubernetes master

yum -y install etcd kubernetes

配置etcd,确保列出的这些项都配置正确并且没有被注释掉,下面的配置都是如此

vi /etc/etcd/etcd.conf

ETCD_NAME="default"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"

配置kubernetes

vi /etc/kubernetes/apiserver

KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
KUBE_API_PORT="--port=8080"
KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:2379"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
KUBE_API_ARGS=""  

1.2 启动etcd, kube-apiserver, kube-controller-manager and kube-scheduler服务

systemctl restart etcd
systemctl restart kube-apiserver
systemctl restart kube-controller-manager
systemctl restart kube-scheduler

systemctl enable etcd
systemctl enable kube-apiserver
systemctl enable kube-controller-manager
systemctl enable kube-scheduler

systemctl status etcd
systemctl status kube-apiserver
systemctl status kube-controller-manager
systemctl status kube-scheduler

1.3 设置etcd网络

etcdctl -C http://127.0.0.1:2379 set /atomic.io/network/config '{"Network":"10.1.0.0/16"}'

1.4 查看节点运行状态

至此master配置完成,运行kubectl get nodes可以查看有多少minion在运行,以及其状态。

这里我们的minion还都没有开始安装配置,所以运行之后结果为空

kubectl get nodes

2 MINION安装配置(每台minion机器都按如下安装配置)

2.1 环境安装和配置

yum -y install flannel kubernetes

配置kubernetes连接的服务端IP

vi /etc/kubernetes/config

KUBE_MASTER="--master=http://10.110.30.50:8080"
KUBE_ETCD_SERVERS="--etcd_servers=http://10.110.30.50:2379"

配置kubernetes ,(HOSTNAME请使用每台minion自己的IP地址比如10.110.30.50,API_SERVER使用master节点的IP 地址)

vi /etc/kubernetes/kubelet

KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_PORT="--port=10250"
KUBELET_HOSTNAME="--hostname-override=10.110.30.59"
KUBELET_API_SERVER="--api-servers=http://10.110.30.50:8080"
KUBELET_ARGS=""

2.2 准备启动服务

如果本来机器上已经运行过docker的请看过来,没有运行过的请忽略此步骤,运行ifconfig,查看机器的网络配置情况(有docker0)

ifconfig docker0
Link encap:Ethernet HWaddr 02:42:B2:75:2E:67 inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 UP``BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0``errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0``RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)`

**注意:**在运行过docker的机器上可以看到有docker0,这里在启动服务之前需要删掉docker0配置,在命令行运行:

sudo ip link delete docker0

2.3 配置flannel网络

vi /etc/sysconfig/flanneld

FLANNEL_ETCD_ENDPOINTS="http://10.110.30.50:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"

注意:其中atomic.io与上面etcd中的Network对应

2.4 启动服务

systemctl restart flanneld
systemctl restart kube-proxy
systemctl restart kubelet
systemctl restart docker

systemctl enable flanneld
systemctl enable kube-proxy
systemctl enable kubelet
systemctl enable docker

systemctl status flanneld
systemctl status kube-proxy
systemctl status kubelet
systemctl status docker

五 搭建本地镜像仓库

1 registry仓库搭建

1.1 载入registry镜像

上传registry.tar镜像文件到master节点指定路径,执行docker load命令:

docker load --input registry.tar

1.2 查看镜像

docker images

REPOSITORY           TAG                 IMAGE ID            CREATED             SIZE
docker.io/registry   latest                   9d0c4eabab4d        2 years ago         33.2 MB

1.3 启动registry

/home/data/registrydata是一个比较大的系统分区,今后镜像仓库中的全部数据都会保存在这个外挂目录下

docker run -d -p 5000:5000 --name=registry --restart=always --privileged=true  --log-driver=none -v /home/data/registrydata:/tmp/registry registry

1.4 修改配置文件使registry生效

#方法1:
vim /etc/sysconfig/docker加入
OPTIONS='--insecure-registry=10.110.30.50:5000'
systemctl restart docker
#方法2
echo '{ "insecure-registries":["10.110.30.50:5000"] }' > /etc/docker/daemon.json
systemctl restart docker

1.5 测试registry镜像仓库

#在master节点执行上传镜像操作
docker tag docker.io/registry:latest 10.110.30.50:5000/liberary/registry:latest
docker push 10.110.30.50:5000/liberary/registry:latest
#在minion节点执行下拉镜像操作
docker pull 10.110.30.50:5000/liberary/registry:latest
docker images

REPOSITORY                            TAG                 IMAGE ID            CREATED             SIZE
10.110.30.50:5000/liberary/registry   latest              f32a97de94e1        5 months ago        25.8 MB

未完待续…

你可能感兴趣的:(环境部署)