Kubernetes(二)-- 搭建(未完待續)
1、部署前規劃node
1. 操做系統初始化設置 :須要設置好集羣機器,關閉防火牆和selinuxlinux
2. 建立ca證書和私鑰 :集羣間通訊要加密,那麼確定要有ca的建立,之後就用這一步建立的ca看成證書頒發機構給本身發證書,也可經過配置文件省略nginx
3. docker安裝與卸載 :k8s基於docker,要先安裝dockergit
4. harbor安裝 :有了docker以後,須要用到docker倉庫,這裏搭建一個鏡像倉庫平臺,便於管理github
5. harbor使用 :上傳和下載鏡像,設置共有和私有docker
6. 部署etcd集羣 :k8s用etcd進行服務發現。好比集羣節點間報告本身的狀態及能夠提供的服務,就用etcd實現。因此要先安裝etcdjson
7. 部署flannel網絡 :集羣間有本身的集羣間網絡,這個靠flannel來實現,因此要安裝flannelvim
8. 部署master節點 :主集羣節點,管理節點centos
9. 部署node節點 :服務端階段api
10. 部署dns插件 :Kubenetes以插件的形式提供DNS服務,通常是運行在kube-system名稱空間下的service,擁有固定IP地址。
插件運行起來後,配置各個節點上的kubelet,告訴它集羣中DNS服務的IP地址,kebelet在
啓動容器時再將DNS服務器的地址告訴容器,容器再使用此DNS服務器進行域名解析。
11. 部署dashboard插件 :k8s的圖形化界面
12. 部署heapster插件:更好支持原生的k8s
2、centos 7環境部署
1.基礎環境
1).機器狀況
master:192.168.11.199 node:192.168.11.196
2).關閉防火牆和selinux
1 # systemctl stop firewalld 2 3 # systemctl disable firewalld 4 5 # setenforce 0
3、建立ca證書和私鑰
1.生成CA私鑰(.key):
1 # openssl genrsa -out ca.key 2048 //2048,安全性更高
2.生成CA證書請求(.csr):
1 # openssl req -new -key ca.key -out ca.csr
3.自簽名獲得根證書(.crt):
1 # openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
4.生成三個文件
4、安裝docker-ce + docker-compose (腳本安裝)
1 # vim docker.sh 2 #!/bin/bash 3 # coding: utf-8 4 # Copyright (c) 2018 5 set -e #返回值爲0時,退出腳本 6 echo "1. 備份yum" 7 { 8 for i in /etc/yum.repos.d/*.repo;do cp $i ${i%.repo}.bak;done 9 rm -rf /etc/yum.repos.d/*.repo 10 } || { 11 echo "備份出錯,請手動執行" 12 exit 1 13 } 14 15 echo "2. 獲取網絡yum" 16 { 17 wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo >/dev/null 2>&1 18 wget -P /etc/yum.repos.d/ http://mirrors.163.com/.help/CentOS7-Base-163.repo >/dev/null 2>&1 19 yum clean >/dev/null 2>&1 20 yum repolist >/dev/null 2>&1 21 } || { 22 echo "獲取出錯,請手動執行" 23 exit 1 24 } 25 26 echo "3. 安裝docker-ce......" 27 { 28 yum -y install yum-utils >/dev/null 2>&1 29 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo >/dev/null 2>&1 30 yum clean >/dev/null 2>&1 31 yum repolist >/dev/null 2>&1 32 yum -y install epel-release docker-ce >/dev/null 2>&1 33 } || { 34 echo "安裝出錯,請手動安裝" 35 exit 1 36 } 37 38 systemctl start docker >/dev/null 2>&1 39 systemctl enable docker >/dev/null 2>&1 40 41 echo "4. 添加內和參數" 42 { 43 cat <<EOF>> /etc/sysctl.conf 44 net.bridge.bridge-nf-call-ip6tables = 1 45 net.bridge.bridge-nf-call-iptables = 1 46 EOF 47 sysctl -p >/dev/null 2>&1 48 } 49 50 echo "5. 添加鏡像加速" 51 { 52 cat <<EOF>> /etc/docker/daemon.json 53 { 54 "registry-mirrors": [ 55 "https://registry.docker-cn.com" 56 ] 57 } 58 EOF 59 } 60 61 echo "6.安裝docker-compose" 62 { 63 curl -L https://github.com/docker/compose/releases/download/1.23.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose 64 chmod +x /usr/local/bin/docker-compose 65 } || { 66 echo "安裝出錯,請手動安裝" 67 exit 1 68 } 69 70 systemctl daemon-reload >/dev/null 2>&1 71 systemctl restart docker >/dev/null 2>&1 72 73 rm -rf ./*.sh
5、harbor安裝
1.下載harbor包
在線安裝:# wget -P /usr/local/src/ https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-online-installer-v1.2.0.tgz
離線安裝:# wget https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz
2.解壓到/usr/local:# tar xvf harbor-online-installer-v1.2.0.tgz -C /usr/local
3.查看解壓目錄
4.修改hostname:# vim harbor.cfg
hostname manager
5.執行安裝腳本:./install.sh
6..查看進程:# docker ps 或者 docker-compose ps
7.登陸:http://192.168.11.199,用戶名:admin ,密碼:Harbor12345
8.修改鏡像加速地址爲harbor倉庫的地址
# rm -rf /etc/docker/daemon.json
# vim /usr/lib/systemd/system/docker.service
--insecure-registry 192.168.11.199
9.從新加載daemon和docker
# systemctl daemon-reload
# systemctl restart docker
10.定製鏡像,用於上傳和下載
# vim Dockerfile
FROM centos:centos7.1.1503 //基礎鏡像是centos,版本爲7.1
ENV TZ "Asia/Shanghai" //設置系統的時區爲上海
# docker build -t 192.168.11.199/library/centos7.1:0.1 .
11.測試上傳與下載
1).登陸倉庫: # docker login 192.168.11.199
2).上傳鏡像
# docker image ls -a
# docker push 192.168.11.199/library/centos7.1
3).下載任意鏡像: # docker pull nginx
4).打標籤: # docker tag nginx:latest 192.168.11.199/library/nginx.v1
5).上傳: # docker push 192.168.11.199/library/nginx.v1
6).刪除鏡像: #docker image rm 192.168.11.199/library/nginx.v1:latest
7).從新從私有倉庫拉取: # docker pull 192.168.11.199/library/nginx.v1
12.harbor配置TLS證書
1).修改harbor配置文件: # vim /usr/local/harbor/harbor.cfg
ui_url_protocol = https
ssl_cert = /home/ssl/ca.crt
ssl_cert_key = /home/ssl/ca.key
2).重啓harbor:# ./install.sh
由於證書是自籤的,因此谷歌會攔截警告
6、部署etcd集羣
1.master節點安裝etcd和kubernetes-master: # yum -y install etcd kubernetes-master
2.修改etcd配置文件,設置監聽地址: # vim /etc/etcd/etcd.conf
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
3.修改k8s api配置:# vim /etc/kubernetes/apiserver
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
4.配置kubernetes使用token請求
不配置的話,直接刪除ServiceAccount:
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
配置: # vim /etc/kubernetes/apiserver
KUBE_API_ARGS="--service_account_key_file=/home/ssl/ca.key"
# vim /etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file=/home/ssl/ca.key"
5.啓動etcd、kube-apiserver、kube-controller-manager、kube-scheduler服務:
# for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do systemctl restart $SERVICES;systemctl enable $SERVICES;systemctl status $SERVICES ; done
7、部署flannel網絡
1.在etcd中定義flannel網絡:# etcdctl mk /atomic.io/network/config '{"Network":"172.17.0.0/16"}'
2.在node節點上安裝flannel和kubernetes-node:
# yum -y install epel-release
# yum -y install flannel kubernetes-node
3.爲flannel網絡指定etcd服務,修改/etc/sysconfig/flanneld文件
# vim /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="http://192.168.11.199:2379" //客戶端IP
4.修改/etc/kubernetes/config文件
# vim /etc/kubernetes/config
KUBE_MASTER="--master=http://192.168.11.199:8080"
5. 修改對應minion機器上的配置文件/etc/kubernetes/kubelet
# vim /etc/kubernetes/kubelet
KUBELET_ADDRESS="--address=0.0.0.0"
KUBELET_HOSTNAME="--hostname-override=192.168.11.196"
KUBELET_API_SERVER="--api-servers=http://192.168.11.199:8080"
6.在全部minion節點上啓動kube-proxy,kubelet,docker,flanneld等服務,並設置開機啓動。
# for SERVICES in kube-proxy kubelet docker flanneld;do systemctl restart $SERVICES;systemctl enable $SERVICES;systemctl status $SERVICES; done
7.驗證集羣
# kubectl get node
# kubectl -s http://192.168.11.199:8080 get node
8、部署服務
1.
- 1. [ambari環境搭建](未完待續)
- 2. -未完待續
- 3. Scrum未完待續
- 4. flask 未完待續
- 5. ExtJs(未完待續)
- 6. html5(未完待續)
- 7. OutOfMemoryError 未完待續
- 8. BBS(未完待續)
- 9. jvm-未完待續
- 10. C++內存管理(二)未完待續
- 更多相關文章...
- • Rust 環境搭建 - RUST 教程
- • Swift 環境搭建 - Swift 教程
- • Docker容器實戰(八) - 漫談 Kubernetes 的本質
- • RxJava操作符(二)Transforming Observables
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. [ambari環境搭建](未完待續)
- 2. -未完待續
- 3. Scrum未完待續
- 4. flask 未完待續
- 5. ExtJs(未完待續)
- 6. html5(未完待續)
- 7. OutOfMemoryError 未完待續
- 8. BBS(未完待續)
- 9. jvm-未完待續
- 10. C++內存管理(二)未完待續