Kubernetes1.4版本中添加了kubeadm,旨在改善开发者在安装、调试和使用k8s时的体验,降低安装和使用门槛。理论上通过两个命令:init和join即可搭建出一套完整的Kubernetes cluster。
kubeadm安装Kubernetes是非常简单的,但限于国内的GWF导致镜像无法下载,会影响整个安装过程;
实验环境
OS: centOS7
Docker:
# docker versionClient: Version: 17.05.0-ce API version: 1.29 Go version: go1.7.5 Git commit: 89658be Built: Thu May 4 22:06:25 2017 OS/Arch: linux/amd64 Server: Version: 17.05.0-ce API version: 1.29 (minimum version 1.12) Go version: go1.7.5 Git commit: 89658be Built: Thu May 4 22:06:25 2017 OS/Arch: linux/amd64 Experimental: false
1.修改主机名
安装之前一定要修改主机名,因为k8s会使用主机名通信;
vi /etc/hostname vi /etc/hosts#添加以下内容your_ip your_hostname
注:通过这种方式修改主机名,不需要重启节点
2. 安装Docker
具体安装步骤参考官网,推荐安装Docker v1.12;
CentOS: https://docs.docker.com/v1.12/engine/installation/linux/centos/
tee /etc/yum.repos.d/docker.repo <<-'EOF'[dockerrepo] name=Docker Repository baseurl=[https://yum.dockerproject.org/repo/main/centos/7/](https://yum.dockerproject.org/repo/main/centos/7/) enabled=1gpgcheck=1gpgkey=[https://yum.dockerproject.org/gpg](https://yum.dockerproject.org/gpg) EOF yum list docker-engine --showduplicates yum install docker-engine-1.12.6 docker-engine-selinux-1.12.6 -y systemctl enable docker ; systemctl start docker
3. Linux科学上网
export https_proxy=http://proxy.example.com:8118export http_proxy=http://proxy.example.com:8118
4. 下载kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl# 如果想要安装指定版本的kubectl,替换掉/release后面的字符串即可# 例如,如果想安装1.7.0版本的kubectl,执行以下命令curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.7.0/bin/darwin/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl
kubectl可以下载,也是挺奇怪的,但后面要下载的包可就不奇怪了,好气哦。。。
5. Installing kubelet and kubeadm
注: kubelet和kubeadm安装包下载需要科学上网哦~
kubelet:运行在集群中所有节点上,负责启动pods和容器等;kubeadm:用于启动Kubernetes集群;
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=[https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64](https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64) enabled=1gpgcheck=1repo_gpgcheck=1gpgkey=[https://packages.cloud.google.com/yum/doc/yum-key.gpg](https://packages.cloud.google.com/yum/doc/yum-key.gpg) [https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg](https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg) EOF setenforce 0yum install -y kubelet kubeadm systemctl enable kubelet && systemctl start kubelet
6. 修改docker和kubelet的cgroup驱动
docker和kubelet的cgroup驱动方式不同,需要修复配置:
https://github.com/kubernetes/kubeadm/issues/103
vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf 修改 KUBELET_CGROUP_ARGS=--cgroup-driver=systemd 为 KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs systemctl daemon-reload systemctl start kubelet
7. Docker代理设置
安装过程中会用Docker下载镜像,所以要让Docker科学上网
配置代理并重启docker、kubelet
[root@k8s ~]# systemctl enable docker[root@k8s ~]# mkdir -p /etc/systemd/system/docker.service.d/[root@k8s ~]# vi /etc/systemd/system/docker.service.d/http-proxy.conf[Service] Environment="HTTP_PROXY=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)" "HTTPS_PROXY=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)" "NO_PROXY=localhost,127.0.0.1,10.0.0.0/8,proxy.example.com" systemctl daemon-reload [root@k8s ~]# systemctl restart docker
详情请参考:http://www.jianshu.com/p/bf58a66451d0
8. kubeadm init
Requirements:
One or more machines running Ubuntu 16.04+, CentOS 7 or HypriotOS v1.0.1+
1GB or more of RAM per machine (any less will leave little room for your apps)
Full network connectivity between all machines in the cluster (public or private network is fine)
Objectives
配置代理,kubeadm有部分请求也需要代理
export https_proxy=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)export http_proxy=[http://proxy.example.com:8118/](http://proxy.example.com:8118/)
kubeadm init
kubeadm init
注:
--kubernetes-version 指定kubernetes版本
如果使用flannel或Calico网络方案,需要指定Pod的IP地址段 --pod-network-cidr=10.244.0.0/16
--skip-preflight-checks 跳过检查
在使用代理也无法pull镜像的时候,可以修改/etc/kubenetes/manifest里面的yaml文件,设置imagePullPolicy为Never或者IfNotPresent
无法pull镜像的小伙伴可以留言哦
kubeadm init过程
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters. [init] Using Kubernetes version: v1.7.4[init] Using Authorization modes: [Node RBAC] [preflight] Skipping pre-flight checks [kubeadm] WARNING: starting in 1.8, tokens expire after 24 hours by default (if you require a non-expiring token use --token-ttl 0) [certificates] Generated CA certificate and key. [certificates] Generated API server certificate and key. [certificates] API Server serving cert is signed for DNS names [k8s kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.191.138] [certificates] Generated API server kubelet client certificate and key. [certificates] Generated service account token signing key and public key. [certificates] Generated front-proxy CA certificate and key. [certificates] Generated front-proxy client certificate and key. [certificates] Valid certificates and keys now exist in "/etc/kubernetes/pki"[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"[apiclient] Created API client, waiting for the control plane to become ready <-> 这里会停的比较久,要去下载镜像,然后还得启动容器 [apiclient] All control plane components are healthy after 293.004469 seconds [token] Using token: 2af779.b803df0b1effb3d9 [apiconfig] Created RBAC rules [addons] Applied essential addon: kube-proxy [addons] Applied essential addon: kube-dns Your Kubernetes master has initialized successfully! To start using your cluster, you need to run (as a regular user): mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: [http://kubernetes.io/docs/admin/addons/](http://kubernetes.io/docs/admin/addons/)You can now join any number of machines by running the following on each nodeas root: kubeadm join --token 2af779.b803df0b1effb3d9 192.168.0.6:6443
配置kubeconfig
# mkdir -p $HOME/.kube# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config# chown $(id -u):$(id -g) $HOME/.kube/config# ll ~/.kube/total 8 drwxr-xr-x. 3 root root 23 Jul 29 21:39 cache -rw-------. 1 root root 5451 Jul 29 22:57 config
9. 安装Calico
kubernetes version >= 1.6.0执行下面的命令
kubectl apply -f [https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml](https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml)
详情参考: https://docs.projectcalico.org/v2.5/getting-started/kubernetes/installation/hosted/kubeadm/
10. Mater isolation
默认情况下,出于安全情况的考虑master节点不可调度,如果想把Pod调度到master节点,执行以下命令:
$ kubectl taint nodes --all node-role.kubernetes.io/master- node "test-01" untainted taint key="dedicated" and effect="" not found. taint key="dedicated" and effect="" not found.
11.添加worker节点
worker节点需要安装Docker, kubeadm, 将master节点上的镜像拷贝到worker节点;
kubeadm join --token 2af779.b803df0b1effb3d9 192.168.0.1:6443 --skip-preflight-checks [kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters. [preflight] Skipping pre-flight checks [discovery] Trying to connect to API Server "192.168.191.138:6443"[discovery] Created cluster-info discovery client, requesting info from "[https://192.168.191.138:6443](https://192.168.191.138:6443/)"[discovery] Cluster info signature and contents are valid, will use API Server "[https://192.168.191.138:6443](https://192.168.191.138:6443/)"[discovery] Successfully established connection with API Server "192.168.191.138:6443"[bootstrap] Detected server version: v1.7.2[bootstrap] The server supports the Certificates API (certificates.k8s.io/v1beta1) [csr] Created API client to obtain unique certificate for this node, generating keys and certificate signing request [csr] Received signed certificate from the API server, generating KubeConfig... [kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"Node join complete: * Certificate signing request sent to master and response received. * Kubelet informed of new secure connection details. Run 'kubectl get nodes' on the master to see this machine join.
12. 所需镜像
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE gcr.io/google_containers/kube-controller-manager-amd64 v1.7.4 d2adddc4b1cb 7 days ago 138MB gcr.io/google_containers/kube-apiserver-amd64 v1.7.4 5260ecb5129c 7 days ago 186MB gcr.io/google_containers/kube-proxy-amd64 v1.7.4 0f3bf654ec61 7 days ago 115MB gcr.io/google_containers/kube-scheduler-amd64 v1.7.4 b1cd468ba656 7 days ago 77.2MB quay.io/calico/kube-policy-controller v0.7.0 60d797585fc5 9 days ago 21.9MB ubuntu 14.04 c69811d4e993 13 days ago 188MB quay.io/calico/node v2.4.1 7643422fdf0f 2 weeks ago 277MB centos latest 328edcd84f1b 2 weeks ago 193MB quay.io/calico/cni v1.10.0 88ca805c8ddd 3 weeks ago 70.3MB nginx latest b8efb18f159b 4 weeks ago 107MB busybox latest efe10ee6727f 5 weeks ago 1.13MB quay.io/coreos/etcd v3.1.10 47bb9dd99916 5 weeks ago 34.6MB gcr.io/google_containers/etcd-amd64 3.0.17 243830dae7dd 6 months ago 169MB gcr.io/google_containers/pause-amd64 3.0 99e59f495ffa 15 months ago 747kB sameersbn/squid 3.3.8-14 b51686290574 15 months ago 214MB
13. 创建的Pod
kubectl get pods -n=kube-system NAME READY STATUS RESTARTS AGE calico-etcd-fts5g 1/1 Running 1 4d calico-node-kthzl 2/2 Running 4 4d calico-policy-controller-336633499-tg35l 1/1 Running 1 4d etcd-chun 1/1 Running 1 4d kube-apiserver-chun 1/1 Running 1 4d kube-controller-manager-chun 1/1 Running 2 4d kube-dns-2425271678-fz79r 0/3 Pending 0 4d kube-proxy-k6zfz 1/1 Running 1 4d kube-scheduler-chun 1/1 Running 1 4d
14. kubernetes使用的端口
6443* Kubernetes API server
2379-2380 etcd server client API
10250 Kubelet API
10251 kube-scheduler
10252 kube-controller-manager
10255 Read-only Kubelet API (Heapster)
作者:iCaptain
链接:https://www.jianshu.com/p/61c8e4984b56