Kubernetes 集群组件:
- etcd 一个高可用的 K/V 键值对存储和服务发现系统
- flannel 实现夸主机的容器网络的通信
- kube-apiserver 提供 kubernetes 集群的 API 调用
- kube-controller-manager 确保集群服务
- kube-scheduler 调度容器,分配到 Node
- kubelet 在 Node 节点上按照配置文件中定义的容器规格启动容器
- kube-proxy 提供网络代理服务
安装
软件更新
1.机器分配
| 节点 | ip |
|---|---|
| Master | 192.168.139.148 |
| Node1 | 192.168.139.149 |
| Node2 | 192.168.139.150 |
| 2.关闭 CentOS7 自带的防火墙服务 |
3.系统初始化安装(所有主机)-选择【最小化安装】,然后 yum update,升级到最新版本
yum -y install epel-release
yum update
4.更新本地时间
systemctl start ntpd
systemctl enable ntpd
ntpdate ntp1.aliyun.com
hwclock -w
Master 节点配置
安装软件
[root@master ~]#
yum install -y etcd kubernetes-master ntp flannel
配置 etcd 服务器
[root@master ~]# vi /etc/etcd/etcd.conf
ETCD_NAME=default
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://localhost:2379,http://192.168.139.148:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.139.148:2379"
启动服务
systemctl start etcd
systemctl enable etcd
检查 etcd cluster 状态
[root@master ~]# etcdctl cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://192.168.139.148:2379
cluster is healthy
检查 etcd 集群成员列表,这次只配置了一台
[root@master ~]# etcdctl member list
8e9e05c52164694d: name=default peerURLs=http://localhost:2380 clientURLs=http://192.168.139.148:2379 isLeader=true
配置 kube-apiserver
修改 kube-apiserver bind-address
[root@master ~]# vi /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
配置 kube-scheduler
修改 address
[root@master ~]# vi /etc/kubernetes/scheduler
KUBE_SCHEDULER_ARGS="--address=0.0.0.0"
启动服务
for i in kube-apiserver kube-controller-manager kube-scheduler;do systemctl restart $i; systemctl enable $i;done
Node 节点配置
配置 node1 网络,本实例采用 flannel 方式来配置,如需其他方式,请参考 Kubernetes 官网。
配置 flannel
[root@node1 ~]# vi /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.139.148:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"
FLANNEL_OPTIONS=""
配置 kube-proxy
修改 master 的 apiserver 地址
[root@node1 ~]# vi /etc/kubernetes/config
KUBE_MASTER="--master=http://192.168.139.148:8080"
修改 kube-proxy 监听
[root@node1 ~]# vi /etc/kubernetes/proxy
KUBE_PROXY_ARGS="--bind=address=0.0.0.0"
配置 kubelet
修改 hostname-override
修改 api-server 地址
[root@node1 ~]# vi /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=127.0.0.1"
KUBELET_HOSTNAME="--hostname-override=node1"
KUBELET_API_SERVER="--api-servers=http://192.168.139.148:8080"
启动 node
for i in flanneld kube-proxy kubelet docker;do systemctl restart $i;systemctl enable $i;systemctl status $i ;done
配置 node2 节点
node2 节点和 node1 配置一致 , kubelet 配置中 hostname-override 改为 node2 即可。
环境检查
flannel 信息
[root@master ~]# etcdctl ls /atomic.io/network/subnets
/atomic.io/network/subnets/172.16.61.0-24
/atomic.io/network/subnets/172.16.45.0-24
[root@master ~]# etcdctl get /atomic.io/network/subnets/172.16.61.0-24
{"PublicIP":"192.168.139.150"}
[root@master ~]# etcdctl get /atomic.io/network/subnets/172.16.45.0-24
{"PublicIP":"192.168.139.149"}
查看节点
[root@master ~]# kubectl get nodes
NAME STATUS AGE
node1 Ready 2h
node2 Ready 2h
DashBoard 安装
1.查看 k8s 版本
[root@master ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"269f928217957e7126dc87e6adfa82242bfe5b1e", GitTreeState:"clean", BuildDate:"2017-07-03T15:31:10Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"269f928217957e7126dc87e6adfa82242bfe5b1e", GitTreeState:"clean", BuildDate:"2017-07-03T15:31:10Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"}
2.我们的 k8s 版本为 1.5.2 为防止不兼容我们使用 dashboard1.5.1 的配置
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.5.1/src/deploy/kubernetes-dashboard.yaml
3.修改下载的 dashboard 配置
dashboard 部署配置中使用的默认镜像需要翻墙,我们修改为阿里云的镜像。
image: registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64:v1.5.1
配置 dashboard 的 api-server 地址
args:
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
- --apiserver-host=http://192.168.139.148:8080
修改节点容器暴露的端口
- port: 80
nodePort: 30081
targetPort: 9090
4.部署 dashboard
kubectl apply -f kubernetes-dashboard.yaml
5.查看 pod 部署状态
kubectl describe pods --all-namespaces
如果出现错误,可以查看日志中的错误 cat /var/log/message
创建成功, 但是 kubectl get pods 没有结果
报错信息:no API token found for service account default
解决办法:编辑/etc/kubernetes/apiserver 去除 KUBE_ADMISSION_CONTROL 中的 SecurityContextDeny,ServiceAccount,并重启 kube-apiserver.service 服务
pod-infrastructure:latest 镜像下载失败
报错信息:image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.
解决方案:
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
检查服务
[root@master k8s-yaml]# kubectl get deploy --all-namespaces
NAMESPACE NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
kube-system kubernetes-dashboard 2 2 2 2 1h
[root@master k8s-yaml]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system kubernetes-dashboard-3350179127-8scg1 1/1 Running 0 1h
kube-system kubernetes-dashboard-3350179127-gfvg0 1/1 Running 0 1h
[root@master k8s-yaml]# kubectl get services --all-namespaces
NAMESPACE NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes 10.254.0.1 <none> 443/TCP 3h
kube-system kubernetes-dashboard 10.254.12.166 <nodes> 80:30081/TCP 1h
2.由于 k8s 的的 iptables 外网并无法直接访问我们监听的端口,需要允许转发
iptables -P FORWARD ACCEPT
3.访问服务
欢迎来到这里!
我们正在构建一个小众社区,大家在这里相互信任,以平等 • 自由 • 奔放的价值观进行分享交流。最终,希望大家能够找到与自己志同道合的伙伴,共同成长。
注册 关于