How-to setup Kubernetes to manage Docker Cluster on ubuntu
ʲô�� Kubernetes
Kubernetes ������ Google ��ƽ̨�Ŀ�Դ������Ⱥ����ϵͳ������ Docker ����һ�������ĵ��ȷ���ϵͳ�����Զ���һ��������Ⱥ��ѡ��һ������������ʹ�á�����ĸ����� Container Pod����ϸ�����˼·��ο�������
���� Kubernetes ϵͳ�ܹ���������ܼ� ������
����ͨ��ʵ�ʲ�������ʾKubernetes��ʹ�ã���Ҫ�����������ݣ�
�������ܣ��Լ�Kubernetes��Ⱥ���ܹ�
��װ����Open vSwitch���������ͨ�Ź���
��װ����Etcd��Kubernetes�ĸ������
��ʾKubernetes���������ͷ���
�������ܹ�
����ϵͳ: ubuntu 14.04 x86_64
Kubernetes: v1.0.1
Etcd�汾: 3.0.0
Docker�汾: 1.6.2
Open vSwith�汾: 2.0.2
������Ϣ
��������Ϣ:
Role service Hostname IP Address master Kube-APIServer kubelet proxy etcd lucy.suzf.net 172.16.9.86 Minion1 kubelet proxy open-switch docker eva.suzf.net 172.16.9.10 Minion2 kubelet proxy open-switch docker cali.suzf.net 172.16.9.20
����ϸ���ܲ���Kubernetes��Ⱥǰ���ȸ���չʾ�¼�Ⱥ�����ܹ�������ͼ��֪�����ϵͳ��Ϊ�����֣���һ������Kubernetes APIServer�������ϵͳ�ĺ��ģ��е���Ⱥ�����������Ĺ��?�����ڶ�������minion������Container Daemon��������������Ϣ֮�أ�ͬʱ��minion������Open vSwitch����ͨ��GRE Tunnel����minions֮��Pod������ͨ�Ź�����
http://suzf.net ���ֹ����� ��ӭ��ע�뽻�� ^_^
��װOpen vSwitch������GRE
Ϊ�˽����minion֮��Pod��ͨ�����⣬������ÿ��minion�ϰ�װOpen vSwtich����ʹ��GRE����VxLANʹ�ÿ����֮��P11od���ͨ�ţ�����ʹ��GRE����VxLANͨ��������Ҫ����Ĵ��ģ�����С����� Open vSwitch�Ľ�����ο���һƪ����Open vSwitch��
[ both minion ] sudo apt-get install openvswitch-switch bridge-utils -y
��װ��Open vSwitch���Žӹ��ߺ������㽨��minion�ڵ�֮��������
����������minion�Ϸֱ���OVS Bridge��
sudo ovs-vsctl add-br obr0
����������gre�������½���gre0��ӵ�obr0
# minion1 sudo ovs-vsctl add-port obr0 gre0 -- set Interface gre0 type=gre options:remote_ip=172.16.3.20 # minion2 sudo ovs-vsctl add-port obr0 gre0 -- set Interface gre0 type=gre options:remote_ip=172.16.3.10
���ˣ�minion1��minion2֮�������Ѿ�������Ȼ��������minion1��minion2�ϴ���Linux����kbr0��� DockerĬ�ϵ�docker0�����Ǽ���minion1��minion2���Ѱ�װDocker��������minion1��kbr0�ĵ�ַΪ 172.17.1.1/24�� minion2��kbr0�ĵ�ַΪ172.17.2.1/24�������obr0Ϊkbr0�Ľӿڣ�����������minion1��minion2��ִ�У�
[ both minion ] # sudo brctl addbr kbr0 # ����linux bridge����docker0 # sudo brctl addif kbr0 obr0 # ���obr0Ϊkbr0�Ľӿ� # # sudo ip link set dev obr0 up # ����obr0Ϊup״̬ # sudo ip link set dev docker0 down # ����docker0Ϊdown״̬ # sudo ip link del dev docker0 # ɾ��docker0����ѡ
�鿴��Щ�ӿڵ�״̬
# service openvswitch-switch status
openvswitch-switch start/running
@eva:~# ovs-vsctl show
52c65487-12fc-4228-b2ee-7c5ba409d8d2
Bridge "obr0"
Port "gre0"
Interface "gre0"
type: gre
options: {remote_ip="172.16.3.20"}
Port "obr0"
Interface "obr0"
type: internal
ovs_version: "2.0.2"
@eva:~# brctl show
bridge name bridge id STP enabled interfaces
kbr0 8000.de14d8a90948 no obr0
Ϊ��ʹ�½���kbr0��ÿ��ϵͳ��������Ȼ��Ч��������minion1��/etc/network/interfaces�ļ���
���������£�����CentOS�ϻ���Щ��һ��
@eva:~# tail -9 /etc/network/interfaces auto kbr0 iface kbr0 inet static address 172.16.1.1 netmask 255.255.255.0 # gateway 172.16.1.0 # dns-nameservers 172.31.1.1 up route add 172.16.2.0/24 via 172.16.3.20 dev eth0 down route add 172.16.2.0/24 via 172.16.3.20 dev eth0
minion2 ���������� ��Ȼ�� ������������ӿ�
sudo ip link set dev obr0 up
������minion1��minion2�Ϸ���kbr0����������Ӧ��IP��ַ��
�������Ǵ��������������ͨ�š�������������Ϊ��minion1��minion2��ȱ�ٷ���172.17.2.1��172.17.1.1��·�ɣ����������Ҫ���·�ɱ�֤�˴�֮����ͨ�ţ�
# minion1 ��ִ�� sudo ip route add 172.16.2.0/24 via 172.16.3.20 dev eth0 # minion2 ��ִ�� sudo ip route add 172.16.1.0/24 via 172.16.3.10 dev eth0
��������֮�������ͨ����
@eva:~# ping 172.16.2.1 -c 2 PING 172.16.2.1 (172.16.2.1) 56(84) bytes of data. 64 bytes from 172.16.2.1: icmp_seq=1 ttl=64 time=0.714 ms 64 bytes from 172.16.2.1: icmp_seq=2 ttl=64 time=0.337 ms --- 172.16.2.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.337/0.525/0.714/0.189 ms @cali:~# ping 172.16.1.1 -c 2 PING 172.16.1.1 (172.16.1.1) 56(84) bytes of data. 64 bytes from 172.16.1.1: icmp_seq=1 ttl=64 time=0.577 ms 64 bytes from 172.16.1.1: icmp_seq=2 ttl=64 time=0.269 ms --- 172.16.1.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.269/0.423/0.577/0.154 ms
Minion �ڵ㰲װ docker
[ both minion ] sudo apt-get install docker.io -y
��dockerĬ���Ž�����,������
sudo vi /etc/default/docker DOCKER_OPTS="-b kbr0" sudo service docker restart
Etcd ��װ������
etcd��һ����Դ���������ù���ͷ����ֵĸ����ܵļ�ֵ�洢ϵͳ��
ע�⣺���������������������ļ�Ŀ¼�������/opt/binĿ¼����Ϊ�����ű�����д�ľ������Ŀ¼��
@lucy:~# cd /usr/local/src/ @lucy:/usr/local/src#sudo wget https://github.com/coreos/etcd/releases/download/v3.0.0/etcd-v3.0.0-linux-amd64.tar.gz tar xf etcd-v3.0.0-linux-amd64.tar.gz cd etcd-v3.0.0-linux-amd64/ mkdir /opt/bin cp -a etcd etcdctl /opt/bin
etcd�ٷ�����ʹ���µ�2379�˿ڴ���4001
cat > /etc/default/etcd << EOF ETCD_OPTS="\\ --listen-client-urls http://0.0.0.0:4001 \\ --advertise-client-urls http://0.0.0.0:4001 \\ --data-dir /var/lib/etcd/default.etcd" EOF # ѡ��˵���� --listen-peer-urls ��etcd��Ϊ�ֲ�ʽ�ڵ�ͨ�Ŷ˿ڣ�Ĭ��ָ���˿�7001���������������ǵ��ڵ㣬���������Բ�д����Ҫ֪������v2�汾�иı�Ϊ2380��7001�Կ��� --listen-client-urls ���ͻ��˲���etcd API�Ķ˿ڣ�Ĭ��ָ���˿�4001��v2�иı�Ϊ2379����k8s������Ҫʹ��4001�˿� --data-dir ��ָ����ݴ��Ŀ¼ --advertise-client-urls ����Ϊ�ֲ�ʽ�Ŀͻ������Ӷ˿ڣ����д��������������±��� etcdmain: error verifying flags, -advertise-client-urls is required when -listen-client-urls is set explicitly. See 'etcd --help'. etcdmain: When listening on specific address(es), this etcd process must advertise accessible url(s) to each connected client.
etcd�������úú��Ȳ����������������kubernetes�ṩ�������ű������� one key start cool ~ ~~
���氲װ Kubernetes APIServer ��kubelet��proxy �ȷ���
��װKubernetes APIServer
���ذ�װkubernetes�����
�����Լ���Դ�����kubernetes����Ҫ��װgolang��������Ҳ���Դ�GitHub Kubernetes repo release page.ѡ��Դ���v1.0.1�汾���ء�
@lucy:~# cd /usr/local/src/ @lucy:/usr/local/src#sudo wget https://github.com/coreos/etcd/releases/download/v3.0.0/etcd-v3.0.0-linux-amd64.tar.gz @lucy:/usr/local/src#sudo wget https://github.com/GoogleCloudPlatform/kubernetes/releases/download/v1.0.1/kubernetes.tar.gz
Ȼ���ѹ���ص�kubernetes��etcd����kubernetes(minion1)��minion2�ϴ���Ŀ¼/opt/bin
[ All nodes ] # mkdir /opt/bin # echo "export PATH=\$PATH:/opt/bin" >> /etc/profile # source /etc/profile
��ѹkubernetes
tar xf kubernetes.tar.gz cd kubernetes/server && tar xf kubernetes-server-linux-amd64.tar.gz cd kubernetes/server/bin/
APIserver������Ҫ����kube-apiserver kube-scheduler kube-controller-manager kubecfg�ĸ�
@lucy #cp kube-apiserver kube-scheduler kube-controller-manager kubecfg /opt/bin/
��proxy��kubelet���Ƶ�����minions��ȷ����Щ�ļ����ǿ�ִ�е�
scp kube-proxy kubelet [email protected]:/opt/bin scp kube-proxy kubelet [email protected]:/opt/bin
���������������ű�
cd /usr/local/src/kubernetes/cluster/ubuntu @lucy:/usr/local/src/kubernetes/cluster/ubuntu# cp master/init_scripts/* /etc/init.d/ @lucy:/usr/local/src/kubernetes/cluster/ubuntu# cp master/init_conf/* /etc/init/
����kube*����ѡ��
# kube-apiserver cat > /etc/default/kube-apiserver << EOF KUBE_APISERVER_OPTS="--address=0.0.0.0 \\ --port=8080 \\ --etcd_servers=http://127.0.0.1:4001 \\ --logtostderr=true \\ --portal_net=172.16.9.0/24" EOF # ѡ��˵���� --insecure-bind-address��api�����ַ --insecure-port��api����˿� --service-cluster-ip-range������˵��service��ɫ�Ƕ��弯Ⱥ��һ��pod���ϣ����pod�������ṩһ�ַ�������serviceʱ�����һ��CLUSTER_IP�ṩͳһ�ķ�����ڣ���ô�����ѡ�����ָ�������IP��Χ --etcd_servers��ָ��etcd���ӵ�ַ # kube-scheduler cat > /etc/default/kube-scheduler << EOF KUBE_SCHEDULER_OPTS="--master=127.0.0.1:8080 \\ --logtostderr=true" EOF # kube-controller-manager cat > /etc/default/kube-controller-manager << EOF KUBE_CONTROLLER_MANAGER_OPTS="--master=127.0.0.1:8080 \\ --logtostderr=true" EOF
Minion ����
* ����kubelet��kube-proxy�ȵ� minion1��
@lucy:/usr/local/src/kubernetes/cluster/ubuntu# scp minion/init_scripts/kube* 172.16.9.10:/etc/init.d/
@lucy:/usr/local/src/kubernetes/cluster/ubuntu# scp minion/init_conf/{kubelet,kube-proxy}.conf 172.16.9.10:/etc/init/
# ע�⣺ubuntuĬ�Ͻ�ֹrootԶ�̵�¼����Ҫ��������ssh��¼��Ҳ�����Ƚ������ư��minion��������ssh��¼���û���Ȼ����sudo�ƶ���/opt/binĿ¼
* �� minion1 �˽���
cat> /etc/default/kubelet << EOF
KUBELET_OPTS="--address=0.0.0.0 \\
--port=10250 \\
--hostname_override=172.16.3.10 \\
--api_servers=http://172.16.3.100:8080 \\
--pod-infra-container-image=docker.io/kubernetes/pause:latest \\
--logtostderr=true"
EOF
ѡ��˵��
--hostname_override����master����ʾ�Ľڵ���ƣ���Ӧ��minion�����Ķ�Ӧ��IP
--pod-infra-container-image������podʱ���ؾ����ַ��Ĭ����gcr.io/google_containers/pause:0.8.0����Ҫ��ǽ���ܷ��ʣ�����ָ���˹ٷ���������Դ
cat> /etc/default/kube-proxy << EOF
KUBE_PROXY_OPTS="--master=http://172.16.3.100:8080 \\
--logtostderr=true"
EOF
# (�� minion2 �ظ����� * �������裬������.10�ij�.20)
�������þ�����Launch
@lucy:~# service etcd start etcd start/running, process 4030 # ע�⣺���etcd�������̲����ڣ�����ȥ��/etc/init.d/etcd��64�е� >> $ETCD_LOGFILE 2>&1����־�ⲿ�����������ԡ� @lucy:~# /etc/init.d/kube-apiserver start * Kube-Apiserver is managed via upstart, try using service kube-apiserver start What are you Ūɶ��? �鿴һ��etcd �������ű� ������һ���ж� @lucy:~# sed -n '36,39'p /etc/init.d/etcd # see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it) if false && [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then log_failure_msg "$ETCD_DESC is managed via upstart, try using service $BASE $1" exit 1 @lucy:~# sed -n '36,39'p /etc/init.d/kube-apiserver # see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it) if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then log_failure_msg "$KUBE_APISERVER_DESC is managed via upstart, try using service $BASE $1" exit 1 �����ж�����һ�ԣ� �Ǻ� ����~ @lucy:~# service kube-apiserver start kube-apiserver start/running, process 4222 kube-apiserver��������Զ�����kube-scheduler��kube-controller-manager ��Щ�������־���Դ�/var/log/upstart/���ҵ��� lucy:~# ls /var/log/upstart/kube-* /var/log/upstart/kube-apiserver.log /var/log/upstart/kube-controller-manager.log /var/log/upstart/kube-scheduler.log
����ͨ��etcdctl�鿴��etcd�洢�Ź��ڼ�Ⱥ�ĸ�����Ϣ
@lucy:~# etcdctl ls /registry /registry/minions /registry/namespaces /registry/pods /registry/ranges /registry/serviceaccounts /registry/services /registry/controllers /registry/events
���� minion �ڵ� ����
[ both minion ] # service kube-proxy start # service kubelet start
���� kubernetes ���������ˣ��鿴�¼�Ⱥ�ڵ㣺
kubernetes��������
# kubectl get nodes # ��鿴minion����
# kubectl get pods # �鿴pods�嵥
# kubectl get services # �鿴service�嵥
# kubectl get services -o json # �鿴service�嵥 �� json ��ʽ���
# kubectl get replicationControllers # �鿴replicationControllers�嵥
# for i in `kubectl get pod|tail -n +2|awk '{print $1}'`; do kubectl delete pod $i; done #ɾ������pods
����ͨ��Server api for REST��ʽ���Ƽ�����ʱ�Ը�ߣ�
kubernetes ����
��������һ��nginx��
# kubectl run --image=nginx nginx-test-by-suzf-net replicationcontroller "nginx-test-by-suzf-net" created
���δ���Ҫ���ؾ�����ȴ�����ӣ��鿴��Ⱥpods��
# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-test-by-suzf-net-uepzq 1/1 Running 0 8h
ʹ��yaml �ļ����� pod
root@lucy:~# cat nginx-pod.yaml apiVersion: v1 kind: Pod metadata: name: nginx labels: app: nginx spec: containers: - name: nginx image: nginx ports: - containerPort: 80 root@lucy:~# kubectl create -f nginx-pod.yaml pods/nginx root@lucy:~# kubectl get pod NAME READY STATUS RESTARTS AGE nginx 1/1 Running 0 29s nginx-test-by-suzf-net-uepzq 1/1 Running 0 8h
�鿴�´�����nginx��Ϣ
����һ�� ����
��Ȼ����Ҳ����ʹ��Kubernetes�ṩ������Guestbook�����ص�Դ��exampleĿ¼�¿����ҵ����������ԡ�
���ˣ�kubernetes��Ⱥ�Ͳ���ɹ��ˡ���ӭ�����ע ^_^.
�ο��ĵ�
http://kubernetes.io/docs/getting-started-guides/ubuntu/
http://lizhenliang.blog.51cto.com/7876557/1736572
http://blog.liuts.com/post/247/
https://segmentfault.com/a/1190000002620961
License��Attribution-NonCommercial-NoDerivatives 4.0 International
���ij��� Suzf Blog�� ��δע������Ϊ SUZF.NET ԭ����
ת����ע��������http://suzf.net/thread-0702-951.html
���ij��� ��Suzf Blog�� ���ͣ�����ر����˳���http://oceanszf.blog.51cto.com/6268931/1795392