kubernetes安裝

時間 2019-12-10

標籤 kubernetes 安裝简体版

原文原文鏈接

本文主要參考自:

http://www.javashuo.com/article/p-agixkvog-hs.htmlhtml

還有一份更適合在生產環境使用的超強高可用(多master,nginx+keepalived負載)

http://www.javashuo.com/article/p-pbrywtuq-cx.htmlnode

部分參考:python

https://blog.csdn.net/u013760355/article/details/68061976nginx

機器環境

主機	部署服務
192.168.201.181	etcd/master
192.168.201.182	etcd/flannel
192.168.201.183	etcd/

K8S核心概念等

http://www.javashuo.com/article/p-mdenwkki-gs.htmlgit

安裝etcd:

查看以前的文章 http://www.javashuo.com/article/p-sfthgaon-da.htmldocker

Master節點安裝:

在主節點181直接使用yum安裝

yum -y install kubernetes

若是報錯說docker-cli docker-ce衝突什麼的,那就卸載掉docker, 而後從新運行上面的步驟,K8S會選擇匹配版本的docker自動安裝.vim

yum list installed | grep docker
  yum remove -y
  yum remove -y docker-ce.x86_64
  yum remove -y docker-ce-cli.x86_64

安裝成功以後會顯示K8S的版本和安裝的以來版本,能夠看到裏面有docker:centos

已安裝:
  kubernetes.x86_64 0:1.5.2-0.7.git269f928.el7                                                                                                                                                 

做爲依賴被安裝:
  PyYAML.x86_64 0:3.10-11.el7                                             atomic-registries.x86_64 1:1.22.1-26.gitb507039.el7.centos    conntrack-tools.x86_64 0:1.4.4-4.el7                  
  container-storage-setup.noarch 0:0.11.0-2.git5eaf76c.el7                containers-common.x86_64 1:0.1.31-8.gitb0b750d.el7.centos     docker.x86_64 2:1.13.1-94.gitb2f74b2.el7.centos       
  docker-client.x86_64 2:1.13.1-94.gitb2f74b2.el7.centos                  docker-common.x86_64 2:1.13.1-94.gitb2f74b2.el7.centos        kubernetes-client.x86_64 0:1.5.2-0.7.git269f928.el7   
  kubernetes-master.x86_64 0:1.5.2-0.7.git269f928.el7                     kubernetes-node.x86_64 0:1.5.2-0.7.git269f928.el7             libnetfilter_cthelper.x86_64 0:1.0.0-9.el7            
  libnetfilter_cttimeout.x86_64 0:1.0.0-6.el7                             libnetfilter_queue.x86_64 0:1.0.2-2.el7_2                     libyaml.x86_64 0:0.1.4-11.el7_0                       
  oci-register-machine.x86_64 1:0-6.git2b44233.el7                        oci-systemd-hook.x86_64 1:0.1.18-3.git8787307.el7_6           oci-umount.x86_64 2:2.3.4-2.git87f9237.el7            
  python-backports.x86_64 0:1.0-8.el7                                     python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7    python-ipaddress.noarch 0:1.0.16-2.el7                
  python-pytoml.noarch 0:0.1.14-1.git7dea353.el7                          python-setuptools.noarch 0:0.9.8-7.el7                        socat.x86_64 0:1.7.3.2-2.el7                          
  subscription-manager-rhsm-certificates.x86_64 0:1.21.10-3.el7.centos    yajl.x86_64 0:2.0.4-4.el7

配置K8S:

#vim /etc/kubernetes/apiserver
  
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#

# The address on the local server to listen to.
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"

# The port on the local server to listen on.
KUBE_API_PORT="--port=8080"

# Port minions listen on
KUBELET_PORT="--kubelet-port=10250"

# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.201.181:2379,http://192.168.201.182:2379,http://192.168.201.183:2379"

# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"

# default admission control policies
#KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
# (PS：也有人說測試時須要把KUBE_ADMISSION_CONTROL中的SecurityContextDeny和ServiceAccount去掉，這是權限相關的  先試試吧)
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

# Add your own!
KUBE_API_ARGS=""

還改了一個文件vim /etc/kubernetes/config,修改了KUBE_MASTER爲當前181機器的master IPapi

###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
#   kube-apiserver.service
#   kube-controller-manager.service
#   kube-scheduler.service
#   kubelet.service
#   kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"

# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"

# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"

# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://192.168.201.181:8080"

重啓服務

for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do systemctl restart $SERVICES ; systemctl enable $SERVICES ; systemctl status $SERVICES ; done

配置etcd內網信息
etcdctl -C //192.168.201.181:2379 set /atomic.io/network/config '{"Network":"172.17.0.0/16"}'
PS：其中網絡號172.17.0.0/16與docker中的docker0網絡一致（若不一致，可修改docker0網絡或者配置上述etcd網絡）;atomic.io與下面的Flannel配置中的FLANNEL_ETCD_PREFIX對應網絡
至此master配置完成，運行kubectl get nodes能夠查看有多少minion在運行，以及其狀態。這裏咱們的minion還都沒有開始安裝配置，因此運行以後結果爲空
kubectl get nodes No resources found.
此時訪問master:8080能夠看到api服務支持的路徑:

Node節點安裝flannel

https://www.jianshu.com/p/165a256fb1da

使用yum install flannel安裝,而後修改配置文件vim /etc/sysconfig/flanneld:

# Flanneld configuration options  

# etcd url location.  Point this to the server where etcd runs
FLANNEL_ETCD_ENDPOINTS="http://192.168.201.181:2379,http://192.168.201.182:2379,http://192.168.201.183:2379"

# etcd config key.  This is the configuration key that flannel queries
# For address range assignment
FLANNEL_ETCD_PREFIX="/atomic.io/network"

# Any additional options that you want to pass
#FLANNEL_OPTIONS=""

PS：其中atomic.io與上面etcd中的Network對應!!

Node節點安裝kubernetes-node

yum install kubernetes-node

vim /etc/kubernetes/config
配置k8s公共配置文件,指定etcd的節點信息,和k8s的master信息:

###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
#   kube-apiserver.service
#   kube-controller-manager.service
#   kube-scheduler.service
#   kubelet.service
#   kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"

# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"

# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"

# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://192.168.201.181:8080"

KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.201.181:2379,http://192.168.201.182:2379,http://192.168.201.183:2379"

配置Node節點的 kubernetes kubelet (minion) config:

vim /etc/kubernetes/kubelet
修改下面的KUBELET_ADDRESS和KUBELET_HOSTNAME爲當前機器,KUBELET_API_SERVER爲真實Master

###
# kubernetes kubelet (minion) config

# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=0.0.0.0"

# The port for the info server to serve on
KUBELET_PORT="--port=10250"

# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname-override=192.168.201.182"

# location of the api-server
KUBELET_API_SERVER="--api-servers=http://192.168.201.181:8080"

# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"

# Add your own!
KUBELET_ARGS=""

啓動並配置開機啓動

systemctl enable kubelet kube-proxy 
systemctl start kubelet kube-proxy

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。