这个文章在墙外写的, 没有考虑翻墙的问题. 仅供参考.
This is a simple guide to introduce how to setup k8s cluster locally for function validation and study.I only put necessary commands here, for any question, please feel free to ask me.
Prerequirements:
Setup 2 VMs by VirtualBox with:
4G memory, 1 CPU and 10G disk.
Bridge network with your wifi network.
Ubuntu 18.04 and open ssh enabled. (please do not change OS, you may have different issues)
Direct Internet access.
vm1 is master node with IP 192.168.1.69
vm2 is work node with IP 192.168.1.100
create user test with sudoers
There are many ways to setup k8s, I found 2 ways most efficient:
Option 1: Kubeadm, do steps A - G
Option 2: Rancher, do steps A and H (recommanded)
Step-by-step guides
A. Install Docker
Add your local ssh id to make login faster: ssh-copy-id [email protected]
sudo -i
apt-get update
apt install docker.io
systemctl start docker
systemctl enable docker
docker --version
groupadd docker
gpasswd -a test docker
newgrp docker
su te
docker ps
swapoff -a
vi/etc/fstab
B. Install k8s services
apt-get update && apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
vi /etc/apt/sources.list.d/kubernetes.list, append:
deb https://apt.kubernetes.io/ kubernetes-xenial main
apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
C. Initialize k8s cluster
kubeadm init --apiserver-advertise-address 192.168.1.69 --pod-network-cidr=10.244.0.0/16
This step will output command to add new node, keep it to add new node. It looks like:
kubeadm join 192.168.1.69:6443 --token dx4tq3.ltzv9y0xj4edae3q --discovery-token-ca-cert-hash sha256:d79c67a2e06bcc63734b82619e25130bef8265ea51189ad66a04674f92646d78
export KUBECONFIG=/etc/kubernetes/admin.conf
su test
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl get nodes
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
kubectl get pods --all-namespaces
Enable remote kubrctl: copy /etc/kubernetes/admin.conf as $HOME/.kube/config
D. Allow master node as worker
kubectl taint nodes --all node-role.kubernetes.io/master-
E. Add new node (VM2)
Repeat steps A-C on new node(VM) and execute command copied from step C.1
F. Try deploy
kubectl run tomcat001 --image=tomcat:7.0.82-jre7 --replicas=2 --port=8080
kubectl expose deploy tomcat001 --type=NodePort --target-port=8080
G. Retire node(Do it in need)
kubectl drain
kubectl delete node
#ssh to removed node
kubeadm reset
iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X
=============Kubenetes setup with kubeadm is end by here=============
H. Install K8S by Rancher 2
only do step A and on master node:
docker pull rancher/rancher
mkdir -p /docker_volume/rancher_home/rancher
mkdir -p /docker_volume/rancher_home/auditlog
docker run -d --restart=unless-stopped -p 8088:8088 -p 8443:8443 -v /docker_volume/rancher_home/rancher:/var/lib/rancher-v /docker_volume/rancher_home/auditlog:/var/log/auditlog--name rancher rancher/rancher
docker container ls
Visit https://192.168.1.69:8443, create Cluster, select etcd, controller, worker. Copy command run on vm by root. following is example command, it will diffent on your machine. Notice when you run docker container with privileged mode, it allow rancher has root privilege on your host, it required by dind containers like fn project.
sudo docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:master-2489-head --server https://192.168.1.69 --token t8zxhzpctwc2524qpgxmjwf54t48m4sn8kwl9w5z4c8rzptlp59w8c --ca-checksum 7df6f746dad31ac2a40c020196675bb276b018b9aa206d138e23b2cfc48b2247 --etcd --controlplane --worker
Add node: Only select worker to generate another command run on vm2.
Then you can try deploy, install Traefik by app store and other things.
I. Install Helm 2/3
helm 2 require to install Tiller service in k8s cluster, helm 3 do not require install, it has sightly script changes. We are using helm 2.
Following steps show how to install helm 2 and use it install services.
wget https://get.helm.sh/helm-v2.16.2-linux-amd64.tar.gz
helm init
helm search redis
helm install stable/redis
Trouble shooting for helm 2, if you got "no available release name found" for helm install, it is because Tiller has not enough permission. Use following steps to fix:
kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
Tips:
Put following alias to your .bash_profile to make k8s command easier, you also could use bash_completion if you have root access.
alias k=kubectl
alias kg='kubectl get pod'
alias kga='kubectl get pods --all-namespaces'
alias kd='kubectl describe pod'
alias ke='func() { k exec -it $1 sh;}; func'
alias kubectl='_kubectl_custom(){ if [[ "$1" == "ns" && "$2" != "" ]]; then kubectl config set-context --current --namespace=$2; elif [[ "$1" == "ns" && "$2" == "" ]]; then kubectl get ns; elif [[ "$1" == "ns" && "$2" == "" ]]; then kubectl config get-contexts | sed -n "2p" | awk "{print \$5}"; else kubectl $*; fi;}; _kubectl_custom'
#use k ns q01p01 to set default namespace.