centos7.6安装Kubernetes1.14.1集群
大纲
基础概念 认证、授权及准人控制
集群部署及陈述配置清单 网络模型及网络策略
资源类型及配置清单 Pod资源调度
Pod资源 CRD、自定义资源、自定义控制器及自定义API server
Pod控制器 资源指标与HPA控制器
Service资源 Helm管理器
存储卷 ConfigMap与Secret资源
StafulSet控制器 高可用kubernetes
Kunernetes 已经更新到1.14.1版本 1.15.0已经进入release阶段
Kubernetes Architecture
Etcd:一个kv存储器,支持一些额外的高级功能,由core OS研发,不是kernetes自带的
Scheduler:调度器,调度node节点
Controller:声明式API,对比存储在etcd中客户的需求和已经运行起来
的一致不一致,不一致则通过各种方法保持一致
API server:唯一接受客户端的请求接口,是一个数据库,检查客户端
的命令是否正确,如果正确则存储到etcd中
部署kubernetes
部署工具
安装
环境说明:
| 主机名 | ip地址 | 角色 | 系统 |
|---|---|---|---|
| master | 172.16.55.178 | master | Centos 7.6 |
| node_1 | 172.16.55.179 | node | Centos 7.6 |
一、主机环境预设
1、 修改主机名及主机名称解析
Mster:
[root@master ~]# hostnamectl set-hostname master
[root@master ~]# cat /etc/hosts27.0.0.1 localhost localhost.localdomain localhost4
ocalhost4.localdomain4
172.16.55.178 master
172.16.55.179 node_1
[root@master ~]# scp /etc/hosts node_1:/etc/
Node:
[root@node_1 ~]# hostnamectl set-hostname node_1
2、时间同步
Master:
[root@master ~]# systemctl start chronyd.service
[root@master ~]# systemctl enable chronyd.service
Node:
[root@node_1 ~]# systemctl start chronyd.service
[root@node_1 ~]# systemctl enable chronyd.service
3、配置防火墙
Master:
[root@master ~]# systemctl enable firewalld
[root@master ~]# systemctl start firewalld
[root@master ~]# firewall-cmd --add-masquerade --permanent
[root@master ~]# firewall-cmd --add-port=10250/tcp --permanent
[root@master ~]# firewall-cmd --add-port=8472/udp --permanent
[root@master ~]# firewall-cmd --add-port=6443/tcp --permanent
[root@master ~]# firewall-cmd –reload
Node:
[root@node_1 ~]# systemctl enable firewalld
[root@node_1 ~]# systemctl start firewalld
[root@node_1 ~]# firewall-cmd --add-masquerade --permanent
[root@node_1 ~]# firewall-cmd --add-port=10250/tcp --permanent
[root@node_1 ~]# firewall-cmd --add-port=8472/udp --permanent
[root@node_1 ~]# firewall-cmd --add-port=6443/tcp --permanent
[root@node_1 ~]# firewall-cmd –reload
并且在阿里云的安全组中添加端口
4、禁用Selinux
Master:
[root@master ~]# sed -i 's@^\(SELINUX=\).*@\Idisabled@' /etc/sysconfig/selinux
[root@master ~]# setenforce 0
Node:
[root@node_1 ~]# sed -i 's@^\(SELINUX=\).*@\Idisabled@' /etc/sysconfig/selinux
[root@node_1 ~]# setenforce 0
二、安装docker
1、下载阿里的docker源
用阿里云的docker源
下载docker镜像源:
Master:
[root@master ~]# cd /etc/yum.repos.d/
[root@master yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@master yum.repos.d]# scp docker-ce.repo node_1:/etc/yum.repos.d/
2、安装docker
Master:
[root@master yum.repos.d]# yum -y install docker-ce
Node:
[root@node_1 ~]# yum -y install docker-ce
3、用阿里云给docker加速:(在阿里云的容器镜像服务中找到镜像加速器,按照实例添加)
Master:
[root@master ~]# mkdir -p /etc/docker
[root@master ~]# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://xxxxxx.mirror.aliyuncs.com"]
}
EOF
[root@master ~]# systemctl daemon-reload
[root@master ~]# scp /etc/docker/daemon.json node_1:/etc/docker/daemon.json
Node:
[root@node_1 ~]# systemctl daemon-reload
4、启动docker服务
Master:
[root@master ~]# systemctl restart docker.service
[root@master ~]# systemctl enable docker
Node:
[root@node_1 ~]# systemctl restart docker.service
[root@node_1 ~]# systemctl enable docker
5、添加iptables
在/usr/lib/systemd/system/docker.service中添加:
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
6、添加bridge
如果执行sysctl -a | grep bridge 显示:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
则不用修改
如果没有,则添加:
[root@master system]# cat /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
7、重载
[root@master system]# sysctl -p /etc/sysctl.d/k8s.conf
8、重新启动docker
Master:
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker.service
[root@master ~]# systemctl enable docker
Node:
[root@node_1 ~]# systemctl daemon-reload
[root@node_1 ~]# systemctl restart docker.service
[root@node_1 ~]# systemctl enable docker
二、安装kubernetes
1、获取kubernetes
从阿里云复制kubernetes源地址
需要验证yum源,复制rpm-package-key.gpg和yum-key.gpg地址写入kubernetes.repo中
编写kubernetes源
[root@master yum.repos.d]# cat kubernetes.repo
[kubernetes]
name = kubernetes
baseurl = https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgkey = https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
gpgcheck = 1
2、安装kubernetes
Master:
[root@master yum.repos.d]# yum -y install kubectl kubelet kubeadm
[root@master ~]# scp /etc/yum.repos.d/kubernetes.repo node_1:/etc/yum.repos.d/
Node:
[root@node_1 ~]# yum -y install kubectl kubelet kubeadm
3、添加Swap禁用
Master:
[root@master yum.repos.d]# cat /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
[root@master ~]# scp /etc/sysconfig/kubelet node_1:/etc/sysconfig/kubelet
4、下载镜像
因为某些原因,访问不了k8s.gcr.io网站,可以用下面的脚本提前下载所需的镜像
Master:
[root@master ~]# cat docker.sh
#!/bin/bash/
echo
"=========================================================="
echo "Pull Kubernetes v1.14.1 Images from aliyuncs.com ......"
echo
"=========================================================="
MY_REGISTRY=registry.cn-hangzhou.aliyuncs.com/openthings
##拉取镜像
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.14.1
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.14.1
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.14.1
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.14.1
docker pull ${MY_REGISTRY}/k8s-gcr-io-etcd:3.3.10
docker pull ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
docker pull ${MY_REGISTRY}/k8s-gcr-io-coredns:1.3.1
##添加Tag
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.14.1 k8s.gcr.io/kube-apiserver:v1.14.1
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.14.1 k8s.gcr.io/kube-scheduler:v1.14.1
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.14.1 k8s.gcr.io/kube-controller-manager:v1.14.1
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.14.1 k8s.gcr.io/kube-proxy:v1.14.1
docker tag ${MY_REGISTRY}/k8s-gcr-io-etcd:3.3.10 k8s.gcr.io/etcd:3.3.10
docker tag ${MY_REGISTRY}/k8s-gcr-io-pause:3.1 k8s.gcr.io/pause:3.1
docker tag ${MY_REGISTRY}/k8s-gcr-io-coredns:1.3.1 k8s.gcr.io/coredns:1.3.1
##删除镜像
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-apiserver:v1.14.1
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-controller-manager:v1.14.1
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-scheduler:v1.14.1
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.14.1
docker rmi ${MY_REGISTRY}/k8s-gcr-io-etcd:3.3.10
docker rmi ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
docker rmi ${MY_REGISTRY}/k8s-gcr-io-coredns:1.3.1
echo
"=========================================================="
echo "镜像源自:“registry.cn-hangzhou.aliyuncs.com/openthings"
echo
"=========================================================="
[root@master ~]# chmod +x docker.sh
[root@master ~]# ./docker.sh
5、初始化主节点
Master:
[root@master ~]# kubeadm init --kubernetes-version=v1.14.1 --pod network-cidr=10.244.0.0/16 --ignore-preflight-errors=Swap
看到如下内容即创建成功:
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now
deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed
at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.16.55.178:6443 --token vm4qrj.j5ra4zx2maqxxa0m \
--discovery-token-ca-cert-hash
sha256:e9f803350ba1e05cb109863829c1f1140547823835c86fac0e82b38f3812b6dd
6、配置kubernetes环境变量
如果是root用户:
[root@master ~]# export KUBECONFIG=/etc/kubernetes/admin.conf
如果是别的用户:
[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
7、查看集群状态
[root@master ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy
ok
etcd-0 Healthy {"health":"true"}
结果显示均为"Healthy ok",那就是ok了
8、安装flannel网络
Master:
[root@master ~]# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
查看master状态:
[root@master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master NotReady master 161m v1.14.1
等flannel镜像下载好之后就会变成ready,稍等一下,再次查看。
[root@master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 161m v1.14.1
三、添加节点
1、添加node节点
Node:
下载镜像:
[root@node_1 ~]# cat docker.sh
#!/bin/bash
echo
"=========================================================="
echo "Pull Kubernetes v1.14.1 Images from aliyuncs.com ......"
echo
"=========================================================="
MY_REGISTRY=registry.cn-hangzhou.aliyuncs.com/openthings
## 拉取镜像
docker pull ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.14.1
docker pull ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
## 添加Tag
docker tag ${MY_REGISTRY}/k8s-gcr-io-pause:3.1 k8s.gcr.io/pause:3.1
docker tag ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.14.1 k8s.gcr.io/kube-proxy:v1.14.1
## 删除镜像
docker rmi ${MY_REGISTRY}/k8s-gcr-io-kube-proxy:v1.14.1
docker rmi ${MY_REGISTRY}/k8s-gcr-io-pause:3.1
echo
"=========================================================="
echo "镜像源自:“registry.cn-hangzhou.aliyuncs.com/openthings"
echo
"=========================================================="
[root@node_1 ~]# chmod +x docker.sh
[root@node_1 ~]# ./docker.sh
添加到master上:只需要执行master初始化时输出的下面的命令即可:
[root@node_1 ~]# kubeadm join 172.16.55.178:6443 --token vm4qrj.j5ra4zx2maqxxa0m \
--discovery-token-ca-cert-hash
sha256:e9f803350ba1e05cb109863829c1f1140547823835c86fac0e82b38f3812b6dd
输出下面的字段则加入成功。
在master上面产看集群:
[root@master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 161m v1.14.1
node_1 NotReady 160m v1.14.1
稍等片刻,等待node节点下载完flannel后再次查看:
[root@master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 161m v1.14.1
node_1 Ready 160m v1.14.1
2、创建示例
创建示例:
[root@master ~]# kubectl create deployment nginx --image=nginx:1.15.1
产看pod:
[root@master ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-555684ffd6-qjnnm 1/1 Running 1 18m
搭建完成。