通过Kubeadm只需几条命令即起一个单机版kubernetes集群系统,而后快速上手k8s。
在kubeadm中,需手动安装Docker和kubeket服务,Docker运行容器引擎,kubelet是启动Pod的核心组件,每一个节点都安装好kubelet和Docker,那么运行容器和Pod的环境就准备好了,在此基础之上,使用Kubeadm工具自动配置kubelet并启动kubelet服务,将Master所有组件和Node上剩余的kube-proxy组件都运行为Pod,托管在k8s之上。

服务器规划

三台机器:一台master、两个Node:

  • k8s-master:10.3.1.20
  • k8s-node01:10.3.1.21
  • k8s-node02:10.3.1.25
  • OS:Ubuntu16.04
  • Docker:17.03.2-ce

安装前准备

1、master节点到各Node节点SSH免密登录。
2、时间同步。
3、各Node必须关闭swap:swapoff -a,否则kubelet启动失败。
4、各节点主机名和IP加入/etc/hosts解析

安装Docker

所有k8s节点安装Docker Daemon:

apt-get update
apt-get install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
apt-key fingerprint 0EBFCD88
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
apt-get update
apt-get install -y docker-ce=17.03.2~ce-0~ubuntu-xenial

安装完Docker后,设置FORWARD规则为ACCEPT

#默认为DROP
iptables -P FORWARD ACCEPT

安装kubeadm工具

  • 所有节点都需要安装kubeadm
apt-get update && apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >/etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y kubeadm #它会自动安装kubeadm、kubectl、kubelet、kubernetes-cni、socat

安装完后,设置kubelet服务开机自启:

systemctl enable kubelet

必须设置Kubelet开机自启动,才能让k8s集群各组件在系统重启后自动运行。

部署集群

有了上面这些基础设置后,就可以开始用kubeadm init部署k8s集群了。

在k8s-master上操作

这一步之前确保swap已关闭。

kubeadm init -h可查看帮助信息:

root@k8s-master:~# kubeadm  init -h
##查看init可用的参数,这里使用这两个参数:
--pod-network-cidr string : 自定义Pod网络
--ignore-preflight-errors strings: 忽略一些错误

开始初始化集群

root@k8s-master:~# kubeadm init  --pod-network-cidr 192.168.0.0/16 --ignore-preflight-errors=all

输出如下信息:

#初始化kubernetes,Kubeadm默认安装当前最新版本kubernetes
[init] using Kubernetes version: v1.12.0
#安装之前检测当前是否符合k8s运行环境,因为忽略了所有错误所以这里很快就通过了。
[preflight] running pre-flight checks
[preflight/images] Pulling images required for setting up a Kubernetes cluster
[preflight/images] This might take a minute or two, depending on the speed of your internet connection
[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull'
#写入kubelet相关配置文件,并启动kubelet服务
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[preflight] Activating the kubelet service
#自动生成集群用到的证书
[certificates] Generated front-proxy-ca certificate and key.
[certificates] Generated front-proxy-client certificate and key.
[certificates] Generated etcd/ca certificate and key.
[certificates] Generated etcd/server certificate and key.
[certificates] etcd/server serving cert is signed for DNS names [k8s-master localhost] and IPs [127.0.0.1 ::1]
[certificates] Generated apiserver-etcd-client certificate and key.
[certificates] Generated etcd/peer certificate and key.
[certificates] etcd/peer serving cert is signed for DNS names [k8s-master localhost] and IPs [10.3.1.20 127.0.0.1 ::1]
[certificates] Generated etcd/healthcheck-client certificate and key.
[certificates] Generated ca certificate and key.
[certificates] Generated apiserver-kubelet-client certificate and key.
[certificates] Generated apiserver certificate and key.
[certificates] apiserver serving cert is signed for DNS names [k8s-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 10.3.1.20]
[certificates] valid certificates and keys now exist in "/etc/kubernetes/pki"
[certificates] Generated sa key and public key.
#生成kubelet配置信息写入相应的文件
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
#生成pod清单文件,kubelet将根据此清单文件创建各组件的Pod
[controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
[controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
[controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
#根据清单目录开始启动Pod
[init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests"
[init] this might take a minute or longer if the control plane images have to be pulled
[apiclient] All control plane components are healthy after 20.003530 seconds
[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.12" in namespace kube-system with the configuration for the kubelets in the cluster
#给Master设置一个labele且设置一个taint
[markmaster] Marking the node k8s-master as master by adding the label "node-role.kubernetes.io/master=''"
[markmaster] Marking the node k8s-master as master by adding the taints [node-role.kubernetes.io/master:NoSchedule]
#集群的一些基础设置
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-master" as an annotation
#设置了一个引导令牌,在节点加入时使用
[bootstraptoken] using token: mwfr7m.57rmd56ghjyu0716
[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
#提示master已初始化成功
Your Kubernetes master has initialized successfully! To start using your cluster, you need to run the following as a regular user:
#需要执行下面三条命令
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node
as root: kubeadm join 10.3.1.20:6443 --token mwfr7m.57rmd56ghjyu0716 --discovery-token-ca-cert-hash sha256:8fbd33519b0203e9aa03cc882cb5489b5e6ad455f97581b1abf8ceb1dca8f622 #把上面kubeadm join这一句话把这个记录下来,否则以后找起来有点麻烦,在node端加入时用到。

初始化完成,一台Master节点就部署好了,初始化过程中需要一定时间来pull镜像,也可以使用下面的命令提前下载好镜像:

root@k8s-master:~# kubeadm  config images pull 

[config/images] Pulled k8s.gcr.io/kube-apiserver:v1.12.0
[config/images] Pulled k8s.gcr.io/kube-controller-manager:v1.12.0
[config/images] Pulled k8s.gcr.io/kube-scheduler:v1.12.0
[config/images] Pulled k8s.gcr.io/kube-proxy:v1.12.0
[config/images] Pulled k8s.gcr.io/pause:3.1
[config/images] Pulled k8s.gcr.io/etcd:3.2.24
[config/images] Pulled k8s.gcr.io/coredns:1.2.2 #
root@k8s-master:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-apiserver v1.12.0 ab60b017e34f 16 hours ago 194 MB
k8s.gcr.io/kube-controller-manager v1.12.0 07e068033cf2 16 hours ago 164 MB
k8s.gcr.io/kube-scheduler v1.12.0 5a1527e735da 16 hours ago 58.3 MB
k8s.gcr.io/kube-proxy v1.12.0 9c3a9d3f09a0 16 hours ago 96.6 MB
k8s.gcr.io/etcd 3.2.24 3cab8e1b9802 7 days ago 220 MB
k8s.gcr.io/coredns 1.2.2 367cdc8433a4 4 weeks ago 39.2 MB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 9 months ago 742 kB
  • 根据提示执行:

    root@k8s-master:~# mkdir -p $HOME/.kube
    root@k8s-master:~# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    root@k8s-master:~# sudo chown $(id -u):$(id -g) $HOME/.kube/config

    在Node上操作

    在所有Node上使用kubeadm join加入集群:

#确保swap已关闭
#复制在master节点上记录下的那句话,以加入集群
root@k8s-node01:~# kubeadm join 10.3.1.20:6443 --token mwfr7m.57rmd56ghjyu0716 --discovery-token-ca-cert-hash sha256:8fbd33519b0203e9aa03cc882cb5489b5e6ad455f97581b1abf8ceb1dca8f622

输出如下信息:

#加入时也会做一些预检
[preflight] running pre-flight checks
[WARNING RequiredIPVSKernelModulesAvailable]: the IPVS proxier will not be used, because the following required kernel modules are not loaded: [ip_vs_rr ip_vs_wrr ip_vs_sh ip_vs] or no builtin kernel ipvs support: map[ip_vs:{} ip_vs_rr:{} ip_vs_wrr:{} ip_vs_sh:{} nf_conntrack_ipv4:{}]
you can solve this problem with following methods:
1. Run 'modprobe -- ' to load missing kernel modules;
2. Provide the missing builtin kernel ipvs support [discovery] Trying to connect to API Server "10.3.1.20:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://10.3.1.20:6443"
[discovery] Requesting info from "https://10.3.1.20:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "10.3.1.20:6443"
[discovery] Successfully established connection with API Server "10.3.1.20:6443"
[kubelet] Downloading configuration for the kubelet from the "kubelet-config-1.12" ConfigMap in the kube-system namespace
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[preflight] Activating the kubelet service
[tlsbootstrap] Waiting for the kubelet to perform the TLS Bootstrap...
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "k8s-node01" as an annotation This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the master to see this node join the cluster.

init完后,节点已加入群集。

最后,在master节点查看:

root@k8s-master:~# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 6m39s v1.12.0
k8s-node01 NotReady <none> 4m31s v1.12.0
k8s-node02 NotReady <none> 97s v1.12.0

去除master的taint,使用master也能被调度pod

root@k8s-master:~# kubectl taint nodes k8s-master node-role.kubernetes.io/master-
node/k8s-master untainted

安装CNI插件

各Node节点处于"NotReady" ,需要安装一个CNI网络插件:

root@k8s-master:~#  kubectl apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml
configmap/calico-config configured
daemonset.extensions/calico-etcd created
service/calico-etcd created
daemonset.extensions/calico-node created
deployment.extensions/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-cni-plugin created
clusterrole.rbac.authorization.k8s.io/calico-cni-plugin created
serviceaccount/calico-cni-plugin created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
serviceaccount/calico-kube-controllers unchanged
root@k8s-master:~#

几分钟后,各Node全部Ready:

#各节点已正常运行
root@k8s-master:~# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 1h v1.12.0
k8s-node01 Ready <none> 1h v1.12.0
k8s-node02 Ready <none> 1h v1.12.0

至此,所有组件全部运行:

root@k8s-master:~# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-etcd-d7v6w 1/1 Running 0 3m21s
calico-kube-controllers-75fb4f8996-dg7hd 1/1 Running 0 3m20s
calico-node-794nd 2/2 Running 0 3m19s
calico-node-b852z 2/2 Running 0 3m19s
calico-node-z7f4n 2/2 Running 0 3m19s
coredns-576cbf47c7-7svmm 1/1 Running 0 15h
coredns-576cbf47c7-kzbv2 1/1 Running 0 15h
etcd-k8s-master 1/1 Running 0 15h
kube-apiserver-k8s-master 1/1 Running 0 15h
kube-controller-manager-k8s-master 1/1 Running 0 15h
kube-proxy-7n5z9 1/1 Running 0 15h
kube-proxy-rwq9g 1/1 Running 0 15h
kube-proxy-v7qnx 1/1 Running 0 15h
kube-scheduler-k8s-master 1/1 Running 0 15h
root@k8s-master:~#

测试集群

  • 配置kubectl的命令补全功能
    命令补全功能由安装包"bash-completion"提供,Ubuntu系统中默认已安装。

    当前shell生效:
    source <(kubectl completion bash)
    永久生效:
    echo "source <(kubectl completion bash)" >> ~/.bashrc
  • 启动一个pod验证集群是否正常运行。
#run一个deployment
kubectl run -h
Usage:
kubectl run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool]
[--overrides=inline-json] [--command] -- [COMMAND] [args...] [options]

启动一个nginx

kubectl run nginx --image=nginx:1.10 --port=80
deployment.apps/nginx created
#查看
root@k8s-master:~# kubectl get pod -w -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-787b58fd95-p9jwl 0/1 ContainerCreating 0 59s <none> k8s-node02 <none>
nginx-787b58fd95-p9jwl 1/1 Running 0 70s 192.168.58.193 k8s-node02 <none>
  • 测试nginx正常访问

    root@k8s-master:~# curl  -I 192.168.58.193
    HTTP/1.1 200 OK
    Server: nginx/1.10.3
    Date: Sat, 29 Sep 2018 02:42:06 GMT
    Content-Type: text/html
    Content-Length: 612
    Last-Modified: Tue, 31 Jan 2017 15:01:11 GMT
    Connection: keep-alive
    ETag: "5890a6b7-264"
    Accept-Ranges: bytes
  • 把nginx暴露一个端口出来,以使集群之外能访问
    kubectl expose -h
    Usage:
    kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP|SCTP] [--target-port=number-or-name]
    [--name=name] [--external-ip=external-ip-of-service] [--type=type] [options]
    root@k8s-master:~# kubectl expose deployment nginx --port=801 --target-port=80 --type=NodePort --name nginx-svc
    service/nginx-svc exposed
    root@k8s-master:~#
  • 查看服务:
    root@k8s-master:~# kubectl get svc
    NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
    kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 16h
    nginx-svc NodePort 10.100.84.207 <none> 801:30864/TCP 25s

现在可以访问任意Node的30864端口访问到nginx服务:

root@k8s-node01:~# curl 10.3.1.21:30864

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>

如果发现哪个某个Node端口无法访问,则设置默认FORWARD规则为ACCEPT

 iptables -P FORWARD ACCEPT

kubeadm集群配置到此完成,可参考官方文档

kubernetes之Kubeadm快速安装v1.12.0版的更多相关文章

  1. Kubeadm部署安装kubernetes1.12.1

    1.环境准备(这里是master) CentOS 7.6 两台配置如下,自己更改主机名,加入hosts, master和node 名字不能一样 # hostname master # hostname ...

  2. 处理畅捷通的T+ 12.0版,web服务无故自动停止的问题

    用了几个月的畅捷通T+ 12.0版,一直都挺正常,但最近这两周,出现了好几次web服务自动停止的情况,今天抽空仔细看了Windows的日志,发现在半夜2点左右,TPlusProWebService12 ...

  3. centos环境 使用kubeadm快速安装k8s集群v1.16.2

    全程使用root用户运行,宿主机需要连接外网 浏览一下官方kubeadm[有些镜像用不了] https://kubernetes.io/docs/setup/production-environmen ...

  4. kubeadm快速安装k8s

    1.安装net-tools [root@localhost ~]# yum install -y net-tools 2.关闭firewalld [root@localhost ~]# systemc ...

  5. 使用kubeadm部署K8S v1.17.0集群

    kubeadm部署K8S集群 安装前的准备 集群机器 172.22.34.34 K8S00 172.22.34.35 K8S01 172.22.34.36 K8S02 注意: 本文档中的 etcd . ...

  6. CentOS7.0安装Nginx-1.12.0

    一.安装准备 首先由于nginx的一些模块依赖一些lib库,所以在安装nginx之前,必须先安装这些lib库,这些依赖库主要有g++.gcc.openssl-devel.pcre-devel和zlib ...

  7. CentOS 7 yum安装nginx-1.12.0

    CentOS 7 中的 yum 没法直接使用 yum install nginx 这个指令去安装nginx,因为nginx这个服务不是yum库中自带的.图1是官方提供的大致安装步骤,图2是官网提供的多 ...

  8. 腾讯云服务器 Centos6.5 安装 nginx1.12.0

    今天买了腾讯云,不要问我为什么没有买阿里云... 入正题: 如果出现 CentOS ping: unknown host 的话,表示没有配置dns vim /etc/sysconfig/network ...

  9. FreeBSD 12.0 版发布

    FreeBSD 是一个自由且开源的类 Unix 操作系统,是 BSD Unix 的直系继承者.起始于 1993 年,FreeBSD 拥有悠久的历史与诸多衍生版本.其饱经考验,是最广泛应用的开源 BSD ...

随机推荐

  1. C#decimal四舍五入格式化

    Console.WriteLine(string.Format("{0:####}", 594884.539)); Console.WriteLine(string.Format( ...

  2. Cocoapods安装 2018-11-01更新

    2018-11-1 更新 pod install 报错 [!] Oh no, an error occurred.   Cocoapods 需要更新 主要涉及2点内容 一.ruby 更新(V2.5.3 ...

  3. SqlServer存储过程及函数

    存储过程和函数类似于Java中的方法. ⒈存储过程 一组预先编译好的sql语句的集合,理解成批处理语句. 好处: ①提高代码的重用性 ②简化操作 ③减少了编译次数并且减少了和数据库服务器的连接次数,提 ...

  4. Abd学习笔记

    Abd学习笔记 V快捷键:转正坐标 Tab快捷键:切换xyz或是长度角度 空格键快捷键:切换长度或弧度 Enter快捷键:确定方向x或y O快捷键:做辅助线 E:切换平面,分别有t,f,s Ra:创建 ...

  5. jssdk防覆盖

    防覆盖 var isFromTuia = (function () { var tuiaDomains = ['tuisnake', 'localhost'] function GetUrlDomai ...

  6. I/O多路复用之select、poll、epoll

    很早之前有写过篇IO多路复用的文章:https://www.cnblogs.com/klcf0220/archive/2013/05/14/3077003.html 参考链接:https://segm ...

  7. 《利用Python进行数据分析·第2版》

    <利用Python进行数据分析·第2版> 第 1 章 准备工作第 2 章 Python 语法基础,IPython 和 Jupyter第 3 章 Python 的数据结构.函数和文件第 4 ...

  8. 总结UIViewController的view在有navBar和tabBar影响下布局区域的问题

    影响 View 布局区域的有以下三个属性: self.edgesForExtendedLayout (影响View布局区域的主要属性) self.navigationController.naviga ...

  9. 2018-2019-2 网络对抗技术 20165206 Exp4 恶意代码分析

    - 2018-2019-2 网络对抗技术 20165206 Exp4 恶意代码分析 - 实验任务 1系统运行监控(2分) (1)使用如计划任务,每隔一分钟记录自己的电脑有哪些程序在联网,连接的外部IP ...

  10. shell实用

    nginx日志切割 [root@localhost ~]# vim /opt/fenge.sh #!/bin/bash #Filename:fenge.sh d=$(date -d "-1 ...