Kubernetes 、Dashboard 配置安装

Kubernetes 集群组件:

• etcd 一个高可用的 K/V 键值对存储和服务发现系统
• flannel 实现夸主机的容器网络的通信
• kube-apiserver 提供 kubernetes 集群的 API 调用
• kube-controller-manager 确保集群服务
• kube-scheduler 调度容器，分配到 Node
• kubelet 在 Node 节点上按照配置文件中定义的容器规格启动容器
• kube-proxy 提供网络代理服务

安装

软件更新

1.机器分配

3.系统初始化安装（所有主机）-选择【最小化安装】,然后 yum update,升级到最新版本

yum -y install epel-release  
yum update

4.更新本地时间

systemctl start ntpd
systemctl enable ntpd
ntpdate ntp1.aliyun.com
hwclock -w

Master 节点配置

安装软件

[root@master ~]#
yum install -y etcd kubernetes-master ntp flannel

配置 etcd 服务器

[root@master ~]# vi /etc/etcd/etcd.conf
ETCD_NAME=default
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://localhost:2379,http://192.168.139.148:2379"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.139.148:2379"

启动服务

systemctl start etcd
systemctl enable etcd

检查 etcd cluster 状态

[root@master ~]#  etcdctl cluster-health

member 8e9e05c52164694d is healthy: got healthy result from http://192.168.139.148:2379
cluster is healthy

检查 etcd 集群成员列表，这次只配置了一台

[root@master ~]# etcdctl member list

8e9e05c52164694d: name=default peerURLs=http://localhost:2380 clientURLs=http://192.168.139.148:2379 isLeader=true

配置 kube-apiserver

修改 kube-apiserver bind-address

[root@master ~]# vi /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"

配置 kube-scheduler

修改 address

[root@master ~]# vi /etc/kubernetes/scheduler
KUBE_SCHEDULER_ARGS="--address=0.0.0.0"

启动服务

for i in  kube-apiserver kube-controller-manager kube-scheduler;do systemctl restart $i; systemctl enable $i;done

Node 节点配置

配置 node1 网络，本实例采用 flannel 方式来配置，如需其他方式，请参考 Kubernetes 官网。

配置 flannel

[root@node1 ~]# vi /etc/sysconfig/flanneld 
FLANNEL_ETCD_ENDPOINTS="http://192.168.139.148:2379"
FLANNEL_ETCD_PREFIX="/atomic.io/network"
FLANNEL_OPTIONS=""

配置 kube-proxy

修改 master 的 apiserver 地址

[root@node1 ~]# vi /etc/kubernetes/config 
KUBE_MASTER="--master=http://192.168.139.148:8080"

修改 kube-proxy 监听

[root@node1 ~]# vi /etc/kubernetes/proxy                  
KUBE_PROXY_ARGS="--bind=address=0.0.0.0"

配置 kubelet

修改 hostname-override
修改 api-server 地址

[root@node1 ~]# vi /etc/kubernetes/kubelet 
KUBELET_ADDRESS="--address=127.0.0.1"
KUBELET_HOSTNAME="--hostname-override=node1"
KUBELET_API_SERVER="--api-servers=http://192.168.139.148:8080"

启动 node

for i in flanneld kube-proxy kubelet docker;do systemctl restart $i;systemctl enable $i;systemctl status $i ;done

配置 node2 节点

node2 节点和 node1 配置一致 ， kubelet 配置中 hostname-override 改为 node2 即可。

环境检查

flannel 信息

[root@master ~]# etcdctl ls /atomic.io/network/subnets

/atomic.io/network/subnets/172.16.61.0-24
/atomic.io/network/subnets/172.16.45.0-24
[root@master ~]# etcdctl get /atomic.io/network/subnets/172.16.61.0-24
{"PublicIP":"192.168.139.150"}
[root@master ~]# etcdctl get /atomic.io/network/subnets/172.16.45.0-24
{"PublicIP":"192.168.139.149"}

查看节点

[root@master ~]# kubectl get nodes

NAME      STATUS    AGE
node1     Ready     2h
node2     Ready     2h

DashBoard 安装

1.查看 k8s 版本

[root@master ~]# kubectl  version

Client Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"269f928217957e7126dc87e6adfa82242bfe5b1e", GitTreeState:"clean", BuildDate:"2017-07-03T15:31:10Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"5", GitVersion:"v1.5.2", GitCommit:"269f928217957e7126dc87e6adfa82242bfe5b1e", GitTreeState:"clean", BuildDate:"2017-07-03T15:31:10Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"}

2.我们的 k8s 版本为 1.5.2 为防止不兼容我们使用 dashboard1.5.1 的配置

wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.5.1/src/deploy/kubernetes-dashboard.yaml

3.修改下载的 dashboard 配置

dashboard 部署配置中使用的默认镜像需要翻墙，我们修改为阿里云的镜像。

image: registry.cn-hangzhou.aliyuncs.com/kube_containers/kubernetes-dashboard-amd64:v1.5.1

配置 dashboard 的 api-server 地址

args:

  # Uncomment the following line to manually specify Kubernetes API server Host
  # If not specified, Dashboard will attempt to auto discover the API server and connect
  # to it. Uncomment only if the default does not work.
  - --apiserver-host=http://192.168.139.148:8080

修改节点容器暴露的端口

  - port: 80
    nodePort: 30081
    targetPort: 9090

4.部署 dashboard

kubectl apply -f kubernetes-dashboard.yaml

5.查看 pod 部署状态

kubectl describe pods --all-namespaces

如果出现错误，可以查看日志中的错误 cat /var/log/message

创建成功, 但是 kubectl get pods 没有结果
报错信息：no API token found for service account default
解决办法：编辑/etc/kubernetes/apiserver 去除 KUBE_ADMISSION_CONTROL 中的 SecurityContextDeny,ServiceAccount，并重启 kube-apiserver.service 服务

pod-infrastructure:latest 镜像下载失败
报错信息：image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.
解决方案：

wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem

检查服务

[root@master k8s-yaml]# kubectl get deploy --all-namespaces

NAMESPACE     NAME                   DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
kube-system   kubernetes-dashboard   2         2         2            2           1h
[root@master k8s-yaml]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                    READY     STATUS    RESTARTS   AGE
kube-system   kubernetes-dashboard-3350179127-8scg1   1/1       Running   0          1h
kube-system   kubernetes-dashboard-3350179127-gfvg0   1/1       Running   0          1h
[root@master k8s-yaml]# kubectl get services --all-namespaces
NAMESPACE     NAME                   CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
default       kubernetes             10.254.0.1      <none>        443/TCP        3h
kube-system   kubernetes-dashboard   10.254.12.166   <nodes>       80:30081/TCP   1h

2.由于 k8s 的的 iptables 外网并无法直接访问我们监听的端口，需要允许转发

iptables -P FORWARD ACCEPT

3.访问服务